Preparing your Smoothwall
Note: This topic applies to the Inverness Release.
Before configuring your Global Proxy clients and devices to proxy through the Smoothwall, you must do the following:
You must ensure your Smoothwall has at least one internal, and one external interface configured. For a detailed description of how to do this, see Working with Interfaces and Roles .
Global Proxy requires users to be authenticated via NTLM, therefore you must set up your Smoothwall to use Active Directory. For a detailed description of how to do this, see Configuring a Microsoft Active Directory Connection .
Users using Global Proxy must be authenticated using NTLM, providing at least one layer of protection between the user, and the proxy server and service. You must set up your Smoothwall with the correct NTLM authentication policy.
You do this as follows:
|1.||On the Smoothwall, go to Web proxy > Authentication > Policy wizard.|
|2.||From the Step 1: What panel, configure the following:|
|•||Type — Select Non-transparent.|
For more information about non-transparent, and transparent authentication policies, see Creating Authentication Policies.
|•||Method — From the drop down list, select Global Proxy using NTLM.|
You use this authentication method for connections from all remote devices.
|•||Interface — From the drop down list, select the relevant interface for your Smoothwall.|
Note that even if your Smoothwall has multiple internal interfaces, you can only create one Global Proxy using NTLM authentication policy. Enabling this policy automatically adds firewall rules to allow external access to the proxy port. If your Smoothwall uses multiple external interfaces, Global Proxy will listen on all external interfaces.
|•||Port — From the drop down list, select the relevant port number for your Smoothwall to listen on for proxy requests.|
Note that the internal port assigned here will also be opened on this external interface.
|3.||You can either choose to have web traffic from all devices on your network redirect to Global Proxy, or just those from a specific location, or locations.|
Note that the location chosen must include all possible external and internal addresses that the devices might use.
From the Step 2: Where panel, either add the location where this policy will apply to, or recreate and add a new location.
|4.||From the Step 3: Options for authenticated requests panel, tick Enable policy.|
For more information about configuring authentication policies, see Creating Authentication Policies.
It should be noted that the block page configured on your Smoothwall will not be fully accessible to external devices that have been redirected to Global Proxy.
It is recommended that you create an additional plain text block page, and upload it to your Smoothwall. You can then create a block page policy for users of the Global Proxy using NTLM method. For a detailed description of how to do this, see Managing Block Pages .
Tip: To use graphics on your Global Proxy policy block page, you must host these on a externally accessible server, using image tags and publicly accessible style sheets. For more information, refer to your Smoothwall representative.
You must configure the Smoothwall to instruct it how to recognize connecting clients and devices as Global Proxy ones — see Identifying Global Proxy Clients and Devices