How to re-enforce proxy settings on iOS devices after updating to ISO 10.2.aS
After updating to ISO 10.2 on your iOS device, the
proxy.pac proxy settings are no longer enforced, leaving users going directly to the Internet rather than being filtered by the Smoothwall.
ISO 10.2 now requires the proxy.pac file to be served over HTTPS. If you use the auto-configuration URL over HTTP, this redirects to HTTPS on port 443 which is not where the
proxy.pac file is hosted.
Additionally, the root Certificate Authority (CA) must be installed in its certificate store before it downloads the
Installing the Certificate
- On the Smoothwall, go to System > Certificates > Certificates for services.
- Export the certificate that is being used for User-facing HTTPS services.
- If you are using Dynamic certificates, export the root CA instead.
- Ensure you select Certificate when exporting, not Certificate and chain as iOS devices cannot import
- Email the certificate to the device for manual installation
- Deploy the certificate using an Apple MDM system
Configuring the Devices' Wireless Settings
The URL of the
proxy.pac file you enter into the device's wireless settings should be in the format as follows:
If using the fully qualified domain name (FQDN) for the URL
If using the IP address for the URL
If you still get certificate errors, the certificate downloaded above may not have the IP address of the Smoothwall listed as an alternative name.
By default, the Smoothwall is set to identify itself by its IP address, but if this is not the case:
- Go to System > Preferences > Hostname to change from hostname to IP address (see Changing the System Hostname)
- Go to System > Certificates > Certificates for services and download the certificate for User-facing HTTPS services again, as detailed above