Configuring global authentication settings for IDex

Use this page to control the common behavior, irrespective of the authentication method used.

Time-out

Setting a short time-out increases the load on the device, when using transparent NTLM (see our help topic, Creating authentication policies) or SSL (see our help topic, Customizing the SSL Login Page) sign-in methods. It also increases the rate of reauthentication requests. Setting a long time-out might enable unauthorized users to use the network if users leave devices without logging out. The behavior of some authentication mechanisms is adjusted by the time-out period automatically. For example, the refresh rate updates to make sure that authenticated users don't time out, see our help topic, Managing authentication policies.

Tip: You should encourage users to sign out of the system to make sure that other users of their device can't assume their privileges if a time-out is yet to occur.

IDex settings

If you have more than one Smoothwall Filter and Firewall hardware appliance and are using the IDex system, you need to enter the IDex Cluster nodes so that web filtering information can be shared among them. The IDex Cluster nodes are the IP addresses of the Smoothwall Filter and Firewall hardware appliances. Previously, a technology such as Kerberos, or in the case of BYOD, RADIUS Accounting Forwarding would be used to distribute logged-in user information to other Smoothwall nodes. However, the IDex Cluster eliminates this by sharing the logged-in user information among Smoothwall nodes. The IDex Cluster is also the receiving endpoint for the information delivered from the IDex Agent. You need the IDex Cluster if you're using the IDex Agent. The IDex Cluster is enabled automatically if you define at least one IDex Cluster node or configure an IDex Directory.

Clear directory

You can clear user and group authentication information from the IDex Directory. The clear process is performed across the entire IDex Cluster, there's no need to perform the Clear directory operation on all cluster nodes. Defined mapping is preserved when performing the IDex directory clear.

The process of clearing the IDex directory might take some time to complete and result in higher system load for all nodes in the IDex Cluster. The amount of time to perform the operation will depend on the amount of information stored in the IDex Database, and in turn this depends on the number of users in your system, the number of groups, how many users are logged on, and how many IDex Cluster nodes there are.

Procedure

  1. On the SERVICES menu, under the Authentication submenu, click Settings.
  2. Under the IDex settings section, enter the list of IP address of all IDex Cluster nodes, with each node's IP address on a new line.
    • A list of IP addresses of the Smoothwall Filter and Firewall hardware appliances that share authentication information. The IDex Cluster shares the information received from IDex among all nodes in a Central Management cluster (see our help topic, Setting up a centrally managed system), so that web filtering requests can be load-balanced among them. If your Smoothwall makes use of the ID Indexing System and Central Management features, you must enter the IP addresses of all nodes, including this node's IP address.
  3. To remove obsolete information when you've changed the IDex configuration, click Clear directory.
    • Clears user and group authentication information from the IDex Directory. All information is removed up to the point in time the clear request was made. The Clear operation will log off any users currently logged into the system. Therefore, we recommend that you perform this operation when there's minimal user activity.
  4. To create Smoothwall Firewall rules for groups that contain IDex identified users requiring access, select the Enabled for Apply Firewall Rules that use Groups to users identified by IDex.
    • Determines whether you can create Smoothwall Firewall rules for groups that contain IDex-identified users requiring access to other segments of your internal network. Unless IDex-identified users do need to access other segments of your internal network specifically through the Smoothwall, we recommend that you leave this option off.
  5. Click Save changes.