Need to know the most appropriate authentication mode to use for a specific proxy deployment.
There are a number of authentication modes to choose from, when configuring ProxySG to use authentication. The following table summarises which mode to be used in each type of proxy deployment in a generic sence. One may use a different mode based on their situation.
Explicit |
Transparent |
Reverse Proxy |
|||
Surrogate Type |
Proxy Challenge |
Origin Challenge |
Form Challenge |
Origin Challenge |
Form Challenge |
IP Surrogate |
Proxy IP |
Origin IP Redirect |
Form IP Redirect |
Origin IP |
Form IP |
Cookie Surrogate |
|
Origin Cookie Redirect |
Form Cookie Redirect |
Origin Cookie |
Form Cookie |
TCP Connection Surrogate |
Proxy |
Origin |
|
These modes are explained in detail in Knowledgebase article 166803.
Surrogate Types
IP |
The IP address of the client PC is used to remember who the user is. This mode cannot be used in a NAT / Terminal Server environment. |
Cookie |
The proxy allocates a cookie to the user and uses this to remember who the user is. This mode can be used in a NAT / Terminal Server environment. |
TCP |
Each TCP connection made to the proxy requires authentication. This mode can be used by clients that do not support cookies. Because each TCP connection made by the client requires authentication this mode is very secure, but increases the load on the ProxySG appliance and on the authentication infrastructure. |