User authentication

You can configure the Web Gateway to validate user identities by means of the following:

• Client Basic Authentication using LDAP
• Client Integrated Authentication using Domain Controller
• Client Integrated and Basic Authentication using Domain Controller
• Kerberos Authentication using Kerberos Key Distribution Center
• Kerberos and Basic Authentication using Kerberos Key Distribution Center

Alternatively, you can choose to not authenticate users; in which case, any machine whose IP address is contained in a Machine List will be able to use the Web Gateway as a proxy, regardless of the user.

You can apply HTTP and HTTPS authentication across both explicit and transparent proxy modes.

NTLM Authentication

When utilizing Client Integrated Authentication using a domain controller (with or without basic authentication), you can choose between two modes for NTLM authentication:

• Single server using a single Domain Controller. If this fails, the service will be interrupted.
• Automatic using multiple Domain Controllers. This allows multiple Domain Controllers to be configured for the connected domain; if one fails another will automatically be used to ensure continuity of service.

See also...

• The About Machine Lists topic for managing non-authenticated users.
• The About Proxy Mode topic for explicit and transparent authentication options.
• The LDAP Synchronized Address Lists / LDAP Synchronized User Name Lists topic for creating and editing an LDAP Synchronized User Name/Address List.

Authentication can be bypassed by adding the user to the Authentication Bypass list.