Whenever changes are made to any of these settings, click Apply to save your changes and then restart the proxy to put the changes into effect.
Fail Open specifies whether requests are allowed to proceed for processing when user authentication fails.
Cache all authentication credentials -- specifies that user credentials should be cached for all requests. This selection applies to both transparent and explicit proxy.
Cache all authentication credentials except from the specified IP addresses-- specifies that authentication credentials should not be cached when requests are made from the IP addresses added to the list provided. Exceptions listed here apply only when Content Gateway is in explicit proxy mode.
Cache using IP address only – specifies that all credentials are cached with IP address surrogates. This is the recommended method when all clients have unique IP addresses.
Cache using Cookies only – specifies that all credentials are cached with cookie surrogates. This is recommended when all clients share IP addresses, as with multi-host servers such as Citrix servers, or when traffic is NATed by a device that is forwarding traffic to Content Gateway.
Cache using both IP addresses and Cookies – specifies to use cookie surrogates for the IP addresses listed in the cookie caching list, and to use IP address surrogates for all other IP addresses. This is recommended when the network has a mix of clients, some with unique IP addresses and some using multi-user hosts or that are subject to NATing.
Cache Time-To-Live (TTL) specifies the duration, in minutes, that an entry in the cache is retained. When the TTL expires, the entry is removed and the next time that the user submits a request, the user is authenticated. If the authentication succeeds, an entry is placed in the cache.
When enabled, Purge LDAP cache on authentication failure causes the proxy to delete the authorization record for the client from the LDAP cache when an LDAP user authentication failure occurs.
When either Cache using Cookies only or
Cache using both IP addresses and Cookies is enabled, the Cookie Sharing option is automatically enabled.
When load balancing has been configured, all proxies must use the same setting for Redirect Hostname. The value must be the fully qualified domain name (FQDN) of the load balancer.