Web browser changes needed for NTLM

Article:HOWTO36903  |  Created: 2010-12-16  |  Updated: 2011-02-11  |  Article URL http://www.symantec.com/docs/HOWTO36903
Article Type
How To

Product(s)

Environment

Subject

Languages

Web browser changes needed for NTLM

When you employ Active Directory integration with NTLM, Symantec Web Gateway queries user Web browsers for authentication. In many cases, no special configuration is needed. Table: Web browser changes needed for NTLM describes cases in which you must configure user Web browsers.

Manually making changes to the Web browsers on each user's computer may be a lengthy task. You may be able to distribute changes to Internet Explorer on all user computers using Active Directory tools. Altiris software from Symantec or similar software can also automate configuration changes for user Web browsers.

Table: Web browser changes needed for NTLM

Scenarios

Change needed in Web browsers

The following conditions apply:

  • Users access the Internet using a proxy that does not support 401 authentication pass through

  • The Use Interface Name for NTLM Authentication box is checked

Web browsers must be configured to access the Web Gateway interface name directly and not through the proxy. For Internet Explorer, you can make this change centrally using .pac files. The following is a sample .pac file script:

 function FindProxyForURL(url, host)
    {
    if (isPlainHostName(host))
        return "DIRECT";
    else
        return "PROXY 192.168.0.70:8080";
    }

The Use Interface Name for NTLM Authentication box is unchecked

If you do not want to modify DNS, leave Use Interface Name for NTLM Authentication unchecked. Add the IP address of Symantec Web Gateway to the Local Intranet configuration in Internet Explorer. Use the following format: http://num1.num2.num3.num4, such as http://192.168.2.1. You should be able to use Active Directory to push this browser configuration to the users' browsers.

Web browsers other than Microsoft Internet Explorer, such as Mozilla Firefox, Apple Safari, or Google Chrome

You may need to make a configuration change in the Web browser to support transparent NTLM authentication. For example, in Firefox add the IP address of each Symantec Web Gateway in your network to network.automatic-ntlm-auth.trusted-uris on the about:config page. See the Web browser documentation for more information.

Legacy ID



v28088942_v48507552


Article URL http://www.symantec.com/docs/HOWTO36903


Terms of use for this information are found in Legal Notices

Please Sign In

Login using SymAccount.

Knowledge Base Search

Knowledge Base Search

Rate this Article

Help us improve your support experience.

MySymantec

MySymantec

Contacting Support

Contacting Support