Manualshelf

Installation guide

ManualsBrandsMicroweb ManualsComputer equipmentPRO Series
81828384858687888990
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide
A-6
LDAP Authentication in Transparent Mode
Before configuring LDAP authentication on IWSVA deployed in transparent mode
(bridge and WCCP), review the following criteria to ensure each item is fully met.
IWSVA must have a valid hostname assigned at Administration > Deployment
Wizard > Network Interface page in the Web console. Make sure the hostname is
also entered in the corporate DNS server.
Ensure that the user ID cache is enabled. By default, this is enabled. If it has been
disabled for any reason, it must re-enabled before enabling transparent mode
authentication. You can enable user ID cache using the
configure module
ldap ipuser_cache enable
command in the CLI.
By default, IWSVA keeps user ID cache information for up to two hours. If you
need to lower the cache timeout value, use the
configure module ldap
ipuser_cache interval
command in the CLI to set a shorter cache interval.
If authentication is enabled, IWSVA will block all nonbrowser applications trying to
access the Internet. For example, the MSN application might try to access the
Internet before the user has a chance to log in to the IWSVA server. If this happens,
the application will be blocked as the user has not successfully authenticated to
IWSVA. You can perform one of the following:
a. Bypass LDAP authentication for the application by adding the URLs that
application accesses to “Global Trusted URLs.” The URLs in this list will
bypass both authentication and content scanning.
b. Instruct users to open their Web browsers and get authenticated before
starting up applications that need Internet access.
c. Add the IP address of the client machine to “LDAP authentication White
List. IP address in this list will bypass LDAP authentication.
When user or group authentication is enabled in either the forward proxy mode or
the transparent mode with the Active Directory, you can take advantage of the
automatic authentication feature provided in the Internet Explorer Web browser.
With automatic authentication, clients already logged on to the domain network can
access the local intranet without having to enter the log on information (such as the
username and password); that is, no password pop-up screen displays.