Identifying global proxy clients and devices


  1. Create a web proxy authentication policy for the Global Proxy using NTLM, see our help topic, Creating authentication policies.
  2. Set the Global Proxy devices' internal proxy settings to point to the externally resolvable host name of the Smoothwall that resolves to the external IP address of the Smoothwall, and the port number used for the Global Proxy using NTLM authentication policy. For example: This must be on HTTPS and not HTTP.
  3. Add the external address of the Smoothwall to the devices' internal proxy exception lists. This ensures that the certificate validation requests aren't proxied.


  1. On the WEB PROXY menu, under the Global Proxy submenu, click Settings.
  2. Under the Device identification section, from the Device Identification option:
    • To use a global proxy certificate:
      1. Select "Client supplied certificate" and if a password is needed, enter it into the Certificate password box.
      2. Click Download certificate.
      3. Copy this certificate into the relevant devices' internal storage and import it into the browsers.
    • To use a secure URL - if you're using Chromebooks use this method:
      1. Select "Secure URL" and in the Query string box that appears, enter the string that you want.
      2. To make sure that device identification is done immediately after opening the browser, set the Global Proxy devices' browser homepage to: https://<Smoothwall_external_address>:62444/?<Query_string>, where: Smoothwall_external_address is externally resolvable hostname of the Smoothwall and Query_string is the secure URL string configured. For example,
    • To use no identification:
      • Select "No identification (Open proxy)".
  3. Click Save changes.