Note: This topic applies to the Framlingham Release.
The following are high level examples of how you can configure Guardian to suit your organization’s authentication requirements.
Anna runs an Internet cafe. She is replacing her current content filter with Guardian because of its superior filtering. To avoid reconfiguring each workstation, she needs Guardian to listen on the same port as before, which was port 3128.
Anna goes to the Web proxy > Authentication > Policy page which shows the default configuration of no authentication on port 800. She clicks the Edit button on the entry displayed which takes her to the Web proxy > Authentication > Policy wizard page. On this page, all fields apart from interface and port are disabled. She changes the port to 3128 and saves her changes, and a message prompts her to restart Guardian.
Brian is a network administrator for a university. Staff and student web access is unfiltered, but Brian wants to provide filtered web access for a new conference centre open to the public. He does not want delegates to need to configure a proxy in their browsers.
Brian configures Guardian to listen in transparent mode. On the Web proxy > Authentication > Policy wizard page, he selects Transparent and No authentication and leaves the other options at their defaults.
After adding this entry, on the Web proxy > Authentication > Policy page, he can see the new transparent authentication policy so he removes the default entry for port 800.
He then configures the firewall and DHCP servers on the network to route traffic through Guardian.
Charlotte is a hotel manager. The hotel provides Internet access to guests via their own laptops and shared PCs in the lobby. The wireless network is secured but Charlotte needs to know which guest is responsible for web traffic in case of misuse. She wants a simple system which doesn’t require guests to register their wireless devices.
Charlotte creates a local user account for each room, with names like ‘room23’ and a random simple password. Guests are told the password for their room when they check in if they request Internet access, and the password is changed when they check out.
Charlotte then configures Guardian in transparent mode on the Web proxy > Authentication > Policy page by adding a new entry for Transparent and Redirect to SSL Login, leaving the other options at their defaults. She removes the entry for port 800 before restarting Guardian.
Donald is a college system administrator. His network contains Windows PCs, Apple Macs, and network points for student laptops. Donald wants to provide authentication across the network using single sign on wherever possible.
For Apple Macs, Donald creates a location on the Guardian > Location > Policy wizard page, which he names ‘Macs’. This location contains the IP address ranges assigned to Macs.
On the Web proxy > Authentication > Policy page, he edits the default entry for port 800, changing the authentication method to NTLM authentication. Then he adds a new entry, choosing IDENT authentication for the location ‘Macs’, moving it above the entry for NTLM on the Policy page. Finally he adds an entry for the laptops for transparent connections and Redirect to SSL Login.
Using group policy and central admin tools, he configures the Windows PCs and Apple Macs to use Guardian, and installs an IDENT server on the Apple Macs. Windows and Mac users now authenticate to Guardian using their desktop login session, but laptop users are presented with the SSL Login screen when they browse.
Ellen is a secondary school teacher. Ellen’s students are supposed to be reading about the Civil War but are inclined to waste time when her back is turned. Ellen needs to be able to ban students from accessing the Internet as a punishment for misbehavior.
While the students are working, Ellen looks around the room and also monitors web usage on the Reports > Realtime > Web filter page. She sees that one of her students, Fred, is watching videos on YouTube, so she goes to the Services > Authentication > User activity page, scrolls to his login entry, and selects Ban. This takes her to the temporary bans page where she configures the ban to expire at the end of the lesson. When Fred clicks on another video, he is shown the block page.