Showing results for 
Search instead for 
Did you mean: 

WCCP and User Authentication with AD

I am new to web filtering and am currently setting up a MWG7 install.  We would like to use WCCP protocol to connect to our Cisco ASA and NTLM to integrate the Authentication to Active Directory.  We are a college campus and have users who are unauthenticated on our  network and users who are authenticated (separate vlans).  Currently our WiFi is open (I know, I know.. I am new to the college and my next project is to lock down the wireless network).   In the ideal implementation I would like users who log on to domain computers to not have to authenticate for internet access through the WebGateway and get a specific ruleset as they have used the AD credentials to log on to the computer. I would like students and guests to our network to not have to authenticate as well, but have a different rule set.   I want to log the users activity that have logged into the domain and am not as concerned about those who are unauthenticated.  I believe I have figured out the rules sets and lists by reading other members configurations.

The question is if my setup with WCCP and NLTM will auto process users who have logged on to domain computers and if not how should I configure the WebGateway to our network?



4 Replies
Level 10
Report Inappropriate Content
Message 2 of 5

Re: WCCP and User Authentication with AD

Please take a look at this thread.

It will help with your question and make sure to read all of it hence its had a revision of the Rule.


on 2/16/11 9:51:49 AM CST

Re: WCCP and User Authentication with AD

Thanks Saul.  Is this the only way to make this work?  Most of our users use firefox (or even Safari and Chrome) as a web browser.  Also this would not help our guests and students accessing the internet, would it?  Should I be looking at another configuration, other then WCCP?

We want this to be as transparent as possible.  It is very political here and this would not go over well.



Level 12
Report Inappropriate Content
Message 4 of 5

Re: WCCP and User Authentication with AD

Safari would not be supported for transparent NTLM authentication.  The user would get a pop-up box asking to authenticate.

Firefox will work but will needs to be setup to pass NTLM authentication if you want it to work transparently.   Otherwise it will pop a box to authenticate as well.  A simple add on is NTLM Auth.

Chrome will work just fine.  It uses IE settings.

IE should work just fine without having to do anything.  It already trusts intranet sites and will pass authentication.

Handling the unauthenticated students would be easy because they would be on a separate vlan.  You can make a rule that says: If this vlan (ip address range) then do not authenticate.  Then any browser they use will work fine.

Message was edited by: jont717 on 2/16/11 4:59:15 PM CST

Re: WCCP and User Authentication with AD

Is there another method I should be looking at that would do what we want?

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community