PROXY AUTHENTICATION (LOCAL)

I. Configure a Local Authentication Realm

Follow these steps to configure a Local authentication realm and some users.

1. Log in to the web-based management console.

2. Browse to the Configuration tab > Authentication > Local

3. In the Local Realms tab, click New.

4. Enter a name for the local realm. For this example, "TestRealm" will be used as the realm name.
5. Click the Local Main tab. Make note of the local user list name, as it will be necessary in the next section.

6. Click Apply.
User and group definitions are managed from the Command Line Interface (CLI). The steps below will
guide you through creating users and groups.

1. Log in to the CLI and enter enable and configuration terminal mode.
2. At the (config) prompt, type: security local-user-list edit local_user_database

3. Add a group with the following command: group create TestRealmUsers

4. Create user accounts with the following steps: user create user1

5. Edit the user account to define the password and user group details for the user account: user edit
user1
6. Create a password for the account by entering: password 123456 (Replace 123456 with an appropriate
password)

Repeat this process for all user accounts you want to create.
II. Configure Authentication Policy

With an authentication realm configured, you can now configure policy on the ProxySG appliance to
authenticate, log and control user access to your web server. The steps below will guide you through
setting up a rules to authenticate users, restrict access for specific users and groups and to deny all other
access to the web server.

Create a Rule to Authenticate Users:

1. Browse to the Configuration tab > Policy > Visual Policy Manager and click Launch.
2. Click the Policy menu and select Add Web Authentication Layer. (Note: If you already have existing Web
Authentication Layer, you can just create authentication policy from that layer. Follow steps 3-7. Please
consider the policy sequence.)
3. Right-click the Source field, click Set, New, choose your network subnet/IP address (for example,
10.10.10.0/24).

4. Right-click the Action field, click Set, New, Authenticate.

5. Choose the authentication realm you would like to use to authenticate users.

6. Select an authentication mode from the Mode dropdown, (click here for information on authentication
modes) (https://support.symantec.com/en_US/article.TECH242539.html) to ensure that the ProxySG
sends the appropriate type of challenge to users.
7. Click OK, then OK.
Create a Rule to Allow Users for Web Access:

1. Click the Policy menu and select Add Web Access Layer. (Note: If you already have existing Web Access
Layer, you can just create access policy from that layer. Follow steps 2-5. Please consider the policy
sequence.))
2. Right-click the Source field, click Set, choose your network subnet/IP address (for example,
10.10.10.0/24) and the local users involved. With this you need to create a combined source object for
the subnet and user.

3. To create user object, click New, User. Type username of the user, and choose the realm involved. Click
OK. User object is now created.
4. To create combined source object, click New, Combined Source Object. Choose the subnet and users
involved. In our example, we have added 10.10.10.0/24 and user1 on our combined object. Please take
note to have these source objects on separate ‘At least one of these objects’ box so we can have an ‘AND’
combined source object. Click OK, OK.
5. Set Action to Allow

6. Click Install Policy to commit these changes.