You can use NT LAN Manager (NTLM)
to authenticate only Windows users.
When a client web request matches an Authentication policy rule
in which the authentication enforcement object specifies a browser-challenge
> Authentication), an NTLM challenge transparently authenticates
the client. The firewall then collects user mapping information
from the NTLM domain.
You can enable NTLM authentication processing for only one virtual
system per firewall, which you select in the
at the top of the
Optionally, you can use the firewall to perform NTLM authentication
processing for other firewalls by adding it as a User-ID agent to
those firewalls. For details, see Configure
Access to User-ID Agents.
If you use the Windows-based User-ID agent, NTLM responses go
directly to the domain controller where you installed the agent. For
details, see the
Configure Authentication rules to use Kerberos single sign-on
instead of NTLM authentication. Kerberos
is a stronger, more robust authentication method than NTLM and does
not require the firewall to have an administrative account to join
the domain. For details on configuring the authentication methods
for Authentication rules, see Objects