15-20
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 15 Managing Firewall AAA Rules
AAA Firewall Settings Policies
Field Reference
Table 15-3 Advanced Setting Tab, AAA Firewall Settings Page
Element Description
Use Secure HTTP
Authentication
Whether to require users making HTTP requests that traverse the
security appliance to first authenticate with the security appliance using
SSL (HTTPS). The user is prompted for username and password.
Secure HTTP authentication offers a secure method for user
authentication to the security appliance prior to allowing HTTP-based
web requests to traverse the security appliance. This is also called
HTTP cut-through proxy authentication.
If you select this option, ensure that your access rules do not block
HTTPS traffic (port 443), and that any PAT configuration also includes
port 443. Also, be aware that a maximum of 16 concurrent
authentications are allowed, and that if you configure 0 for the user
authentication timeout (timeout uauth 0, configured in the Platform >
Security > Timeouts policy) users might be repeatedly prompted for
authentication, making the feature disruptive to your network.
Tip If you do not select this option, HTTP authentication sends the
username and password in clear text.
Enable Proxy Limit
Maximum Concurrent Proxy
Limit per User
Whether to allow proxy connections. If you enable proxies, you must
set a limit on the number of proxy connections allowed for each user,
from 1 to 128. The device default is 16, but you must specify a number.
Interactive Authentication
table (ASA/PIX 7.2.2+)
Use this table to identify the interfaces that should listen for HTTP or
HTTPS traffic for authentication. If your AAA rules require
authentication for these protocols on interfaces designated in this table,
the user is presented with an improved authentication web page as
opposed to the default authentication pages used by the appliance.
These pages are also used for authenticating direct connections to the
device.
• To add an interface to the table, click the Add Row button and fill
in the Interactive Authentication Configuration Dialog Box,
page 15-21.
• To edit a setting, select it and click the Edit Row button.
• To delete a setting, select it and click the Delete Row button.