Cisco Cisco Web Security Appliance S170 Guia Do Utilizador

Redirect Hostname

Enter the short hostname of the network interface on which the Web Proxy 
listens for incoming connections. 

When you enable Authentication Mode above, the Web Proxy uses this 
hostname in the redirection URL sent to clients for authenticating users. 

You can enter either the following values:

Single word hostname. You can enter the single word hostname that is 
DNS resolvable by the client and the Web Security appliance. This 
allows clients to achieve true single sign-on with Internet Explorer 
without additional browser side setup. 
Be sure to enter the single word hostname that is DNS resolvable by the 
client and the Web Security appliance. 
For example, if your clients are in domain 

mycompany.com

 and the 

interface on which the Web Proxy is listening has a full hostname of 

proxy.mycompany.com

, then you should enter 

proxy

 in this field. Clients 

perform a lookup on 

proxy

 and they should be able to resolve 

proxy.mycompany.com

. 

Fully qualified domain name (FQDN). You can also enter the FQDN 
or IP address in this field. However, if you do that and want true single 
sign-on for Internet Explorer and Firefox browsers, you must ensure 
that the FQDN or IP address is added to the client’s Trusted Sites list in 
the client browsers.  
The default value is the FQDN of the M1 or P1 interface, depending on 
which interface is used for proxy traffic.

Credential Cache 
Options:

Surrogate Timeout

This setting specifies how long the Web Proxy waits before asking the client 
for authentication credentials again. Until the Web Proxy asks for 
credentials again, it uses the value stored in the surrogate (IP address or 
cookie).

Note that it is common for user agents, such as browsers, to cache the 
authentication credentials so the user will not be prompted to enter 
credentials each time.

Credential Cache 
Options:

Client IP Idle Timeout

When IP address is used as the authentication surrogate, this setting 
specifies how long the Web Proxy waits before asking the client for 
authentication credentials again when the client has been idle. 

When this value is greater than the Surrogate Timeout value, this setting has 
no effect and clients are prompted for authentication after the Surrogate 
Timeout is reached.

You might want to use this setting to reduce the vulnerability of users who 
leave their computers.

Credential Cache 
Options:

Cache Size

Specifies the number of entries that are stored in the authentication cache. 
Set this value to safely accommodate the number of users that are actually 
using this device. The default value is the recommended setting.