When you employ Active Directory integration with NTLM, Symantec Web Gateway queries user Web browsers for authentication. In many cases, no special configuration is needed.
Manually making changes to the Web browsers on each user's computer may be a lengthy task. You may be able to distribute changes to Internet Explorer on all user computers using Active Directory tools. Altiris software from Symantec or similar software can also automate configuration changes for user Web browsers.
The Symantec Web Gateway proxy supports basic 401 authentication from Web sites. Web sites that require NTLM 401 authentication or a higher level of 401 authentication are unsupported.
Users access the Internet using a proxy that does not support 401 authentication pass through.
The Use Interface Name for NTLM Authentication box is checked.
Web browsers must be configured to access the Web Gateway interface name directly and not through the proxy. For Internet Explorer, you can make this change centrally using .pac files. The following is a sample .pac file script:
function FindProxyForURL(url, host)
return "PROXY 192.168.0.70:
The Use Interface Name for NTLM Authentication box is unchecked.
If you do not want to modify DNS, leave Use Interface Name for NTLM Authentication unchecked. Add the IP address of Symantec Web Gateway to the Local Intranet configuration in Internet Explorer. Use the following format: http://num1.num2.num3.num4, such as http://192.168.2.1. You should be able to use Active Directory to push this browser configuration to the users' browsers.
Web browsers other than Microsoft Internet Explorer (for example, Mozilla Firefox, Apple Safari, or Google Chrome).
You may need to make a configuration change in the Web browser to support transparent NTLM authentication. For example, in Firefox add the IP address of each Symantec Web Gateway in your network to network.automatic-ntlm-auth.trusted-uris on the about:config page. See the Web browser documentation for more information.
Imported Document ID: HOWTO54115
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe