Creating an NTLM authentication policy
- On the WEB PROXY menu, under the Authentication submenu, click Policy wizard.
- Under the Step 1: What section, from the Type options, select to create either a Non-transparent authentication policy.
- To open a port on the external interface, from the Method list, select "Global Proxy using NTLM". For security reasons, we recommend that you use client-side certificates.
- From the Interface list, select the interface on which to apply the authentication policy. Even if your Smoothwall has multiple internal interfaces, you can only create one Global Proxy using NTLM authentication policy. Turning on this policy automatically adds Smoothwall Firewall rules to allow external access to the proxy port. If your Smoothwall uses multiple external interfaces, Global Proxy will listen on all external interfaces.
- From the Port list, select the relevant port number for your Smoothwall to listen on for proxy requests and click Next.
- Under the Step 2: Where section, from the Available locations list, select the location at which the policy will apply and click Add ». You can either have web traffic from all devices on your network redirect to Global Proxy, or just those from a specific location, or locations. Once you have added all your locations, click Next.
- Under the Step 3: Options for unauthenticated requests section, from the Available groups list, select a group that you want to assign requests and click Add ».
- Make sure that the policy is turned on by making sure that the Enable Policy option is selected. Once you are satisfied, click Confirm.
- Review your selections and to create the policy, click Save.
Note: The internal port assigned here will also be opened on this external interface.
Note: The location chosen must include all possible external and internal addresses that the devices might use.
- Place the policy in the order that you want it to be applied, see our help topic, Managing authentication policies.