SecurIDIgnoreBrowser

  • Article

To ignore browser IP address when validating

  1. In the console tree of ISA Server Management, click Firewall Policy.

  2. On the Toolbox tab, click Network Objects.

  3. Expand Web Listeners, and then click the applicable Web listener.

  4. On the toolbar beneath Network Objects, click Edit.

  5. On the Authentication tab, click Advanced.

  6. On the RSA SecurID tab, verify that the Ignore browser IP address for cookie validation is selected.

Note

To open ISA Server Management, click Start, point to All Programs, point to Microsoft ISA Server, and then click ISA Server Management.
For ISA Server 2006 Enterprise Edition, expand Microsoft Internet Security and Acceleration Server 2006, expand Arrays, expand Array_Name, and then click Firewall Policy.
For ISA Server 2006 Standard Edition, expand Microsoft Internet Security and Acceleration Server 2006, expand Server_Name, and then click Firewall Policy.

Important

If the browser IP can be replaced, and the session can span more than one IP address (as in the case of a load balancer located between the client and ISA Server), enable the Ignore browser IP address for cookie validation option.
When you disable this option, the cookie retains and signs the client's IP address, thereby guaranteeing that a user cannot use the same cookie from a different IP address.
Another way to further protect cookies is by minimizing the cookie expiration time.