When you apply filtering using the Smoothwall On-Premise Appliance, some authentication methods reliably detect when a user begins browsing, but struggle to detect when they stop.
Because of this, a new user may browse as if they were the original user until the timeout is reached. This can cause:
- The Web Filter logs to misidentify activity.
- On-Premise Appliance to treat users as part of the wrong User Group or as Default Users.
1: Filter using Cloud Filter
Our primary recommendation for school-managed devices is to change to use Cloud Filter to filter these devices with our Agents and Extensions. You can use any of these as your Authentication service: IDex, Active Directory, Google or Azure.
2: Filter using On-Premise Appliance
For filtering BYO devices on your network, or if you haven’t yet moved to using Cloud Filter, follow these recommendations.
- You must ensure you place your Directories in the correct order.
- If you use Redirect users to SSL or non-SSL Login Page, provide a sign-out link so users can manually sign out before handing the device to another user.
- Use other Indirect Proxy Authentication Methods with caution. Carefully consider which devices and networks use these methods. You can continue to use them as backup methods for External authentication.
- For Kerberos Authentication Scripts, the low timeout value, automated refresh and script running at sign-in make misidentification unlikely. If you use scripts with a redirect method and still see issues, contact the Support Team.
- There is no timeout value for IDex, so we recommend you:
- Configure the authentication service to erase IDex sign-ins daily from the hidden URL: https://smoothwall.ip:441/admin/hbd/
- Instruct users to explicitly log out whenever another user may use the device or when they switch devices. Ensure the most recent login matches the current “active” user on that device.