The Smoothwall identifies connecting Global Proxy devices and devices using a client certificate. However, there might be some cases where you can't issue the correct client-side certificate to every client and device on the network. Therefore, you can configure the Smoothwall to identify global proxy clients and devices using proxy certificates, a secure URL or no identification.
Proxy certificates
In addition, to utilizing NTLM authentication to authenticate users, you can use client-side certificates to make sure that only approved client devices can access to web filter policies. This provides an additional layer of security.
The same certificate is used by all devices. You must download the certificate from the Smoothwall responsible for Global Proxy requests and install them on the relevant devices.
Multiple proxies
Global Proxy servers that are part of a centrally managed solution, should have the Certificate Authority uploaded to them via replication. If this does not happen, you should manually export, then import the Certificate Authority.
Secure URL
This option is recommended where the Chromebook devices are used external to your organization's network. For those devices where you can't distribute the client-side certificate to each individual network device, such as Chromebooks, you can use a secure URL to identify connecting Global Proxy clients. This is a secure alternative to the No identification (Open proxy) method of device identification.
No identification
We don't recommend that you configure an unsecured (open) proxy because this has security implications. If you configure Global Proxy as an open proxy, device identification for connecting clients, whether by presenting a certificate or via secure URL, is not carried out, although NTLM authentication is still needed. Open proxies allow all connection attempts through without device authentication and can potentially be exploited by users.