Installing the IDex Agent
Note: This topic applies to the Kenilworth Release.
The IDex Agent is a Smoothwall application, installed on your Active Directory domain controllers, that monitors user log on events. When such an event is detected the IDex Agent sends the following information to the Smoothwall:
- User group membership
- Workstation's IP address
Note: The IDex Agent cannot identify more than one user per IP address. If another user is detected at the same IP address it is assumed to be a new user and that the previous user logged off.
Installing the IDex Agent consists of:
You must first create an IDex Directory entry in Services > Authentication > Directories, and have mapped the Smoothwall user groups to the directory's group names. For a detailed description of how to do this, see Configuring an IDex Directory Connection.
This method requires repeatedly running the installation on each individual network device.
|1.||Go to https://customer.smoothwall.net/download.|
|2.||From the IDex Client and Agent Software list, download the
|3.||Double-click the relevant installation program —
|5.||Accept the terms and conditions, and click Next.|
|6.||Configure the following:|
|•||Web filter port — Use default Port
|8.||Click Install to begin installation.|
|9.||Click Finish to complete the installation.|
Note: A reboot is not required to complete the installation. Nor will the user see an icon in the system tray for the IDex Agent.
IDexAgent_1_5_x64.msi installation program can be obtained from your Smoothwall representative.
Note: If installing to a clean Windows device, that is, one that has not been assigned to a user yet, or has not connected to the Internet yet, you should launch the system browser (such as Internet Explorer or Edge) now before continuing.
You can create an unattended installation to deploy the IDex Agent out to
- Create a script that includes the following command line:
msiexec /i "path-to-installer.msi" SMOOTHWALLIP="<host>" /quiet
Note: A reboot is not required to complete the installation.
msiexec /i "\\mynetworkdrive\downloads\IDexAgent.msi" SMOOTHWALLIP="mysmoothwall.com" /quiet
Using an Active Directory Group Policy Object (GPO), you can create an unattended installation to deploy the IDex Agent out to
- Go to https://customer.smoothwall.net/download.
- From the IDex Client and Agent Software list, download the
installation program to a shared network location.
- Create a GPO policy that:
- Deploys the
- Configures the following registry settings:
- Deploys the
Key Name —
||String||Hostname or IP address of the Smoothwall explicitly configured for communicating with the IDex Agent.|
The IDex Agent communicates with the Smoothwall on TCP port
2948. At the time of writing, this cannot be changed. You must configure a Smoothwall access rule that accepts traffic on that port:
- From the Smoothwall administration UI, go to Network > Firewall > Smoothwall access.
- Add a new rule noting the following:
- Source IP addresses — Enter the IP addresses of your domain controllers that have the IDex Agent installed
- Services — Select IDex Cluster (2948)
- Action — Select Accept
- Move this rule above any block rules you have in place in the Smoothwall access table.
For a detailed description of how to create Smoothwall access rules,
A Core authentication web filter authentication policy is required to ensure web filtering policies are applied correctly according to group membership:
- From the Smoothwall administration UI, go to Web proxy > Authentication > Policy wizard.
- Add a new policy noting the following:
- Non-transparent or Transparent — Choose the type of authentication suitable for your organization. Our knowledge base articles, Using Transparent Authentication Policies and When to use Non-Transparent Authentication Policies provide a detailed description of both.
- Method — Choose Core authentication
- Interface — Choose the interface that your devices proxy through for web filtering purposes. (Note that you may need multiple Core authentication policies if your devices can use more than one internal interface.)
Note: Whichever Interface and Port combination is selected here, ensure your client devices have that set for their Internet proxy settings otherwise group mappings
- Where — Leave this as Everywhere
- Options for Unauthenticated Requests — Add those group names where detected unauthenticated users are placed
For a detailed description of how to create web filter authentication policies, see Creating Authentication Policies.
The IDex Agent writes any connection errors to the Application event log (Control Panel > Administrative Tools > Event Viewer > Windows Logs > Application) of the Windows device. Log entries are prefixed with "IDexAgent".