Navigate to the Configure > Security > Access Control > Global Authentication Options tab.
Fail Open – Specifies whether requests are allowed to proceed when user authentication fails.
Disabled – specifies that requests will not proceed when authentication fails.
Enabled only for critical service failures (default) – specifies that requests proceed if authentication fails due to:
Enabled for all authentication failures, including incorrect password – specifies that requests proceed for all authentication failures, including password failures.
IP address-based NTLM Credential Caching is enabled by default. Credential caching applies only when Content Gateway is an explicit proxy. Credentials are cached when authentication is successful. When Multiple Realm Authentication is enabled, cookie-based credential caching can be specified in each realm rule. If it is not specified, this setting applies.
Caching TTL sets the time-to-live for entries in the credential cache. The default TTL is 900 seconds (15 minutes). To change the TTL, enter a new value in the entry field. The range of supported values is 300 to 86400 seconds.
If some users use terminal servers to access the Internet through the proxy (e.g., Citrix servers), you can create a list of those servers in the Multi-user IP Exclusions field. Credentials for such users are not cached. Enter a comma separated list of IP addresses and IP address ranges.