Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Web Access Authentication

Status
Not open for further replies.
bowserj

bowserj

MIS
Dec 12, 2000
29
US
I am evaluating Microsoft ISA Server 2004 as a possible replacement for my existing firewall solution (Symantec). One of the features of the current firewall which management likes, and wants to keep in any replacement solution is a requirement to manaully authenticate to access the web.

The users start internet explorer, and are prompted for their username and password. Once they enter this, they have full access to the web. I cannot figure out how to do this in ISA 2004. Is it possible, and if it is, could someone please point me in the right direction?

Thanks
 
Sort by date Sort by votes
I have found a partial solution to this issue. It requires installing the Firewall Client. Is it possible to do this without installing this client?

BOWSER
 
Upvote 0 Downvote
Yes you can authenticate web proxy clients. On the outgoing web listner, check the "authenticate users" option and make sure you enable "integrated authentication" as well. This won't pop up the authentication box and the proxy client automatically gets the info from the client machine. There are few issue you need to consider if you enable web access authentication using Firewall or secureNat clients. Both SecureNAT and firewall clients need to go through HTTP redirector to reach web proxy service, which will discard the authentication information. Then you will only see "anonymous" logins. So, enable web proxy at the same time enabling firewall or secNat options. Make sure that the HTTP redirector is set to disable HTTP request from SecureNat and firewall clients. This should give you the results you want.
 
Upvote 0 Downvote
Yes, you can just use the firewall client itself to authenticate web access, if you don't use web proxy service. The disadvantage is you will not be able to use the cache. Users can simply disable the firewall client and become a SecureNat client to access the webpages and you can't authenticate these connections. So the best plan is to disable secNat and firewall clients ability to access web pages. Use HTTP redirector filter to force them to use web proxy service.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
988
Shmid
Shmid
ISDPCMAN
  • Locked
  • Question
Cannot connect to TZ-215 Sonicwall appliance with web browser!
Replies
0
Views
244
ISDPCMAN
ISDPCMAN
markd885
  • Locked
  • Question
PAC file redirect web page to another gateway
Replies
0
Views
205
markd885
markd885
gbayi_omo
  • Locked
  • Question
Cisco ASA 5505 not allowing access to highest security zone
Replies
0
Views
213
gbayi_omo
gbayi_omo
kythri
  • Locked
  • Question
Restrict access to SSL VPN by IP (ASA 5540 - 8.4(7))
Replies
0
Views
213
kythri
kythri

Part and Inventory Search

Sponsor

Back
Top