To redirect web traffic from connected Chromebooks to Global Proxy, you need to configure the relevant access point with the correct proxy details.
Procedure
- Log into the Chromebook.
- Click on the Network icon
in the bottom right of the screen.
- Select Settings from the dialog box.
- Click the access point the Chromebook is connected to, and click Network Options from the dialog box.
- Open the Proxy tab.
- Select Manual proxy configuration
- Either the HTTP Proxy, either the external IP address or host name of your Smoothwall.
- The Port number to send proxy requests to. This is the port number the Smoothwall is listening on for NTLM authentication requests.
- Alternatively, if you've a configured URL that contains the Global Proxy settings, configure the following:
- Select Automatic proxy configuration
- Auto-configuration URL — Enter the proxy settings URL
- In the Advanced Configuration box, enter the URLs for those domains that don't need proxying, such as
localhost
. - Click Close.
Note: If the connecting Chromebook is outside the Active Directory domain configured on the Smoothwall, users are required to provide NTLM authentication credentials when they first open the browser. These credentials must match the ones configured on the Smoothwall.
Using Client Certificates with Chromebooks
If Global Proxy has been configured to use client certificates, you must install the certificate onto the Chromebook.
Note: Google feature names and links might change over time.
- Download the Global Proxy certificate (client.p12) from your Smoothwall, to the Chromebooks’ internal storage. Read more about Identifying global proxy clients and devices.
- From your Chromebook, open a Chrome browser, and go to chrome://settings/certificates.
- From the Certificate manager dialog box, click the Your certificates tab.
- Click Import and bind to device. Ignore the password prompt.
- Locate the certificate and click Open.
Tip: If the certificate doesn’t show in the Select a file to open dialog box, change the file type filter to All files.
- From the Certificate authority dialog box, select Trust this certificate for identifying websites.
- Click OK.
- To force certificate validation every time a browsing session is started, set the home page of the Chrome browser to point to: https://<Smoothwall_externalIPaddress>:62444, where Smoothwall_externalIPaddress is the IP address assigned to the external interface of the Smoothwall.
- The Chromebook then uses the certificate as an additional layer of security.
Note: If the connecting Chromebook is outside the Active Directory domain configured on the Smoothwall, users are required to provide NTLM authentication credentials after the certificate has been validated. These credentials must match the ones configured on the Smoothwall.
The above instructions are for importing the certificate onto each individual Chromebook. Although the Google admin console supports distributing client certificates to all enrolled Chromebook devices, we don't recommend that you use this method for this feature. Instead, you can utilize a third party extension to do this — refer to the following Google article: https://support.google.com/chrome/a/answer/6080885?hl=en.