IP-based authentication applies authentication by source IP address. For explicit web proxy, IP authentication is compatible with basic, digest, NTLM, form or FSSO authentication methods. Once a user authenticates, all sessions to the explicit web proxy from that IP address are assumed to be from that user and are accepted until the authentication timeout ends or the session times out.

This method of authentication is similar to standard (non-web proxy) firewall authentication and may not produce the desired results if multiple users share IP addresses (such as in a network that uses virtualization solutions or includes a NAT device between the users and the explicit web proxy).

To configure IP-based authentication, add a security policy for the explicit web proxy, set the Policy Subtype to User Identity, set the Incoming Interface to web-proxy, and make sure IP Based is selected before adding identity-based policies. You can also set the authentication method to basic, digest, NTLM, form or FSSO.

Use the following CLI command to add IP-based authentication to a web proxy security policy. IP‑based authentication is selected by setting ip-based to enable.