To set up filtering policies when devices are taken off-site for devices using Google authentication with SSL login pages, you need some additional configuration.
You can use the Smoothwall Filter and Firewall Secure Global Proxy feature to allow Google users to be filtered by the Smoothwall when they are not connected to the internal network. To work effectively, Global Proxy requires that:
- You must be able to point an external domain name to your publicly facing external IP address.
- The Smoothwall Filter and Firewall must have a fully qualified host name, which must resolvable both internally and externally.
- If you have a firewall between the Smoothwall Filter and Firewall, and your gateway, a port forward must be configured to forward your proxy port to the internal IP address of your Smoothwall.
You also need an additional Non-transparent Global Proxy using NTLM authentication policy with this configuration. See the help topic, Creating authentication policies.
Step1:
- Type: "Non-transparent"
- Method: "Global Proxy using NTLM"
- Interface: The internal network interface used for the Non-transparent Core authentication that you should have already. See our helpt topic, Creating authentication policies.
- Port: Select the relevant internal proxy port.
Step 2:
- Where "Everywhere"
Set this policy directly below the Non-transparent Core authentication policy.
To identify the external device use Global proxy, and filter accordingly. See our help topic, Identifying global proxy clients and devices.
-
Device Identification:
- "Secure URL" - You can identify external devices by means of a URL.
- "No identification (Open proxy)" - You should be aware that this method opens a port on the external interface.