Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Enabling cookie mode with standard authentication on InterScan Web Security Virtual Appliance (IWSVA) server

    • Updated:
    • 29 May 2017
    • Product/Version:
    • InterScan Web Security Virtual Appliance 6.0
    • InterScan Web Security Virtual Appliance 6.5
    • Platform:
    • VMware ESXi 4.1
    • VMware ESXi 5.0
    • VMware ESXi 5.1
    • Windows 2008 Server R2 with Hyper-V(TM)
Summary

Learn how to use the standard authentication instead of Captive Portal when there is a NAT or terminal server in your network.

The presence of NAT or terminal server requires disabling ip_user_cache, which will result in a large number of authentication requests that the AD server may not have enough resources to handle. The cookie mode with standard authentication will prevent this issue by decreasing authentication requests.

Details
Public

To configure cookie mode with standard authentication:

  1. Make sure the IWSVA server is running at least IWSVA 6.0 Patch 1 or IWSVA 6.0 Service Pack 1.
  2. On the IWSVA web console, go to Administration > IWSVA Configuration.
  3. Click User Identification and select Standard Authentication.
  4. Open the /etc/iscan/intscan.ini file and look for the parameter "enable_standard_cookie_mode" in the [user-identification] section. If it does not exist, add the said parameter and modify its value similar to the following:

    enable_standard_cookie_mode=yes

  5. Save the changes and close the file.
  6. Run the following commands to disable ip_user_cache and transparent_authentication:

    su enable
    configure module ldap ipuser_cache disable
    configure module ldap trans_auth disable
    exit

  7. Run the following command to restart all IWSVA services:

    /etc/iscan/rcIwss restart

If Full Kerberos Authentication has been enabled, it is neither necessary to set "enable_standard_cookie_mode=yes" in /etc/iscan/intscan.ini nor issue the command "configure module ldap trans_auth disable". In this case, the IP user cache can simply be turned off with the following commands:

su enable
configure module ldap ipuser_cache disable
exit

Premium
Internal
Rating:
Category:
Configure
Solution Id:
1102809
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.