authenticated sessions allow a user on the internet to access the lan without restrictions, or allow a user on the

    lan to access the internet without restrictions, bypassing the web site filters.

    make sure that the web browser software being used to establish an authenticated session support java, javascript or activex scripting.

    to establish an authenticated session, you point your web browser at the internet firewall’s web address. this process is identical to the administrator login.

    a dialog box is displayed, asking you for the user name and password (see figure 15). after filling in these boxes and

    clicking login, the password is verified using md5 authentication. the password is never sent ”in the clear” over the internet, preventing password theft and replay attacks.

    once authenticated, remote users can access all ip resources on the lan, and users on the lan can bypass the web site filter. the connection closes if user inactivity on the connection exceeds the configured time-out period. in that case, the remote user must re-authenticate. if it seems like authentication is failing for no reason, make sure that the caps lock key on the keyboard is not on.

    nat must not be enabled for remote authenticated access.