In this blog post I want to cover the different available authentication methods for Web Access Rules.
A Web Access Rule allows HTTP/HTTPS traffic from a specific source to a specific destination.
There are three different possibilities for "Authentication Methods":
- No Authentication
- LDAP Authentication
If you select "No Authentication" the Web Access Rule will apply to all HTTP/HTTPS Traffic from the specified source to the specified destination (for sure depending on your "Rule Mode" settings ;-) ).
If you want to make use of LDAP Authentication please make sure that the LDAP Authentication Settings are configured properly.
As soon as you select "LDAP Authentication" you will get a new "USERS/GROUPS" tab:
Within this Tab you can choose between Users or Groups and have to enter the appropriate User or Group Name as registered in LDAP:
You can make use of this authentication method if the OS/appliance is part of an Active Directory Domain (or if you want to use local users and groups).
As soon as you select "NTLM/Kerberos Authentication" you will also get a new "USERS/GROUPS" tab:
As soon as you click plus, you get a selection wizard for selecting Users or Groups:
Within this dialog you can browse different locations (local machine or your entire Active Directory Forest) and search for Users and Groups to select them.
With Authentication, you can restrict the validity of a Web Access Rule to a specific set of Users or Groups. Please be aware that the "Web Access Rules" ruleset is processed by first-match. This is especially important if User are member in different Groups.
Also be aware that rules where LDAP or NTLM/Kerberos is configured will not match for transparent HTTP traffic. You have to define a specific ruleset for the transparent mode (without authentication).