Content Gateway Security > Content Gateway user authentication > Global authentication options
|
|
User authentication Fail Open/fail closed behavior
|
|
Credential Caching options
|
|
The Redirect Options (required for transparent proxy deployments)
|
|
Cookie Sharing options
|
|
Disabled – specifies that requests do not proceed when authentication failures occur.
|
|
Enabled only for critical service failures (default) – specifies that requests proceed if authentication fails due to:
|
|
Enabled for all authentication failures, including incorrect password – specifies that requests proceed for all authentication failures, including password failures.
|
|
|
Cookie Expiration (added in v8.5.3)
|
|
Redirect Hostname specifies an alternate hostname for the proxy.
|
|
Redirect Hostname specifies an alternate hostname for the proxy.
|
To ensure that user authentication for transparent proxy occurs transparently (without prompting the user for credentials), the browser must be configured so that the Redirect Hostname is in its Intranet Zone. Typically, this is achieved by ensuring that the Redirect Hostname is in the same domain as the computer on which the browser is running. For example, if the client is workstation.example.com and the Redirect Hostname is proxyhostname.example.com, the browser allows authentication to occur transparently. Consult your browser documentation.
|
Content Gateway supports transparent authentication in proxy clusters that use WCCP load distribution. However, the assignment method distribution attribute must be the source IP address. For more information see WCCP load distribution.
|
|
Redirect for HTTPS Authentication (available only with v8.5.4) enables authentication of HTTPS requests over HTTPS, using port 8443.
|
To ensure that user authentication for transparent proxy occurs transparently (without prompting the user for credentials), the browser must be configured so that the Redirect Hostname is in its Intranet Zone. Typically, this is achieved by ensuring that the Redirect Hostname is in the same domain as the computer on which the browser is running. For example, if the client is workstation.example.com and the Redirect Hostname is proxyhostname.example.com, the browser allows authentication to occur transparently. Consult your browser documentation.
|
Content Gateway supports transparent authentication in proxy clusters that use WCCP load distribution. However, the assignment method distribution attribute must be the source IP address. For more information see WCCP load distribution.
|
|
Redirect for HTTPS Authentication (available only with v8.5.4) enables authentication of HTTPS requests over HTTPS, using port 8443.
|
|
Select Choose File for both Public and Private keys to import your own keys for use with this feature. Browse to the file you want to use and select it. Files must be in PEM format.
|
|
After selecting each file, click Import Keys to import custom keys (recommended) and store them in the default location.
|
When custom keys are imported, the default files provided by Forcepoint are overwritten. You should backup the default keys prior to importing. See Save Public Key and Save Private Key below.
|
|
Content Gateway Security > Content Gateway user authentication > Global authentication options
|