Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1726
Views
0
Helpful
1
Replies

PIX Authentication timer

cdellis
Level 1
Level 1

‎08-02-2002 07:50 AM - edited ‎02-21-2020 10:02 AM

I have a requirement to authenticate all outbound HTTP connections.

I would like the user to have to authenticate once per session. By session I mean, they open the browser, point to an external site, get prompted for authentication, authenticate and now they can browse to any site they want to without having to re-authenticate. If they close their browser, they are again prompted for authentication.

This is not how the PIX works as far as I can tell. The PIX uses the internal uauth timer which basically has an absolute timeout or an inactivity timeout. In my testing, this has been problem because if a the uauth is set too low the user is re-prompted a number of times during one session. If the timer is set too high, the user could potentially close their browser, shut down the machine, a different user logs in on the same machine and then hi-jacks the authenticated HTTP session from the previous user. This is not acceptable.

Does anyone know of a way that I can authenticate on browser session with the PIX? I know Symantec Enterprise Firewall works this way. Am I not getting my timers right?

Any help is greatly appreciated!

Labels:
0 Helpful
1 Reply 1

yusuff
Cisco Employee
Cisco Employee

‎08-04-2002 02:06 AM

Try configuring VIRTUAL HTTP or VIRTUAL TELNET options;

http://www.cisco.com/warp/public/110/atp52.html#tel_out

http://www.cisco.com/warp/public/110/atp52.html#http

HTH

R/Yusuf

0 Helpful
Customers Also Viewed These Support Documents