In a Network Address Translation (NAT) or Terminal Services environment, users share one source IP address. A proxy server that requires authentication can only authenticate one user and will not authenticate the the rest of the users because of the same source address. Because of this, using IWSVA may result to incorrect enforcement of policies and may produce inaccurate reports.
To prevent this problem, IWSVA must authenticate all HTTP connections by disabling IP to User caching. The main requirement is that all computers that are using IWSVA as a proxy (including the Terminal Servers) must be members of the same domain where IWSVA is part of.
To disable IP-User cache:
- Log on to IWSVA as root.
- Set the following parameter in the /etc/iscan/intscan.ini file:
- Restart the IWSVA HTTP daemon using the following commands: