User authentication is required for access to the WinRoute's web interface. Any user with their own account in WinRoute can authenticate to the web interface (regardless their access rights).
Note
Authentication at the web interface is a basic user authentication method at the firewall. Other authentication methods are described in chapter 10.1 Firewall User Authentication.
Authentication page through which users login to the firewall against username and password.
Warning
If more than one Active Directory domain are used (see chapter 15.4 Active Directory domains mapping), the following rules apply to the user name:
User from the local database — the name must be specified without the domain (e.g.
admin),Primary domain — missing domain is acceptable in the name specification (e.g.
jsmith), but it is also possible to include the domain (e.g.jsmith@company.com),Other domains — the name specified must include the domain
(e.g.
drdolittle@usoffice.company.com).
If none or just one Active Directory domain is mapped, all users can authenticate by their usernames without the domain specified.
If the user is re-directed to the page automatically (after inserting the URL of a page for which the firewall authentication is required), he/she will be re-directed to the formerly requested website after successful login attempt. Otherwise, the web interface's welcome page is displayed.
The welcome page varies depending on the rights of the user (see chapter 15.1 Viewing and definitions of user accounts):
If the user is allowed to view statistics, the web interface will switch to the Kerio StaR mode and it will start with the page of overall statistics (the overall tab — for details, see chapter 21 Kerio StaR — statistics and reporting). The My Account option available at the upper-right corner can be used to switch to the user settings. It is possible to return to the statistics page by the Statistics link.
If the user is not allowed to view statistics, user status info page is displayed instead (see chapter 11.3 Status information and user statistics).
Once finished with activities where authentication is required, it is recommended to log out of the firewall by using the Logout button. It is important to log out especially when multiple users work at the same host. If a user doesn't log out of the firewall, their identity might be misused easily.
User can be logged on the firewall even if they have not used the web interface — e.g. if the firewall required user authentication during access to a website (for details, refer to chapter 10 User Authentication). To make user avoid opening the web interface when finishing their work and clicking on Logout, WinRoute includes a direct link for user logout:
http://server:4080/logout
or
https://server:4081/logout
This URL performs immediate logout of the user without the need of opening of the web interface's welcome page.
Hint
URL for user logout from the firewall can be added to the web browser's toolbar as a link. User can use this “button” for quick logout.
If an access to the web interface is attempted when an authentication from the particular host is still valid (the user has not logged out and the timeout for idleness has not expired — see chapter 11.1 Web Interface Parameters Configuration) but the particular session [6] has already expired, WinRoute requires user authentication by password. This precaution helps avoid misuse of the user identity by another user.
Under such conditions, a special version of the login page is opened.
Authenticated user connecting to the web interface can continue their work in the interface after entering their password. If a new user attempts to connect to the web interface, the connected user must log out first and then the new user is asked to authenticate by username and password.
[6] Session is every single period during which a browser is running. For example, in case of Internet Explorer, Firefox and Opera, a session is terminated whenever all windows and tabs of the browser are closed, while in case of SeaMonkey, a session is not closed unless the Quick Launch program is stopped (an icon is displayed in the toolbar's notification area when the program is running).