If your organization uses Google authentication with SSL login pages, and you want to ensure that communication to Google's servers is uninterrupted and all filtering policies are still applied to end-users, you need to create additional filtering and access policies in the Smoothwall Filter and Firewall. This is especially important if your Google devices are used off-site.
From time to time, unauthenticated Chromebook users might attempt to browse the Internet. You can create a group where all such web requests are assigned, then create a Guardian authentication policy to either completely block access or only allow limited access.
Typically, unauthenticated web requests are assigned to the Unauthenticated IPs group. If required, you can create a separate group to handle unauthenticated Chromebooks.
Procedure
- To limit or block access to unauthenticated Chromebook users, add a new user group.
- Name: "Unauthenticated Chromebook Users"
- For new installations, you should already have a non-transparent core authentication policy by default. However, you might need to create it using these settings. See Creating authentication policies.
-
Step 1: What
- Type: "Non-transparent"
- Method: "Core authentication"
- Interface: Choose the internal interface used by the SSL/non-SSL login pages.
-
Step 3: Options for unauthenticated requests
- Included groups: Optionally, choose the group created previously for unauthenticated Chromebooks and other unauthenticated Google users.
-
Step 1: What
- Make sure that this policy is at the top of the Non-transparent authentication policies table. See our help topic, Managing authentication policies.
- To allow devices to be filtered when they're external to the network, you need to create a non-transparent global proxy using NTLM.
-
Step 1: What
- Type: "Non-transparent"
- Method: "Global Proxy using NTLM"
- Interface: Choose the internal interface used by the SSL/non-SSL login pages.
-
Step 3: Options for unauthenticated requests
- Included groups: Optionally, choose the group created previously for unauthenticated Chromebooks and other unauthenticated Google users.
-
Step 1: What
- Make sure that this policy is below the Core authentication policy in the Non-transparent authentication policies table.
- If they don't already exist, add a Smoothwall access rule for these services to the interface used by the authentication policies. See our help topic, Adding new Smoothwall access rules.
- Name: Type a name for your access rule.
-
Services:
- "Other web access on HTTP (80)"
- "Other web access on HTTPS (442)"
- If your Chromebooks are also used off-site, add external access rules for the two services but also on the External interface.