About SSL authentication

The Smoothwall provides Secure Sockets Layer (SSL) Login as a built-in authentication mechanism, which can be used by authentication-enabled services to apply permissions and restrictions on a customized, per-user basis. When SSL Login is configured, network users requesting port 80 for outbound web access are automatically redirected to a secure login page, the SSL Login page, and prompted for their user credentials. The SSL Login page can be manually accessed by users wanting to pro-actively authenticate themselves, typically where they need to use a non-web authentication-enabled service, for example, group bridging, or where only a small subset of users need authentication. SSL Login authentication works by dynamically adding a rule for the IP address of each authenticated user. Therefore, authenticated users can bypass SSL Login redirection . When an authenticated user logs out or exceeds the time-out limit, the rule is removed and future outbound requests on port 80 will again cause automatic redirection to the SSL Login. To see the authentication methods that can be used with SSL Login, see our help topic, Managing authentication policies.

When using SSL as an authentication method, you can customize the title image, background image and message displayed on an SSL login page. In addition, an option is provided to display a link to the HTTPS Interception page, so you can download and install the relevant certificate.

Non-SSL Authentication

The Non-SSL Login page functions like the SSL login page method but uses HTTP rather than HTTPS. Because of this, it doesn't need the administrator to roll out certificates to all users using the sign-in page.

Note: It's considerably less secure because passwords are passed between the client and the system in plain text and can be intercepted. We recommend that you only use it on networks where the connection between the client and the system is secure and all the clients themselves are trusted.

You can customize the non-SSL Login page.

Google Authentication with SSL Login

If you make use of a Google G Suite domain but also have non-Google devices requesting authentication, you can use an SSL login page (for authentication over HTTPS) or non-SSL login page (for authentication over HTTP) as a "go-between" for services that need authentication.

Typically, the page prompts users for their credentials according to their domain. By turning on the Google Sign-in button, Google user credentials stored locally in a cookie can be used to authenticate instead, see our help topic, Configuring the Google and Chromebook settings, and downloading the HTTPS certificate.