Policy Groups; Role-Based User Accounts - McAfee MAP-3300-SWG - Web Security Appliance 3300 Product Manual

When a user attempts an HTTP connection, the appliance tries to authenticate the user with the first
authentication service in the group. If the user is not authenticated by this service, the appliance tries
the next service.
Table 234 Option definitions
Option Definition
Add Service When clicked, opens a wizard to help you configure a service.
Add Group When clicked, opens another window where you can provide a name for a
group of services.
Give a suitable name to the group so that you can refer to the group easily
when specifying the authentication policy for HTTP connection to each of your
networks.
Authentication cookie
Specifies a string to be appended to the authentication cookie name generated
suffix
by the appliance. The cookie prefix default is SCMAuth_.
Log the user's identity When selected, displays user names in the log file. If not selected, the user
name is blank. In some countries, logging individual user names is not
permitted.
When selected, the appliance will perform reverse DNS lookup of the fully
Use reverse DNS lookups
qualified hostname (FQDN) of the appliance that is specified in the Kerberos
with Kerberos
authentication authentication service settings.
If selected, ensure your DNS is set up correctly for the hostname for both
forward and reverse lookups, otherwise significant delays can occur during
authentication of users.
When clicked, opens another page. To open the page at other times, select Web
Configure HTTP user
authentication | Web Configuration | HTTP | Connection Settings from the navigation bar.

Policy Groups

Use this page to build lists of users and networks to which you can apply policies.
System | Users, Groups and Services | Policy Groups
This is useful where you cannot define a part of the network or groups of users who are listed by a
directory service. For example, you can create a policy group called Managers, which lists the email
addresses of several managers.

Role-Based User Accounts

Use this page to create user accounts with different roles. For example, some users can make changes
to important settings, while others can only generate reports.
System | Users, Groups and Services | Role-Based User Accounts
Use this page also to make a list of Kerberos realms or Active Directory domains, and set a timeout for
each browser session.
The page has these sections:
McAfee Email and Web Security Appliances 5.6.0 Product Guide
Overview of System features
Users, Groups and Services
241