Web

Opendium systems allow you to control and audit your users' access to the world wide web. This is done by passing all web traffic through a proxy server, which analyses each web request in a variety of ways to heuristically categorise it. In addition to analysing unencrypted traffic, the system will decrypt, analyse and filter encrypted HTTPS traffic in real time. The traffic can be restricted based on the categorisation that the system has determined for each web request.

There are two mechanisms for intercepting and filtering web traffic: A traditional (non-transparent) web proxy server and a transparent proxy.

The non-transparent web proxy is the preferred system, as it includes some capabilities which cannot be performed by the transparent proxy, such as Kerberos single sign-on authentication. However, it does require software to understand how to find and talk to the proxy. Workstations usually use the non-transparent proxy for the majority of their traffic, whereas tablets and phones usually rely more on transparent proxy.

In order for the Opendium system to be able to decrypt HTTPS traffic, devices on your network must have the inspection certificate installed.

For devices connected to your Windows domain, this should be done through Group Policy by downloading the certificate using the link on the Web Proxy page and importing it into the domain's Trusted Root Certification Authorities.

The certificate will need to be installed manually onto stand-alone devices. There are a number of ways to make this easier, such as using the QR code which is displayed on the Web Proxy page, or using the Splash Page.

This certificate is unique to your Opendium system, and is separate from any certificate that is required to connect to your wifi network.