Configure User Authentication on Symantec Web Gateway (SWG)

Created: 12 Jun 2012 • Updated: 13 Jun 2012
yang_zhang's picture
Login to vote
+3 3 Votes

Symantec Web Gateway can maintain information on the activity of users and departments as defined by Active Directory over LDAP.

Defaultly, the SWG will only record the IP address of the network traffice, but, if there is AD in the environment, you can configure the SWG to record the user information of the network activity, such as User Name, AD Department, and so on.

Here is the simple instruction:

1. Log into SWG web console.

2. Click 'Configuration' under 'Administration' section.

3. Select 'Authentication' tab, click to enbale 'Use LDAP to identify end users':

View Inline Image

Enter the hostname or IP address of your LDAP server.

Enter the LDAP Search Base. The LDAP Search Base must be in DN format such as "dc=test, dc=com".

Enter the user name and password that the Web Gateway will use to access the root of your LDAP server. The User Name format can be MS sam account name, sam account name @ domain or distinguish name (DN) for simple authentication method. Kerberos authentication method only accepts MS sam account name or sam account name @ domain.

Use the dropdown boxes to define the whether users are organized by department or by organizational units and whether the Web Gateway reports should present the LDAP logon name or the full user name.

4. After the configuration, you can click the 'Test' button:

View Inline Image

With NTLM Authentication, the Web Gateway communicates with the end user's browser in order to extract LDAP name; correlate the user's LDAP name with their computer's IP address; and re-enforce the end-user Authentication to the domain controllers when the user's credentials have expired.

5. Under 'NTLM Configuration' section, click to enable 'Enable NTLM Authentication':

View Inline Image

6. After the configuration of the NTLM, you can click the 'Test' button:

View Inline Image

After all these configurations, you need to create a authentication policy.

7. Click 'Configuration' under 'Policies' section.

8. Click the 'Create a New Policy' button:

View Inline Image

9. Under 'User Authentication' section, click to enable 'Authentication setting policy', and select the authentication type:

View Inline Image

10. Save and apply the policy.

If the end user doesn't log into the AD, and there will be a notification for the user to input the credential of the AD when the user try to access the web:

View Inline Image

Then, on the logs of the SWG, there will be the information of the end user:

View Inline Image

 

Filed Under

Tags: