Barracuda Web Filters in graphical thin client environments, all firmware verisons.
Currently, there are a few options for integrating the Web Filter with Terminal Services/Citrix environments.
- NTLM/Kerberos: The Barracuda Web Filter will natively integrate and authenticate sessions using the Microsoft Windows NTLM or Kerberos authentication protocols. NTLM or Kerberos allow the Web Filter to seamlessly identify unique users and their browsing sessions without the need for a DC agent, or manual authentication.This will allow user and group specific policies and reporting through single-sign-on authentication and without the need for local user account management on the Barracuda Web Filter. For more information on setting up NTLM authentication, see Solution #00003296. For more information on setting up Kerberos authentication, see solution Solution #00003975. NTLM Authentication support is available in Firmware Release 3.3 and later. Kerberos Authentication support is available in Firmware Release 4.1 and later.
- Citrix-Virtual IP: Newer versions of Citrix allow the administration to assign virtual IP addresses to each user session. With unique IP addresses for each user, the Web Filter can use its standard authentication schemes (LDAP and the DC Agent) to uniquely apply policy and reporting to each specific user.
Segment users on the Windows Terminal Servers so that users with the same group permissions are hosted from the same IP addresses. This will allow policy to be applied properly with IP-based policy rather than group policy. This can be accomplished through policy on the Windows Terminal Services Session Broker.
- General Terminal Services policy: Some environments do not require individual reporting or granular policy controls. In this scenario, a generic policy can be applied to each Terminal Server and a single policy can be enforced for all Terminal Services users.