Note: This topic applies to the Leeds Release.
The Smoothwall provides Secure Sockets Layer (SSL) Login as a built-in authentication mechanism which can be used by authentication-enabled services to apply permissions and restrictions on a customized, per-user basis.
When SSL Login is configured, network users requesting port 80 for outbound web access are automatically redirected to a secure login page, the SSL Login page, and prompted for their user credentials.
The SSL Login page can be manually accessed by users wishing to pro-actively authenticate themselves, typically where they need to use a non-web authentication-enabled service, for example, group bridging, or where only a small subset of users require authentication.
SSL Login authentication works by dynamically adding a rule for the IP address of each authenticated user, thus allowing SSL Login redirection to be bypassed for authenticated users. When an authenticated user logs out or exceeds the time-out limit, the rule is removed and future outbound requests on port 80 will again cause automatic redirection to the SSL Login.
For information about the authentication methods that can be used with SSL Login, see Managing Authentication Policies.
When using SSL as an authentication method, it is possible to customize the title image, background image and message displayed on an SSL login page. In addition, an option is provided to enable the display of a link to the HTTPS Interception page, enabling the download and installation of the relevant certificate.
|1.||Go to Services > Authentication > SSL login.|
|2.||To change the default Smoothwall logo displayed on the SSL login page, with your own image, click the Choose File button in the Title image field. Using your browser’s controls, locate and select the required title image file.|
|3.||To change the SSL login page background image, click the Choose File button in the Background image field. Using your browser’s controls, locate and select the required background image file.|
|4.||If required, change the default SSL login page text. This provides the option to display additional information on the SSL login page.|
|5.||If required, the HTTPS inspection option enables the display of a link to the HTTPS Interception page.|
Mobile devices not owned by your organization will not have been preinstalled with the Smoothwall HTTPS inspection certificate. Users attempting to access secure sites, using devices without the relevant certificate, will receive certificate security warnings and be blocked from accessing these secure sites.
The HTTPS Interception page provides users with an Inspection certificate download link and browser-based instructions to enable the download and installation of the relevant certificate when they initially connect their device to the network.
|6.||Click Save changes.|
|1.||Go to the Services > Authentication > SSL login page.|
|2.||To remove an uploaded Title image, click the Delete button shown next to the Title image file name. Once deleted, the default Smoothwall title image will be displayed on the SSL login page.|
|3.||To remove an uploaded Background image, click the Delete button shown next to the Background image file name. Once deleted, the default Smoothwall background image will be displayed on the SSL login page.|
In the web browser of your choice, enter your Smoothwall’s IP address followed by:
or, using HTTPS:
The Smoothwall displays the SSL login page.
The Non-SSL Login page functions like the SSL login page method, but uses HTTP rather than HTTPS. Because of this, it does not require the administrator to roll out certificates to all users using the login page.
Note: It is considerably less secure because passwords are passed between the client and the system in plain text, and can therefore be intercepted. It is only recommended on networks where the connection between the clients and the system is secure and all the clients themselves are trusted.
You can customize the non-SSL Login page using the same procedure as detailed in Customizing the SSL Login Page.
If you make use of a Google G Suite domain but also have non-Google devices requesting authentication, you can use an SSL login page (for authentication over HTTPS) or non-SSL login page (for authentication over HTTP) as a "go-between" for authentication-required services.
Typically, the login page prompts users for their credentials according to their domain. By enabling the Google Sign-In button, Google user credentials stored locally in a cookie can be used to authenticate with the login page instead