ntlm enable

In a scenario where the user accesses the Internet through a proxy server, the FW does not support NTLM authentication.

A prerequisite of NTLM authentication is that the browser must support NTLM authentication. Otherwise, the browser cannot automatically provide user login information. At present, IE and Chrome support NTLM authentication. However, you must enable automatic logon in Internet Options.

1. In the Internet Options dialog box, click the Security tab and then Custom level.
2. Click Automatic logon with current user name and password in User Authentication > Logon.

By default, the NTLM authentication function is disabled.

In an AD domain authentication environment where NTLM authentication is enabled, if a user that already logs in to the AD domain accesses the Internet through the browser, the user no longer needs to enter the user name or password. FW serves as the NTLM authentication proxy, triggers NTLM authentication between the browser and AD server, transfers NTLM authentication messages, and obtains the user ID in the authentication process.

After enabling NTLM authentication in the portal authentication template view, you must also run the ntlm auth-server address ip-address port port-number command to specify an AD server address.

In NTLM authentication, the FW does not prompt a portal authentication page for entering the user name and password. This process, however, involves redirection for authentication. Therefore, you must run the portal-url url-address command in the portal authentication template view to configure the URL of the portal authentication page, namely, https://interface IP address:8887.