To redirect web traffic from connected computers, you must configure the proxy settings of the web browser to point to the public IP address of your Smoothwall. The browser used must also support client-side certificates.
Example Configuration for Windows 7 Computers
You might not be using a Windows 7 computer. You must refer to your own documentation accompanying the computer for a description of how to set this up accordingly. The following is only relevant for Windows 7 computers.
To redirect web traffic to Global Proxy from a Windows 7 computer:
- Log into your Windows computer, and open Control section.
- Click Internet Options to open the Internet Properties dialog box.
- Open the Connections tab.
- Under the Local Area Network (LAN) settings section, click LAN settings.
- Select the Use a proxy server for your LAN option and enter either the external IP Address of your Smoothwall, or host name if it’s a publicly resolvable domain name.
- Enter the Port number to send proxy requests to. This is the port number the Smoothwall is listening on for NTLM authentication requests.
- Ensure Bypass proxy server for local addresses is selected.
- Click OK.
Note: If the connecting Windows-based device is outside the Active Directory domain configured on the Smoothwall, users are required to provide NTLM authentication credentials when they first open the browser. These credentials must match the ones configured on the Smoothwall. However, you might notice a performance hit when browsing. This is because Windows will respond to every 407:Proxy authentication required
request from Global Proxy with the local Windows credentials first before using the NTLM credentials provided. For optimal performance, the computer should be a member of the Active Directory domain that the Smoothwall uses for authentication.
Using Client Certificates with Windows 7 Computers
If Global Proxy has been configured to use client certificates, you must install the certificate onto the Windows 7 computer.
You do this as follows:
- Download the Global Proxy certificate (
client.p12
) from your Smoothwall, to your Windows computer. For a detailed description of how to do this, see Identifying global proxy clients and devices. - Open Control section.
- Click Internet Options to open the Internet Properties dialog box.
- Open the Content tab.
- Under the Certificates section, click Certificates.
- From the Intended purpose list, select "All".
- Click Import to start the Certificate Import Wizard. Click Next.
- Locate and open the certificate downloaded from your Smoothwall. Click Next.
- Leave the certificate in the Personal certificate store. Click Next.
- The default client certificate downloaded from your Smoothwall has a blank password. If the certificate has been manually manipulated to have a password, you is prompted to enter it now.
- Confirm your changes, and click Finish to load the certificate.
- You must add a proxy exception for the external address of your Smoothwall to the proxy server details.
- Set the home page of your chosen browser to point to:
https://<Smoothwall_externalIP>:62444
.
to force certificate validation every time a browsing session is started.
The Windows 7 computer uses the certificate as an additional layer of security.
Note: Some browsers, such as Mozilla Firefox, don't use the central proxy configuration on Windows computers, and must be configured separately. For a detailed description of how to set this up, refer to the browsers’ own documentation.