IP-based authentication applies authentication by source IP address. For the explicit web proxy, IP authentication is compatible with basic, digest, NTLM, FSSO, or RSSO authentication methods. Once a user authenticates, all sessions to the explicit web proxy from that user’s IP address are assumed to be from that user and are accepted until the authentication timeout ends or the session times out.

This method of authentication is similar to standard (non-web proxy) firewall authentication and may not produce the desired results if multiple users share IP addresses (such as in a network that uses virtualization solutions or includes a NAT device between the users and the explicit web proxy).

To configure IP-based authentication, add an explicit web proxy security policy, set the Action to AUTHENTICATION, and select Enable IP Based Authentication is selected.

Use the following CLI command to add IP-based authentication to a web proxy security policy. IP‑based authentication is selected by setting ip-based to enable.