Web Filter: Authentication Configuration

Authentication Configuration Procedures:

When configuring the Web Filter server for authentication, settings must be made in System and Policy windows in the Administrator console.

System section

The first settings for authentication must be made in the System section of the Administrator console in the following windows: Operation Mode, LAN Settings, Enable/Disable Authentication, Authentication Settings, Authentication SSL Certificate (if Web-based authentication will be used), and Block Page Authentication.

1. Select “Mode” from the navigation panel, and then select “Operation Mode” from the pop-up menu. The entries made in the Operation Mode window will vary depending on whether you will be using the invisible mode, or the router or firewall mode.

NOTE: The mobile mode should only be used if this Web Filter will be filtering users on workstations physically located outside of the office. If using software version 4.x.xx, click here for information about configuring a Web Filter in the mobile mode using the legacy Mobile Client application.

In the Listening Device frame, set the Listening Device to “LAN1”. In the Block Page Device frame:
• If using the invisible mode, select “LAN2”.
• If using the router or firewall mode, select “LAN1”.

2. Select “Network” from the navigation panel, and then select “LAN Settings” from the pop-up menu. The entries made in this window will vary depending on whether you are using the invisible mode, or the router or firewall mode. No matter which mode you use, the LAN 1 and LAN 2 IP addresses should be in a different subnet.
• If using the invisible mode: For the LAN1 IP address, enter 32 for the subnet mask.
• If using the router or firewall mode: Enter the appropriate IP address in each field.

3. Select “Authentication” from the navigation panel, and then select Enable/Disable Authentication from the pop-up menu. Enable authentication, and then select one of three tiers in the Web-based Authentication frame:
• Tier 1: Choose this option if you will be using net use based authentication for Active Directory domains.
• Tier 2: Choose this option if using LDAP authentication, and you want the user to have a time limit on his/her Internet connection.
• Tier 3: Choose this option if using LDAP authentication, and you want the user to maintain a persistent network connection.

NOTE: If using Tier 1, specify whether Keep Alives will be sent on a connection to verify if it is still active. If Trustwave Authenticator or Novell eDirectory Agent are implemented, Tier 2 or Tier 3 can be used as a fallback solution.

NOTE: Active Directory Agent is no longer supported as of software release 5.0.10.

WARNING: If enabling Novell eDirectory Agent, the agent will immediately begin scanning Novell eDirectory-based domain labels.

4. Select “Authentication” from the navigation panel, and then select “Authentication Settings” from the pop-up menu. In the Settings frame, enter general configuration settings for the Web Filter such as IP address entries. In the NIC Device to Use for Authentication field:
• If using the invisible mode: Select LAN2 for sending traffic on the network—in particular, for transferring authentication data.
• If using the router or firewall mode: Select LAN1.

5. Select “Authentication” from the navigation panel, and then select Authentication SSL Certificate from the pop-up menu. This option should be used if Web-based authentication will be deployed on the Web Filter. Using this option, a Secured Sockets Layer (SSL) self-signed certificate is created and later placed on client machines so that these machines will recognize the Web Filter as a valid server with which they can communicate.

6. Select “Control” from the navigation panel, and then select “Block Page Authentication” from the pop-up menu. Select the Re-authentication Options to be used. If the “Re-authentication” option is selected, enter the login script path to be used by the Web Filter for re-authentication purposes.

Top

Policy section

In the Policy section of the Administrator console, choose LDAP from the tree and do the following:

1. Add a domain from the network to the list of domains that will have users authenticated by the Web Filter.

NOTE 1: If the network has more than one domain, the first one you add should be the domain on which the Web Filter resides.

NOTE 2: When enabling Novell eDirectory Agent, a backup server can be specified in the event that communication is lost between the primary Novell eDirectory server and Novell clients.

2. Create filtering profiles for each group within that domain.

3. Set the group priority by designating which group profile will be assigned to a user whe he/she logs in. If a user is a member of multiple groups, the group that is positioned highest in the list is applied.

4. Create unique filtering profiles for individual users and machines, if necessary.

Related Topics:

Authentication Settings
Active Directory Agent (not supported in 5.0.10 and higher)
Login Scripts
3-Try Login Script
Tier 2 and Tier2/Tier1 Scripts

Back | Top