This KB is applicable to users on versions 10.0 and above.

Issue 

This KB will detail how to properly configure remote filtering.

Solution

Step 1. Navigate to Web Filtering and click Insert Remote-Filtering (1-to-1) Rule. Choose which fallback group you would like then hit Save and Apply.

Step 2.  In your internal DNS, create an A record for the hostname of the Cipafilter pointing to the Cipafilter's internal IP. In public DNS, create an A record for the hostname of the Cipafilter pointing to the public IP associated with the Cipafilter. Lastly, push proxy settings out to your devices using the hostname of the Cipafilter and port 6226. Port 6226 is the default proxy port the Cipafilter uses and can be found under Web Filtering > Advanced Configuration.

Step 3. Congratulations! You've successfully configured 1 to 1 filtering!

There is an additional option to configuring 1 to 1 filtering. As of version 10 the Cipafilter offers a free self renewing certificate in the form of Let's Encrypt. If your organization utilizes a custom portal certificate such as Lets Encrypt
you can instead deploy proxy settings via PAC file. In order to deploy these via PAC file perform the following:

Step 1. Navigate to Web Filtering and click Insert Remote-Filtering (1-to-1) Rule. Choose which fallback group you would like then hit Save and Apply

Step 2. The PAC file can be found under Web Filtering > Advanced Configuration. 

Step 3. Copy and paste the listed URL's into the appropriate field. This varies depending on the device / platform. We recommend using HTTPS with HTTP fallback in most setups.

Note: Ensure "https" is included in your PAC files URL.

Step 4. Congratulations! You've successfully deployed PAC file settings!

Note: If you have set up Google O'auth prior to configuring your custom portal certificate, please update the redirect URL's found under Web Filtering > Authentication. 

Please see this link for further information regarding configuring Let's Encrypt.