Note: There is an "and" relationship between selected connections and destinations.
5. Click Next.
6. Choose an authentication method.
Select Bypass authentication (Web traffic is filtered according to IP-based policy rules.)
or
Select Authenticate using (Depending on the options selected, authentication can be
performed for both Active Directory users and guest users.)
■
Single Sign On: Users can authenticate with their stored Active Directory credentials. If
the appliance is configured to allow access as a result of authentication failure (see step
7), users can still gain entry to the network as guests.
— Perform SSO for Mac:When this option is selected, single sign on authentication is
performed for Mac OS X systems using Kerberos. In addition, you must first configure
your Active Directory server to support Kerberos authentication. For instructions, see
“Configuring Active Directory to Support Kerberos for Mac OS X.”
— Authenticate all requests: Select this option to authenticate all user and client
application requests against Active Directory.
This option only takes effect if the appliance is deployed in “Explicit” mode. For more
information about deployment modes, see “Network Deployment.”
If this check box is cleared, the appliance authenticates requests from supported end
user browsers against Active Directory, and uses cached information to authenticate
requests from client applications.
■
Captive Portal: Select this option to allow access through a special web page. If enabled,
users are automatically redirected to this page if single sign on fails or single sign on is
turned off. If the appliance is configured to allow access as a result of authentication failure
(see the next step), users can gain entry to the network through a guest link on the portal
page.
— Enforce a timeout: Specify the number of hours and minutes for which the users will
remain authenticated.The default is 1 hour, after which the session times out.
7. Choose an authentication failure method.
■
Block access: Do not permit unauthenticated access. If single sign on fails or it is turned
off, a web browser pop-up is displayed, prompting for credentials.
■
Allow access: If single sign on fails, allow access using IP-based policy rules. If the Captive
Portal feature is turned on, the login page contains a link to gain access as a guest user.
8. In the Authentication profile name text box, enter a meaningful name for the profile (for
example, "Mobile Devices").
9. Click Save.
To activate the profile, click the Turn On button for that profile name.
To deactivate the profile, click Turn Off beside the profile name.
To delete a profile, select the check box next to the profile name, and click Delete.
136 | Configuration | Sophos Web Appliance
To Next Page
Loading...
Need help?
General
