This article provides guidance for when a non-transparent authentication policy would be suitable. See our help topic, Creating authentication policies.
Non-transparent connections from users’ web browsers to the Smoothwall Filter are suitable when content is accessed using HTTPS or when using NTLM or proxy authentication or identification in terminal services compatibility mode.
Connecting to the Smoothwall Filter non-transparently entails configuring users’ web browsers to use the Smoothwall Filter as the web proxy using one of the following methods:
- Manually – Web browser LAN settings are configured manually.
- Automatic configuration script – Web browser LAN settings are configured to receive proxy configuration settings from an automatic configuration script which is generated by the Smoothwall Filter.
- WPAD automatic script – Web browser LAN settings are configured to detect proxy settings.
Creating a Non-transparent Connection Manually
Note: The following instructions apply to Internet Explorer 7. For information about other browsers, refer to the documentation delivered with the browsers.
To create a non-transparent connection manually:
- On users’ computers, start Internet Explorer, and from the Tools menu, select Internet Options.
- On the Connections tab, click LAN settings.
- In the Automatic configuration area, check that Automatically detect settings and Use automatic configuration script are not selected.
- In the Proxy server area, select Use a proxy server for your LAN …
- Enter the Smoothwall Filter's IP address and port number 800 and select Bypass proxy server for local addresses.
- Click Advanced to access more settings. In the Exceptions area, enter the Smoothwall Filter’s IP address and any other IP addresses to content that you do not want filtered, for example, your intranet or local wiki.
- Click OK and OK to save the settings.
Configuring Non-transparent Connections Using a PAC Script
A proxy auto-config (PAC) script is a file generated by the Smoothwall Filter. Once configured, any changes to connections are automatically retrieved by the user’s web browser. See: Proxy auto-config (PAC) file tips and resources.
Note: The following instructions apply to Internet Explorer 7. For information about other browsers, see the documentation delivered with the browsers.
To configure a non-transparent connection using a PAC script:
- On the user’s computer, start Internet Explorer, and from the Tools menu, select Internet Options.
- On the Connections tab, click LAN settings.
- Configure the settings as follows:
- Automatically detect settings Deselect this option.
- Use automatic configuration script Select this option.
- Address Enter the address of the script.
Tip: To locate the address, go to the Smoothwall user interface's Web proxy > Web proxy > Settings page. The address is listed in the Automatic configuration script address area.
- Ensure that no other proxy settings are enabled or have entries.
Note: You may need to restart the web browser for the settings to take effect.
Configuring a Non-transparent Connection Using a WPAD Automatic Script
Note: This method is only for administrators familiar with configuring web and DNS servers. End-user browsers must support WPAD – the latest versions of Microsoft Internet Explorer support this method.
The WPAD method works by the web browser pre-pending the hostname wpad
to the front of its fully qualified domain name and looking for a web server on port 80 that can supply a wpad.dat
file. The file works in the same way as the automatic configuration script and tells the browser what web security policy it should use.
To use WPAD:
- Configure your network to use the Smoothwall Filter as the network web proxy. Consult your network documentation for more information about how to do this.
- Using a local DNS server or the Smoothwall Filter’s static DNS, add the host '
wpad.YOURDOMAINNAME
' substituting your own domain name. The host must resolve to the Smoothwall Filter’s IP address. - Configure users’ browsers to automatically detect LAN settings.