I work in a public school environment where I have multiple platforms: Windows, Mac laptops, Chromebooks and iPads. Content filtering is done through Smoothwall. Most of the filtering I have done has been to block or allow websites deemed appropriate or inappropriate by request of school administration. Recently, I had a teacher notify me that very young students were observed accessing sexual material via search terms on iPad devices behind a Smoothwall.
I can block specific terms via a pushout of a Smoothwall certificate to the iPads, then create an HTTPS inspection policy. My problem is, is that I have one Smoothwall of which all of my device types are connected to. Active Directory devices can be filtered via an OU, but iPads do not authenticate leaving me to have to filter everybody including staff computers that I don't necessarily want to have filtered.
Is there a way that I can segment staff computers from being including in the "Everybody" group so the search term restriction doesn't apply to them. Staff computers are Macintosh laptops that authenticate to an Active Directory domain. If there is a way to do this, do these staff computers still need the firewall certificate?