In a Secure Web Gateway content switching setup, which command creates a vserver with explicit authentication for SWG in transparent proxy mode?

• A. add cs vserver swgVS PROXY 192.168.10.1 80 -Authn401 on -authnVsName explicit-auth-vs
• B. add cs vserver swgVS PROXY ** -Authn401 on -authnVsName explicit-auth-vs
• C. add cs vserver swgVS PROXY 192.168.10.1 -Authn401 on -authnVsName transparent-auth-vs
• D. add cs vserver swgVS PROXY * 21 -Authn401 on -authnVsName transparent-auth-vs

Answer: (B)

In this scenario you’re enabling a Secure Web Gateway vserver to require explicit user authentication while operating in transparent proxy mode. The key is to tie the content-switching vserver to an explicit authentication flow: you turn on the HTTP 401 challenge (-authn401 on) and specify which authentication virtual server will handle the credentials (-authnVsName with the explicit-auth-vs name). In transparent proxy mode, the vserver should typically bind to all interfaces (wildcard) rather than a specific internal IP, so it can intercept traffic from multiple networks. The combination that best fits these requirements is a vserver of type PROXY listening on all interfaces, with authentication enabled and the authentication virtual server set to explicit-auth-vs. The explicit-auth-vs choice ensures the system uses explicit authentication prompts rather than a transparent-auth flow, and using a wildcard binding avoids tying the vserver to a single IP address.