Symptom:

When enabling a proxy with authentication (IWA, NTLM), using Firefox still prompts for user credentials to the WCG.


Cause:

By default, Firefox does not automatically send an NTLM response when users are being authenticated.


Solution:

In the Firefox address bar, type the following:

  • about:config

Search for the following setting:

  • network.automatic-ntlm-auth.trusted-uris

Edit the string value (Kerberos) to include the IP(s) (including any VIP address), host, and fully qualified domain name of the Content Gateway. You may even want to add the active directory FQDN.

NOTE: Due to the nature of how transparent proxy works, NTLM authentication will look like it is coming from the destination site even though it is really Websense Content Gateway that is making the request. If you are using a transparent proxy implementation, you will want to change the string value to:

  • http://,https://,ftp://


Batch script:

@echo off

echo ==================================
echo    Enabling Firefox Proxy Auth
echo ==================================
cd /D "%APPDATA%\Mozilla\Firefox\Profiles\*.default*"
echo user_pref("network.automatic-ntlm-auth.trusted-uris", "http://,https://,ftp://");>>prefs.js
echo.
echo Done!
pause