Since updating my iOS device to ISO 10.2, the proxy settings are no longer being enforced. Why is this?

Article #:

Product:

Version:

KB-30

All

All

Summary:

How to re-enforce proxy settings on iOS devices after updating to ISO 10.2.aS

Problem:

After updating to ISO 10.2 on your iOS device, the proxy.pac proxy settings are no longer enforced, leaving users going directly to the Internet rather than being filtered by the Smoothwall.

ISO 10.2 now requires the proxy.pac file to be served over HTTPS. If you use the auto-configuration URL over HTTP, this redirects to HTTPS on port 443 which is not where the proxy.pac file is hosted.

Additionally, the root Certificate Authority (CA) must be installed in its certificate store before it downloads the proxy.pac file.

Solution:

Installing the Certificate

  1. On the Smoothwall, go to System > Certificates > Certificates for services.
  2. Export the certificate that is being used for User-facing HTTPS services.
    1. If you are using Dynamic certificates, export the root CA instead.
    2. Ensure you select Certificate when exporting, not Certificate and chain as iOS devices cannot import p7b files.
  3. Either:
    1. Email the certificate to the device for manual installation
    2. Deploy the certificate using an Apple MDM system

Configuring the Devices' Wireless Settings

The URL of the proxy.pac file you enter into the device's wireless settings should be in the format as follows:

  • If using the fully qualified domain name (FQDN) for the URL
    • https://<FQDN_of_the_Smoothwall>:442/proxy.pac
  • If using the IP address for the URL
    • https://<IP_address_of_the_Smoothwall>:442/proxy.pac

    If you still get certificate errors, the certificate downloaded above may not have the IP address of the Smoothwall listed as an alternative name.

    By default, the Smoothwall is set to identify itself by its IP address, but if this is not the case:

a. Go to System > Preferences > Hostname to change from hostname to IP address (see Changing the System Hostname)
b. Go to System > Certificates > Certificates for services and download the certificate for User-facing HTTPS services again, as detailed above

Attribution:

Last updated:

Author:

Contributions by:

28th April 2017

Jason Holdstock

SN

 

Copyright © 2000-2016 Smoothwall All rights reserved.