Which type of authentication mode should be used for specific proxy deployments?

book

Article ID: 167462

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

Need to know the most appropriate authentication mode to use for a specific proxy deployment.

Resolution

There are a number of authentication modes to choose from, when configuring ProxySG to use authentication. The following table summarises which mode to be used in each type of proxy deployment in a generic sence. One may use a different mode based on their situation.

 

Explicit
Forwarding Proxy

Transparent
Forwarding Proxy

Reverse Proxy

Surrogate Type

Proxy Challenge

Origin Challenge
with redirection

Form Challenge
with redirection

Origin Challenge

Form Challenge

IP Surrogate

Proxy IP

Origin IP Redirect

Form IP Redirect

Origin IP

Form IP

Cookie Surrogate

 

Origin Cookie Redirect

Form Cookie Redirect

Origin Cookie

Form Cookie

TCP Connection Surrogate

Proxy

  

Origin

 

 These modes are explained in detail in Knowledgebase article 000012964.

Surrogate Types

IP

The IP address of the client PC is used to remember who the user is. This mode cannot be used in a NAT / Terminal Server environment.
 

Cookie

The proxy allocates a cookie to the user and uses this to remember who the user is. This mode can be used in a NAT / Terminal Server environment.
 

TCP

Each TCP connection made to the proxy requires authentication. This mode can be used by clients that do not support cookies. Because each TCP connection made by the client requires authentication this mode is very secure, but increases the load on the ProxySG appliance and on the authentication infrastructure.

For further details on surrogate credentials, see 000015171.