This article applies to our On-Premise Appliance Filter and Firewall product only, not to Cloud.
Web requests are usually required to pass an authentication check. Smoothwall can then match a user with the web requests they have made and block or allow access to content as dictated by your policies.
Adding an Authentication Exception stops Smoothwall from running the authentication check. Smoothwall then applies Web Filter Policies and HTTPS Inspection policies created for the Everyone and Unauthenticated IP groups to the requests.
Important
You can’t find out who accessed Content with an Authentication Exception because users are not authenticated. This means no usernames will show in Reports and Logs. Ensure you carefully consider when exceptions are needed so you can investigate Safeguarding breaches.
Scenarios where Authentication Exceptions are unnecessary
Core Authentication and Out-of-band authentication
When the authentication method for the Web Proxy Authentication Policies is Core Authentication, Authentication Exceptions are not needed for clients using Out-of-band authentication (OOBA) such as IDex Agent, Kerberos Logon Scripts or RADIUS. This is because users are authenticated before web requests are made by the client rather than at the same time.
IDex Agent, Login scripts or RADIUS
IDex Agent, Login scripts or RADIUS Authentication methods don’t ask the client software to provide authentication, so you don’t need to configure Authentication Exceptions.
Scenarios where Authentication Exceptions are needed
If you use one of these Authentication Methods:
- Inline authentication methods like Kerberos
- SSL Login Page methods
The following scenarios outline when you need to add Authentication Exceptions.
Devices or applications can’t authenticate
Some web-enabled software can’t respond to authentication requests. This can include desktop software, mobile devices, and network infrastructure such as IP phones, switches and routers. Requiring authentication for these services would prevent access, so you need to add an Authentication Exception.
For devices unable to support MiTM, add the domain rather than URLs to the Category, then select this Category for the Authentication Exception.
Improving performance
You may need to add Authentication Exceptions for content used heavily by Windows, iOS/MacOS, and ChromeOS. Not doing so may adversely impact the client operating system, Smoothwall system performance, the end-user experience and in the case of the SSL/NonSSL Login Page, the Smoothwall's local web server.