Authentication
Configuration Procedures:
When configuring
the Web Filter server for authentication, settings must be made in System
and Policy windows in the Administrator console.
System
section
The first settings for authentication must be made in the System
section of the Administrator console in the following windows: Operation
Mode, LAN Settings, Enable/Disable Authentication, Authentication
Settings, Authentication SSL Certificate (if Web-based authentication
will be used), and Block Page Authentication.
1. Select Mode from the navigation panel, and then select
Operation Mode from the pop-up menu. The entries made
in the Operation Mode window will vary depending on whether you
will be using the invisible mode, or the router or firewall mode.
NOTE:
The mobile mode, available in Web Filter software release 4.x.xx,
should only be used if this Web Filter will be filtering users on
workstations physically located outside of the office. Click here
for information about configuring a Web Filter in the mobile mode
for software release 4.x.xx.
In the Listening Device frame, set the Listening Device to LAN1.
In the Block Page Device frame:
If using the invisible mode, select LAN2.
If using the router or firewall mode, select LAN1.
2. Select Network
from the navigation panel, and then select LAN Settings
from the pop-up menu. The entries made in this window will vary
depending on whether you are using the invisible mode, or the router
or firewall mode. No matter which mode you use, the LAN 1 and LAN
2 IP addresses should be in a different subnet.
If using the invisible mode: For the LAN1 IP address, enter
32 for the subnet mask.
If using the router or firewall mode: Enter the appropriate
IP address in each field.
3. Select Authentication from the navigation panel, and
then select Enable/Disable Authentication from the pop-up menu.
Enable authentication, and then select one of three tiers in the
Web-based Authentication frame:
Tier 1: Choose this option if you will be using net use based
authentication for Active Directory domains.
Tier 2: Choose this option if using LDAP authentication,
and you want the user to have a time limit on his/her Internet connection.
Tier 3: Choose this option if using LDAP authentication,
and you want the user to maintain a persistent network connection.
NOTE: If using
Tier 1, specify whether Keep Alives will be sent on a connection
to verify if it is still active. If Authenticator or Novell eDirectory Agent are implemented, Tier 2 or Tier 3 can be used
as a fallback solution.
NOTE: Active
Directory Agent is no longer supported as of software release
5.0.10.
WARNING: If enabling Novell eDirectory Agent, the agent will immediately
begin scanning Novell eDirectory-based domain labels.
4. Select Authentication from the navigation panel,
and then select Authentication
Settings from the pop-up menu. In the Settings frame,
enter general configuration settings for the Web Filter such as IP address
entries. In the NIC Device to Use for Authentication field:
If using the invisible mode: Select LAN2 for sending traffic
on the networkin particular, for transferring authentication
data.
If using the router or firewall mode: Select LAN1.
5. Select Authentication from the navigation panel,
and then select Authentication SSL Certificate from the pop-up menu.
This option should be used if Web-based authentication will be deployed
on the Web Filter. Using this option, a Secured Sockets Layer (SSL) self-signed
certificate is created and later placed on client machines so that
these machines will recognize the Web Filter as a valid server with which
they can communicate.
6. Select Control from the navigation panel, and then select
Block Page Authentication from the pop-up menu. Select
the Re-authentication Options to be used. If the Re-authentication
option is selected, enter the login script path to be used by the
Web Filter for re-authentication purposes.
Top
Policy
section
In
the Policy section of the Administrator console, choose LDAP from
the tree and do the following:
1. Add a domain from the network to the list of domains that will
have users authenticated by the Web Filter.
NOTE 1: If the network has more than one domain, the first one you
add should be the domain on which the Web Filter resides.
NOTE 2: When enabling Novell eDirectory Agent, a backup server can
be specified in the event that communication is lost between the
primary Novell eDirectory server and Novell clients.
2. Create filtering profiles for each group within that domain.
3.
Set the group priority by designating which group profile will be
assigned to a user whe he/she logs in. If a user is a member of
multiple groups, the group that is positioned highest in the list
is applied.
4. Create unique filtering profiles for individual users and machines,
if necessary.
Related
Topics:
Back
| Top
|