background image

System Log

231

should only enable it if you have been instructed to do so by 3Com 
support personnel.

What is a Syslog

Server?

Syslog is a standard protocol for reporting system events that occur on 
the Webcache and most other modern network devices. A syslog server 
allows you to capture these system events, store them and display them 
in a variety of formats. 

The purpose of a syslog server is to listen for incoming syslog messages 
(system events) on a UDP port (usually 514) and then decode and process 
the messages for logging and notification purposes.

 

Syslog servers are 

also known as “syslog daemon” or, on Unix, “syslogd und Unix”. Unix 
systems always have a syslog server installed, but Microsoft Windows 
does not include one.

Obtaining a Syslog

Server

The CD-ROM contains a freeware application called 3CDaemon that 
allows you to configure a Syslog and TFTP server on a Microsoft Windows 
server. You can use the 3CDaemon syslog server to capture syslog events 
from devices and machines on your network. Note that 3CDaemon is 
provided without warranty by 3Com.

WebTrends Firewall Suite has an integral Syslog server which you can also 
use to capture syslog events from devices and machines on your network. 
Download this from:

http://www.netiq.com/webtrends/

(correct at time of publishing)

Microsoft recommends free syslog servers for Windows:

http://www.microsoft.com/ntserver/partners/findoffering/serv

ersolutions/special.asp

(correct at time of publishing)

You can purchase a syslog server program for Windows. For example you 
can purchase WinSyslog from:

http://www.winsyslog.com/en/

(correct at time of publishing)

dua1611-5aaa04.book  Page 231  Friday, November 29, 2002  8:56 PM

Summary of Contents for SuperStack 3 WEBCACHE 1000

Page 1: ...11 5AAA04 Published November 2002 SuperStack 3 Webcache User Guide SuperStack 3 Webcache 1000 3C16115 SuperStack 3 Webcache 3000 3C16116 SuperStack 3 Web Site Filter 3C16118 dua1611 5aaa04 book Page 1 Friday November 29 2002 8 56 PM ...

Page 2: ...f any legend provided on any licensed program or documentation contained in or delivered to you in conjunction with this User Guide Unless otherwise indicated 3Com registered trademarks are registered in the United States and may or may not be registered in other countries 3Com the 3Com logo and SuperStack are registered trademarks of 3Com Corporation Intel and Pentium are registered trademarks of...

Page 3: ...nets and Using a Subnet Mask 27 Domain Name System 28 Domain Name System Syntax 28 Default Router 29 Web Caching Overview 30 Current and Expired Content 32 Revalidating HTTP Content 32 Deployment Modes Overview 32 Choosing a Deployment Mode 35 Transparent Cache Deployment 36 Deploying the SuperStack 3 Switch 4400 4924 or 4950 with the Webcache 38 Deploying the SuperStack 3 Server Load Balancer wit...

Page 4: ...il 62 Power Socket 63 Console Port 63 WAN Port 63 LAN Port 63 WAN and LAN Port LEDs 64 Choosing a Suitable Site 65 Rack Mounting the Webcache 65 The Power up Sequence 69 Powering up the Webcache 69 Checking for Correct Operation of LEDs 69 Deploying the Webcache in Your Network 70 Setting Up the Webcache for Management 71 Setting Up Using the Web Interface 71 Setting Up Using the Command Line Inte...

Page 5: ... THE WEB INTERFACE Management Software Interfaces 88 Logging in as a Default User 88 Accessing the Web Interface 89 Understanding the Web Interface 91 The Toolbar 92 The Navigation Tree 94 The Information Area 96 The Device Mimic 96 The Status Tables 99 The Performance View 100 The Help View 100 5 SECURING ACCESS TO THE WEBCACHE MANAGEMENT INTERFACES Passwords 104 Setting Passwords 104 Management ...

Page 6: ...ng 119 Creating a Parent Cache Exclusion List 119 Saving the Parent Cache Exclusion List 121 Clearing the Parent Cache Exclusion List 122 Configuring ICP Caching 123 Adding ICP Peers 124 Deleting ICP Peers 125 7 STATIC ROUTES What are Static Routes 128 Static Routes Example 128 Advantages of Static Routes 129 Configuring Static Routes 129 8 SYSTEM TIME Configuring the System Time 132 Network Time ...

Page 7: ...e Filter 151 Setting Up Filtering Policies 152 Testing a URL 154 Websense Enterprise Filtering 155 Acquiring the Websense Enterprise Filtering Software 155 Installing the Websense Enterprise Filtering Software 155 Setting Up Websense Enterprise Filtering on your Webcache 156 Manual Content Filtering 157 Setting Up Manual Content Filtering 158 Default Rule 159 Setting the Default Rule 159 Filter Lo...

Page 8: ...ow List or Deny List 173 Clearing the Allow List or Deny List 173 Keyword Blocking 174 Setting Up Keyword Blocking Lists 174 Editing the Keyword Blocking List 174 Loading Entries From a File into the Keyword Blocking List 175 Saving the New Keyword Blocking List 176 Clearing the Keyword Blocking List 176 Customizing the Content Filter Response Screen 176 V CONTROLLING CACHING 11 CONTROLLING HOW WE...

Page 9: ...cheduled Tasks 200 Using the 3Com Web Scheduler Browser Client 201 Configuring the Webcache for the 3Com Web Scheduler Browser Client 201 Installing the 3Com Web Scheduler Browser Client 202 VI MONITORING THE WEBCACHE 13 MONITORING SYSTEM EVENTS System Events 208 Email Notification 208 Configuring Email Notification 208 SMTP Authentication 210 SNMP Traps 212 Configuring SNMP Traps 212 Configuring ...

Page 10: ...ining a Syslog Server 231 Viewing the System Log 232 VII MANAGING THE WEBCACHE SOFTWARE 16 CONFIGURATION MANAGEMENT Saving and Restoring Configurations 236 Saving a Configuration 237 Restoring a Configuration 238 17 SOFTWARE UPGRADES Software Upgrades 240 Software Upgrade SNMP Traps 240 Unsuccessful Software Upgrades 241 Software Downgrades 241 Detecting a Software Upgrade 241 Performing a Softwar...

Page 11: ... Pinging Other Devices 262 Displaying IP Summary Information 263 Tracing IP Addresses 263 Displaying and Changing Security Information 264 Securing the Management Interface 264 Changing the Admin Password 266 Enabling and Disabling Password Recovery 266 Displaying and Changing Webcache Information and Functions 267 Initializing the Webcache 267 Rebooting the Webcache 268 Setting the Webcache SNMP ...

Page 12: ...Wichtige Sicherheitsinformationen 292 B CABLE SPECIFICATIONS AND PIN OUTS Cable Specifications 295 Pin outs 296 Null Modem Cable 296 PC AT Serial Cable 296 Modem Cable 297 RJ 45 Pin Assignments 297 C TECHNICAL SPECIFICATIONS D TECHNICAL SUPPORT Online Technical Services 301 World Wide Web Site 301 3Com Knowledgebase Web Services 302 3Com FTP Site 302 Support from Your Network Supplier 302 Support ...

Page 13: ...2 0 321 Configuring WCCP for a Service Group 321 Configuring WCCP Multicast 322 Example Configurations 322 Monitoring WCCP 323 Configuring WCCP Version 2 0 Within a Single Subnet 324 Enabling Cisco Express Forwarding CEF 324 Further Information 324 H LOG FORMATS Access Log Formats 325 Squid Log Format 326 Netscape Common Format 327 Netscape Extended Format 327 Netscape Extended 2 Format 328 WebTre...

Page 14: ...sm 337 Entertainment 337 Games 338 General News 338 Glamour and Intimate Apparel 338 Hobbies 338 Investment 339 Job Search 339 Motor Vehicles 339 Personals and Dating 339 Real Estate 339 Shopping 340 Sports 340 Travel 340 Usenet News 340 ChatBlock 340 dua1611 5aaa04 book Page 14 Friday November 29 2002 8 56 PM ...

Page 15: ...M END USER SOFTWARE LICENSE AGREEMENT 3COM END USER WEB SITE FILTER PRODUCT LICENSE AGREEMENT GNU GENERAL PUBLIC LICENSE VERSION 2 JUNE 1991 REGULATORY NOTICES dua1611 5aaa04 book Page 15 Friday November 29 2002 8 56 PM ...

Page 16: ...dua1611 5aaa04 book Page 16 Friday November 29 2002 8 56 PM ...

Page 17: ...for installing configuring and managing the network It assumes a basic working knowledge of local area network LAN and wide area network WAN operations If release notes are shipped with your product and the information there differs from the information in this guide follow the instructions in the release notes Most user guides and release notes are available in Adobe Acrobat Reader Portable Docum...

Page 18: ...pply the appropriate values for the placeholders that appear in angle brackets Example To change your password use the following syntax system password password In this example you must supply a password for password Commands The word command means that you must enter the command exactly as shown and then press Return or Enter Commands appear in bold Example To reboot the Webcache enter the follow...

Page 19: ...ding new features modifications and known problems There are other publications you may find useful such as Documentation accompanying 3Com Network Supervisor This is supplied on the CD ROM that accompanies the Webcache Documentation accompanying switches capable of Layer 4 redirection for example the SuperStack 3 Switch 4400 and other devices that can be used with the Webcache for example the Sup...

Page 20: ...pond to comments and questions about 3Com product documentation at this e mail address Questions related to technical support or sales should be directed in the first instance to your network supplier Product Registration You can now register your SuperStack 3 Webcache on the 3Com Web site http www 3com com register Registering your Webcache Provides access to the latest Webcache software at time ...

Page 21: ...I GETTING STARTED Chapter 1 Web Caching Concepts and Deployment Chapter 2 Installing the Webcache dua1611 5aaa04 book Page 21 Friday November 29 2002 8 56 PM ...

Page 22: ...22 dua1611 5aaa04 book Page 22 Friday November 29 2002 8 56 PM ...

Page 23: ...vers the following topics What is the Webcache The Webcache and 3Com Network Supervisor Before You Begin Network Configuration Concepts Web Caching Overview Deployment Modes Overview Choosing a Deployment Mode Transparent Cache Deployment Proxy Relay Deployment Proxy Cache Deployment Inline Cache Deployment Parent Caching dua1611 5aaa04 book Page 23 Friday November 29 2002 8 56 PM ...

Page 24: ...ts Smoother Traffic Flow Traffic surges can stress your network and server The Webcache can help smooth out network traffic and reduce delays in serving Web content As more users request the same Web content it becomes more likely that the content will be stored in the Webcache and in turn the Webcache becomes more effective at eliminating upstream traffic Controlled Web Access The Webcache allows...

Page 25: ...work Supervisor also detects mis configurations of the Webcache and Switch for example if a Switch 4400 is not directly connected to the Webcache Before You Begin To install the Webcache and set it up for management you must understand and correctly configure it with the following information Ensure that you have this information ready before you begin to install the Webcache An IP address for fur...

Page 26: ...ansparent and Inline Cache modes Network Configuration Concepts The following sections explain certain key concepts of configuring your network which you must understand in order to set up the Webcache successfully IP Addresses To operate correctly each device on your network for example a webcache or management station must have a unique IP address IP addresses have the format nnn nnn nnn nnn whe...

Page 27: ...st follow when entering an IP address or IP address range Individual IP addresses must be valid 0 0 0 0 is disallowed Values above 255 255 255 255 are disallowed IP address ranges must be valid A range starting at 0 0 0 0 is disallowed A range ending above 255 255 255 255 is disallowed The second IP address in the range must be larger than the first Subnets and Using a Subnet Mask You can divide y...

Page 28: ...e correct IP address e g 128 118 2 23 allowing the two devices to communicate with each other To enable the Domain Name System you must setup one or more DNS servers on your network If you are uncertain about how to do this contact your network administrator The following Webcache features are only available if you have setup a DNS server Caching The Webcache will be unable to cache Web content if...

Page 29: ...racter You cannot enter a domain containing a space character Each part of the domain name known as a label must be less than 64 characters The host name plus the domain name must not exceed 255 characters in length Default Router A Router is a device on your network which is used to forward IP packets to a remote destination An alternative name for a Router is a Gateway Remote refers to a destina...

Page 30: ...lt router exists on your network leave the field blank Web Caching Overview In a network without a Webcache all Web requests from browsers on client machines must travel across the expensive WAN to the origin Web server the Web server that contains the original copy of the requested information and the response from the server must travel back across the WAN as shown in Figure 1 Figure 1 A Typical...

Page 31: ...t enough to serve see Current and Expired Content on page 32 the Webcache immediately serves it to the client machine This is a cache hit as shown in Figure 2 Figure 2 A Cache Hit 4 If the content is not in the cache or the content is expired see Current and Expired Content on page 32 the Webcache connects to the origin Web server and retrieves the content This is a cache miss as shown in Figure 3...

Page 32: ...e cache is expired the Webcache revalidates it A revalidation is a query to the origin server that asks if the content is unchanged The result of a revalidation can be The content is still current the Webcache resets its limit and serves the content A current copy of the content is available the Webcache caches the current content replacing the expired copy and serves the content to the user simul...

Page 33: ...rk and redirected to the Webcache Proxy Relay caching the Webcache is connected directly to a SuperStack 3 Firewall which acts as a Proxy Forwarder Web requests are intercepted by the Firewall and the Web browser on each client machine does not have to be configured Proxy caching the Web browser on each client machine must be explicitly configured to send requests directly to the Webcache Inline c...

Page 34: ...eployment An overview of the Proxy cache deployment mode See page 45 Manual Configuration The Web browser on each client machine is configured to explicitly direct its Web requests to the Webcache See page 47 PAC Files A Proxy Auto Configuration PAC file is used to configure the Web browser on each client machine PAC files allow you to create configuration rules that determine how the Web browser ...

Page 35: ...g a Deployment Mode The flow chart shown in Figure 4 is a guide to choosing the most suitable deployment mode for the Webcache in your network Figure 4 Choosing a Deployment Mode dua1611 5aaa04 book Page 35 Friday November 29 2002 8 56 PM ...

Page 36: ...directs all Web requests to the Webcache The Web browser on each client machine is unaware that it is communicating with the Webcache Therefore no configuration of the Web browser on each client machine is needed which avoids configuration problems and reduces the demand on technical support For further information see Configuring Transparent Cache Mode on page 112 Figure 5 Transparent Cache Deplo...

Page 37: ... client machines that are inside your network can access the systems and resources within it and prevents client machines or malicious users from bypassing the Webcache This reduces the need for more complex access controls Disadvantages You may have to add a new redirecting device to your network if it is not already available The redirecting device needs to be located at a point in your network ...

Page 38: ... units in the stack which update their internal databases accordingly The master unit designates a polling unit this can be the master unit or another unit in the stack The polling unit must have an IP address that is on the same subnetwork as the Webcache If multiple units are configured in this way then the master unit will select the first unit that responds to be the polling unit The polling u...

Page 39: ...ds them untagged to the Webcache The traffic between any two pairs of IP addresses must always be redirected through the same Webcache Only HTTP traffic is eligible for redirection The port to which the Webcache is connected cannot be a member of an aggregated link IP packets with IP Options set will not be redirected For further information about configuring the Switch 4400 refer to the documenta...

Page 40: ...ntagged to the Webcache The traffic between any two pairs of IP addresses must always be redirected through the same Webcache Only HTTP traffic is eligible for redirection The port on the Switch 4924 or 4950 to which the Webcache is connected can be a member of an aggregated link IP packets with IP Options set will not be redirected For further information about configuring the Switch 4924 and 495...

Page 41: ...alancer can be configured to redirect Web requests on TCP port 80 to a Webcache for a particular service or to load balance between multiple Webcaches based on standard load balancing algorithms For further information about configuring the Server Load Balancer refer to the documentation that accompanies the device Web Cache Communication Protocol WCCP The Web Cache Communication Protocol WCCP all...

Page 42: ...g WCCP or be directly connected to a dedicated router interface on a 3 interface router Do not use a hub as the Webcache may see traffic that is not destined for it Configure Webcache redirection on the WAN side interfaces of the Cisco router rather than on the LAN side interfaces of the router 3Com recommends that you use WCCP V2 rather than WCCP V1 if possible You can find further information ab...

Page 43: ...Cisco router to operate with multiple Webcaches in your network You need to specify the IP address of the router in the Web interface of each Webcache For further information see Configuring WCCP V1 on page 112 WCCP Version 2 Figure 9 WCCP Version 2 Deployment dua1611 5aaa04 book Page 43 Friday November 29 2002 8 56 PM ...

Page 44: ...ew Webcache into the WCCP V2 environment Improving the Security of Your Network You can also enable password authentication between the routers and the Webcaches If enabled the Webcache provides a password when it identifies itself to the router An incorrect password causes redirection of traffic to the Webcache to be disabled This password system prevents a network device from receiving Web traff...

Page 45: ... The Firewall does not perform any health checking to ensure that the Webcache is operational If the Webcache fails the Firewall continues to direct Web requests to the Webcache causing a loss of client machine access to the Internet Proxy Cache Deployment In Proxy Cache deployment the Webcache is connected to an Ethernet switch in your LAN You must configure the Web browser on each client machine...

Page 46: ...Disadvantages The Web browser configuration must be changed on each client machine that you want to access the Webcache If the Webcache fails access to the Web is lost because each client machine has been configured to direct its Web requests to the Webcache You can prevent this loss of access from occurring by using a PAC file If you have a single Webcache in your network you can use the PAC file...

Page 47: ...lly migrate the client machines in your network from a pure Proxy Cache configuration to a pure Transparent Cache configuration by changing the Web browsers to Transparent Cache mode as required Manual Configuration You can manually configure the Web browser on each client machine to explicitly direct its Web requests to the Webcache To manually configure Internet Explorer 5 or 6 1 Open Internet E...

Page 48: ... cache The PAC file can be stored either on the Webcache or a network server and the Web browser is set to read the PAC file when it is opened The PAC file is read once when the Web browser is first opened and then executed within the browser for every object within every Web page visited This can cause a perceived response time degradation although the performance degradation is likely to be smal...

Page 49: ...r on a server in your network or on the Webcache The Web Proxy Auto Discovery WPAD protocol is not supported by Netscape Navigator Configuring WPAD To configure WPAD you need to Set up a WPAD server Configure your DNS server Configure your DHCP server if applicable Configure Internet Explorer on each client machine Test that WPAD is working Setting Up a WPAD Server You can set up a WPAD server tha...

Page 50: ...Webcache as the WPAD server you need to create a DNS record which resolves wpad your domain name to the Webcache s IP address For further information about the Domain Name System see Domain Name System on page 28 When a Web browser on a client machine is configured to use a WPAD server on your network or the Webcache as a WPAD server there may be a pause of several seconds when it first tries to c...

Page 51: ... OK 7 Close Internet Explorer Testing WPAD To confirm that WPAD is working successfully 1 Open Internet Explorer and log in to the Web interface 2 Click Device on the Toolbar 3 Select Caching Access Logging in the Navigation Tree 4 Check Enable Web Access Logging 5 Select one of the five access log formats Click OK 6 Perform some Web browsing from a client machine that is configured to use WPAD 7 ...

Page 52: ...dows 2000 Server has the capability to manage Web browser configurations through the its domain management tools Other vendors include Hewlett Packard Intel and Tivoli Inline Cache Deployment Figure 13 Inline Cache Deployment In the Inline Cache deployment the Webcache is directly connected to a switch in your LAN via the LAN port and a WAN gateway or firewall via the WAN port All network traffic ...

Page 53: ...cache The peak packet rate that can be sustained is therefore lower than using a Layer 4 device resulting in reduced performance Parent Caching Parent Caching allows you to explicitly configure a hierarchy of Webcaches within your network Web requests from client machines that are not fulfilled by a child Webcache cache misses can be routed to parent Webcaches instead of the origin Web server If a...

Page 54: ... be forwarded across the network to the parent Webcaches and then back again rather than being retrieved directly from the local server All client machines and Web sites that you specify in the Cache Bypass screen will not be sent to the parent Webcaches for further information see Cache Bypass on page 186 How does Parent Caching Work Parent Caching operates in the following way 1 A URL is entered...

Page 55: ...15 shows a local Branch Office and a remote central Head Office All requests for the Internet are routed through the Head Office site before reaching the World Wide Web because the Head Office site contains the physical WAN link Therefore the Webcache that is deployed between the Branch Office and Head Office is the child Webcache All cache misses from that Webcache are forwarded to the parent Web...

Page 56: ...aching ICP Caching is an open standard protocol allowing multiple proxy caches to cooperate and appear as a single larger Webcache It originally appeared at a time when there was very little storage capacity on an individual cache Now that storage capacity is so much larger in most environments ICP is no longer used A single Webcache or a Webcache operating with Parent Caches offers better behavio...

Page 57: ...r with Parent Caching ICP Caching uses a connectionless protocol UDP IP if your network is busy and a packet containing caching information is lost it will not be retransmitted Consequently caching latency may go up as UDP messages are lost and unnecessary cache misses occur 3Com recommends that you use Parent Caching in preference to ICP Caching unless you have an existing network of ICP Caches t...

Page 58: ...58 CHAPTER 1 WEB CACHING CONCEPTS AND DEPLOYMENT dua1611 5aaa04 book Page 58 Friday November 29 2002 8 56 PM ...

Page 59: ... from the Webcache 1000 3000 or carrying out any maintenance procedures you must read the safety information provided in Appendix A of this guide AVERTISSEMENT Consignes de sécurité Avant d installer ou d enlever tout composant du Webcache 1000 3000 ou d entamer une procédure de maintenance lisez les informations relatives à la sécurité qui se trouvent dans l Appendice A de ce guide VORSICHT Siche...

Page 60: ...ustable Brackets 2 x Front Plates 16 x Screws You must use the rails and screws supplied with the Rack Mounting Kit Damage caused to the Webcache by using incorrect rails and screws invalidates your warranty For further information about rack mounting the Webcache refer to the Rack Mounting Instructions that accompany your Webcache You must register the Webcache to activate the warranty See Produc...

Page 61: ... Self test LED Cache Storage Status green ok yellow failed green 100 Mbps yellow 10 Mbps Link Status Cache Storage Status LED s 3 1 2 Cache Storage Status 3 2 Link Status Activity Link Status LED s LAN LAN LAN WAN LED Color Indicates Cache Storage Status LED s Green The cache storage device is present and operating normally Green flashing The cache storage device is being prepared for use by the W...

Page 62: ...che is active and caching is occurring Off The cache is not active This is normal behavior for an idle Webcache Power Self test LED Green The Webcache is powered up and operating normally Green flashing The Webcache is either initializing or performing a software upgrade see note below Yellow The Webcache is powered up but a failure has occurred Yellow flashing An internal emergency recovery proce...

Page 63: ...nt For further information see Inline Cache Deployment on page 52 The WAN port should be left disconnected if the Webcache is not being deployed in an Inline Cache configuration LAN Port The LAN port is an auto negotiating 10BASE T 100BASE TX RJ 45 port It is used to connect the Webcache to the network in either Proxy or Transparent deployment environments Web network traffic travels to and from t...

Page 64: ...blems Indicated by LEDs on page 277 Table 5 LED Behavior The Link Speed LED does not change its state if the link is broken It remains in its current state until a new link is established Therefore Green Off Yellow On indicates that no link is present and that the link was previously 100 Mbps It does not indicate that a 100 Mbps link is still present LED Color Indicates Port Activity LED Green Fla...

Page 65: ...you provide a minimum of 25 mm 1 in clearance Air temperature around the Webcache does not exceed 40 C 104 F If the Webcache is installed in a 19 inch rack or closed assembly its local air temperature may be greater than room ambient temperature The air is as free from dust as possible The Webcache is situated away from sources of conductive electrical dust for example laser printers The Webcache ...

Page 66: ...invalidates your warranty A Rack Mounting Kit is supplied with the Webcache which contains the items shown in Figure 19 The rack mounting rails and rack mounting brackets are attached to the Webcache The adjustable brackets and screws are contained within the Webcache packaging Figure 19 The Rack Mounting Kit Contents dua1611 5aaa04 book Page 66 Friday November 29 2002 8 56 PM ...

Page 67: ...mounting brackets on both sides of the Webcache 3 Use an adjustable bracket to secure a rack mounting rail to the rear of your rack as shown in Figure 21 To do this a Slide the adjustable bracket onto the rack mounting rail and attach it using two of the screws provided at a position suitable for your rack b Adjust the rack mounting rail to fit the depth of your rack c Use rack nuts not supplied t...

Page 68: ...ounting rail as shown in Figure 22 b Tighten the screws with a suitable screwdriver Figure 22 Fitting a Rack Mounting Rail to the Front of the Rack 5 Slide the rack mounting brackets on the sides of the Webcache into the rack mounting rails 6 Secure the front of the Webcache to the rack with the captive thumbscrews as shown in Figure 23 Screw the thumbscrews into rack nuts not supplied dua1611 5aa...

Page 69: ...r outlet 3 The Webcache automatically powers up which takes approximately 60 90 seconds During power up all of the LEDs light and the Power Self test LED flashes green When the Webcache has powered up and is operating normally the Power Self test LED changes to non flashing green CAUTION The Webcache has no ON OFF switch the only method of connecting or disconnecting mains power is by connecting o...

Page 70: ...e see Deployment Modes Overview on page 32 CAUTION 3Com recommends you set up the Webcache for management in a test network environment before you introduce it into your live network For further information see Setting Up the Webcache for Management on page 71 Color State Green The Webcache is powered up and operating normally Green flashing The Webcache is either initializing or performing a soft...

Page 71: ...etting Started Wizard Settings on page 309 Setting Up Using the Web Interface You can setup the Webcache for management via the Web interface by using a Web browser on a management workstation that is connected to the Webcache over your test network or directly using a cross over cable Setting Up Over the Test Network The Webcache is pre configured with a default IP address which is within the ran...

Page 72: ...To display the Web interface correctly use one of the following Web browsers Microsoft Internet Explorer v4 0 Microsoft Internet Explorer v5 0 Microsoft Internet Explorer v5 5 Microsoft Internet Explorer v6 0 Netscape Communicator v4 5 Netscape Communicator v4 6 Netscape Communicator v4 7 Netscape Communicator v6 0 3Com recommends that you use a later version of Internet Explorer than version 5 0 ...

Page 73: ...he listens as part of the URL of the Webcache i e http 192 168 1 253 8081 3 When the browser has located the Webcache a user name and password screen is displayed as shown in Figure 26 Figure 26 User name and password screen If the user name and password screen is not displayed see Solving Web Interface Problems on page 277 4 Enter your user name and password For further information see Logging in...

Page 74: ... the IP address of the Webcache If you are unsure how to do this check the documentation supplied with the Telnet facility To connect the Webcache to the test network The client machine must be in the same subnet as the Webcache to be able to access it using the default IP address You must have an IP stack correctly installed on the client machine You can check this by trying to browse the World W...

Page 75: ...e Cable Specifications and Pin outs appendix on page 295 You must use a VT52 or VT100 ANSI compatible terminal emulator To connect the cable a Attach the female connector on the cable to the male connector on the console port of the Webcache b Tighten the retaining screws on the cable to prevent it from being loosened c Connect the other end of the cable to your terminal terminal emulator or modem...

Page 76: ...and the login sequence starts again 4 Access the Getting Started wizard which allows you to quickly configure the basic setup information for the Webcache At the Top level menu enter gettingStarted 5 The Getting Started wizard is displayed You must configure the basic settings of the Webcache by completing the Getting Started wizard before you introduce the Webcache to your live network For furthe...

Page 77: ...vices installed when you purchase it You can install an additional cache storage device in the third bay of the Webcache 3000 This improves the performance of the Webcache in the following ways Reduced Web Latency The amount of time that the Webcache takes to respond to client machine Web requests is reduced Increased Peak Throughput The maximum amount of Web throughput that the Webcache can serve...

Page 78: ...78 CHAPTER 2 INSTALLING THE WEBCACHE dua1611 5aaa04 book Page 78 Friday November 29 2002 8 56 PM ...

Page 79: ...GING THE WEBCACHE Chapter 3 Using the CLI Interface Chapter 4 Using the Web Interface Chapter 5 Securing Access to the Webcache Management Interfaces dua1611 5aaa04 book Page 79 Friday November 29 2002 8 56 PM ...

Page 80: ...80 dua1611 5aaa04 book Page 80 Friday November 29 2002 8 56 PM ...

Page 81: ... way it works The following topics are covered The Webcache 1000 3000 has a Command Line Interface that allows you to manage certain features from a terminal You may want to use the Command Line Interface to setup the Webcache for management through the console port or over your network via Telnet This chapter describes how to access and use the Command Line Interface It covers the following topic...

Page 82: ...e Interface through the console port 1 Connect the terminal or terminal emulator to the console port If you are connecting directly to the console port you need a standard null modem cable If you are connecting to the console port using a modem you need a standard modem cable The console port of the Webcache has a male 9 pin D type connector You can find pin out diagrams for both cables in the Cab...

Page 83: ... are unsure how to do this check the documentation supplied with the Telnet facility Logging In To the Command Line Interface To log in to the Command Line Interface take the following steps 1 Set up your network for Command Line Interface management for further information see Accessing the Command Line Interface on page 82 The login sequence for the Command Line Interface begins as soon as the W...

Page 84: ...f the Command Line Interface automatically After the exit the first key that you press returns you to the login sequence Understanding the Command Line Interface Once you log in to the Command Line Interface the Top level menu is displayed as shown below Figure 29 The Top level Menu The Command Line Interface is made up of two areas The Menu Area Contains the current menu of commands The menu can ...

Page 85: ... Webcache Security menu This menu contains commands that allow you to view and change security related information for the Webcache and the network System menu This menu contains commands that allow you to view and configure information about the Webcache Entering Commands The command area of the Command Line Interface contains a Select menu option prompt that allows you to enter the commands in t...

Page 86: ...ds For example to enter the security menu and change the password for the admin user enter se pa password from the Top level menu To abort a command Press Esc to return to the Top level menu Displaying Menus There are several ways to display the menus in the Command Line Interface menu structure To display sub menus At the Select menu option prompt enter the name of the menu or menus To display pa...

Page 87: ...therefore the overall performance of your network It allows you to make full use of the features offered by the Webcache and to change and monitor the way it works The following topics are covered Management Software Interfaces Logging in as a Default User Accessing the Web Interface Understanding the Web Interface The Toolbar The Navigation Tree The Information Area dua1611 5aaa04 book Page 87 Fr...

Page 88: ...Com recommends that you change the default password to prevent unauthorized access to your Webcache See Chapter 5 for further information Logging in as a Default User If you manage the Webcache using the Web interface or the Command Line Interface you need to log in with a valid user name and password The Webcache has one user name which is listed in Table 7 You cannot create new user names for th...

Page 89: ...a browser by default You will only need to enable them if you have changed your browser settings Also the Web interface has been optimized for PC screens with the desktop area set to 800 by 600 pixels It is also recommended to set the font size to Small Fonts 2 In the Location Address field of the browser enter the URL of the Webcache This must be in the format http nnn nnn nnn nnn where nnn nnn n...

Page 90: ...en If the user name and password screen is not displayed see Solving Web Interface Problems on page 277 4 Enter your user name and password For further information see Logging in as a Default User on page 88 Click OK dua1611 5aaa04 book Page 90 Friday November 29 2002 8 56 PM ...

Page 91: ...the Banner It contains three buttons which allow you to select different views in the View Area See The Toolbar below The Navigation Tree This is always displayed on the left side of the browser window It contains various icons which allow you to manage your Webcache See page 94 The Information Area This is always displayed on the right side of the browser window It contains information about the ...

Page 92: ...99 Device Summary Enclosure Summary Caching Summary Caching Statistics Summary Content Filtering Summary Cache Storage Summary Device This view allows you to configure the physical and networking aspects of the Webcache The following will be displayed The Navigation Tree displays the Device Menu See Configuring the Webcache on page 109 The Information Area displays the Device Mimic see The Device ...

Page 93: ...ry Content Filtering Statistics Performance This view shows graphs of the caching and filtering statistics of the Webcache as well as the error rate generated by the sites being cached The following will be displayed See Chapter 14 Performance Monitoring The Navigation Tree displays the Performance Menu The Information Area displays the Performance View comprising the Weekly Caching Performance Gr...

Page 94: ... top level options displayed as shown in Figure 32 Operations that you can perform to manage your Webcache are grouped into folders within the Navigation Tree The options displayed depend on the view you select in the Toolbar The Device View is shown in Figure 33 You can also perform some operations by using the device mimic Figure 33 The Device Navigation Tree Click the folders or the nodes the p...

Page 95: ...icates that the next level of the Navigation Tree hierarchy is currently expanded Click the symbol to collapse the next level This only affects the Navigation Tree no changes are made to the Information Area Indicates that the next level of the Navigation Tree hierarchy is currently collapsed Click the symbol to expand the next level This only affects the Navigation Tree no changes are made to the...

Page 96: ...levant to the view are displayed If the Performance View is selected the Performance Graphs are displayed If the Help View is currently selected specification guidelines for running the Web interface are displayed The Device Mimic Clicking Device Caching or Content Filter on the Toolbar will display the device mimic The device mimic allows you to configure the physical and networking aspects of th...

Page 97: ...r the Webcache 1000 because cache storage devices cannot be added or removed Console Port Hotspot The Console Port on the rear panel mimic is a hotspot Click the port to open a pop up menu that contains an operation which you can launch for the console port The only operation available through this hotspot is Setup Console Port WAN LAN Port Hotspots The WAN and LAN Ports on the rear panel mimic ar...

Page 98: ...ent caching mode This is also indicated by the Port Activity LED on the rear panel of the Webcache being Off The icon if shown without a Red border indicates that the cache storage device is present and operating normally This is also indicated by the Cache Storage Status LED on the front panel of the Webcache being Green This symbol is only shown on the Webcache 3000 Device Mimic as the Webcache ...

Page 99: ...and Caching views The Caching Summary table shows the Deployment Mode Proxy Port Transparent Ports WCCP status and the method and status of Access Logging Caching Statistics Summary Appears in Summary and Caching views The Caching Statistics Summary table shows the current Hit Rate and Request Rate of the Webcache The icon if shown with a Red border indicates that the cache storage device is prese...

Page 100: ...The cache storage device is present and operating normally Failed The cache storage device has failed Add in Progress The cache storage device is being prepared for use by the Webcache The Cache Storage Status LED on the front panel of the Webcache changes to Green when it is in use Remove in Progress The cache storage device is being prepared for removal The Cache Storage Status LED on the front ...

Page 101: ...r window Click On line Help from the navigation tree or the Online Help button to open the Table of Contents of the Online Help system in a new browser window Click Product Registration to register the Webcache on the 3Com Web site in a new browser window Click Webcache Support to display support information from the 3Com Web site in a new browser window The Help View Information Area provides spe...

Page 102: ...102 CHAPTER 4 USING THE WEB INTERFACE dua1611 5aaa04 book Page 102 Friday November 29 2002 8 56 PM ...

Page 103: ...EMENT INTERFACES This chapter contains information about ensuring that the Webcache is secure It covers the following topics Passwords Management Interface Setup Password Recovery dua1611 5aaa04 book Page 103 Friday November 29 2002 8 56 PM ...

Page 104: ... the Getting Started wizard which automatically runs when you first access the Webcache s Web interface You must enter the following information in either the Getting Started wizard or the Password Configuration screen 1 Choose between the following options by clicking the appropriate radio button Do Not Change Password Change Password for the admin Account Set admin Password to the Factory Defaul...

Page 105: ...nto a Web browser where xxx xxx xxx xxx is the IP address of the Webcache You can hide your Webcache from casual browsers by unchecking the Make Web Interface Available on TCP port 80 box on the Setup Management window Once this change has been saved the Webcache will no longer respond to default HTTP requests on this port and will be invisible to most browsers To access the Web interface of the W...

Page 106: ...o administer the Webcache from your computer If this occurs you need to use the console port to access the Command Line Interface and use the Security Management commands to change the restriction to the correct addresses Restricting access does not change the caching operation of the Webcache Only access to the management interfaces of the Webcache is affected Password Recovery If you forget the ...

Page 107: ... Use the password recovery method outlined below to define a new password for the admin username 1 Access the Command Line Interface and enter the username recover and password recover to place the Webcache in password recovery mode The Webcache remains in password recovery mode for a maximum of 30 seconds before it returns to the CLI login prompt 2 Reboot the Webcache whilst it is in password rec...

Page 108: ...S TO THE WEBCACHE MANAGEMENT INTERFACES 4 Enter enable to leave password recovery enabled or enter disable to turn it off You are now logged in as the default admin user dua1611 5aaa04 book Page 108 Friday November 29 2002 8 56 PM ...

Page 109: ...III CONFIGURING THE WEBCACHE Chapter 6 Configuring Deployment Modes Chapter 7 Static Routes Chapter 8 System Time dua1611 5aaa04 book Page 109 Friday November 29 2002 8 56 PM ...

Page 110: ...110 dua1611 5aaa04 book Page 110 Friday November 29 2002 8 56 PM ...

Page 111: ...guring WCCP V2 Configuring Proxy Relay with the SuperStack 3 Firewall Configuring Proxy Cache Mode Creating a Proxy Auto configuration File Configuring Inline Cache Mode Configuring Parent Caching Configuring ICP Caching For further information about each deployment mode see the Web Caching Concepts and Deployment chapter on page 23 dua1611 5aaa04 book Page 111 Friday November 29 2002 8 56 PM ...

Page 112: ...to the Web interface 2 Click Caching on the Toolbar 3 Select Set Caching Mode The Set the Webcache Deployment Mode screen is displayed 4 Ensure that Enable Transparent Mode is checked and click OK to save this information 5 Select WCCP Setup in the Navigation Tree The WCCP Setup wizard is displayed 6 Check Enable WCCP 7 Select WCCP V1 0 8 Enter the IP address of the Cisco router that will redirect...

Page 113: ...k Enable WCCP 7 Select WCCP V2 0 8 In the Router IP Address List or Multicast Address field enter either A comma separated list of up to 10 Cisco routers that support WCCP V2 which will form a service group with the Webcache or A single IP multicast address that the Webcache will use to declare itself to Cisco routers in your network that support WCCP V2 Click Next 9 Select which protocols will be...

Page 114: ...ers for WCCP using the Cisco Command Line Interface see the Default Settings for the Webcache appendix on page 307 For further information see WCCP Version 2 on page 43 Configuring Proxy Relay with the SuperStack 3 Firewall To configure Proxy Relay mode using the Web interface of the Webcache 1 Install the Webcache as described in Chapter 2 Installing the Webcache taking into account any safety in...

Page 115: ...nter the proxy relay TCP port number that you selected in step 1c port 8080 by default d Click Update to save your changes 3 No configuration is necessary on the client machines The Firewall will intercept any HTTP requests for external URLs and will forward the traffic to the Webcache For further information see Proxy Relay Deployment on page 44 Configuring Proxy Cache Mode To configure Proxy Cac...

Page 116: ...you want to configure Web browsers to bypass the Webcache for plain host names These are typically domain names which do not contain dots commonly used for Intranet sites e g http intranet 6 You can enter the IP addresses and port numbers of up to three additional Webcaches in your network Web browsers on client machines will then distribute their requests between all of the available Webcaches th...

Page 117: ... of the Webcache PAC file in the Address field in either of the following formats http nnn nnn nnn nnn 8082 or http nnn nnn nnn nnn config proxy pac where nnn nnn nnn nnn is the IP address or DNS name of the Webcache 7 Click OK To set Netscape Navigator 4 5 1 Open Netscape Navigator 2 From the Edit menu click Preferences 3 Click the Advanced category and click Proxies 4 Select Automatic Proxy Conf...

Page 118: ...Toolbar 3 Select Set Caching Mode The Set the Webcache Deployment Mode screen is displayed 4 Ensure that Enable Inline Mode is checked 5 In the Transparent Inline Mode Ports field enter a comma separated list of all the ports that the Webcache will listen on For further information see Inline Cache Deployment on page 52 dua1611 5aaa04 book Page 118 Friday November 29 2002 8 56 PM ...

Page 119: ...ch Webcache will be listening for network traffic in the Proxy Port field For further information see Parent Caching on page 53 Creating a Parent Cache Exclusion List You can create a list of the domain names IP addresses and IP address ranges that you want to prevent from being forwarded to the parent Webcaches in the following ways Manually entering each Web site IP address and IP address range ...

Page 120: ...on an entry in the list and click Remove To delete all entries at once click Remove All Loading Entries From a File Into the Parent Cache Exclusion List To load a list of Web sites IP addresses and IP address ranges into the Parent Cache Exclusion List 1 Log in to the Web interface 2 Click Caching on the Toolbar 3 Select Parent Caches Load Exclude List in the Navigation Tree 4 In the Name of File ...

Page 121: ...ist can contain a maximum of 900 entries If loading the file results in more than 900 entries in the Parent Cache Exclusion List all subsequent entries after the limit has been reached will not be loaded into the List You must also follow all of the rules listed in the Domain Name System Syntax section on page 28 Saving the Parent Cache Exclusion List You can save the current Parent Cache Exclusio...

Page 122: ...can use the Clear Exclude List screen to delete all the current entries in the Parent Cache Exclusion List To clear the Parent Cache Exclusion List 1 Log in to the Web interface 2 Click Caching on the Toolbar 3 Select Parent Caches Clear Exclude List in the Navigation Tree 4 Click OK to clear the Parent Cache Exclusion List dua1611 5aaa04 book Page 122 Friday November 29 2002 8 56 PM ...

Page 123: ...Webcache will respond to incoming ICP requests from other cache devices but will never initiate any If the Webcache does not have the requested content it will go directly to the origin server or to a Parent Cache depending on its configuration This can be a useful setting when adding a Webcache to an existing legacy ICP environment Send Receive Queries if the Webcache is not the top level cache o...

Page 124: ...quests Adding ICP Peers To add ICP peers 1 Log in to the Web interface 2 Click Caching on the Toolbar 3 Select ICP Control Edit ICP Peers in the Navigation Tree 4 Enter the IP address of another cache in the ICP Peer IP Address box 5 Enter the TCP port on which the other cache listens for HTTP traffic in the ICP Proxy Port box 6 Select the relationship the other cache has to your Webcache from the...

Page 125: ... Control Edit ICP Peers in the Navigation Tree 4 Select the peer that you want to delete form the table at the bottom of the window 5 Click Remove to delete the listed peers or Remove All to delete all of the listed peers The Webcache will no longer make ICP requests to this peer dua1611 5aaa04 book Page 125 Friday November 29 2002 8 56 PM ...

Page 126: ...126 CHAPTER 6 CONFIGURING DEPLOYMENT MODES dua1611 5aaa04 book Page 126 Friday November 29 2002 8 56 PM ...

Page 127: ...cepts of static routing and how to configure static routes on the Webcache It covers the following topics What are Static Routes Static Routes Example Advantages of Static Routes Configuring Static Routes dua1611 5aaa04 book Page 127 Friday November 29 2002 8 56 PM ...

Page 128: ...P address of the router for that network Static Routes Example Static routes are essential in the following scenario The Webcache is deployed in Transparent mode with a SuperStack 3 Switch 4400 For further information see Deploying the SuperStack 3 Switch 4400 4924 or 4950 with the Webcache on page 38 The default router is on the WAN side of the Switch There is also a LAN side server A request com...

Page 129: ...equired This overhead could amount to a significant portion of network bandwidth on a low speed dial up link In a network with 200 network segments every 30 seconds as required by the RIP specification all the routers send an update containing reachability information for all 200 of these segments With each route taking 16 octets of space plus a small amount of overhead the minimum size for an upd...

Page 130: ...reate the static route All of the currently defined static routes are displayed in the list at the bottom of the screen If you want to remove an entry from the list click on an entry in the list and click Remove To delete more than one entry at a time hold down Ctrl click on the entries that you want to delete and then click Remove To delete all entries at once click Remove All dua1611 5aaa04 book...

Page 131: ...cache It contains the following topics Configuring the System Time Network Time Protocol Configuring the System Time Using the Network Time Protocol Configuring the System Time Manually System Time and Performance Graphs dua1611 5aaa04 book Page 131 Friday November 29 2002 8 56 PM ...

Page 132: ...nchronize the time of client machines and servers with other well known highly accurate servers or reference time sources It maintains a consistent Coordinated Universal Time UTC within your network which is far more accurate than the internal system clocks of client machines and prevents time drift from occurring on the Webcache NTP provides client machine and server time accuracies typically wit...

Page 133: ...um 2 servers are in turn connected to a stratum 1 server and are therefore less accurate but greater in number Stratum 3 servers are connected to stratum 2 servers and so on up to an imposed limit of 15 strata You should not use a high level public stratum server because of their limited number and because the load placed on them is increasingly heavy For a list of well known NTP servers available...

Page 134: ...ver that has proven to be the most reliably available to serve NTP requests Configuring the System Time Manually To manually configure the system time of the Webcache you must enter the following information in the Getting Started wizard or Time Configuration command in the Web interface 1 Select a timezone from the options in the Timezone drop down list The Webcache automatically performs dayligh...

Page 135: ...e following system time changes affect the Performance Graphs in this way The system time is manually configured The system time is changed from Network Time Protocol to Manual Time Configuration or vice versa The IP address of the Network Time Protocol server is changed A Warning screen appears asking if you want to continue with the system time change Click Yes to continue and reset the Performa...

Page 136: ...136 CHAPTER 8 SYSTEM TIME dua1611 5aaa04 book Page 136 Friday November 29 2002 8 56 PM ...

Page 137: ...IV CONTROLLING AND MONITORING WEB ACCESS Chapter 9 Monitoring Web Access Chapter 10 Using Content Filtering dua1611 5aaa04 book Page 137 Friday November 29 2002 8 56 PM ...

Page 138: ...138 dua1611 5aaa04 book Page 138 Friday November 29 2002 8 56 PM ...

Page 139: ... the access of the users of your network through the Webcache to the Internet It covers the following topics Access Logging Filter Logging Storing the Log Files Viewing the Access Log Analyzing the Access Log Viewing the Filter Log dua1611 5aaa04 book Page 139 Friday November 29 2002 8 56 PM ...

Page 140: ...simply un check the Enable Web Access Logging box from the Setup Access Log screen and click OK The Squid format is the most widely supported by log analysis tools If you are using WebTrends Firewall Suite to analyze the Webcache s access logs you should always use the WebTrends Extended Log Format WELF for additional Web access information Filter Logging The Filter Log stores information about cl...

Page 141: ...path within the FTP server to which you want to save the log files The directory can only contain alphanumeric and or _ characters and can only be up to 32 characters in length If you are using a Windows based FTP server you cannot specify drive letters e g C or my_drive You must configure your FTP server so that the FTP account that you specify in the Directory field has your desired drive letter...

Page 142: ...cache is deployed in Proxy mode multiple entries for the pages in the Web interface itself will be made in the Access Log This is standard behavior for the Webcache as it is seeing the requests for the Web interface pages and logging these requests in the Access Log You should either leave the Web Interface open for only short periods of time to reduce the entries made or use a log analyzer tool s...

Page 143: ...Netscape Web and Proxy Servers beginning with version 2 0 Viewing the Filter Log The View Filter Log command displays the last 256 entries registered by the Filter Log To view the Filter Log 1 Log in to the Web interface 2 Click Content Filter on the Toolbar 3 Select Webcache Filtering View Filter Log in the Navigation Tree Click on Refresh to clear the Filter Log or Finish to close the Filter Log...

Page 144: ...144 CHAPTER 9 MONITORING WEB ACCESS dua1611 5aaa04 book Page 144 Friday November 29 2002 8 56 PM ...

Page 145: ... following topics Introducing Content Filtering 3Com Web Site Filter Websense Enterprise Filtering Manual Content Filtering Default Rule Filter Logging Web Client Blocking Filter Exclusions Setting Up Allow Lists and Deny Lists Keyword Blocking Customizing the Content Filter Response Screen dua1611 5aaa04 book Page 145 Friday November 29 2002 8 56 PM ...

Page 146: ...ering and Manual Content Filtering 3Com Web Site Filtering is a subscription based service that downloads a list of millions of categorized Web sites to your Webcache from a 3Com server on the Internet This list allows the Webcache to block some or all of millions of Web sites by selecting from twenty categories The 3Com Web Site Filtering service offers improved business productivity reduced lega...

Page 147: ...er list containing millions of Web sites each assigned to appropriate categories that might be deemed unsuitable for business use The latest Web Site Filter can be downloaded on a user scheduled regular basis If you are using the Web Site Filter and your Webcache fails you can transfer the Web Site Filter license to a replacement Webcache You must first raise a Return Materials Authorization RMA w...

Page 148: ...hen it will be denied To stop the site from being denied remove it from the Deny List 4 Keyword Blocking The Webcache checks all the entries in the Keyword Blocking list against the URL of the Web site for a partial match If a partial or complete match is found then the site is filtered otherwise the Webcache continues with the next rule See Keyword Blocking on page 174 for more information It is ...

Page 149: ...ctivate the 30 day trial Web Site Filter will be displayed in the Web browser window Activating the Web Site Filter When you register the Webcache you may activate a 30 day free subscription to the 3Com Web Site Filter Activating the 30 day trial enables you to immediately download the Web Site Filter from 3Com s servers To extend the use of the 3Com Web Site Filter you need to purchase Web Site F...

Page 150: ...ace Device Summary table 5 Click Register After a short while a message confirming the activation of the 30 day trial Web Site Filter will be displayed in the Web browser window You may now download the Web Site Filter Downloading a New Web Site Filter After registering a Web Site Filter license for the first time you must download the 3Com Web Site Filter to the Webcache as described below Until ...

Page 151: ...ccept the terms of the 3Com Web Site Filter Licence Before the 3Com Web Site Filter can be enabled you must accept the terms of the license 8 Click Done after reading the licence to close window 9 Select Accept from the Setup Filtering wizard if you agree to the licence terms 10 Click Next 11 Select the default rule to be applied to all web requests if the 3Com Web Site Filter service is not avail...

Page 152: ...al Estate and Travel For further information about these categories and their meaning see Appendix J More than one Category Set can exist at the same time and can be enforced at different times of the day on different days of the week Furthermore multiple Category Sets can be active at the same time in the policy schedule To set up a Category Set using the Web interface 1 Log in to the Web interfa...

Page 153: ...tional categories during core work hours To set up the Policy Schedule using the Web interface 1 Log in to the Web interface 2 Click Content Filter on the Toolbar 3 Select Webcache Filtering 3Com Web Site Filter Policy Schedule in the Navigation Tree 4 Click Add to add a policy to the Policy Schedule 5 Select the Category Set that you want to assign to the policy from the Assign Category Set windo...

Page 154: ...he Web interface 2 Click Content Filter on the Toolbar 3 Select Webcache Filtering 3Com Web Site Filter Test a URL in the Navigation Tree 4 Enter the URL that you want to test 5 Click Test If the URL is not categorised by the 3Com Web Site Filtering service or you believe that it has been wrongly categorised you can submit the URL for review by clicking the Submit for Review button When you submit...

Page 155: ...e See Default Rule on page 159 for more information about the Default Rule 3 Websense Enterprise Server The Webcache asks the Websense Enterprise Server if the Web site should be filtered See below for a summary of the installation of Websense Enterprise filtering software and follow the instructions in Setting Up Websense Enterprise Filtering on your Webcache on page 156 to set up your Webcache t...

Page 156: ...be applied to all web requests if the Websense Enterprise Server is unavailable Choose Deny All to deny access to all Web sites or Allow All to allow access to all Web sites 9 Click Next and then Finish to close the Setup Filtering Wizard Editing the Websense Enterprise Filtering Settings To edit the Websense Enterprise filtering settings 1 Log in to the Web interface 2 Click Content Filter on the...

Page 157: ...clusion The Webcache checks to see if the client is on the Filter Exclusion list For authorized clients further rules will be bypassed and the clients granted access to the Website See Filter Exclusions on page 166 for more information 3 Allow and Deny Lists The Webcache checks to see if the Web site being accessed has been expressly allowed or blocked denied by an administrator If the Web site is...

Page 158: ...plied to all web requests that are not covered by the Allow and Deny Lists see Setting Up Allow Lists and Deny Lists on page 169 or Keyword Blocking see Setting Up Keyword Blocking Lists on page 174 Choose Deny All to deny access to all Web sites except the ones that you enter in the list or Allow All to allow access to all Web sites except those listed 8 Select the type of blocking and logging be...

Page 159: ...tered denied This will stop users accessing questionable material as all sites that have not been specifically allowed will be filtered This will prevent your users from accessing any Web sites at all if the content filter service fails Setting the Default Rule The Default Rule is set using the same Setup Filtering Wizard that is used to set the filtering mode You can set the Default Rule when you...

Page 160: ...are logged in the Filter Log Setting Blocking and Logging Behavior You can set up the blocking and logging behavior of the Webcache using the same Setup Filtering Wizard that is used to set the filtering mode You can set the blocking and logging behavior when you choose the filtering mode The Webcache will only log and block in the 3Com Web Filter and Manual modes If you are using Websense Enterpr...

Page 161: ...able Web Client Blocking you can create a list of the static IP addresses or IP address ranges of client machines that you are allowing or denying access to the Web through the Webcache If the client machine is blocked by Web Client Blocking the Customize Response screen will not appear The Webcache is capable of blocking Web Clients in two different ways Deny all except to stop all clients access...

Page 162: ...as 10 1 2 0 255 and user group B to use another subnet defined as 10 1 3 0 255 If you want to prevent everyone except group B from accessing the Web you would set the Web Client Blocking to Deny all except and add the subnet 10 1 3 0 255 to the Web Client Blocking list Group B would then be able to access the Web while everyone else including group A would have no access to the Web You can configu...

Page 163: ...he Edit List screen Loading an existing list of IP addresses or IP address ranges from an external text file in the Load List From File screen A combination of the above methods Manually Entering an IP Address into the Web Client Blocking List To manually enter an IP address or IP address range in the Web Client Blocking List 1 Log in to the Web interface 2 Click Content Filter on the Toolbar 3 Se...

Page 164: ... by examining the Access Log see Monitoring Web Access on page 139 Loading Entries From a File Into the Web Client Blocking List To load a list of Web clients into the Web Client Blocking List 1 Log in to the Web interface 2 Click Content Filter on the Toolbar 3 Select Webcache Filtering Web Client Blocking Load List From File in the Navigation Tree 4 Enter the full pathname of the file that you w...

Page 165: ...ubsequent entries after the limit has been reached will not be loaded into the List You must also follow all of the rules listed in IP Address Rules on page 27 Saving the Web Client Blocking List You can save the current Web Client Blocking List to an external text file This allows you to modify and then load the file back onto the Webcache using the Load List From File command or to load and re u...

Page 166: ...ho must be exempt from content filtering If you configure the Webcache to use a Websense Enterprise server for content filtering then the Filter Exclusion List will be disabled Setting Up Filter Exclusion Lists To set up Exclusion lists using the Web interface 1 Log in to the Web interface 2 Click Content Filter on the Toolbar 3 Select Webcache Filtering Filter Exclusion Setup Filter Exclusion in ...

Page 167: ...00 entries you must use the Load List From File feature that allows you to load and manage 900 entries If you load more that 900 entries all entries after the 900th will be discarded 5 If you want to remove an entry from the list click on an entry and click Remove To delete all entries at once click Remove All Loading Entries From a File into the Filter Exclusion List A text file containing a list...

Page 168: ... on a separate line Each line in the file must not exceed 75 characters in length Blank lines are ignored There must be no spaces at the beginning of a line The list can contain a maximum of 900 entries If loading the file results in more than 900 entries all subsequent entries after the limit has been reached will not be loaded into the List Saving the New Filter Exclusion List You can save the c...

Page 169: ...ring modes To set up Allow Deny lists using the Web interface 1 Log in to the Web interface 2 Click Content Filter on the Toolbar 3 Select Webcache Filtering Allow Deny Lists Setup Allow Deny in the Navigation Tree 4 Select Enable Allow List to allow access to Web sites that might otherwise be blocked or Enable Deny List to deny access to Web sites that might otherwise be allowed You can select ei...

Page 170: ...ist You cannot enter a URL into an Allow or Deny list you must enter a domain or IP address For example http mysite com goodurl html is incorrect The site should be entered as mysite com You can enter a maximum of 900 entries into the Edit Allow List on the Webcache If you enter more that 500 entries you will be presented with an error message If you want to enter more than 500 entries you must us...

Page 171: ...not enter a URL into an Allow or Deny list you must enter a domain or IP address For example http mysite com badurl html is incorrect The site should be entered as mysite com You can enter a maximum of 900 entries into the Edit Deny List on the Webcache If you enter more that 500 entries you will be presented with an error message If you want to enter more than 500 entries you must use the Load Li...

Page 172: ...e a complete list of entries in an external file that you want to use to overwrite the list on the Webcache You should choose to merge with the current list if you have a list of entries in an external file that you want to add to the list on the Webcache If duplicate entries exist in both lists they will be ignored 7 Select Load to load the new file Loading a list may take a few seconds to comple...

Page 173: ...g in to the Web interface 2 Click Content Filter on the Toolbar 3 Select Webcache Filtering Allow Deny Lists Save List To File in the Navigation Tree 4 Select the list that you want to save Choose Save Allow List or Save Deny List 5 Click Save The File Download screen is displayed Select Save this file to disk and enter a filename and location to store the saved list Saving the list may take a few...

Page 174: ...e 1 Log in to the Web interface 2 Click Content Filter on the Toolbar 3 Select Webcache Filtering Keyword Blocking Setup Keywords in the Navigation Tree 4 Select Enable Keyword Blocking to deny access to URLs that contain the specific keyword Editing the Keyword Blocking List To add a keyword to the Keyword Blocking List 1 Log in to the Web interface 2 Click Content Filter on the Toolbar 3 Select ...

Page 175: ...re loading or select Merge with Current Keyword Blocking List to merge the two lists together You should choose to replace the current list if you have a complete list of entries in an external file that you want to use to overwrite the list on the Webcache You should choose to merge with the current list if you have a list of entries in an external file that you want to add to the list on the Web...

Page 176: ...a filename and location to store the saved list Saving a list may take a few seconds to complete depending on the number of entries being saved Clearing the Keyword Blocking List You can use the Clear List screen to delete all the current entries in the Keyword Blocking List To do this 1 Log in to the Web interface 2 Click Content Filter on the Toolbar 3 Select Webcache Filtering Keyword Blocking ...

Page 177: ...es 4 If you want to view your changes before saving them to check that your text or HTML is correct click Preview 5 Click OK to save the text or HTML code that you have entered There is a default option in Microsoft Internet Explorer 4 and later versions that will cause a friendly HTTP error message to be displayed when a Web site is blocked rather than the response page generated by the Webcache ...

Page 178: ...178 CHAPTER 10 USING CONTENT FILTERING dua1611 5aaa04 book Page 178 Friday November 29 2002 8 56 PM ...

Page 179: ...V CONTROLLING CACHING Chapter 11 Controlling How Web Sites Are Cached Chapter 12 Preloading Content dua1611 5aaa04 book Page 179 Friday November 29 2002 8 56 PM ...

Page 180: ...180 dua1611 5aaa04 book Page 180 Friday November 29 2002 8 56 PM ...

Page 181: ...11 CONTROLLING HOW WEB SITES ARE CACHED This chapter contains information about Cache Control Clearing the Cache Cache Bypass dua1611 5aaa04 book Page 181 Friday November 29 2002 8 56 PM ...

Page 182: ...o Content Filtering as described in Chapter 10 and are also recorded in the Access Log Setting Up Cache Control To set up Cache Control using the Web interface 1 Log in to the Web interface 2 Click Caching on the Toolbar 3 Select Cache Control Setup Cache Control in the Navigation Tree 4 Check Enable Cache Control You will be warned that entries in the Cache Control list will not take effect until...

Page 183: ... the list 7 Repeat step 4 to step 6 for each Web site that you want to prevent from being cached or pin in the cache If you want to remove an entry from the list click on an entry in the list and click Remove To delete all entries at once click Remove All 8 Click OK to save your changes You must clear cached objects before the current Cache Control list can take effect If you are going to further ...

Page 184: ...e Control List with the list of Web sites in the file that you are loading or select Merge with the Current Cache Control List to merge the two lists together You should choose to replace the current list if you have a complete list of entries in an external file that you want to use to overwrite the list on the Webcache You should choose to merge with the current list if you have a partial list o...

Page 185: ...ving the Cache Control List You can save the current Cache Control List to an external text file This allows you to modify and then load the file back onto the Webcache using the Load List From File command or to load and re use the list on another Webcache To save the Cache Control List 1 Log in to the Web interface 2 Click Caching on the Toolbar 3 Select Cache Control Save List To File in the Na...

Page 186: ...mation linking domain names to IP addresses The next time the Webcache needs to query a Web server it will request the address of the web server from another DNS server Use this option if a Web site has moved servers and you are no longer able to reach it Clear Cached Web Objects The Webcache will erase all cached Web pages and images The next time a client requests content from a Web server the W...

Page 187: ... correct at time of publication Cache Bypass allows you to prevent the Webcache from being involved in requests to those particular Web sites All requests to the Web sites that you include in the Cache Bypass lists will completely bypass the Webcache and go straight to the origin servers ensuring that the Web sites that did not work with a Transparent cache will function correctly The Web requests...

Page 188: ...ing each type of list is the same Each list contains the IP addresses or IP address ranges of the client machines or Web sites that you want to bypass and both list types are created in the following ways Manually entering each IP address or IP address range in the Edit Client Bypass List or Edit Site Bypass List screens Loading an existing list of IP addresses or IP address ranges from an externa...

Page 189: ...the Toolbar 3 Select Cache Bypass Load List From File in the Navigation Tree 4 Select the specific Cache Bypass list that you want to load the file into by clicking Load Into Web Client Bypass List or Load Into Web Site Bypass List 5 In the Name of File To Load field enter the full pathname of the file that you want to load You can also click Browse to search for the location of the file 6 Select ...

Page 190: ...t be loaded into the List You must also follow all of the rules listed in IP Address Rules on page 27 Saving the Cache Bypass Lists You can save the current Cache Bypass Lists to an external text file This allows you to modify and then load the file back onto the Webcache using the Load List From File command or to load and re use the list on another Webcache To save the Cache Bypass Lists 1 Log i...

Page 191: ...st in the Navigation Tree 4 Select the specific Cache Bypass list that you want to clear by clicking Clear the Client Bypass List or Clear the Web Site Bypass List or both 5 Click OK to clear the list s that you have selected The clear list process may take a few seconds to complete depending on how large the list is You can choose to clear the Cache Bypass List s even if Cache Bypass is currently...

Page 192: ...192 CHAPTER 11 CONTROLLING HOW WEB SITES ARE CACHED dua1611 5aaa04 book Page 192 Friday November 29 2002 8 56 PM ...

Page 193: ...che before they are requested by clients browsing the Web It is split into the following sections Introduction Setting up Content Preload Preloading a Site Checking the Status of Scheduled Tasks Using the 3Com Web Scheduler Browser Client dua1611 5aaa04 book Page 193 Friday November 29 2002 8 56 PM ...

Page 194: ...in Cache Control then it will never be cached even if Content Preload gives it a Cache Lifetime Advantages and Disadvantages of Preloading Content Preloading content results in a faster response time for the clients of the Webcache and less activity across your Internet connection Any request made for a Web page within its Content Lifetime will not result in any traffic external to your network as...

Page 195: ...oad feature can be configured so that it minimizes the impact on the amount of bandwidth used by your users The preload tasks can be scheduled to run individually at specific times This allows you to preload content when you know there is particularly low WAN network usage for example at night You can also configure the Webcache to adjust its bandwidth use for preload tasks at particular hours on ...

Page 196: ... 3Com Web Scheduler Browser Client box is checked Enabling the Web Scheduler Browser Client allows users who do not have the administration password to set up Preload Tasks using Internet Explorer If you do not check this box the 3Com Web Scheduler Browser Client will not be able to access or create preload tasks on the Webcache See Using the 3Com Web Scheduler Browser Client on page 201 10 If you...

Page 197: ...ing None will preload only the Starting URL and the images contained on the page Selecting 1 will preload not only the Starting URL and its images but each page linked from it You may recurse up to five pages deep 8 Select Content Lifetime from the drop down box The Content Lifetime determines how long the Webcache will assume the preloaded content is current and therefore a cache hit before rever...

Page 198: ...he Webcache will ignore the new schedule and complete the current schedule The preload task will then attempt to run again at the next scheduled start time Temporarily Disabling a Scheduled Task To disable a scheduled task without deleting it 1 Log in to the Web interface 2 Click Caching on the toolbar 3 Select Content Preload Preload Tasks Preload Tasks to see the Edit Preload Tasks window 4 Sele...

Page 199: ... 5 Click Remove To delete all the tasks click Remove All and confirm the action at the popup There is no need to highlight a task first 6 Click OK to return to the Web interface Checking the Status of Scheduled Tasks After performing a preload task you can check to see if the task was successful and whether it retrieved the Web pages you required To check the status of currently scheduled preload ...

Page 200: ...load task 1 Log in to the Web interface 2 Click Caching on the toolbar 3 Select Content Preload Preload Tasks Preload Status to see the Preload Task Status window 4 Highlight a task and click View Detail The following items will be displayed Name The name of the task Start URL The base URL that was specified as the starting point for the preload task Recursion Shows the depth of links that will be...

Page 201: ...uler Browser Client The 3Com Web Scheduler Browser Client is a browser plug in that allows designated users to create view amend preload tasks without accessing the Web interface of the Webcache When using the Web Scheduler The user does not need administrator access to the Webcache The user can specify preloads from different Web sites and with differing recursion levels as part of the same prelo...

Page 202: ...e CD in the drive of the client machine allow it to autostart and select Install 3Com Web Scheduler Browser Client from the menu If your CD does not autostart the Web Scheduler Browser Client can be installed by running the setup program from the CD Table 8 3Com Web Scheduler Browser Client Requirements Requirement Minimum Recommended Processor 266 MHz Pentium II 500 MHz Pentium III RAM 64 MB 128 ...

Page 203: ...The 3Com Web Scheduler Options window will pop up 4 In the Connection tab of the window enter the IP address of the Webcache and the Preload Account Password as set up in Configuring the Webcache for the 3Com Web Scheduler Browser Client on page 201 5 In the File Location tab of the window enter the location where the user is to store their preload tasks ready for transfer to the Webcache 6 Click ...

Page 204: ...204 CHAPTER 12 PRELOADING CONTENT dua1611 5aaa04 book Page 204 Friday November 29 2002 8 56 PM ...

Page 205: ...VI MONITORING THE WEBCACHE Chapter 13 Monitoring System Events Chapter 14 Performance Monitoring Chapter 15 System Diagnostics dua1611 5aaa04 book Page 205 Friday November 29 2002 8 56 PM ...

Page 206: ...206 dua1611 5aaa04 book Page 206 Friday November 29 2002 8 56 PM ...

Page 207: ...ontains information about the system events that can occur on the Webcache 1000 3000 It covers the following topics System Events Email Notification SNMP Traps Automatic System Events dua1611 5aaa04 book Page 207 Friday November 29 2002 8 56 PM ...

Page 208: ...able Email Notification to ensure that you have the most detailed information about the operation of the Webcache Configuring Email Notification To configure Email Notification using the Web interface 1 Log in to the Web interface 2 Click Device on the Toolbar 3 Select System Management Events Email Notification in the Navigation Tree The Email Notification screen is displayed 4 Check Enable Email...

Page 209: ... Domain Name field you can enter the Unix realm or Windows domain that the SMTP user belongs to or leave the field blank For further information about how SMTP Authentication operates on the Webcache see SMTP Authentication on page 210 12 You can configure the Webcache to send an email notification when certain system events occur by checking the relevant boxes Webcache Software Upgrade Events Thi...

Page 210: ...thentication You can enable SMTP Authentication for Email Notification or Email Graphs by checking Enable SMTP Authentication and specifying an SMTP Username and SMTP Password The SMTP server will attempt to authenticate email in the following way If the SMTP server reports that it cannot perform authentication the email will fail An entry is made in the Webcache s System Log to record the failure...

Page 211: ...in the Webcache s System Log for further information see System Log on page 230 Specifying Realms and Domains If you enable SMTP Authentication you can optionally enter the Windows domain or Unix realm that the SMTP user that you have specified belongs to You may need to do this if your SMTP server supports multiple email domains from the same server Example If you create an SMTP email user called...

Page 212: ... the Web interface 2 Click Device on the Toolbar 3 Select System Management Events SNMP Traps in the Navigation Tree The SNMP Trap Destination Setup screen is displayed 4 Enter the IP address of the network management station in your network that will handle the SNMP traps in the IP Address of Management Station field You can send a test SNMP trap to the network management station immediately by c...

Page 213: ...Webcache To change the Public and Private community strings using the Web interface 1 Log in to the Web interface 2 Click Device on the Toolbar 3 Select System Management Community in the Navigation Tree The SNMP Community screen is displayed 4 Enter the community string for Private Set Write requests to the Webcache in the Private Set Write SNMP community field The default string is private 5 Ent...

Page 214: ...n system error This is a critical failure Contact 3Com Technical Support The Webcache has failed and is not attempting to reboot itself Fan Speed Warning Fan speed warning The PSU Chassis fan is out of acceptable range The unit is in danger of overheating Current fan speed current fan speed rpm N A The speed of the specified fan PSU Chassis is outside the acceptable range and the fan may overheat ...

Page 215: ...ower from the Webcache immediately Temperature OK N A The motherboard temperature in the Webcache has returned to normal The temperature of the specified component motherboard has returned to normal You can continue to use the Webcache Caching Disk Failed Cache Storage device 0 1 2 has failed in the 3Com WebCache Please refer to the following URL for more information on resolving this failure http...

Page 216: ...been authenticated successfully Content Preload Warning The content preload for job name has not completed before its next scheduled start time The content preload for job name has not completed before its next scheduled start time The content preload is taking too long Possibly the task is too big scheduled too frequently or there is not enough bandwidth to complete the task Content Preload Failu...

Page 217: ...ther 30 days The content filtering license for the Webcache has expired The Webcache will continue to filter using the last downloaded list for a further 30 days The licence is about to expire Renew within the next 30 days or switch to Manual Filtering at the end of the 30 days System Event Email Message SNMP Trap Message Description dua1611 5aaa04 book Page 217 Friday November 29 2002 8 56 PM ...

Page 218: ...218 CHAPTER 13 MONITORING SYSTEM EVENTS dua1611 5aaa04 book Page 218 Friday November 29 2002 8 56 PM ...

Page 219: ...of the Webcache 1000 3000 It covers the following topics Performance Monitoring Viewing Performance Graphs Viewing Caching Performance Graphs Viewing System Performance Graphs Viewing I O Performance Graphs Emailing Performance Graphs dua1611 5aaa04 book Page 219 Friday November 29 2002 8 56 PM ...

Page 220: ...efits of the Webcache to other people within your organization Viewing Performance Graphs The Performance graphs show detailed information about different aspects of the Webcache They are divided into three sections Caching shows caching and filtering performance IO Input Output shows disk and network performance System shows CPU and storage performance To view the Performance graphs 1 Log in to t...

Page 221: ...full hits However some Web sites do not allow full caching so even though the number of revalidated hits is high it does not necessarily mean that there is a problem A high hit rate indicates a more efficient operation as the Webcache is saving requests from being sent to the Web which speeds up response time and reduces bandwidth use A good hit rate is 40 60 The hit rate that the Webcache achieve...

Page 222: ...quire several seconds or more suggest that there may be a problem with the Webcache disk If you suspect this check the Disk Status LEDs on the Webcache Throughput The amount of traffic in kilobits per second Kbits sec between the Webcache and its clients and also between the Webcache and the Web servers 1 Kbit sec 1 000 bps bits per second Client Connections The number of TCP IP connections curren...

Page 223: ... in one operation so this will not reflect the number of items written to and read from the cache file Disk Blocks The number of blocks of data read from and written to the caching disk s per second Network Packets The average number per second of TCP packets sent to and received by the Webcache The difference between the Packet Transmitted and Packet Sent lines on the graph shows the bandwidth sa...

Page 224: ...em as swap space Cache Storage Usage The percentage of the caching disk s currently in use Space is cleared on the caching disk s only when it is needed The Webcache does not contain any cached articles when it is first deployed so the Cache Storage Graph starts at 0 and increases towards 100 as articles are cached If the cache is cleared the Cache Storage Graph will return to 0 Emailing Performan...

Page 225: ...cessfully configure Email Performance Graphs if you do not enter a valid email address A valid email address is a fully specified address containing a domain name for example webcache 3com com The partial address webcache would be rejected by the server 3Com recommends that you use the domain name of the Webcache as the email address If you have entered webcache as the host name and mycompany com ...

Page 226: ...e see SMTP Authentication on page 210 You can send a test email to the SMTP server immediately by clicking Send Now You may want to do this to test that the Email Graphs settings are correct The Webcache will indicate if the test email has been sent successfully or not If there is a problem it may take up to one minute for the Send Now operation to time out depending on the type of problem dua1611...

Page 227: ... about troubleshooting the configuration and network connectivity of the Webcache 1000 3000 It covers the following topics System Diagnostics Pinging Other Devices Tracing IP Addresses System Log dua1611 5aaa04 book Page 227 Friday November 29 2002 8 56 PM ...

Page 228: ... server is contactable and working correctly The problem is therefore a connectivity issue between the Webcache and the origin web server Performing a Ping To ping a device using the Web interface 1 Log in to the Web interface 2 Click Device on the Toolbar 3 Select Protocol Ping TraceRoute in the Navigation Tree The Ping Traceroute screen is displayed 4 In the IP Address DNS Name field enter the I...

Page 229: ...he IP address or Domain Name Server name of the device that you want to trace Click TraceRoute 5 The Webcache sends a trace route request to the specified device and a message similar to the following is displayed traceroute to 192 168 1 254 30 hops max 38 byte packets If the device is accessible and functioning correctly a message similar to the following is displayed which displays the network h...

Page 230: ...reen is displayed 4 You can choose to save the contents of the System Log onto a single management station in your network that has syslog analysis tools This is of particular benefit if you are working with 3Com support personnel Enter the IP address of the syslog server in the Enter Syslog Server IP Address field to enable this feature You must configure your syslog server to receive facility da...

Page 231: ...ng a Syslog Server The CD ROM contains a freeware application called 3CDaemon that allows you to configure a Syslog and TFTP server on a Microsoft Windows server You can use the 3CDaemon syslog server to capture syslog events from devices and machines on your network Note that 3CDaemon is provided without warranty by 3Com WebTrends Firewall Suite has an integral Syslog server which you can also us...

Page 232: ...the Navigation Tree The System Log screen is displayed The last 256 lines of the System Log are displayed with the most recent information shown at the bottom of the log Click Refresh to update the information that is displayed The System Log is primarily intended to be used by your System Administrator and 3Com support personnel to troubleshoot the Webcache dua1611 5aaa04 book Page 232 Friday Nov...

Page 233: ...VII MANAGING THE WEBCACHE SOFTWARE Chapter 16 Configuration Management Chapter 17 Software Upgrades dua1611 5aaa04 book Page 233 Friday November 29 2002 8 56 PM ...

Page 234: ...234 dua1611 5aaa04 book Page 234 Friday November 29 2002 8 56 PM ...

Page 235: ...ion about saving and restoring the configuration settings of the Webcache 1000 3000 It covers the following topics Saving and Restoring Configurations Saving a Configuration Restoring a Configuration dua1611 5aaa04 book Page 235 Friday November 29 2002 8 56 PM ...

Page 236: ...n the configuration was saved The Restore Configuration operation restores the system configuration from the file to the Webcache It checks that the system configuration being restored was created on the same Webcache software version as the one that the Webcache is running Example You perform a software upgrade and experience problems with the Webcache You now want to return the Webcache to a pre...

Page 237: ...you can use a matching configuration file to restore the settings Saving a Configuration To save the current system configuration of the Webcache using the Web interface 1 Log in to the Web interface 2 Click Device on the Toolbar 3 Select System Control Save Configuration in the Navigation Tree The Save Configuration screen is displayed 4 Click Save 5 Your Web browser prompts you to enter a filena...

Page 238: ... Configuration screen is displayed 4 In the Configuration Filename field enter the network path and filename of the saved system configuration file that you want to restore You can click Browse to search for the location of a file CAUTION You cannot restore a system configuration file which was created on a different software version to the version that the Webcache is currently running 5 Click Re...

Page 239: ...upgrading and installing the management software of the Webcache 1000 3000 It covers the following topics Software Upgrades Software Downgrades Detecting a Software Upgrade Performing a Software Upgrade dua1611 5aaa04 book Page 239 Friday November 29 2002 8 56 PM ...

Page 240: ...form a software upgrade by downloading and locating the software upgrade file yourself The configuration of the Webcache is preserved after a software upgrade has been performed you do not have to re configure the settings 3Com recommends that you configure the Webcache to automatically detect new software versions Software Upgrade SNMP Traps An SNMP Trap is sent to your network management station...

Page 241: ...Webcache A software downgrade should only be performed as an emergency recovery procedure During a software downgrade all settings apart from IP and DNS information will be lost and you will have to restore the settings from a previously saved configuration file Configuration files can only be used with the version of software that created them To perform a software upgrade or downgrade see Perfor...

Page 242: ...matic Software Upgrade Detection The Webcache notifies you of the availability of new software versions via an SNMP trap and email notification for further information see Automatic System Events on page 214 If you want to disable automatic detection and instead perform software upgrades from a file on a local server ensure that Enable Automatic Software Upgrade Detection is unchecked 4 The defaul...

Page 243: ...he documentation supplied with the package for instructions 3Com Network Supervisor cannot be used to perform software downgrades It can only upgrade the software on the Webcache Performing an Automatically Detected Software Upgrade This occurs if Enable Automatic Software Upgrade Detection is checked in the Upgrade Detection screen and a new software version has been detected The Software Upgrade...

Page 244: ...his to upgrade the Webcache to the new software version now Upgrade Later Select this to upgrade the Webcache to the new software version at a later time You will be reminded about the upgrade when you next log in to the Webcache as the Upgrade Software wizard will automatically open Discard Upgrade Select this if you do not want to upgrade the Webcache to the new software version You will not be ...

Page 245: ... If you do not accept the terms of the License select Decline The software upgrade will be ended 11 The Finish screen is displayed again Click Next to start the software upgrade 12 The software upgrade may take several minutes to complete The Software Upgrade Successful screen is displayed when the software upgrade has been successful 13 Click Reboot to exit the Upgrade Software wizard and reboot ...

Page 246: ...image file and the new software image file that you are upgrading to Ensure that the software image is the one that you want to upgrade to Click Next 7 The Software License Terms screen is displayed You must click View License to view the 3Com End User Software License agreement You cannot accept or decline the agreement until you have viewed it 8 The 3Com End User Software License is displayed Ca...

Page 247: ...eboot to exit the Upgrade Software wizard and reboot the Webcache This will complete the software upgrade The Device View is displayed in the Web interface If you have downgraded the software the Getting Started Wizard will start automatically and you will now have to restore the system configuration See Restoring a Configuration on page 238 dua1611 5aaa04 book Page 247 Friday November 29 2002 8 5...

Page 248: ...248 CHAPTER 17 SOFTWARE UPGRADES dua1611 5aaa04 book Page 248 Friday November 29 2002 8 56 PM ...

Page 249: ...VIII COMMAND LINE INTERFACE Chapter 18 Command Line Interface dua1611 5aaa04 book Page 249 Friday November 29 2002 8 56 PM ...

Page 250: ...250 dua1611 5aaa04 book Page 250 Friday November 29 2002 8 56 PM ...

Page 251: ...t or over your network via Telnet This chapter describes how to access and use the Command Line Interface It covers the following topics A Quick Guide to the Commands Getting Started Displaying and Changing WAN and LAN Port Information Displaying and Changing Protocol Information Displaying and Changing Security Information Displaying and Changing Webcache Information and Functions dua1611 5aaa04 ...

Page 252: ...gs protocol ipConfig Specifies IP management configuration protocol ping Pings other devices on your network protocol summary Displays IP summary information protocol traceRoute Traces the network hops to devices on your network security management Secures the management interfaces of the Webcache security password Specifies the password for the current user security pwdRecover Enables and disable...

Page 253: ...ame can be up to 80 characters long The following prompt is displayed Enter system location 4 Enter a physical location for the Webcache The location name can be up to 80 characters long The following prompt is displayed Enter IP address 192 168 1 253 5 Enter a valid IP address The following prompt is displayed Enter subnet mask 255 255 255 0 6 Enter a valid subnet mask The following prompt is dis...

Page 254: ...layed Enter Third DNS Server 0 0 0 0 14 Enter a valid Domain Network System DNS Server IP address The following prompt and a list of timezones is displayed Enter the index of timezone 12 15 Enter the index number of the timezone that you want the Webcache to operate in Example Enter 8 if you want to select T 06 00 Central Time US The following prompt is displayed Enter time option NTP manual manua...

Page 255: ...f the Webcache The Webcache is rebooted at the end of the Getting Started command if you chose to set the system time for further information see Rebooting the Webcache on page 268 Enter no if you do not want to set the current system time of the Webcache The following prompt is displayed Old password 18 Enter the current password for the admin user The following prompt is displayed Enter new pass...

Page 256: ...he Command Line Interface at the Top level menu enter logout If a period of inactivity lasts longer than 30 minutes the Webcache will automatically log you out After the exit the first key that you press returns you to the login sequence Displaying and Changing WAN and LAN Port Information You can display and change the WAN and LAN port information for the Webcache using the commands on the Physic...

Page 257: ... configure the WAN port The following prompt is displayed Set autonegotiation enable disable enable 4 Enter either enable if you want to enable autonegotiation on the port or disable if you want to disable it If you enter disable the following prompt is displayed Set link 10half 10full 100half 100full 100full Enter the Link Speed 10 or 100 and Duplex State half or full setting for the port Display...

Page 258: ...command on the Protocol menu to configure the IP and Domain Name System settings of the Webcache This command allows you to configure the IP address subnet mask default gateway IP address host name domain name search domains and Domain Network System DNS server addresses To configure the IP and Domain Name System settings 1 At the Top level menu enter protocol basicConfig The following prompt is d...

Page 259: ... address The following prompt is displayed Enter Second DNS Server 0 0 0 0 10 Enter a valid Domain Network System DNS Server IP address The following prompt is displayed Enter Third DNS Server 0 0 0 0 Enter a valid Domain Network System DNS Server IP address Specifying Domain Name System Configuration You can use the dnsConfig command on the Protocol menu to configure the Domain Name System settin...

Page 260: ...er IP address The following prompt is displayed Enter Second DNS Server 0 0 0 0 7 Enter a valid Domain Network System DNS Server IP address The following prompt is displayed Enter Third DNS Server 0 0 0 0 Enter a valid Domain Network System DNS Server IP address Resetting IP and DNS Information to Factory Default Settings You can reset all IP and DNS information on the Webcache to factory default ...

Page 261: ... displayed Enter IP address 196 168 100 1 2 Enter a valid IP address The following prompt is displayed Enter Subnet mask 255 255 255 0 3 Enter a valid subnet mask The following prompt is displayed Enter Gateway IP address 196 168 100 2 Enter a valid gateway IP address This will reset the IP and DNS configurations to factory default settings Default IP address 192 168 1 253 Default Subnet mask 255 ...

Page 262: ...PING a device 1 At the Top level menu enter protocol ping The following prompt is displayed Enter destination IP address DNS Name 2 Enter the IP address or Domain Name Server name of the device that you want to PING The Webcache sends PING requests indefinitely to the specified device until you press Esc A message similar to the following is displayed Starting ping resolution of displayed time is ...

Page 263: ...ps from the Webcache to a device on an IP network This feature is useful for testing that the Webcache is installed and set up correctly and that your network connections are working You can perform a trace route to other devices on your network using the traceRoute command on the Protocol menu 1 At the Top level menu enter protocol traceRoute The following prompt is displayed Enter destination IP...

Page 264: ... network environments block trace route traffic on the network The TraceRoute request may therefore fail even if the network device is operating normally Displaying and Changing Security Information You can display and change the Security related information for the Webcache using the commands on the Security menu These commands allow you to Secure the management interface Specify the password for...

Page 265: ...dresses an IP range or a combination of both For example if you enter 192 168 1 5 192 168 1 6 192 168 1 7 you will have allowed only these three addresses access to the Web interface of the web You could have entered 192 168 1 5 192 168 1 7 for the same outcome You can combine address ranges and comma separated lists as below 192 168 1 5 192 168 1 7 192 168 1 23 to allow these four addresses acces...

Page 266: ...rmation Re enter the password If you press Return without entering a password the password is set to no password 3 A message is displayed informing you that the password has been successfully changed Enabling and Disabling Password Recovery You can enable or disable password recovery for the Webcache using the pwdRecover command on the Security menu For further information about password recovery ...

Page 267: ... initialize command on the Control menu To initialize the Webcache 1 At the Top level menu enter system control initialize The following prompt is displayed WARNING This command initializes the system to factory defaults excluding IP details and causes a reset Do you wish to continue yes no no 2 Enter yes if you wish to proceed or no if you want to stop the initialization What Happens During an In...

Page 268: ...simulates a power off on cycle The Telnet session to the Webcache will be terminated The Webcache takes about approximately 60 90 seconds to reboot While the Webcache is being rebooted you cannot communicate with it Setting the Webcache SNMP Community String You can change the Public and Private SNMP community strings for the Webcache using the community command on the Management menu For further ...

Page 269: ...t contact name 2 Enter a system contact for the Webcache The name can be up to 80 characters long Specifying Location Details You can specify physical location details for the Webcache using the location command on the Management menu To specify the location details 1 At the Top level menu enter system management location The following prompt is displayed Enter system location location 2 Enter a p...

Page 270: ...hown in the example below The following read only fields are displayed System Name Displays the descriptive name or system name for the Webcache For information about assigning a new name see Specifying a Webcache Name on page 269 Location Displays the physical location of the Webcache For information about assigning a new location see Specifying Location Details on page 269 System Name Developmen...

Page 271: ...eset initialized or powered up Software Version Displays the version number of the management software currently installed on the Webcache Hardware Version Displays the version number of the Webcache hardware Boot Version Displays the boot version of the Webcache MAC Address Displays the MAC Ethernet address of the Webcache Product Number Displays the product number of the Webcache Serial Number D...

Page 272: ...272 CHAPTER 18 COMMAND LINE INTERFACE dua1611 5aaa04 book Page 272 Friday November 29 2002 8 56 PM ...

Page 273: ...IX PROBLEM SOLVING Chapter 19 Problem Solving dua1611 5aaa04 book Page 273 Friday November 29 2002 8 56 PM ...

Page 274: ...274 dua1611 5aaa04 book Page 274 Friday November 29 2002 8 56 PM ...

Page 275: ... Webcache via the Console Line Accessing the Webcache via Telnet Solving Problems Indicated by LEDs Solving Web Interface Problems Solving Command Line Interface Problems Solving Webcache Performance Problems Solving Client Browser Problems Solving General Webcache Problems dua1611 5aaa04 book Page 275 Friday November 29 2002 8 56 PM ...

Page 276: ...he login sequence still does not display reset the Webcache For further information see Rebooting the Webcache on page 268 If this does not work initialize the Webcache For further information see Initializing the Webcache on page 267 Accessing the Webcache via Telnet You cannot access the Webcache using Telnet Check that The network cables are secure The network cable used to access the Webcache ...

Page 277: ... Microsoft Internet Explorer v5 0 Microsoft Internet Explorer v5 5 Microsoft Internet Explorer v6 0 Netscape Communicator v4 5 Problem Suggested Solution The Power Self test LED does not light Check that the power cable is firmly connected to the Webcache and to the supply outlet If the connection is secure and there is still no power you may have a faulty power cord On powering up the Power Self ...

Page 278: ...emove the use of the Webcache as a proxy Using a browser on a client machine whose IP address is not blocked by Web Client Blocking to access the Web Interface Using a browser on a client machine whose IP address is not blocked due to restricted access addresses Accessing the webcache on port 8081 if port 80 has been blocked for management Accessing the Webcache using the console port You are usin...

Page 279: ...stem is set to Small Fonts 96 dpi If it is set to Large Fonts the Web interface will not display correctly URL not found messages are displayed when the Contacts Home Page Library or Support icons in the Help View are clicked Your management workstation cannot access the World Wide Web Contact your network administrator You forget the password for the admin user name and can no longer perform impo...

Page 280: ...TP requests A Software Upgrade Download Failed SNMP trap and e mail notification will be issued if configured to inform you of the failure for further information see Automatic System Events on page 214 Solving Command Line Interface Problems The Command Line Interface responds slowly to commands This is probably due to large amounts of traffic on the network Logout and then login again later when...

Page 281: ... configure browsers try setting the browser settings manually to avoid the overhead of PAC files If you are using the Web Proxy Auto Discovery WPAD protocol to configure the browsers on client machines try setting the browser settings manually to avoid the overhead of the WPAD protocol The Webcache Domain Name Server configuration to check that it can access the DNS server The Firewall does not al...

Page 282: ...n the Toolbar 3 Select Caching Cache Bypass Setup Cache Bypass in the Navigation Tree 4 Uncheck Enable Cache Bypass You can implement client machine bypass capability using the Cisco router to perform the bypass Consult the documentation that accompanies your Cisco router for further information See also Client Exclusion List on page 323 Some Sites do not display correctly when using the SuperStac...

Page 283: ...e Power Self Test LED on the front panel is Yellow or Off This possibly indicates a system error If so contact 3Com support personnel The Power Self Test LED on the front panel is flashing Yellow An internal emergency recovery procedure has reset the Webcache back to its factory default settings The LED continues to flash yellow until you change the IP address of the Webcache For further informati...

Page 284: ...ing information via a Web based application This process may take several minutes to complete depending on the amount of Call Logging information to be retrieved When there is a SuperStack 3 Webcache deployed in Transparent mode using a SuperStack 3 4400 4924 or 4950 switch it is possible for the Webcache to time out the response from the NBX This results in the administrator of the NBX being unab...

Page 285: ...ons Appendix D Technical Support Appendix E Default Settings for the Webcache Appendix F Replacing and Installing Cache Storage Devices Appendix G Cisco WCCP Commands Appendix H Log Formats Appendix I Trace Route Symbols Appendix J Category Set Definitions Glossary Index dua1611 5aaa04 book Page 285 Friday November 29 2002 8 56 PM ...

Page 286: ...286 dua1611 5aaa04 book Page 286 Friday November 29 2002 8 56 PM ...

Page 287: ...T Les avertissements présentent des consignes que vous devez respecter pour garantir votre sécurité personnelle Vous devez respecter attentivement toutes les consignes Nous vous demandons de lire attentivement les consignes suivantes de sécurité avant d installer ou de retirer l appareil VORSICHT Warnhinweise enthalten Anweisungen die Sie zu Ihrer eigenen Sicherheit befolgen müssen Alle Anweisunge...

Page 288: ...he mains cord must be HAR or BASEC marked and be of type HO3VVF3gO 75 minimum Europe The supply plug must comply with CEE 7 7 SCHUKO The supply plug must comply with CE123 16 VII USA and Canada The cord set must be UL approved and CSA certified The minimum specification for the flexible cord is No 18 AWG Type SV or SJ 3 conductor The cord set must have a rated current capacity of at least 10A The ...

Page 289: ...plies are of IT type this unit must be powered by 230V 2P T via an isolation transformer ratio 1 1 with the secondary connection point labelled Neutral connected directly to earth ground Impédance à la terre WARNING U K Only If connecting a modem to the console port of the Webcache 1000 3000 only use a modem which is suitable for connection to the telecommunications system WARNING RJ 45 Ports Thes...

Page 290: ...e respecter les normes européennes de sécurité AVERTISSEMENT Cordon électrique Il doit être agréé dans le pays d utilisation Royaume Uni La prise secteur doit être conforme aux normes BS1363 tripolaire 13 amp et équipée d un fusible 5A à conformité BS1362 Le cordon secteur doit porter la mention HAR ou BASEC et doit être de type HO3VVF3GO 75 minimum Europe La prise secteur doit être conforme aux n...

Page 291: ...eutre et avec raccordement direct à la terre masse AVERTISSEMENT Points d accès RJ 45 Ceux ci sont protégés par des prises de données Ils ne peuvent pas être utilisés comme prises de téléphone conventionnelles standard ni pour la connection de l unité à un réseau téléphonique central privé ou public Raccorder seulement Etats Unis et Canada Le cordon doit avoir reçu l homologation des UL et un cert...

Page 292: ...cker Dies muss von dem Land in dem es benutzt wird geprüft werden VORSICHT Der Betrieb dieses Geräts erfolgt unter den SELV Bedingungen Sicherheitskleinstspannung gemäß IEC 950 Diese Vereinigtes Königreich Der Netzstecker muß die Norm BS1363 13 Ampere 3 Stifte erfüllen und mit einer 5 A Sicherung gemäß Norm BS1362 ausgestattet sein Das Netzkabel muß vom Typ HO3VVF3GO 75 Mindestanforderung sein und...

Page 293: ...er einen geerdeten Trenner mit einem Übersetzungsverhältnis 1 1 mit 230 V 2P T betrieben werden dabei muß der zweite Anschlußpunkt die Bezeichnung Neutral tragen Impédance à la terre VORSICHT RJ 45 Porte Diese Porte sind geschützte Datensteckdosen Sie dürfen weder wie normale traditionelle Telefonsteckdosen noch für die Verbindung der Einheit mit einem traditionellem privatem oder öffentlichem Tel...

Page 294: ...294 APPENDIX A SAFETY INFORMATION dua1611 5aaa04 book Page 294 Friday November 29 2002 8 56 PM ...

Page 295: ...5 One of five grades of Twisted Pair TP cabling defined by the EIA TIA 586 standard Category 5 can be used in Ethernet 10BASE T and Fast Ethernet networks 100BASE TX and can transmit data at speeds of up to 100 Mbps Category 5 cabling is better to use for network cabling than Category 3 because it supports both Ethernet 10 Mbps and Fast Ethernet 100 Mbps speeds 3Com recommends that you use Categor...

Page 296: ...minal Cable connector 25 pin male female only required if screen always required required for handshake Screen DTR TxD RxD CTS Ground DSR RTS DCD Screen DCD RxD TxD DTR Ground DSR RTS CTS Shell 4 3 2 8 5 6 7 1 Shell 1 2 3 4 5 6 7 8 Webcache 1000 3000 Cable connector 9 pin female PC AT Serial Port Cable connector 9 pin female only required if screen always required always required required for hand...

Page 297: ...ata Bidirectional Data A 2 Transmit Data Bidirectional Data A 3 Receive Data Bidirectional Data B 4 Not assigned Bidirectional Data C 5 Not assigned Bidirectional Data C 6 Receive Data Bidirectional Data B 7 Not assigned Bidirectional Data D 8 Not assigned Bidirectional Data D Ports configured as MDIX 1 Receive Data Bidirectional Data B 2 Receive Data Bidirectional Data B 3 Transmit Data Bidirecti...

Page 298: ...298 APPENDIX B CABLE SPECIFICATIONS AND PIN OUTS dua1611 5aaa04 book Page 298 Friday November 29 2002 8 56 PM ...

Page 299: ... 1 2 2 2 30 and 2 32 Operational testing paras 2 1 2 2 2 30 and 2 13 Safety Agency Certifications UL 1950 EN60950 CSA 22 2 No 950 IEC 60950 NOM 019 SCFI AS NZS 60950 EMC Emissions ICES 003 Class A FCC Part 15 Class A EN55022 Class A VCCI Class A AS NZS 3548 Class A CISPRR 22 Class A EN61000 3 2 EN61000 3 3 CNS 13438 Class A Korean EMI Class A Immunity EN 55024 Heat Dissipation 400 watts maximum 13...

Page 300: ...RFC 1517 MIB II RFC 1213 Interface MIB RFC 1573 Remote Monitoring MIB RFC 1757 Terminal Emulation Telnet RFC 854 Protocols Used for Administration UDP RFC 768 IP RFC 791 ICMP RFC 792 TCP RFC 793 ARP RFC 826 TFTP RFC 783 dua1611 5aaa04 book Page 300 Friday November 29 2002 8 56 PM ...

Page 301: ...f publication For the most recent information 3Com recommends that you access the 3Com Corporation World Wide Web site Online Technical Services 3Com offers worldwide product support 24 hours a day 7 days a week through the following online systems World Wide Web site 3Com Knowledgebase Web Services 3Com FTP site World Wide Web Site To access the latest networking information on the 3Com Corporati...

Page 302: ...p 3com com Username anonymous Password your Internet e mail address You do not need a user name and password with Web browser software such as Netscape Navigator and Microsoft Internet Explorer Support from Your Network Supplier If you require additional assistance ask your network supplier about the professional services available in your area for the assessment installation and implementation of...

Page 303: ...egion use the appropriate URL or e mail address from the list below Asia Pacific Rim From this region e mail apr_technical_support 3com com Europe Middle East and Africa From this region enter the URL http emea 3com com support email html Latin America Spanish speakers enter the URL http lat 3com com lat support form html Portuguese speakers enter the URL http lat 3com com br support form html Eng...

Page 304: ...83 0825 809 622 01805 404 747 06800 14466 1800 509359 1800 943 2632 199 161346 Luxembourg Netherlands Norway Poland Portugal South Africa Spain Sweden Switzerland U K 800 29880 0900 777 7737 815 33 047 00800 441 1357 707 200 123 0800 991196 9 021 60455 07711 14453 08488 50112 0870 241 3901 Latin America Antigua Argentina Aruba Bahamas Barbados Belize Bermuda Bonaire Brazil Cayman Chile Colombia Co...

Page 305: ...ser http www 3com com support en_US repair or calling or faxing one of the numbers listed in Table 13 below 3 When you receive a replacement Webcache register the product at http www 3com com register If you have a Web Site Filter license you will not be able to use the Web Site Filter service until you re register your Webcache and Web Site Filter License Your Web Site Filter License is non trans...

Page 306: ...70 241 3901 Latin America Antigua Argentina Aruba Bahamas Barbados Belize Bermuda Bonaire Brazil Cayman Chile Colombia Costa Rica Curacao Ecuador Dominican Republic 1 800 988 2112 0 810 444 3COM 1 800 998 2112 1 800 998 2112 1 800 998 2112 52 5 201 0010 1 800 998 2112 1 800 998 2112 0800 13 3COM 1 800 998 2112 AT T 800 998 2112 AT T 800 998 2112 AT T 800 998 2112 1 800 998 2112 AT T 800 998 2112 A...

Page 307: ...to negotiation in full duplex Console Port 9600 Baud 8 data bits no parity 1 stop bit no flow control IP Address 192 168 1 253 non broadcast address Subnet Mask 255 255 255 0 Domain Name System DNS Server 0 0 0 0 Default Router 0 0 0 0 Host Name Null Domain Name System DNS Domain Null Caching Enabled Caching Mode Proxy Cache mode on port 8080 Caching Port Proxy Cache mode 8080 Transparent Inline C...

Page 308: ...twork Management Protocol SNMP Enabled but requires configuration Network Time Protocol NTP Disabled Web Browser Auto Configuration Disabled Upgrade Notification Enabled Upgrade Detection Download Enabled Email Notification Events Enabled but requires SMTP configuration MRTG RRDTool Graphs Always Enabled admin Password none IP access control Disabled Password Recovery Enabled Web site blocking Dis...

Page 309: ...server room Contact The name of the person who is responsible for the Webcache Can be up to 255 characters long none Joe Brown IP Address A unique IP address for the Webcache 192 168 1 253 192 168 1 253 Subnet Mask A suitable Subnet Mask for the Webcache none 255 255 255 0 Default Router The IP address of the default IP router gateway in your network none 192 168 2 0 Host Name The Host Name is com...

Page 310: ...em DNS servers in your network none 192 168 25 0 Timezone The timezone in which the Webcache will operate GMT 05 00 Eastern Time US GMT London Dublin Edinburgh continued NTP IP Addresses The IP addresses of primary and secondary Network Time Protocol servers none 200 49 40 1 Current Date The current day month and year none 06 March 2001 Current Time The current time in 24hr clock format none 12 15...

Page 311: ... Cisco routers using WCCP For further information see Web Cache Communication Protocol WCCP on page 41 Proxy Mode N A Caching Port Numbers Up to ten TCP port numbers on which the Webcache will listen for traffic You cannot use any of the following ports or ranges 1 6 23 123 161 2048 8081 8089 49152 65535 Ports that you use for Proxy Mode cannot also be used for Transparent Mode 3Com recommends you...

Page 312: ...312 APPENDIX E DEFAULT SETTINGS FOR THE WEBCACHE dua1611 5aaa04 book Page 312 Friday November 29 2002 8 56 PM ...

Page 313: ...e in the Webcache 3000 It covers the following topics Replacing a Failed Cache Storage Device Installing an Additional Cache Storage Device WARNING You can only replace and install Cache Storage Devices without removing power from the Webcache if the Webcache is currently running software version 2 0 or later dua1611 5aaa04 book Page 313 Friday November 29 2002 8 56 PM ...

Page 314: ...ver Removing the Failed Cache Storage Device To remove a cache storage device from the Webcache 3000 1 Log in to the Web interface 2 Click Device on the Toolbar 3 Select System Storage Remove Disk in the Navigation Tree The Remove Cache Storage screen is displayed You can also open this screen by clicking the cache storage device that you want to remove on the Device Mimic and selecting Remove Sto...

Page 315: ...nel of the Webcache as shown in Figure 37 Figure 37 Opening the Front Panel 8 Each cache storage device is mounted in a tray Unclip the arms at the front of the tray and pull the tray forwards out of the Webcache as shown in Figure 38 Figure 38 Removing a Cache Storage Device Activity Power Self test Cache Storage Status 1 2 3 Cache Storage Status Activity Power Self test 1 1 2 3 2 dua1611 5aaa04 ...

Page 316: ...ted in a tray Insert the tray into bay 1 or 2 in the Webcache and push it forwards firmly until it stops 4 Push in the arms on the front of the tray to click them into place 5 Close the front panel of the Webcache 6 Log in to the Web interface 7 Click Device on the Toolbar 8 Select System Storage Add Disk in the Navigation Tree The Add Cache Storage screen is displayed You can also open this scree...

Page 317: ...d drive and insert it into the mounting tray in the third bay A list of approved hard drives can be found at http www 3com com sswebcache CAUTION You must purchase and install a hard drive that 3Com has approved Your warranty will be invalidated if you install an unapproved drive If your Webcache does not have a mounting tray installed in the third bay please contact 3Com who will supply you with ...

Page 318: ...ormation see Device Mimic on page 96 12 Select Cache Storage Disk 3 from the options in the Select the Cache Storage Device list Click Add 13 The Webcache automatically starts preparing the new cache storage device for use The Cache Storage Status LED on the front panel changes to Green Flashing whilst the device is being prepared and then to Green when it is in use For further information about L...

Page 319: ...u also need to configure the Cisco routers using the Cisco Command Line Interface Configuring WCCP Version 1 0 Configuring WCCP Version 2 0 For further information about configuring the Webcache for WCCP deployment see Web Cache Communication Protocol WCCP on page 41 The information given in this Appendix is correct at the time of publication You should consult the documentation that accompanies y...

Page 320: ... Engines 1 Number of routers 1 Total Packets Redirected 0 Redirect access list none Total Packets Denied Redirect 0 Total Packets Unassigned 0 Group access list none Total Messages Denied to Group 0 Total Authentication failures 0 show ip wccp web cache detail WCCP Cache Engine information IP Address 192 168 1 253 Protocol Version 0 3 State Usable Initial Hash Info 00000000000000000000000000000000...

Page 321: ...e groups Configuring WCCP for a Service Group To enable or disable WCCP version 2 0 for a specific service group on a Cisco router enter the following settings in the Cisco Command Line Interface 1 Enter configure terminal 2 Enter the following command no ip wccp service id password 0 7 passwd This enables or disables the WCCP feature with a password 3 Enter the following command ip wccp service i...

Page 322: ...een 224 8 and address 239 255 255 255 3 Enter the following command wccp service id group listen This is for the interface receiving the multicast packets Example Configurations Turning on HTTP processing This will configure the router to capture HTTP traffic on port 80 and redirect it to the Webcache Enter the following commands configure terminal ip wccp service id interface ethernet0 ip wccp se...

Page 323: ...in client machines servers or client server pairs The following example shows any request coming from 10 1 1 1 or going to 12 1 1 1 will bypass the cache while all other requests will be serviced normally Enter the following commands configure terminal access list 120 deny tcp host 10 1 1 1 access list 120 deny tcp any host 12 1 1 1 access list 120 permit ip any any ip wccp service id redirect lis...

Page 324: ...eb connectivity Enabling Cisco Express Forwarding CEF Cisco s Express Forwarding CEF is an alternative routing technology available on the following Cisco routers correct at time of publishing Cisco 7000 series routers equipped with RSP7000 Cisco 7200 series Cisco 7500 series Cisco 12000 series If your router supports CEF you may see improved routing and Webcache redirection performance by enablin...

Page 325: ...ape Common Format is the most basic of the Access Log formats supported by the Webcache The information that it provides is not very detailed and it can only be used by some log analysis packages Netscape Extended Format The Netscape Extended Format includes additional fields and is more detailed than the Netscape Common Format Netscape Extended 2 Format The Netscape Extended Format 2 includes mor...

Page 326: ...ing time The client request timestamp date and time of the client request in seconds since January 1 1970 elapsed The transfer time total transfer time in milliseconds client The client host IP the IP address of the client s host machine action code The cache result code specifies how the cache responded to the request HIT MISS The proxy response status code the HTTP response status code from prox...

Page 327: ... Squid Meaning Table 17 Netscape Common Format logging fields Netscape Common Meaning host The client host IP the IP address of the client s host machine usr The client authenticated user name result of the RFC931 ident lookup of the client user name time The client request timestamp date and time of the client s request req The full HTTP client request text minus headers for example GET http www ...

Page 328: ... response length bytes from server to proxy creql The client request transfer length request body length bytes from client to proxy sreql The proxy request transfer length request body length bytes from proxy to server chdrl The client request header length request header length bytes from client to proxy prspl The proxy response header length response header length bytes from proxy to client preq...

Page 329: ... The client request header length request header length bytes from client to proxy prspl The proxy response header length response header length bytes from proxy to client preql The proxy request header length request header length bytes from proxy to server srspl The server response header length response header length bytes from server to proxy tts The transfer time in seconds specifies the tran...

Page 330: ...ed the log record This is represented as an IP address or a client machine name fw 192 168 1 253 fw Webcache 3000 1 pri The priority of the event Legal values are 0 emergency 1 alert 2 critical 3 error 4 warning 5 notice 6 information 7 debug pri 0 pri 5 proto The protocol used by the event proto http proto ftp proto snmp duration The time that is required to perform the operation in seconds For e...

Page 331: ...ed arg 3com com logo gif result For HTTP requests this is the standard result code such as 200 for success 304 for returned from cache etc result 200 result 304 result 404 ref For incoming web records this field contains the referring site ref http search yahoo com agent For incoming or outgoing web records this field contains the agent usually the browser agent Microsoft Internet Explorer 6 0 260...

Page 332: ...ductivity See Appendix J for a description of the categories policy Reserved for future use method The HTTP method used by the client e g GET POST host The Hostname field in the HTTP request In transparent deployments this can be more useful than the destination IP address If no Hostname was provided this field has the value url The destination URL Table 21 Filter Log Format logging fields continu...

Page 333: ...2 Example 2 router1 192 168 1 255 26 027ms H 27 156ms H 44 902ms H In this example H is displayed after every network hop for the system router1 indicating that the system is unreachable For further information about the Trace Route feature see Performing a Trace Route on page 229 and Tracing IP Addresses on page 263 Table 22 Trace Route Symbols Symbol Meaning H Host unreachable N Network unreacha...

Page 334: ...334 APPENDIX I TRACE ROUTE SYMBOLS dua1611 5aaa04 book Page 334 Friday November 29 2002 8 56 PM ...

Page 335: ...g animals or other inanimate objects used in a sexual manner Erotic stories and textual descriptions of sexual acts Sexually exploitative or sexually violent text or graphics Bondage fetishes and genital piercing Adult products including sex toys CD ROMs and videos Adult services including videoconferencing escort services and strip clubs Sexual health breast cancer or sexually transmitted disease...

Page 336: ...r sites discussing number running virtual casinos and offshore gambling ventures sports picks and betting pools Violence This includes Web Sites portraying describing or advocating physical assault against humans animals or institutions Depictions of torture mutilation gore or horrific death Web Sites advocating suicide or self mutilation Instructions recipes or kits for making bombs or other harm...

Page 337: ... A cult sets itself outside of society News historical or press incidents that may include the above criteria except in graphic examples and are not blocked Productivity Categories The 3Com Web Site Filter aims to primarily cover the 20 of web sites that generate 80 of the traffic under the productivity categories The entire internet is simply large to filter and still perform satisfactorily Astro...

Page 338: ...ncludes Lingerie negligee or swimwear modeling Supermodel fan pages Fashion clothing and glamour magazines or catalogues Beauty and cosmetics Fitness models and sports celebrities Modeling information and agencies Hobbies This includes Recreational pastimes such as collecting gardening and kit airplanes Outdoor recreational activities such as hiking camping and rock climbing Web sites communicatin...

Page 339: ...g or sales tips and parts catalogues Auto trading photos discussion of vehicles including motorcycles boats cars trucks and RVs Journals and magazines on vehicle modification repair or customization Online automotive enthusiast clubs Personals and Dating This includes Web sites that provide singles listings Matchmaking and dating services Advice for dating or relationships Romance tips and suggest...

Page 340: ...nce Web sites National international college professional scores and schedules Virtual sports leagues and teams Sports related online magazines or newsletters Travel This includes Airlines and online flight booking agencies Accommodation information and weather bureaus Leisure travel package listings Tourist information and maps Usenet News This blocks access to newsgroups accessed through the htt...

Page 341: ...lso supports auto negotiation the link can automatically configure itself to the optimum setup bandwidth The information capacity measured in bits per second that a channel can transmit The bandwidth of Ethernet is 10 Mbps and the bandwidth of Fast Ethernet is 100 Mbps baud The signalling rate of a line that is the number of transitions voltage or frequency changes made per second Also known as li...

Page 342: ... by an earlier rule The default rule can be Allow All or Deny All DNS Domain Name System This system maps a numerical Internet Protocol IP address to a more meaningful and easy to remember name When you need to access another device on your network you enter the name of the device instead of its IP address Ethernet A LAN specification developed jointly by Xerox Intel and Digital Equipment Corporat...

Page 343: ...ting protocol between a host server and a gateway to the Internet IETF Internet Engineering Task Force An organization responsible for providing engineering solutions for TCP IP networks In the network management area this group is responsible for the development of the SNMP protocol inline cache The Webcache is directly connected to a switch in your LAN via the LAN port and a WAN gateway or firew...

Page 344: ...onitor the Webcache s performance Netscape log format A standard Access Log format Using the Netscape log format you can analyze Webcache Access Log files with off the shelf log analysis tools NTP Network Time Protocol This protocol is used to synchronize the time of client machines and servers with other well known highly accurate servers or reference time sources such as a radio satellite receiv...

Page 345: ...col The current IETF standard protocol for managing devices on an TCP IP network Squid log format A standard Access Log format Using the Squid log format you can analyze Webcache Access Log files with off the shelf log analysis tools stale Content stored in the cache can either be fresh also known as current or stale also known as expired If it is stale the content is out of date and the Webcache ...

Page 346: ...that communicate as if they are on the same physical LAN WAN Wide Area Network A communications network that covers a wide area A WAN can cover a large geographic area and may contain several LANs within it URL Uniform Resource Locator The address that defines the route to a file on the web or other Internet facility UTC Coordinated Universal Time This is the standard time common to every place in...

Page 347: ...o Discovery This protocol enables the Web browser on client machines to automatically find and load proxy configuration information from a server without user intervention dua1611 5aaa04 book Page 347 Friday November 29 2002 8 56 PM ...

Page 348: ...348 GLOSSARY dua1611 5aaa04 book Page 348 Friday November 29 2002 8 56 PM ...

Page 349: ...arent 36 Cache Bypass 186 creating lists 188 saving the lists 190 setting up 188 Cache Control 182 creating a list 182 setting up 182 cache storage device adding 316 additional 317 failure 314 installing additional 317 removing 314 replacing 314 replacing and installing 313 caching ICP 123 caching performance graph 220 abort and error rate 222 bandwidth saving 220 filtering block rate 223 hit and ...

Page 350: ...Websense Enterprise 155 content lifetime preloading content 197 Content Preload 195 controlling Web access 139 conventions notice icons about this guide 18 text about this guide 18 Coordinated Universal Time 132 cross over cable 72 customizing the response screen 176 D default IP address 71 74 settings 65 307 users 88 default rule 159 default settings 307 deploying the Webcache 81 111 inline cache...

Page 351: ... IP address 26 default 71 74 obtaining 27 rules 27 L LAN port 63 77 Hotspot 97 LEDs 64 LEDs color 69 front panel 61 activity 62 cache storage status 61 link status 61 power self test 62 LAN port 64 operation 69 problems 277 rear panel 64 link speed 64 port activity 64 WAN port 64 Linux license 358 location command 269 log formats 325 log offload 140 log system 230 configuring 230 viewing 232 loggi...

Page 352: ...le pin outs 296 performance graphs caching 220 abort and error rate 222 bandwidth saving 220 filtering block rate 223 hit and miss latencies 222 hit rate 221 request rate 221 throughput 222 I O 223 disk activity 223 disk blocks 223 DNS hit rate 223 network packets 223 TCP connections rate 223 TCP sends and retransmits 223 system 224 buffers and cached memory usage 224 cache storage usage 224 CPU l...

Page 353: ...imple Network Management Protocol SNMP 212 siting the Webcache 65 SMTP authentication 210 SMTP Client license 358 SNMP 212 community string 268 community strings 212 SNMP traps 212 software upgrades 240 software 235 239 installation 235 239 upgrade 235 239 software downgrades 241 software upgrades 235 240 configuring 241 performing 243 SNMP traps 240 unsuccessful 241 solving problems 275 specifica...

Page 354: ...PAD 49 Web Cache Communication Protocol WCCP 41 Web Client Blocking 161 Web client blocking creating a list 163 saving the list 185 190 Web content current 32 expired 32 fresh 32 stale 32 Web interface accessing 72 89 banner 91 information area 96 navigation tree 94 solving problems 277 toolbar 92 web interface hiding 105 Web Proxy Auto Discovery WPAD 49 resources 51 Web Scheduler 201 Web site blo...

Page 355: ...ies of the Software and Documentation to the party or you must destroy any copies not transferred Except as set forth above you may not assign or transfer your rights under this Agreement Modification reverse engineering reverse compiling or disassembly of the Software is expressly prohibited However if you are a European Union EU resident information necessary to achieve interoperability of the S...

Page 356: ...TE FILTER PRODUCT DO NOT CLICK ON THE I AGREE OR SIMILAR BUTTON AND IF YOU HAVE RECEIVED ACCESS TO THE PRODUCT ON PHYSICAL MEDIA RETURN THE ENTIRE PRODUCT UNUSED TO THE SUPPLIER WHERE YOU OBTAINED IT LICENSE 3Com grants you a nonexclusive nontransferable license to use the Web Site Filtering software program s in executable form the Software and the URL Category Lists the URL Category Lists the So...

Page 357: ... the Product will meet your requirements or work in combination with any hardware or software products provided by third parties that the operation of the Product will be uninterrupted or error free or that all defects in the Product will be corrected For any third party products listed in the specifications as being compatible 3Com will make reasonable efforts to provide compatibility except wher...

Page 358: ...of software have been modified by 3Com The source code for the above is available from 3Com on request Copyright C 1989 1991 Free Software Foundation Inc 59 Temple Place Suite 330 Boston MA 02111 1307 USA Everyone is permitted to copy and distribute verbatim copies of this license document but changing it is not allowed Preamble The licenses for most software are designed to take away your freedom...

Page 359: ...r is derived from the Program or any part thereof to be licensed as a whole at no charge to all third parties under the terms of this License c If the modified program normally reads commands interactively when run you must cause it when started running for such interactive use in the most ordinary way to print or display an announcement including an appropriate copyright notice and a notice that ...

Page 360: ...icense would not permit royalty free redistribution of the Program by all those who receive copies directly or indirectly through you then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program If any portion of this section is held invalid or unenforceable under any particular circumstance the balance of the section is intended to app...

Page 361: ...c License as published by the Free Software Foundation either version 2 of the License or at your option any later version This program is distributed in the hope that it will be useful but WITHOUT ANY WARRANTY without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE See the GNU General Public License for more details You should have received a copy of the GNU Gener...

Page 362: ... receiver n Plug the equipment into a different outlet so that equipment and receiver are on different branch circuits If necessary the user should consult the dealer or an experienced radio television technician for additional suggestions The user may find the following booklet prepared by the Federal Communications Commission helpful How to Identify and Resolve Radio TV Interference Problems Thi...

Reviews: