How to connect iOS devices to a proxy.
What is the best way to filter the Internet through it?
I want to use my iPad / iPhone or other iOS device through Smoothwall.
iPad and iPod devices can be challenging to get working through a proxy. There are however, a couple of things you can do though to get your iOS device to work through the filter and give users a safe, filtered, web experience.
Note: The instructions detailed here are only suitable for filtering web browser traffic on iOS devices. Traffic from applications downloaded from the App Store cannot use a proxy for authentication purposes, therefore the Smoothwall does not receive the user's credentials. It is recommended you "lock down" your devices to avoid seeing unfiltered traffic.
- Configure an authentication policy in Web proxy > Authentication > Policy wizard, where the authentication method is either:
Redirect users to SSL login page (with session cookie)
This is filtering by username. This will require your users to enter in their usernames and passwords, allowing them to be filtered according to your filtering rules as normal. (If you connect your Smoothwall to an Active Directory, they can use their AD usernames and passwords).
Identification by Location
This is filtering by IP address.
You will need a DHCP server which allows you to specify static IPs based on MAC address and a subnet or IP range which you will assign your iOS devices on. You can then obtain their MAC address and statically assign them an IP Address. Note down which IP Address you give to each user. While this solution is not ideal, it is an option to help understand what individual users are browsing on their mobile devices without having to log in with username and password.
On your Smoothwall:
- Make a location for your iOS devices under Guardian > Policy Objects > Locations, using either the subnet, IP range or the IP addresses of your iOS devices
- Under Web proxy > Authentication > Ident by Location, determine which group the iOS location will be mapped to, therefore providing the filtering you require
Note: If you need separate filtering policies for unique users, you'll need multiple locations.
- Point your iPods and iPads to this proxy.
iOS proxy settings on the iPad are located under the Settings menu > Wi-Fi settings on version 4 of iOS.
If you need to use proxy exceptions (required for those sites that cannot use a proxy or for browsing in general), you'll need to use a
proxy.pac file configuration with IP address and port number, as the iOS operating system does not support proxy exceptions when the proxy is configured manually. Using the
proxy.pac file is recommended if the SSL Login method is to be used.
- If you have configured a transparent authentication policy:
- Export the HTTPS certificate from the Smoothwall Guardian > HTTPS inspection > Settings.
- Email the certificate to the email account linked to the iOS device.
- Open the certificate from the email.
- You will be prompted to install the certificate, choosing the appropriate authentication method.