Note: This topic applies to the Framlingham Release.
Smoothwall Connect is a web redirector for Windows, Mac OS, and iOS clients and devices. It enables you to enforce your organization's web content filtering policy on devices owned by your organization, wherever they are located.
By installing Smoothwall Connect on devices, users' browsers are forced to send web content requests to Smoothwall proxies. Smoothwall proxies then enforce your organization's web content filtering policy by blocking undesirable and malicious content.
The following should be considered when using Smoothwall Connect:
|||Smoothwall Connect must be installed using administrative privileges. Users should not be given access to the administrator account on the device.|
|||You must supply users with Smoothwall System usernames and passwords, as Smoothwall Connect prompts users to authenticate themselves when they start to browse.|
|||Users cannot remove Smoothwall Connect unless they are using a device account with administrator privileges.|
|||It is recommended that you tell users that Smoothwall Connect has been installed on their devices, that web content is being filtered, and their browsing is being logged.|
|||It is recommended that you provide users with a way of reporting problems with over- or under-blocking of pages, so that you can adjust your policy to suit your organization.|
Smoothwall Connect works by determining where the Windows device is on the network, then redirecting web traffic as appropriate.
There are three possible locations that Smoothwall Connect detects in order to connect to the proxy server:
|||Behind a local Smoothwall proxy server — In an environment, such as an office, where all web traffic is filtered.|
To determine whether Smoothwall Connect is behind a local Smoothwall proxy server, it makes a proxy Service (SRV) host request. An SRV record is a special type of DNS record that allows you to specify a port number, as well as a hostname, for a given service. This functionality allows Smoothwall Connect to be directed to an internal Guardian proxy port.
If it determines it is behind a local proxy server, it authenticates the user, and filters according to configured policies.
For more information about how Smoothwall Connect determines if it’s behind a local proxy server, see Using Smoothwall Connect in a Local Environment.
|||Remote on an open internet connection— Such as a home internet connection.|
Smoothwall Connect opens a secure tunnel (SSH) tunnel between the Windows device and the Smoothwall proxy server configured to support such access. All web requests are redirected at kernel level through the tunnel to the remote proxy server, and web filtering as if in a local environment, can be applied.
|||Remote behind a captive portal — A captive portal redirects initial web traffic to a special web page for authentication before web browsing can continue. Typically, these are public internet places, such as hotels and coffee shops.|
There is no extra configuration required on Smoothwall Connect to use a captive portal. Smoothwall Connect will try to establish an SSH tunnel to the Smoothwall proxy server. The captive portal will intercept the traffic, and Smoothwall Connect will relax its redirector to allow the user to authenticate with the captive portal before browsing.
A red shield icon, with a pop-up status message of “Registering with portal” will be displayed to the user until authentication on the captive portal is made. For a detailed description of the different statuses of Smoothwall Connect, see About Smoothwall Connect for Windows Statuses.
Note: No matter the location, consistent filtering policies will be used for the user.
Smoothwall Connect supports the following operating systems on devices:
|||Mac OS X (Mountain Lion (10.8) or later)|
|||Microsoft Windows 7 with the latest updates installed|
|||Microsoft Windows 8 with the latest updates installed|
|||Microsoft Windows 8.1 with the latest updates installed|
Note: The following operating systems are not supported by Smoothwall Connect: Windows XP and Windows Vista. Microsoft Surface devices running Windows RT and Windows phones are also not supported.