The Smoothwall identifies connecting Global Proxy clients and devices using a client certificate. However, there might be some cases where you can't issue the correct client-side certificate to every client and device on the network. Therefore, you can configure the Smoothwall to identify global proxy clients and devices using proxy certificates, a secure URL or no identification.
In addition, to utilizing NTLM authentication to authenticate users, you can use client-side certificates to make sure that only approved client devices can access to web filter policies. This provides an additional layer of security.
The same certificate is used by all devices. You must download the client certificate from the Smoothwall responsible for Global Proxy requests and install them on the relevant devices.
Global Proxy servers that are part of a centrally managed solution, should have the Certificate Authority uploaded to them via replication. If this does not happen, you should manually export, then import the Certificate Authority.
This option is recommended for Connect for Chromebooks configurations, where the Chromebook devices are used external to your organization's network. For those devices where you can't distribute the client-side certificate to each individual network device, such as Chromebooks, you can use a secure URL to identify connecting Global Proxy clients. This is a secure alternative to the No identification (Open proxy) method of device identification.
We don't recommend that you configure an unsecured (open) proxy because this has security implications. If you configure Global Proxy as an open proxy, device identification for connecting clients, whether by presenting a certificate or via secure URL, is not carried out, although NTLM authentication is still needed. Open proxies allow all connection attempts through without device authentication and can potentially be exploited by users.
Something not right? Send us feedback.