Cisco Cisco Web Security Appliance S360 Guia Do Utilizador

(Optional) Configure transparent user identification.

Configure Network Security:

(Optional) Click Start Test. This will test the settings you have entered, ensuring they are correct before 
real users use them to authenticate. For details on the testing performed, see 

.

Submit and commit your changes.

Customize the access log to use the 

%m

 custom field parameter. See 

KerbTray or klist (both part of the Windows Server Resources Kit) for viewing and purging a Kerberos 
ticket cache. 

 for viewing and editing an Active directory. Wireshark is a 

packet analyzer you can use for network troubleshooting.

Create an Identification Profile that uses the Kerberos authentication scheme. 

Ensure you have the rights and domain information needed to join the Web Security appliance to the 
Active Directory domain you wish to authenticate against.

If you plan to use “domain” as the NTLM security mode, use only nested Active Directory groups. 
If Active Directory groups are not nested, use the default value, “ads”. See 

the Command Line Interface appendix of this guide.

Compare the current time on the Web Security appliance with the current time on the Active 
Directory server and verify that the difference is no greater than the time specified in the “Maximum 
tolerance for computer clock synchronization” option on the Active Directory server. If the Web 

Enter both the server name for the machine where the primary Context 
Directory agent is installed and the shared secret used to access it.

(Optional) Enter the server name for the machine where a backup Context 
Directory agent is installed and its shared secret.

Client Signing Required

Select this option if the Active Directory server is configured to require 
client signing. 

With this option selected, AsyncOS uses Transport Layer Security when 
communicating with the Active Directory server.