Creating authentication policies

Prerequisites

For a transparent policy:

  • You must set up the DNS correctly on your network so that users' devices can resolve the short form of the Smoothwall Filter host name, for example: resolve mysystem for the host name mysystem.example.com.
  • Users' devices and the Smoothwall Filter must be within the same DNS domain.
  • Internet Explorer must be configured to authenticate with intranet sites automatically.

Procedure

  1. On the WEB PROXY menu, under the Authentication submenu, click Policy wizard.
  2. Under the Step 1: What section, from the Type options, select to create either a Transparent or Non-transparent authentication policy.
  3. From the Method list, select one of the Authentication Methods.
  4. From the Interface list, select the interface on which to apply the authentication policy.
    • For a nontransparent policy, from the Port list, select the relevant port number for your Smoothwall to listen on for proxy requests.
    • For a transparent policy:
      1. To transparently intercept HTTPS traffic, select the Filter HTTPS traffic option and from the Behavior list, select how the Smoothwall Filter handles HTTPS requests without a Server Name Indication (SNI).
      2. To make sure that traffic leaving the Smoothwall has the source IP address of the client making the web request and not the IP address of Smoothwall, select the Spoofing option.
  5. Click Next.
  6. Under the Step 2: Where section, from the Available locations list, select the location at which the policy will apply and click Add ». Once you have added all your locations, click Next.
  7. Under the Step 3: Options for unauthenticated requests section, from the Available groups list, select a group that you want to assign requests and click Add ».
  8. Make sure that the policy is turned on by making sure that the Enable Policy option is selected. Once you are satisfied, click Confirm.
  9. Review your selections and click Save to create the policy.

Follow-up task