cancel
Showing results for 
Search instead for 
Did you mean: 

Authentication question

We're using NTLM authentication to authenticate users using browsers and logged in to the AD domain.

We would like to authenticate if possible, but continue if not. Then the "Unauthenticated connections" rule provides the filtering rules for unauthenticated connections.

This is what our policy looks like. The "Authenticate" action stops processing if the connection isn't authenticated.

Capture.PNG

Has anyone successfully implemented "authenticate if possible, continue if not"?

Mike

4 Replies

Re: Authentication question

Hello Mike -

It sounds like the "Try Authentication" rule from the rule set library is exactly what you're looking for.

Within this rule set you can create filtering rules for "Not Authenticated Users" (Authentication.Failed equals true)

To import this rule set:

Policy > Rule Sets > Add...Rule Set From Library > Authentication > Try Authentication

In the "Authenticate" rule remember to switch the auth method to NTLM instead of the default User Database.

-Brent

Re: Authentication question

Thanks for your reply, Brent, but processing still stops on the "Authenticate" action.

Mike

McAfee Employee jscholte
McAfee Employee
Report Inappropriate Content
Message 4 of 5

Re: Authentication question

Hi Mike,

The difference between your ruleset and "try auth" is one main thing, the criteria of the rule in your screenshot.

Is the criteria Authentication.Authenticate<Settings> AND Authentication.Failed equals false? If so, then this indicates that the client isnt attempting to authenticate at all, and therefore we cannot "try auth". The premise of try auth is that we receive something to see if they will be accepted. If we receive nothing, then there is nothing to try.

Otherwise make sure you have the AND in the criteria.

Best,

Jon

Re: Authentication question

There must be something that I'm not seeing. I can test authentication.failed in either/both the ruleset header and the rule. No change. The answer is still "Proxy request sent, awaiting response... 407 authenticationrequired".

     Capture.PNG

Mike

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community