Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX Authentication timer

I have a requirement to authenticate all outbound HTTP connections.

I would like the user to have to authenticate once per session. By session I mean, they open the browser, point to an external site, get prompted for authentication, authenticate and now they can browse to any site they want to without having to re-authenticate. If they close their browser, they are again prompted for authentication.

This is not how the PIX works as far as I can tell. The PIX uses the internal uauth timer which basically has an absolute timeout or an inactivity timeout. In my testing, this has been problem because if a the uauth is set too low the user is re-prompted a number of times during one session. If the timer is set too high, the user could potentially close their browser, shut down the machine, a different user logs in on the same machine and then hi-jacks the authenticated HTTP session from the previous user. This is not acceptable.

Does anyone know of a way that I can authenticate on browser session with the PIX? I know Symantec Enterprise Firewall works this way. Am I not getting my timers right?

Any help is greatly appreciated!

Cisco Employee

Re: PIX Authentication timer

CreatePlease login to create content