This article describes how to add iPads into your Smoothwall cloud filter.
Smoothwall's "Smoothwall Browser" app is a filtered browser which will filter, alert and log according to your current filtering configuration. Other apps on your iPads are not filtered, so it is important to remove access to other apps which offer unrestricted browsing. The most obvious of these is the default browser, Safari.
You will need
- iPads at iOS14+
- Your iPads enrolled in a MDM
- Your Smoothwall cloud filter serial number (UNCL...)
- Cloud filter policies set and working
- Your Smoothwall tenant ID if applicable - this can be found in your on-premise Smoothwall under System/tenants, or in the Admin panel of the Cloud UI. If you don't have a tenant ID that's ok - most folks don't, it's only for larger multi-tenant Smoothwall systems.
Note: It's likely you don't need a tenant ID - this is a Smoothwall tenant ID and nothing to do with office365 or GSuite. If you want to learn about Smoothwall Tenant IDs, read this article.
What to do
Firstly, in your MDM software you will need to disable Safari. This can be done using "Show or Hide Apps".
Next, you need to push the Smoothwall Browser app. It will need a minimum of 2 settings - your serial number and a username.
The configuration is associated with the app by specifying the App’s Bundle ID in the MDM solution. Some MDM can do this automatically. For others you should explicitly use com.smoothwall.ios.Firefox.
MDM Configuration Fields Naming Convention
Fields whose name starts with "Smoothwall" contain data that is provided to you by Smoothwall. All other fields are for data provided by you or your organisation.
Note - These are the field names as of Smoothwall Browser version 39.3. Previous versions of the browser used different names for most fields that were more ambiguous. Those old names are still supported by the latest version, but it is recommended that once all of your iPads are updated to v39.3 or later that you only use the names shown below. Information on the old names can be found here.
| Field Name | Field Type | Purpose | Examples |
| SmoothwallSerialNumber | String |
Required Contains the Smoothwall Serial number for the organisation. Starts with "UNCL" |
UNCLTESTTESTTEST |
| SmoothwallTenantID | String |
Optional Contains the Smoothwall Tenant ID of the organisation, if applicable. (Case insensitive) |
0040007a-f99d-0000-dbdb-70024c4bb000 |
| UserID | String |
Required A user identifier. Used when matching to groups and in reporting logs. This can be a generic identifier like "studentipads@myschool.org" or it can be automatically filled in by your MDM from info it knows about your users. This will be what gets filled into logs and alerts. If your iPads are deployed via Apple School Manager as Shared iPads, then this can be superseded by Additional Configuration Options for Shared iPads. |
John Doe |
| UniqueDeviceID | String |
Optional, but recommended. A unique identifier for the device. MDM solutions are able to auto-fill this with individual iPads' UDID or Serial number. Alternatively you can assign your own string according to some other internal scheme (e.g Stock number). If this is not provided, the app will auto generate one using UIDevice.identifierForVendor, but note that this will be reset if the app is removed from the device and reinstalled. |
ADCD-EFGH-IJKL-MNOP Stock: 2585 |
If your MDM does not have its own User Interface for configuring individual fields, you should be able to upload a 'Plist" file containing the settings. Here is an example:
<dict>
<key>SmoothwallSerialNumber</key>
<string>UNCLTESTTESTTEST</string>
<key>SmoothwallTenantID</key>
<string>0040007a-f99d-0000-dbdb-70024c4bb000</string>
<key>UserID</key>
<string>matt@example.org</string>
<key>UniqueDeviceID</key>
<string>ADCD-EFGH-IJKL-MNOP</string>
</dict>
The "UserID" field is used to determine the user shown in the logs and alerts. In order to have the correct value here, don't hard code a string, let your MDM push a variable instead. Eg $EMAIL will push the user's email in JAMF, or {{userprincipalname}} for the UPN in Intune. For information on other variables available from your MDM provider, please consult their own documentation:
If your iPads are deployed via Apple School Manager as Shared iPads, then you should also read Additional Configuration Options for Shared iPads.
How to test things are working
Open the Smoothwall browser. Navigate to the settings menu, and choose "diagnostics". You should see that the filter is in "Mode 2", this means it has config, and blocklist.
Other Options
You can also set the following options in your MDM to control features:
| Field Name | Field Type | Purpose | Examples |
| HomePageURL | String |
Optional This will be the home page when the browser is opened. The user cannot override this. |
|
| DisableFiltering | Boolean |
Optional v113.2.2 and later. This flag can be used to disable filtering in the browser. It is intended for Monitor customers who do not want any filtering done by Smoothwall Browser itself, not even the built-in filtering supplied to all customers. With it enabled, websites will load without being inspected by the app. For Cloud Filter customers it will also prevent filter logs being created and uploaded to Smoothwall. |
true false |
|
CanUseSecretKnock |
Boolean |
Optional v114.4 and later. Defaults to false. For customers who have a Smoothwall On-Premise device and who use the Secret Knock functionality to prevent double filtering. This flag enables Smoothwall Browser to use your existing Secret Knock settings. Without it, the browser will not attempt to do Secret Knock. |
true false |
To control whether other apps are allowed to display web content, please refer to this article.