manualshive.com logo in svg

8e6 Technologies Enterprise Filter Authentication R3000, User Manual

Get started quickly with the 8e6 Technologies Enterprise Filter Authentication R3000 using our user-friendly Quick Start Manual. This comprehensive manual provides step-by-step instructions and helpful tips to maximize the potential of your product. Download the manual for free from manualshive.com and unlock the full potential of your R3000.

Share
Download
background image

I

NTRODUCTORY

 S

ECTION

    

C

HAPTER

 4: G

ETTING

 S

TARTED

52

8

E

6 T

ECHNOLOGIES

, R3000 E

NTERPRISE

 F

ILTER

 U

SER

 G

UIDE

NOTE

: See Chapter 1: System screen in the Global Administrator 

Section for information on logging into the R3000 interface if your 
password has expired.

5. Click 

OK 

to close the login dialog box and to access the 

welcome screen of the Administrator console:

Fig. 1:4-3  Welcome screen

On this screen, the R3000 Version Number displays in 
the Product frame, and dates for the Last Patch Update 
and Last Library Update display in the R3000 Enterprise 
Filter Status frame.

The following information displays at the bottom of the 
Administrator console: Host Name, LAN IP address used 
for sending block pages, and software Version number.

Summary of Contents for Enterprise Filter Authentication R3000

Page 1: ... R3000 Enterprise Filter USER GUIDE Model R3000 Release 2 1 00 Manual Version 1 02 ...

Page 2: ...ii 8E6 TECHNOLOGIES R3000 ENTERPRISE FILTER USER GUIDE ...

Page 3: ...es makes no warranties with respect to this documentation and disclaims any implied warranties of merchantability and fitness for a particular pur pose 8e6 Technologies shall not be liable for any error or for incidental or consequential damages in connection with the furnishing performance or use of this manual or the exam ples herein Due to future enhancements and modifications of this product t...

Page 4: ...iv 8E6 TECHNOLOGIES R3000 ENTERPRISE FILTER USER GUIDE ...

Page 5: ...tions 11 Operational Modes 11 Invisible Mode 12 Router Mode 14 Firewall Mode 15 Group Types 17 Global Group 17 IP Groups 18 Filtering Profile Types 19 Static Filtering Profiles 21 Master IP Group Filtering Profile 21 IP Sub Group Filtering Profile 21 Individual IP Member Filtering Profile 21 Active Filtering Profiles 22 Global Filtering Profile 22 Override Account Profile 22 Time Profile 22 Lock P...

Page 6: ...tities from Using IM P2P 34 Block IM for a Specific Entity 34 Block P2P for a Specific Entity 35 Chapter 3 Synchronizing Multiple Units 36 R3000 Synchronization 36 Synchronization Setup 38 Setting up a Source Server 38 Setting up a Target Server 38 Types of Synchronization Processes 39 Filtering Profile Synchronization Process 39 Library Synchronization Process 40 Delays in Synchronization 41 Sync...

Page 7: ...r Console 50 Log On 50 Last Library Update message 53 Navigation Tips 55 Access Main Sections 55 Help Features 57 Access Help Topics 57 Tooltips 58 Screen and Window Navigation 59 Topic Links 60 Select Sub topics 61 Navigate a Tree List 62 Tree List Topics and Sub topics 63 Navigate a Window with Tabs 64 Console Tips and Shortcuts 65 Navigation Path 65 Refresh the Console 66 Select Multiple Items ...

Page 8: ...e Options 80 Block page 82 Options page 84 Option 2 85 Option 3 86 ShutDown window 87 Shut Down the Server 87 Reboot window 88 Reboot the Server 89 Network 91 LAN Settings window 92 Specify LAN Settings 93 NTP Servers window 94 Specify Network Time Protocol Servers 95 Add an NTP Server 95 Remove an NTP Server 95 Regional Setting window 96 Specify the Time Zone Language Set 97 Block Page Route Tabl...

Page 9: ...st View Data 114 Command Selections 115 Ping 115 Trace Route 115 Process list 115 TOP CPU processes 116 NIC configuration 116 Active connections 116 Routing table 116 Current memory usage 117 CPU usage 117 System performance 117 Recent logins 117 System uptime 118 df disk usage 118 dmesg print kernel ring buffer 118 View Log File window 119 View Log Results 120 Troubleshooting Mode window 122 Use ...

Page 10: ...ation 150 Setup window 152 Using Only One R3000 on the Network 153 Using More than One R3000 on the Network 153 Set up an R3000 to be a Source Server 153 Sync All Target Servers with the Same Settings 157 Set up an R3000 to be a Target Server 158 Status window 160 View the Sync Status of Targets from the Source 161 View Items in the Queue 162 View Items Previously Synced to the Server 163 Place It...

Page 11: ...kup File 186 View Backup and Restoration Details 186 Reset 187 Reset window 187 Reset All Server Settings 187 Radius Authentication Settings 188 Radius Authentication Settings window 188 Enable Radius 189 Specify Radius Authentication Settings 189 Apply Settings 190 Disable Radius 191 SNMP 192 SNMP window 192 Enable SNMP 193 Specify Monitoring Settings 193 Set up Community Token for Public Access ...

Page 12: ...ck a Workstation 208 Set up an Email Address to Receive Alerts 209 Remove an Email Address from the Alert List 209 Close the Pop up Window 209 Warn Option Setting 210 Warn Option Setting window 210 Specify the Interval for Re displaying the Warn page 211 Customization 212 Common Customization window 213 Enable Disable Features 214 Lock Page Customization window 216 Edit Entries Setting 217 Preview...

Page 13: ...Reset Time from the Schedule 246 Quota Notice page 247 Quota Block page 248 Chapter 2 Group screen 250 Global Group 252 Range to Detect window 253 Add a Segment to the Network 254 Range to Detect Setup Wizard 256 Range to Detect Advanced Settings 263 Modify a Segment of the Network 264 Remove a Segment from the Network 264 Rules window 265 View Criteria for a Rule 266 Add a Rule 266 Modify a Rule ...

Page 14: ...4 Specify Minimum Filtering Bypass Options 295 Refresh All 296 Refresh All Main Branches 296 IP 297 Add Group 298 Add a Master IP Group 298 Refresh 299 Refresh IP Groups 299 Chapter 3 Library screen 300 Updates 302 Configuration window 303 Set a Time for Updates to be Retrieved 303 Optional Specify a Proxy Server 304 Select the Log Level 304 Manual Update window 305 Specify the Type of On Demand U...

Page 15: ... 325 Category Weight System window 325 View the Current Selections 326 Method for Weighting Library Categories 326 Weighting Library Categories 327 NNTP Newsgroup 328 NNTP Newsgroup window 328 Add a Newsgroup to the Library 328 Remove a Newsgroup from the Library 329 Category Groups 330 Library Details window 332 View Library Details 332 URLs window 333 View a List of URLs in the Library Category ...

Page 16: ...tion 348 Report Configuration window 348 Specify the Reporting Device 348 8e6 Enterprise Reporter 349 Edit ER Server Information 349 Execute Log Transfer Now 350 View Transfer Activity to the ER 350 Other Device 351 Enter or Edit Server Information 351 View Transfer Activity to the Reporting Device 353 Real Time Probe 354 Real Time Probe window 354 Configuration 355 Enable Real Time Probes 355 Set...

Page 17: ...71 Introduction 371 Chapter 1 Group screen 372 IP 373 Refresh 373 Refresh the Master IP Group Member 373 Master IP Group 374 Group Details window 375 Change the Group Administrator Password 375 Members window 376 Add the IP Address of the Member 377 Remove a Member from the Group 377 Override Account window 378 Add an Override Account 379 Category Profile 380 Redirect URL 383 Filter Options 384 Ed...

Page 18: ...oad IP Profiles 410 Download Profile 411 Add Sub Group 412 Add an IP Sub Group 412 Add Individual IP 413 Add an Individual IP Member 413 Delete Group 414 Delete a Master IP Group Profile 414 Paste Sub Group 415 Paste a Copied IP Sub Group 415 Sub Group 416 Sub Group IP Group window 417 View IP Sub Group Details 417 Add IP Sub Group Details 418 Members window 419 Modify Sub Group Members 420 Sub Gr...

Page 19: ... in the Library Category 437 Add or Remove URLs or Wildcard URLs 438 Add a URL to the Library Category 438 Add a Wildcard URL to the Library Category 439 Remove a URL from the Library Category 440 Upload a Master List to the Library 441 Upload a Master List of URLs 441 Upload a Master List of Wildcard URLs 443 Reload the Library 445 URL Keywords window 446 View a List of URL Keywords 447 Add or Re...

Page 20: ... 8e6 Corporate Headquarters USA 454 8e6 Taiwan 454 Support Procedures 455 Product Warranties 456 Standard Warranty 456 Technical Support and Service 457 Extended Warranty optional 458 Extended Technical Support and Service 458 APPENDICES SECTION 459 Appendix A 459 Filtering Profile Format and Rules 459 Rule Criteria 460 Appendix B 463 Traveler Log Messages 463 General Activity 464 Startup Finish 4...

Page 21: ...R3000 console 472 2 Exclude filtering server for block page IP 472 Part II Customize the Block Page 473 1 Set up a Web server 473 2 Create a customized block page 473 Show 8e6 s information in the block page optional 473 Implement the further option optional 474 Customized block page examples 474 Part III Restart the R3000 474 Reference 475 HTML 475 CGI written in Perl 477 Embed data in query stri...

Page 22: ...ts 498 Workstation Requirements 498 Network Requirement 498 Remote Filtering Components 498 Work Flow Overview 499 Mobile Client Installed on a Mobile PC 499 Network Operations Overview 500 8e6 Mobile Client on the Network 500 8e6 Mobile Client 500 Enterprise Reporter 501 Mobile Server Section 502 Initial Setup 502 Configure the R3000 to use the Mobile Mode 503 Add MAC Addresses to the Master IP G...

Page 23: ...tries in the R3000 Administrator console 532 Entries in the ER Administrator console 534 Appendix G 535 RAID Maintenance 535 Part 1 Hardware Components 535 Part 2 Server Interface 536 LED indicators in SL and HL units 536 Front control panels on H SL and HL units 538 Rear panels on H and HL units 540 Part 3 Troubleshooting 541 Hard drive failure 541 Step 1 Review the notification email 541 Step 2 ...

Page 24: ...CONTENTS xxiv 8E6 TECHNOLOGIES R3000 ENTERPRISE FILTER AUTHENTICATION USER GUIDE Glossary 547 INDEX 555 ...

Page 25: ...ducts the R3000 provides expanded library categories instant message and peer to peer blocking user authenti cation and a newly designed Graphical User Interface GUI Administrator console with more intuitive screens and fields for greater ease of use when configuring and main taining the server as well as managing user and group filtering profiles About this User Guide The R3000 Enterprise Filter ...

Page 26: ...e network Group Administrator Section This section includes information for administrators authorized by the global administrator to manage profiles of designated groups and their associated users on the R3000 Group admin istrators also have rights to access certain library cate gory functions Technical Support Product Warranties Section This section contains information on technical support and p...

Page 27: ...and the first page numbers where they appear in this user guide How to Use this User Guide Conventions The following icons are used throughout this user guide NOTE The note icon is followed by italicized text providing additional information about the current subject TIP The tip icon is followed by italicized text giving you hints on how to execute a task more efficiently WARNING The warning icon ...

Page 28: ...mmand checkbox a small square in a dialog box window or screen used for indi cating whether or not you wish to select an option This object allows you to toggle between two choices By clicking in this box a check mark or an X is placed indi cating that you selected the option When this box is not checked the option is not selected dialog box a box that opens in response to a command made in a wind...

Page 29: ... or purpose grid an area in a frame that displays rows and columns of data as a result of various processes This data can be reorganized in the Administrator console by changing the order of the columns list box an area in a dialog box window or screen that accommo dates and or displays entries of items that can be added or removed navigation panel the panel that displays at the left of a screen T...

Page 30: ...r screen that contains a down arrow to the right When you click the arrow a menu of items displays from which you make a selection radio button a small circular object in a dialog box window or screen used for selecting an option This object allows you to toggle between two choices By clicking a radio button a dot is placed in the circle indicating that you selected the option When the circle is e...

Page 31: ...ked If a sub topic is selected the window for that sub topic displays in the right panel of the screen or a pop up window or an alert box opens as appro priate text box an area in a dialog box window or screen that accommodates your data entry A text box is a type of field See field topic a topic displays as a link in the left panel the navigation panel of a screen By clicking the link for a topic...

Page 32: ...collapsed By double clicking the item a minus sign replaces the plus sign and any entity within that branch of the tree displays An item in the tree is selected by clicking it window a window displays on a screen and can contain frames fields text boxes list boxes buttons checkboxes and radio buttons A window for a topic or sub topic displays in the right panel of the screen Other types of windows...

Page 33: ...3000 Authentication User Guide at http www 8e6 com docs r3000_auth2_ug pdf for information on setting up and using authentication synchronize multiple R3000 units so that all servers will be updated with the same user profile and library config urations To help you become familiar with the R3000 and how it func tions on the network Chapter 1 of this section of the User Guide provides an overview o...

Page 34: ...s Vista running IE7 Macintosh OS X Version 10 5 running Safari 2 0 Firefox 2 0 JavaScript enabled Java Virtual Machine Java Plug in use the version specified for the R3000 software version NOTE R3000 administrators must be set up with software instal lation privileges in order to install Java used for accessing the interface Network Requirements High speed connection from the R3000 server to the c...

Page 35: ...OLOGIES R3000 ENTERPRISE FILTER USER GUIDE 11 Chapter 1 Filtering Operations Operational Modes Based on the setup of your network the R3000 can be configured to use one of these operational modes for filtering the network invisible mode router mode firewall mode ...

Page 36: ...ut stopping each IP packet on the same Ethernet segment The unit will only intercept a session if an inappropriate request was submitted by a client In this scenario the R3000 returns a message to the client and server to deny the request and a block page displays to deny the client access to the site or service Figure 1 1 1 depicts the invisible mode that removes the R3000 from any inclusion in t...

Page 37: ... s request a block message 4 is sent to the user plus a terminate message 4 is sent to the Internet server An R3000 set up in the invisible mode can also work in the router mode Figure 1 1 2 illustrates an example of a monitor mode setup with the R3000 connected to the managed switching hub In this setup the R3000 port is configured with the port monitoring function enabled so that the R3000 s por...

Page 38: ...at a request is inappropriate a block page is returned to the client to replace the actual requested Web page or service Since only outgoing packets need to be routed and not return packets the R3000 only appears in the outgoing path of the network Figure 1 1 3 illustrates an example of the router mode setup in which the R3000 is set up to act as the Internet router Fig 1 1 3 Router mode diagram A...

Page 39: ...mode With the R3000 set up in this mode the unit will filter all requests If the request is appropriate the original packet will pass unchanged If the request is inappropriate the original packet will be blocked from being routed through Using the firewall mode while the outgoing request is delayed slightly to allow filtering to take place before the packet leaves the gateway router of the network...

Page 40: ...erver contains unfiltered bad cached pages since no request can pass until it is filtered Figure 1 1 5 illustrates an example of a firewall mode setup in which requests are always sent to the caching server In this scenario the R3000 will be affected if the caching proxy server contains unfiltered bad cached pages 8e6 recom mends that cached content is cleared or expired after installing the R3000...

Page 41: ...d IP group to be maintained NOTES If authentication is enabled the global administrator can also access the NT and LDAP branches of the tree If multiple R3000 units are set up on the network and the synchro nization feature is used an R3000 that is set up to receive profile changes will only display the Global Group type in the tree list See Chapter 3 Synchronizing Multiple Units for more informat...

Page 42: ... IP members The global administrator adds master IP groups adds and maintains override accounts at the global level and estab lishes and maintains the minimum filtering level The group administrator of a master IP group adds sub group and individual IP members override account time profiles and exception URLs and maintains filtering profiles of all members in the master IP group Fig 1 1 6 IP diagr...

Page 43: ...the default filtering profile posi tioned at the base of the hierarchical tree structure used by end users who do not belong to a group IP group master group master group filtering profile used by end users who belong to the master group master time profile used by master group users at a specified time IP group member sub group filtering profile used by a sub group member individual filtering pro...

Page 44: ...rofile set up under X Strikes Blocking in the Filter Options section of the profile Radius profile used by end users on a Radius accounting server if the Radius server is connected to the R3000 and the Radius authentication feature enabled TAR profile used if a Threat Analysis Reporter TAR server is connected to the R3000 and an end user is locked out by TAR when attempting to access blocked conte...

Page 45: ...ding sub group and individual IP group members and is customized to allow deny users access to URLs or warn users about accessing specified URLs to redirect users to another URL instead of having a block page display and to specify usage of appropriate filter options IP Sub Group Filtering Profile An IP sub group filtering profile is created by the group administrator This filtering profile applie...

Page 46: ... ports that are configured to be blocked A URL can be specified for use instead of the standard block page when users attempt to access material set up to be blocked Various filter options can be enabled Override Account Profile If any user needs access to a specified URL that is set up to be blocked the global administrator or group administrator can create an override account for that user This ...

Page 47: ... which library categories should be blocked left open a set number of minutes in which that category remains open can be defined assigned a warn setting or white listed filter options specify which features will be enabled X Strikes Blocking Google Yahoo Ask com AOL Safe Search Enforcement Search Engine Keyword Filter Control URL Keyword Filter Control minimum filtering level takes precedence over...

Page 48: ...d under the heading Category Groups excluding the Custom Categories group Updates to these categories are provided by 8e6 on an ongoing basis and administra tors also can add or delete individual URLs within a speci fied library category Custom Categories Custom library categories can be added by either global or group administrators As with 8e6 supplied categories addi tions and deletions can be ...

Page 49: ...otocol NNTP Secured HTTP Transmission HTTPS and Secure Shell SSH Rules A rule is comprised of library categories to block leave open assign a warn setting or include in a white list Access to an open library category can be restricted to a set number of minutes Each rule that is created by the global administrator is assigned a number A rule is selected when creating a filtering profile for an ent...

Page 50: ...or a service port is given a block setting users will be denied access to the URL set up as blocked open if a category or the filter segment detected on the network is given an open pass setting users will be allowed access to the URL set up as opened NOTE Using the quota feature access to an open category can be restricted to a defined number of minutes always allowed if a category is given an al...

Page 51: ...es blocked in the minimum filtering level are blocked in the user s profile 3 For master IP group members a A master IP group filtering profile takes precedence over the global profile b A master IP group time profile takes precedence over the master IP group profile 4 For IP sub group members a An IP sub group filtering profile takes precedence over the master IP group s time profile b An IP sub ...

Page 52: ...ter IP group tree and the global adminis trator allows override accounts to bypass the minimum filtering level or if the override account was set up in the global group tree NOTE An override account set up in the master group section of the console takes precedence over an override account set up in the global group section of the console 8 A lock profile takes precedence over all filtering profil...

Page 53: ...INTRODUCTORY SECTION CHAPTER 1 FILTERING OPERATIONS 8E6 TECHNOLOGIES R3000 ENTERPRISE FILTER USER GUIDE 29 Fig 1 1 7 Sample filtering hierarchy diagram ...

Page 54: ...ing appliance to be viewed on a PC monitor or output to a printer 8e6 recommends using the Enterprise Reporter ER for generating reports When the ER server is connected to the R3000 server log files from the R3000 are transferred to the ER server where they are normalized and then inserted into a MySQL database The ER client reporting application accesses that database to generate queries and repo...

Page 55: ...es can be set up to block the use of IM services specified in the library category When the IM module is loaded on the server the R3000 compares packets on the network with IM libraries stored on the R3000 server If a match is found the R3000 checks the user s profile to see whether the user s connection to the IM service should be blocked and then performs the appro priate action WARNING The foll...

Page 56: ...00 checks the user s profile to see whether the user s connec tion to the P2P service should be blocked and then performs the appropriate action Setting up IM and P2P IM and P2P are set up in the System and Library sections of the Administrator console 1 In the System section activate Pattern Blocking in the Filter window 2 In the Library section note the services set up to be blocked as defined a...

Page 57: ... in that category will be blocked NOTE If IM and or P2P was set up to be blocked while a user s IM and or P2P session was in progress the user will not be blocked from using that service until he she logs off the server and back on again Block IM P2P for All Users Block IM for All Users To block IM for all users on the network the Pattern Blocking option in the Filter window must be activated the ...

Page 58: ...ory set up to be blocked Block Specified Entities from Using IM P2P Block IM for a Specific Entity To block IM for a specified group or user the Pattern Blocking option in the Filter window must be activated the CHAT and specified individual Instant Messaging library categories must both be set up to be blocked for that entity the global filtering profile should not have IM blocked unless blocking...

Page 59: ...ocking option in the Filter window must be activated the PR2PR library category must be set up to be blocked for that entity the global filtering profile should not have P2P blocked unless blocking all P2P traffic with the Range to Detect feature is desired the minimum filtering level profile should not have P2P blocked unless blocking all P2P traffic with the Range to Detect feature is desired ...

Page 60: ...a user s PC accesses on the network that user s Internet usage is appropriately filtered and blocked The act of configuring multiple R3000 servers to share the same user profile information is known as synchronization The synchronization feature allows an administrator to control multiple R3000 units without the need to configure each unit independently R3000 synchronization uses a source target c...

Page 61: ...units that have been identified by the source unit via the Synchronization Setup window of the R3000 console This means that all filtering configuration should be made on the source R3000 unit This also means that any user level filter authentication should be performed on the source R3000 unit so that these filtering changes can be disseminated to all R3000 target units NOTE If the failover detec...

Page 62: ...ntry identifies the location of each target unit on the network WARNING If an R3000 server is set up in the Source mode with a Network Address Translation NAT device between the source and target server s be sure that ports 26262 26268 and 88 are open on the source server This setup is required so that the source server can communicate with the target server s Setting up a Target Server When setti...

Page 63: ...update the change is applied locally Once locally applied on the source server this update is sent to all target R3000 units Each target server will then immediately apply this filtering change The result is that profile updates occur on all R3000 units in near real time In the event that a target server is unable to communicate with the source server the target server will continue to run the las...

Page 64: ...n the source server this update will be placed in a queue for submission to target R3000 servers The source server will then send the information in the queue to all target servers Each target server will receive this information and apply the update On the source server a separate queue exists for each identified target server A queue is used as a repository in the event of a communication failur...

Page 65: ...al memory When a change is made to the library a new library must be loaded into memory with the changes So the delay between the library change taking place is the net of the amount of time it takes the source server to prepare the update for submission and then the amount of time it takes for the update to be sent received and processed by the target server Once processed the new library is load...

Page 66: ...sis from the source R3000 For purpose of differentiation these items will be referred to as functionally synchronized for purposes of this user guide These func tionally synchronized items will be available for use on the target R3000 The following options are available for synchronization Synchronize all items both profile and library changes and synchronize only library items As you will see by ...

Page 67: ...dditions deletions Functionally Synchronized Items Common Customization Block Page Authentication settings Authentication Form Customization Lock Page Customization Warn Page Customization Profile Control settings Quota Block Page Customization Quota Notice Page Customization Minimum Filtering Level Rules Global Group Profile Override Account addition deletion activation deactiva tion Lock Profile...

Page 68: ...ized Items Filter control settings Virtual IP and Authentication IP addresses IP addresses Default routes Patch application Synchronization settings Filter Mode NIC Configuration Backup Restore Radius Authentication Settings SNMP configuration X Strikes Blocking settings Warn Option Setting Reporter configuration CMC Management ...

Page 69: ...rch Engine keyword additions deletions Keywords in URL additions deletions Functionally Synchronized Items Category Weight System additions deletions Non synchronized Items Common Customization Block Page Authentication settings Authentication Form Customization Lock Page Customization Warn Page Customization Profile Control settings Quota Block Page Customization Quota Notice Page Customization M...

Page 70: ...ilter changes profile activation deactivation Filter control settings Virtual IP and Authentication IP addresses IP addresses Default routes Patch application Synchronization settings Filter Mode NIC Configuration Backup Restore Radius Authentication Settings SNMP configuration X Strikes Blocking settings Warn Option Setting Reporter configuration CMC Management ...

Page 71: ...that the source server will need to be replaced due to hardware failure In cases in which the source R3000 server is out of commis sion for an extended period of time this server should be replaced as soon as possible so that individual user authen tication can be executed and the ability to control the filtering cluster is continually enabled In cases in which the R3000 will not be immediately re...

Page 72: ...er s configuration to a safe storage place until it is needed 4 In the LAN Settings window accessible via System Network set up IP addresses to be the same as on the source server that is being replaced 5 Go to the Reboot window accessible via System Control and reboot the server 6 Once the R3000 is rebooted reconnect to the console and access the Backup Restore window 7 Upload the last good confi...

Page 73: ...r is whole again and should operate normally Set up a New Source Server from Scratch In the event that you do not have a reliable backup file that can be used for establishing a new source server you must recreate the settings on the new source server Set up a Target Server as a Source Server 1 Log in to the console of the target server designated as the new source server 2 In the System section o...

Page 74: ...cessed via an IP address on your network NOTE If you do not have the R3000 Quick Start Guide contact 8e6 Technologies immediately to have a copy sent to you Using the Administrator Console Log On 1 Launch a browser window supported by the R3000 2 In the address line of the browser window type in the R3000 server s IP address appended by the following port number 88 for an HTTP address 1443 for an ...

Page 75: ...n This window displays minimized when the Login dialog box opens 4 When the Login dialog box opens enter your Username and Password Fig 1 4 2 Login dialog box TIP The default Username is admin and the Password is user3 To change this username and password go to the Administrator window see the Administrator window of the System screen in the Global Administrator Section and create a global adminis...

Page 76: ...OK to close the login dialog box and to access the welcome screen of the Administrator console Fig 1 4 3 Welcome screen On this screen the R3000 Version Number displays in the Product frame and dates for the Last Patch Update and Last Library Update display in the R3000 Enterprise Filter Status frame The following information displays at the bottom of the Administrator console Host Name LAN IP add...

Page 77: ...s the dialog box and opens an alert box indicating that it will take a few minutes to perform the library update Click OK to close the alert box and to execute the command to update the libraries After the libraries are updated today s date will appear as the Last Library Update on the welcome screen NOTE Refer to the Library screen s Manual Update to 8e6 Supplied Categories window in the Global G...

Page 78: ... 4 4 Welcome screen Last Library Update text Click the checkbox Do not show Old Library Warning dialog box in future to disable the Last Library Update message pop up box After the libraries are updated the welcome screen will appear as in Fig 1 4 3 with today s date as the Last Library Update in black text ...

Page 79: ...filter or block specified Internet content for each user based on the applied filtering profile Group clicking this button displays the main screen for the Group section Windows in the Group section are used for creating and managing master IP groups sub groups and individual IP filtering profiles or for setting up NT LDAP domains groups and individual users and their filtering profiles Library cl...

Page 80: ...4 GETTING STARTED 56 8E6 TECHNOLOGIES R3000 ENTERPRISE FILTER USER GUIDE Help clicking this button displays the Help screen This screen includes navigational tips and a link to the PDF copy of this User Guide Fig 1 4 5 Help screen ...

Page 81: ...opics and tooltips Access Help Topics Each of the main section screens contains a link beneath the banner When that link is clicked a separate browser window opens with Help Topics for that section Fig 1 4 6 Help Topics window 1 Click a link to go to a specified topic 2 To view Help Topics for another section click the tab for that section System Group Library Reporting or Help 3 Click Close Windo...

Page 82: ...s the icon additional information about that window can be obtained by hovering over that icon with your mouse or by pressing the F1 key on your keyboard Hover Display The yellow tooltip box displays when you hover over the icon with your mouse Fig 1 4 7 Tooltip mouseover effect To close the tooltip box move the mouse away from the icon ...

Page 83: ...ion All screens are divided into two panels a navigation panel to the left and a window in the panel to the right Windows display in response to a selection made in the navigation panel In the Administrator console screens and windows use different navigation formats based on the contents of a given screen or window Screens can contain topic links and sub topic menus and or tree lists with topics ...

Page 84: ...IES R3000 ENTERPRISE FILTER USER GUIDE Topic Links In System Library and Reporting screens the navigation panel contains topic links By clicking a topic link the window for that topic displays in the right panel Fig 1 4 9 Selected topic and its corresponding window ...

Page 85: ...1 Select Sub topics Some topics in System and Library screens consist of more than one window For these topics clicking a topic link opens a menu of sub topics Fig 1 4 10 Sub topics menu When a sub topic from this menu is selected the window for that sub topic displays in the right panel of the screen ...

Page 86: ...p and Library screens Fig 1 4 11 Tree menu A tree is comprised of a hierarchical list of items An entity associated with a branch of the tree is preceded by a plus sign when that branch of the tree is collapsed By double clicking the entity a minus sign replaces the plus sign and all branches within that branch of the tree display An item in the tree is selected by clicking it ...

Page 87: ...pics and sub topics Topics in the tree list display by default when the tree is opened Examples of tree list topics are circled in Fig 1 4 12 When a tree list topic is selected and clicked a menu of sub topics opens Fig 1 4 12 Tree list topics and sub topics Clicking a sub topic displays the corresponding window in the right panel or opens a pop up window or alert box as appropriate ...

Page 88: ... console there are windows with tabs When selecting a window with tabs from the navigation panel the main tab for that window displays Entries made in a tab must be saved on that tab if the tab includes the Apply button NOTE In the Time Profile and Override Account pop up windows entries are saved at the bottom of the window Fig 1 4 13 Window with tabs ...

Page 89: ...ps and shortcuts is provided to help you use windows in the Administrator console with greater efficiency Navigation Path The navigation path displays at the top of each window Fig 1 4 14 Navigation path This path reminds you of your location in the console The entire path shows the screen name followed by the topic name and sub topic name if applicable ...

Page 90: ...em while pressing the Ctrl key on your keyboard Shift Key To select a block of items from a list box click the first item and then press the Shift key on your keyboard while clicking the last item Once the group of items is selected click the appropriate button to perform the action on the items Copy and Paste Text To save time when making duplicate data entries text previ ously keyed into the GUI...

Page 91: ...red These windows include Block Page Route Table window from the System section and Range to Detect and Members windows from the Group section Fig 1 4 15 IP Calculator pop up window This window is used to view and or calculate the minimum and maximum range for an IP address 1 Click Calculator to open the IP Calculator pop up window If the IP address field in the window on the console is already po...

Page 92: ...click Calculate to display different Min Host and Max Host results 2 After making a note of the information in this pop up window click Close to close the IP Calculator Log Off To log off the Administrator console 1 Click the Quit button in the navigational panel at the top of the screen This action opens the Quit dialog box Fig 1 4 16 Quit dialog box 2 Click Yes to close the Administrator console...

Page 93: ...ing application if pertinent To attain this objective the global administrator performs the following tasks provides a suitable environment for the server including Hypertext Transfer Protocol over Secure Socket Layer HTTPS link to the current logging device power connection protected by an Uninterruptible Power Supply UPS high speed access to the server by authorized client workstations adds grou...

Page 94: ...m screen A list of main topics displays in the navigation panel at the left of the screen Main topics in this section include the following Control settings Network settings Administrator account information Secure Logon Diagnostics Alert contacts Patch Synchronization operation Mode Authen tication settings see the R3000 Authentication User Guide for information about this topic NIC Mode Backup R...

Page 95: ...ttings in the Filter window and Customization windows cannot be edited and the following topics and any asso ciated sub topics are not available Block Page Authentication Authentication Radius Authentication Settings X Strikes Blocking and Warn Option Setting If an R3000 is set up in the Target mode to synchronize only library setting changes all topics and sub topics are available Click your sele...

Page 96: ...HNOLOGIES R3000 ENTERPRISE FILTER USER GUIDE Control Control includes options for controlling basic R3000 server functions Click the Control link to view a menu of sub topics Filter Block Page Authentication ShutDown and Reboot Fig 2 1 2 System screen Control menu ...

Page 97: ...ic on the network If enabling the HTTP Filtering feature that automatically detects a split packet HTTP headers less than or equal to the number of bytes specified will be inspected HTTPS Filtering lets you set the level of filtering for HTTPS sites on R3000s set up in the Stand Alone or Source mode In the Service Control frame enabling Pattern Blocking will log IM and P2P end user activity and bl...

Page 98: ...h profile and library setting changes TIP See the Introductory Section for overviews on the following topics IM and P2P Chapter 2 Logging and Blocking Synchronization Chapter 3 Synchronizing Multiple Units Local Filtering In the Local Filtering frame indicate the function of this server being configured in regards to filtering the network The default setting has Local Filtering On and VLAN Detecti...

Page 99: ...s a split HTTP packet Enable HTTP Packet Splitting Detection By default the feature that automatically detects a split HTTP packet is disabled 1 Click On to enable HTTP Packet Splitting Detection this action displays a field below the radio buttons 2 In the Inspect HTTP headers that are less than or equal to ___ Bytes field by default 48 displays for the number of bytes This entry can be modified ...

Page 100: ...icate with HTTPS servers to obtain the certificate with a very strict validation of the return URL If High is selected by default the option is enabled for a library lookup to overrule the DNS validation of the host name in the certificate WARNING If using the High setting end users may be blocked from accessing acceptable Web sites if the host names of these sites do not match their generated cer...

Page 101: ...eb based Proxies Anonymizers must be applied to the group or user s filtering profile Or to block all users from accessing these proxy patterns the global filtering profile and minimum filtering level must have the PROXY library category set up to be blocked To block specified users from accessing IM services CHAT and specified Instant Messaging 8e6 supplied library categories such as IMGEN IMGCHA...

Page 102: ...is set up in the Source mode for synchronization The default setting has All Target s Filtering On Disable Filtering on Target Servers To disable All Target s Filtering click the Off radio button Each target server on the network will not filter the Range to Detect specified on that server Enable Filtering on Target Servers To enable All Target s Filtering click the On radio button Each target ser...

Page 103: ...d by the block page that displays when an end user attempts to access a site or service that is set up to be blocked Fig 2 1 4 Block Page Authentication window NOTE This feature is not available if the synchronization feature is used and this server being configured is set up in the Target mode to synchronize both profile and library setting changes See the Block Page Customization window and Comm...

Page 104: ...hods Re authentication select this option for the re authentication option The user can restore his her profile and NET USE connection by clicking an icon in a window to run a NET USE script Override Account select this option if any user has an Override Account allowing him her to access URLs set up to be blocked at the global or IP group level NOTE Details about the Web based Authentication opti...

Page 105: ...n this field enter the path of the logon script that the R3000 will use when re authenticating users on the network in the event that a user s machine loses its connection with the server or if the server is rebooted This format requires the entry of two backslashes the authentication server s computer name or computer IP address in capital letters a backslash and name of the share path 3 Click Ap...

Page 106: ...ge By default the following data displays in the User Machine frame of the block page User Machine field The username displays for the NT LDAP user This field is blank for the IP group user IP field The user s IP address displays Category field The name of the library category that blocked the user s access to the URL displays If the content the user attempted to access is blocked by an Exception ...

Page 107: ...lock page under the following conditions For further options click here This phrase and link is included if any option was selected at the Re authentica tion Options field Clicking this link takes the user to the Options window described in the Options page sub section that follows To submit this blocked site for review click here This phrase and link is included if an email address was entered in...

Page 108: ... link in the block page For further options click here Fig 2 1 6 Options page The following items previously described for the Block page display in the upper half of the Options page HELP link User Machine frame contents The frame beneath the User Machine frame includes infor mation for options 1 2 and or 3 based on settings made in this window and the Common Customization window ...

Page 109: ...Re authentication Options Re authentication or Web based Authentication was selected If the user believes he she was incorrectly blocked from a specified site or service he she should re start his her machine and log back in Try re authenticating your user profile This link displays if Re authentication was selected at the Re authentication Options field and an entry was made in the Logon Script P...

Page 110: ...t content blocked at the global or IP group level The user should enter his her Username and Password and then click Override to open the Profile Control pop up window Fig 2 1 8 Profile Control pop up window This pop up window must be left open throughout the user s session in order for the user to be able to access blocked Internet content NOTES See Profile Control window for information on custo...

Page 111: ...hutDown window The ShutDown window displays when ShutDown is selected from the Control menu This window is used for powering off the server Fig 2 1 9 ShutDown window Shut Down the Server In the ShutDown frame click ShutDown to power off the server To restart the server the R3000 console needs to be re accessed ...

Page 112: ...YSTEM SCREEN 88 8E6 TECHNOLOGIES R3000 ENTERPRISE FILTER USER GUIDE Reboot window The Reboot window displays when Reboot is selected from the Control menu This window is used for reconnecting the server on the network Fig 2 1 10 Reboot window ...

Page 113: ...Reboot R3000 dialog box 2 Click Yes to close the dialog box and to launch the Server Status message box informing you that the server is now disconnected Fig 2 1 12 Server Status disconnect message When the Server Status box closes the R3000 Enter prise Filter status message box opens and informs you that the server is rebooting itself and how much time has elapsed since this process began Fig 2 1...

Page 114: ... box closes and the R3000 ready alert box opens Fig 2 1 14 R3000 ready alert box The Server connected alert box also opens informing you that the server is connected and that you must restart the server Fig 2 1 15 Server connected alert box 3 Click OK to close the R3000 ready alert box 4 Click OK to close the Server connected alert box 5 You must now re access the R3000 console ...

Page 115: ...00 ENTERPRISE FILTER USER GUIDE 91 Network Network includes options for configuring the R3000 server on the network Click the Network link to view a menu of sub topics LAN Settings NTP Servers Regional Setting and Block Page Route Table Fig 2 1 16 System screen Network menu ...

Page 116: ...TECHNOLOGIES R3000 ENTERPRISE FILTER USER GUIDE LAN Settings window The LAN Settings window displays when LAN Settings is selected from the Network menu This window is used for configuring network connection settings for the R3000 Fig 2 1 17 LAN Settings window ...

Page 117: ...rk interface card to be used on the network TIP Be sure to place the LAN1 and LAN2 IP addresses in different subnets In the Primary IP field of the DNS frame the default IP address is 4 2 2 1 Enter the IP address of the first DNS server to be used for resolving the IP address of the authentication server with the machine name of that server In the Secondary IP field of the DNS frame the default IP...

Page 118: ...is used for specifying IP addresses of servers running Network Time Protocol NTP software NTP is a time synchronization system for computer clocks throughout the Internet The R3000 will use the actual time from a clock at a specified IP address NOTE The System Time displays beneath the Details frame using the YYYY MM DD HH MM SS Coordinated Universal Time UTC format for the current time zone Fig 2...

Page 119: ... R3000 cannot access the primary time NTP server specified IP addresses are used in the order in which they display in the list box Add an NTP Server To add an NTP server 1 Enter the IP address in the NTP Server field 2 Click Add to include this IP address in the Servers list box 3 Click Apply to apply your settings Remove an NTP Server To remove an NTP server 1 Select the IP address from the Serv...

Page 120: ...RISE FILTER USER GUIDE Regional Setting window The Regional Setting window displays when Regional Setting is selected from the Network menu This window is used for specifying the time zone to be used by the R3000 and the language set type if necessary Fig 2 1 19 Regional Setting window ...

Page 121: ...es 2 At the Location pull down menu select the time zone for the specified region If necessary select a language set from the Language pull down menu to specify that you wish to display that text in the console 3 Click Apply to apply your settings and to reboot the R3000 WARNING If using the R3000 with an 8e6 Technologies Enter prise Reporter unit be sure each R3000 used by the ER is set up in the...

Page 122: ...w is used for building and maintaining a list of destina tion based routers the server will use for communicating with other segments of the network You need to set up a route table only if your local network is interconnected with another network and if users client machines are not being served block pages when appropriate Fig 2 1 20 Block Page Route Table window NOTE See the Block Page Authenti...

Page 123: ...ss of the portal to which packets will be transferred to and from the Internet TIP Click Calculator to open the IP Calculator pop up window Use this calculator to calculate IP ranges without any overlaps 4 Click Add to include your entries in the IP Mask list box NOTE Follow steps 1 4 for each router you wish to include in the routing table Remove a Router To remove one or more routers from the IP...

Page 124: ...bal administrator Admin and group administrator Sub Admin accounts A Sub Admin manages NT or LDAP entities and their filtering profiles NOTE See the Group Details window in Chapter 1 Group screen of the Group Administrator Section for information on setting up and maintaining accounts for IP group administrators See the R3000 Authentication User Guide for more information on setting up and maintai...

Page 125: ...s The Current User list box includes the Account Name and corresponding account Type Admin or Sub Admin for each active global administrator or NT LDAP group admin istrator previously set up in this window Add an Administrator Account To add a global or NT LDAP group administrator account 1 In the Account Details frame enter the username in the Username field 2 In the Password field enter eight to...

Page 126: ...racter one numeric character and one special character The password is case sensitive 3 Enter the same new password again in the Confirm Password field If the administrator s account type needs to be changed select the appropriate account type from the Type pull down menu Admin for global administrator or Sub Admin for NT LDAP group administrator 4 Click Modify to apply your settings NOTE A userna...

Page 127: ...or setting user passwords to expire after a designated number of days and or locking out users from the R3000 after unsuccessfully attempting to log in for the specified number of attempts within the defined timespan Click the Secure Logon link to view a menu of sub topics Logon Settings and Logon Management Fig 2 1 22 System screen Secure Logon window ...

Page 128: ...the password expiration feature that lets you define the number of days a password will be valid before a new password must be used This window also lets you enable the feature for locking out a user from the inter face by username and or IP address if an incorrect pass word is entered for a specified number of times within a defined timespan NOTE This window displays only on servers set up in the...

Page 129: ...one of the following select from available choices 1 30 90 365 Never Expired make an entry for the number of days until passwords expire NOTE If a user s password has expired when he she enters his her username and password in the Login dialog box and clicks OK a different login dialog box opens Fig 2 1 24 New password entry This dialog box displays his her Username and prompts him her to enter a ...

Page 130: ...r entering the incorrect password At the Lockout by IP address field click the radio button corresponding to either of the following options On Choose this option to lock out the user by IP address if the incorrect password is entered for the number of times specified in the Allowable Number of Failed Password Attempts 1 10 field within the interval defined in the Failed Password Attempts Timespan...

Page 131: ...r one or more enters an incorrect password for that same username within the 10 minute timespan a lockout would be made for that username on the third unsuccessful attempt However if the third failed login attempt is made outside of the 10 minute timespan there would be no lock out for that username In a similar scenario for an IP address using the same timespan and designated number of failed log...

Page 132: ...e R3000 interface and for unlocking usernames and IPs currently locked out of the R3000 If the user account is a global Admin or NT LDAP group administrator Sub Admin account the areas of interface accessible to that adminis trator can be viewed Fig 2 1 25 Logon Management window NOTE An account IP address becomes locked if the Lockout by Username IP address feature is enabled in the Logon Setting...

Page 133: ...in NT LDAP group administrator account set up in the Administrator window Group IP group administrator account set up in the IP branch of the Group tree Probe Real Time Probe account set up in the Real Time Probes Logon Accounts window XStrike X Strikes Blocking account set up in the X Strikes Blocking Logon Accounts window Expired Date either Never Expired or a date using the YYYY MM DD format ba...

Page 134: ... the alert box and to remove the locked symbol from the Locked column for the row corre sponding to the username View Locked IP Address Unlock IP Address View Locked IPs The Current Locked IP Addresses frame displays any IP address currently locked Unlock an IP Address To unlock the IP address of a machine 1 In the Current Locked IP Addresses frame click the IP address to highlight it 2 Click Unlo...

Page 135: ...dmin or Sub Admin username from the list 2 Click View Access to open the Assign Access View pop up window Fig 2 1 26 Assign Access View 3 The View Preview assign access frame displays the username in the greyed out Assign to user field Click any of the available tabs System Group Library Report Help to view menu topics sub topics and branches of trees available to that administrator 4 Click the X ...

Page 136: ...R GUIDE Diagnostics Diagnostics includes options for setting up or running processes for maintaining the server Click the Diagnostics link to view a menu of sub topics System Command View Log File Troubleshooting Mode Active Profile Lookup and Admin Audit Trail Fig 2 1 27 System screen Diagnostics menu ...

Page 137: ...and window The System Command window displays when System Command is selected from the Diagnostics menu This window is used for viewing server statistics and for performing diagnostic tests on the server Fig 2 1 28 System Command window WARNING Diagnostics tools utilize system resources impacting the R3000 s performance ...

Page 138: ...ion netstat active connections netstat routing table free current memory usage iostat CPU usage sar system performance recent logins uptime system uptime df disk usage and dmesg print kernel ring buffer NOTE See Command Selections for a list of commands and their functions If Ping or Trace Route was selected from the pull down menu a blank field displays to the right and must be populated 2 Click ...

Page 139: ... able to help you diagnose the problem with your network configuration This diagnostic tool records each hop the data packet made identifying the IP addresses of gateway computers where the packet stopped en route to its final destination and the length of time of each hop Enter the IP address or host name of the specific Internet address to be validated and then click Execute to display results i...

Page 140: ...guration NIC Configuration is used for verifying the server s network interface configuration at bootup When Execute is clicked information about the NIC mode and RX packets and TX packets displays in the pop up window Active connections When Active Connections is selected and Execute is clicked information about opened connections displays in the pop up window The first half of the results includ...

Page 141: ...agnostic tool shows information on resources being used When Execute is clicked the pop up window shows averages on various statistics These results can be stored in a compact binary format and then viewed at later date so that if you discover a system or application problem occurred you can analyze system activity during that time period With this data you can specify start and end times for repo...

Page 142: ...for viewing disk usage information by file system When Execute is clicked rows of disk information display in the Result pop up window including the following information for each disk Filesystem name 1K blocks on the disk number of Used blocks number of Available blocks Use locations where the disk is Mounted on dmesg print kernel ring buffer The Print Kernel Ring Buffer diagnostic tool is used f...

Page 143: ...PRISE FILTER USER GUIDE 119 View Log File window The View Log File window displays when View Log File is selected from the Diagnostics menu This window is used for viewing the most recent log file results of various activi ties and for troubleshooting Fig 2 1 30 View Log File window ...

Page 144: ...rror log used only if an Alternate IP Address is being used in the Block Page Route frame of the Operation Mode window This log only displays information if the IP address used for sending block pages is not being reconciled with the MAC address of the NIC card Admin GUI Server Log AdminGUIServer log used for viewing information on entries made by the admin istrator in the R3000 console NOTE For i...

Page 145: ...INISTRATOR SECTION CHAPTER 1 SYSTEM SCREEN 8E6 TECHNOLOGIES R3000 ENTERPRISE FILTER USER GUIDE 121 Fig 2 1 31 View Log File Results window 4 Click the X in the upper right corner of the pop up window to close it ...

Page 146: ...s as normal Fig 2 1 32 Troubleshooting Mode window WARNING This tool utilizes system resources impacting the R3000 s performance When you click Enable the R3000 will stop filtering the network After you finish making the necessary changes to the server be sure to click Disable to terminate your Troubleshooting Mode session Once Disable is clicked the R3000 will resume filtering the network NOTE Se...

Page 147: ...LAN1 4 At the Promiscuous Mode field the default choice on or off displays based on the operation mode that was selected The promiscuous mode is a mode of operation in which each data packet that is sent will be received and read by the Network Interface Card NIC 5 If necessary click the appropriate radio button to indicate whether to turn the promiscuous mode on or off If on is selected the R3000...

Page 148: ...Diagnostics menu This window is used for verifying whether an entity has an active filtering profile This window also is used for troubleshooting synchronization on target R3000 servers to verify whether settings for user profiles match the ones synced over from the source R3000 server Fig 2 1 33 Active Profile Lookup window NOTE In order to use this diagnostic tool IP groups and or members must b...

Page 149: ...ofile is active for that IP MAC address If the filtering profile is active a pop up box opens containing the Result frame that displays profile settings applied to the profile Fig 2 1 34 Active Profile Lookup results The default Login Summary tab displays the following information Domain name IP group domain name Profile name name of the profile Time profile name name of the time profile if this i...

Page 150: ...edirect URL Filter Options Rule Details In the Rule Details frame the Category Groups tree displays group and library categories with filter settings that determine whether or not the end user can access URLs set up for that category group library category TIP In the Category Groups tree double click the group enve lope to open that segment of the tree and to view library catego ries belonging to ...

Page 151: ...up category he she receives a quota block page NOTE If a category group does not display any filter setting i e the check mark does not display in any column for the category group one or more library categories within that group has a filter setting in a column other than the filter setting designated for all collective library categories within that group For example if in the Adult Content cate...

Page 152: ... be used for redirecting the user away from a page that is blocked if established Filter Options optional filter options to be used in the user s profile X Strikes Blocking Google Yahoo Ask com AOL Safe Search Enforcement Search Engine Keyword Filter Control and or URL Keyword Filter Control with without the Extend URL Keyword Filter Control option selected 4 Click the X in the upper right corner ...

Page 153: ...lays when Admin Audit Trail is selected from the Diagnostics menu This window is used for specifying FTP criteria so that a log of server changes made by an administrator will be sent to the FTP server The log of changes made on the server can be viewed in this window Admin Audit Trail The Admin Audit Trail tab displays by default Fig 2 1 35 Admin Audit Trail window ...

Page 154: ...Passive is selected by default indicating that transfers will be made via unre stricted outgoing network connections Click Active if transfers will be initiated by the server 4 Type in the Username to be used 5 Type in the Password to be used and type it again in the Confirm Password field 6 Specify whether or not to Send Daily Log to FTP Server by clicking either the on or off radio button 7 Clic...

Page 155: ... the log click the View tab Fig 2 1 36 Admin Audit Trail window View tab Click View Log to display data on recent activity For each change made on the server the log will contain the date and time the change was made Time IP address of the machine used by the administrator administrator s User name and a brief description of the Action performed on the server ...

Page 156: ...000 ENTERPRISE FILTER USER GUIDE Alert Alert includes options for setting up alert emails that notify designated individuals of problems on the network Click the Alert link to view a menu of sub topics Alert Settings and SMTP Server Settings Fig 2 1 37 System screen Alert menu ...

Page 157: ... detected during the R3000 s self monitoring process Fig 2 1 38 Alert window The following processes are monitored by the R3000 CPU Processes If any CPU process fails to run the R3000 alerts the administrator about the failed process and that an attempt will be made to reload the necessary process The last few lines of any pertinent logs are included in the message to assist the administrator in t...

Page 158: ...File Transmission If the R3000 is unable to send log files as scheduled to an ER server or a third party FTP server the log files are placed in a queue so they can be sent when a connection is established with the server If these logs cannot be successfully transmitted after a period of time an alert is sent to the administrator The last few lines of the error log are included in the message to as...

Page 159: ...sending alert email messages to designated administrators enter the email address of the R3000 in the From Email Address field 5 Click Apply to apply your settings Modify Alert Settings 1 Make any of the following edits in the Emergency Email Notification frame change an email address by typing the new one over the existing one deactivate a contact by removing the check mark from the checkbox corr...

Page 160: ...gs for the Simple Mail Transfer Protocol that will be used for sending email alert messages to specified administrators Fig 2 1 39 SMTP Server Settings window Enter Edit SMTP Server Settings 1 Enter the SMTP Server name for example mail logo com 2 By default the SMTP Server Port number used for sending email is 25 This should be changed if the sending mail connection fails 3 By default the Email q...

Page 161: ...lds below Make the following entries a Enter the Username b Enter the Password and make the same entry in the Confirm Password field 5 Click Apply to apply your settings Verify SMTP Settings To verify that email messages can be sent to a specified address 1 Click Test Settings to open the pop up box Fig 2 1 40 SMTP Test Settings box 2 Enter the email address in the pop up box 3 Click OK to close t...

Page 162: ...EM SCREEN 138 8E6 TECHNOLOGIES R3000 ENTERPRISE FILTER USER GUIDE Patch Patch includes options for uploading software updates Click the Patch link to view a menu of sub topics Local Patch and Patch Update Log Fig 2 1 41 System screen Patch menu ...

Page 163: ...ng configured and for viewing information about software updates currently avail able Fig 2 1 42 Local Patch window NOTE Available software updates for the R3000 come from downloads made to the server via Traveler 8e6 s executable program that can run on demand or be set to run at a scheduled time TIP Click the link here at the bottom of the window to go to the Web page at 8e6 Technologies public ...

Page 164: ...Patches frame or the History of Patches frame the Date Name and Synopsis are included for each software update To read information about a software update 1 Select a software update from the list 2 Click the README button to open the README pop up box that contains information about the software update Fig 2 1 43 Software update Readme 3 Click Close to close the pop up box ...

Page 165: ... to the Available Patches frame and select the soft ware update to be applied NOTES Software updates must be applied to the server in sequential order Be sure port 8082 is open on your network 2 Click Apply to open the software update installation dialog box Fig 2 1 44 Software update installation dialog box 3 Click Yes to open the EULA dialog box Fig 2 1 45 EULA dialog box ...

Page 166: ...software update has been successfully applied go to the View Log File window and select Patch Log patch log See View Log File window for more infor mation 5 Click OK to close the alert box and to proceed This action opens the connection failure alert box indicating that the connection to the R3000 server has been lost due to the software update application Fig 2 1 47 Connection failure alert box 6...

Page 167: ...ndow in this chapter for information on performing a backup Undo an Applied Software Update NOTE Only the most recently applied software update can be uninstalled WARNING If a software update is uninstalled configuration settings will revert to the previous settings before the software update was applied To unapply a software update 1 Go to the History of Patches frame and select the soft ware upd...

Page 168: ...s selected from the Patch menu This window is used for viewing the software update log that provides the status on the R3000 s software update activity including checks for new software updates and downloaded and applied software updates Fig 2 1 48 Patch Update Log window View Log Contents Click View Log to display contents of the log in the frame below with the status of the software update ...

Page 169: ...e on how to download the log file to your worksta tion if using Windows XP 2 Click OK to close the alert box Two pop up boxes open A second alert box asks you to confirm that the file was successfully saved to your machine Click OK in this box after the download is completed In the File Download dialog box click Save Fig 2 1 49 Download Log dialog box This action opens the Save As window Fig 2 1 5...

Page 170: ...our worksta tion After the file has completely downloaded the Download complete dialog box opens Fig 2 1 51 Download Complete box 4 You can now open this file open the folder where the file was saved or close this dialog box NOTE Proceed to View the Contents of the Log for information on viewing or printing the contents of the log file 5 Click OK to close the alert box asking you to verify that th...

Page 171: ...date log file has been downloaded to your workstation you can view its contents 1 Find the log file in the folder and right click on it to open the pop up menu Fig 2 1 52 Folder containing downloaded file 2 Choose Open With and then select a zip file executable program such as WinZip Executable to launch that application Fig 2 1 53 WinZip Executable program ...

Page 172: ...HNOLOGIES R3000 ENTERPRISE FILTER USER GUIDE 3 If using WinZip click I Agree to open the window containing the zip file Fig 2 1 54 WinZip window 4 Right click the zip file to open the pop up menu and choose View to open the View dialog box Fig 2 1 55 View dialog box ...

Page 173: ...g correctly formatted in WinZip s View window if you wish to save or print the contents of this file 1 Click Clipboard Copy wait for the dialog box to open and confirm that the text has been copied to the clip board and then click OK to close the dialog box 2 Open Notepad in Windows XP Start All Programs Accessories Notepad in Windows 2000 Start Programs Accessories Notepad 3 Paste the contents fr...

Page 174: ...send profile library setting changes to or receive such setting changes from another R3000 If the R3000 is set up to either send or receive profile library setting changes in the aforementioned manner the menu option for Status also becomes available in the pop up menu If the R3000 is set up to send profile library setting changes that R3000 will function as a Centralized Manage ment Console and t...

Page 175: ...LOGIES R3000 ENTERPRISE FILTER USER GUIDE 151 NOTE For an overview on synchronization see Chapter 3 Synchronizing Multiple Units from the Introductory Section WARNING This version of synchronization only supports the use of unique IP addresses throughout a network ...

Page 176: ...he R3000 especially if there is more than one R3000 on the network When there are multiple R3000 servers it is important to set up one as a source server and others as targets so that user profiles and or library settings can be copied to other servers This process ensures that all servers run in parallel on the network thereby eliminating the need to manually configure profile and library setting...

Page 177: ...filtered and blocked NOTE With synchronization activated changes made to the library will be transmitted from the source server to the target server s but will not be automatically applied Changes are applied to a target server only under the following circumstances The library is reloaded on the target server The Sync All button is clicked on the source server The library is updated via the Manua...

Page 178: ... profile and library setting changes Choose Library if only library category additions deletions including search engine keywords and URL keywords additions deletions and not profiles should be synced to target servers 3 By default the Upstream Failover Detect checkbox is unpopulated Click this checkbox if this source server will be set up to detect any failed R3000 node and filter that target ser...

Page 179: ...ht be given the global group profile instead of their active filtering profiles If a target server fails the Range to Detect Settings window displays a Node tab with IP range information for the failed downstream server 4 In the IP to Send frame select either the LAN 1 or LAN 2 IP address from the IP to Send pull down menu This IP address will be used for sending profile library setting changes to...

Page 180: ... box that provides the server mode status for each IP address you entered Click OK to close the alert box and make any adjustments if necessary To remove an IP address from the list box select it and click Remove Target NOTE This test only verifies whether this server can contact the target server s In order for synchronization to be operable on the network the target server s must also be able to...

Page 181: ...ns from a previous date in time are restored to the source server and each target server needs to have these same library configurations as well Sync All should be clicked after entries are made in the Backup Restore window In the second scenario the source server has failed and needs to be replaced with another server One of the target servers is promoted to function as the new source server The ...

Page 182: ...in the Target mode with a NAT device between the target and source server be sure that ports 26262 and 26268 are open on the target server This setup is required so that the target server can communicate with the source server For the Target mode setting 1 In the Mode frame click Target to display the Target mode view Fig 2 1 60 Setup window Target mode In the IP to Send frame the LAN1 and LAN2 IP...

Page 183: ...3 Click Test Source to open an alert box that provides the server mode status for the IP address you entered 4 Click OK to close the alert box and make any adjust ments if necessary 5 After validating the source IP address click Change Source to display this IP address in the Current Source IP display field 6 Click Apply after all settings have been made NOTE This test only verifies whether this s...

Page 184: ...ailable only if this server currently being configured is either set up in the Source mode or Target mode If set up in the Source mode this window is used for veri fying that profile updates are being sent to the target server s as in the example below Fig 2 1 61 Status window Source mode If set up in the Target mode this window is used for verifying that profile library setting updates are being ...

Page 185: ...ccurring and FAULT if the target server cannot be reached or if there is a problem with synchronization The Last Sync Date column displays the date and time synchro nization last occurred for the target server TIPS The order in which columns display in the grid can be changed by clicking the column header and sliding the column to another position in the grid To change the sort order click the hea...

Page 186: ...ge displays in the Sync Status column for a target server items still remain in the queue waiting to be synced To view items in the queue for a specified target server 1 In the Current Queue column for that server click Details to open the Queue of Target pop up window Fig 2 1 62 Queue of Target pop up window 2 Click Close to close the pop up window ...

Page 187: ...lick Details to open the History of Target pop up window 2 Select the maximum Last Number of Lines from the pull down menu 100 200 300 400 500 for the most recent synchronization history that you wish to view 3 Click View to display lines of items in the History Log Fig 2 1 63 History of Target pop up window 4 Click Close to close the pop up window Place Items in Queue for Syncing To place new syn...

Page 188: ...he Target Sync Status frame This is the current date and time from the R3000 server using the YYYY MM DD and HH MM SS format and includes the UTC code for the time zone Fig 2 1 64 Status window Target mode The Target Sync Status frame includes the following infor mation Source IP The IP address of the source server displays Connection Status OK or FAULT displays indi cating whether or not there is...

Page 189: ... Sync The date and time of the last successful synchronization displays using the YYYY MM DD and HH MM SS format History Log Click the Details button to open the History of Target pop up window See View Items Previ ously Synced to the Server in this section for information on accessing and viewing the contents of this window ...

Page 190: ... 8E6 TECHNOLOGIES R3000 ENTERPRISE FILTER USER GUIDE Mode Mode includes options for configuring the R3000 to filter the network Click the Mode link to view a menu of sub topics Operation Mode and Proxy Environment Settings Fig 2 1 65 System screen Mode menu ...

Page 191: ... operational mode the R3000 will use to filter the network and the settings the R3000 will use for listening to traffic and sending traffic This window is also used for configuring an R3000 to perform other operational capacities As a mobile R3000 server the R3000 filters end users whose machines are not located in house As an ICAP server the R3000 off loads specific content normally handled by an...

Page 192: ...t If using the router or firewall mode you may need to select the network card that will be used to listen to as opposed to send traffic on the network Specify the Block Page Device In the Block Page Device frame LAN2 displays as the default device for sending block pages to client PCs in the invisible mode TIP For the invisible mode the block page device should be a different device than the one ...

Page 193: ...ll always be sent to the MAC address of a specified host usually the R3000 gateway Using this option choose from either of the two Block Page Route To selections Default Gateway this option indicates that the default gateway on your network will be used for sending block pages If the invisible mode is selected Default Gateway displays by default as the Block Page Route To selection Alternate IP Ad...

Page 194: ...th an ICAP server the R3000 will not capture any network packets but will solely work with ICAP requests from an ICAP client proxy server When an end user makes a request for Internet content this request is routed to the proxy server which then submits the request to the ICAP server The ICAP server sends back a response to the proxy server which may send the request to the original R3000 server i...

Page 195: ...ICAP clients By default 30 displays 4 In the Options TTL in Sections 0 86400 field enter the time in seconds in which the options response is valid By default 3600 displays 5 In the Preview Bytes 0 4096 field enter the number of bytes to be included in the response header to be sent by the ICAP client for preview by the ICAP server before the entire request is submitted to the ICAP server By defau...

Page 196: ...hen Proxy Environment Settings is selected from the Mode menu This window is used for specifying whether the R3000 is in a proxy environment and if the default Web server port number 80 will be enabled Fig 2 1 67 Proxy Environment Settings window NOTE Basic Proxy Authentication must be used if using HTTPS in a proxy environment The R3000 has been tested with ISA Blue Coat and Squid proxies ...

Page 197: ...nt 1 Click the On radio button This selection indicates that the R3000 will perform a reverse lookup on packets to detect the source address and origin of packets 2 Click Apply to apply your setting Use Proxy Port 80 In the Proxy Port 80 Setting frame the default setting is Disable To specify that the public proxy server will channel https traffic through Port 80 1 Click the radio button correspon...

Page 198: ...k to view a menu of sub topics Enable Disable Authentication Authentication Settings and Authentication SSL Certificate Fig 2 1 68 System screen Authentication menu NOTES Information about these sub topics can be found in the R3000 Authentication User Guide The Authentication topic and sub topics do not display if the synchronization feature is used and this server being configured is set up in th...

Page 199: ...ify the speed for the R3000 s Network Interface Card settings so that the R3000 can communicate with the network switch or hub Fig 2 1 69 NIC Mode window By default the NIC mode for LAN1 and LAN2 is set to Auto The auto negotiation setting indicates that both connected devices will negotiate the fastest possible commonly shared speed NOTE The options available in this window depend on the hard war...

Page 200: ...e negotiation for a NIC click View NIC Negotiation to open a window containing results from the mii tool and the ethtool about the status of the NIC mode s Fig 2 1 70 NIC Negotiation window Mii tool checks or sets the status of a network interface s Media Independent Interface MII unit Ethtool is a diag nostic and tuning tool that examines and tunes the NIC ...

Page 201: ...odify the NIC setting in the LAN1 or LAN2 frame 1 Click the radio button for the available option you wish to select 10baseT Full Duplex 10baseT Half Duplex 100baseT Full Duplex 100baseT Half Duplex or 1000baseT Full Duplex if available on your R3000 model see NIC Mode Speeds Chart 2 Click Apply to activate the new NIC mode setting NOTE The status Up or Down of the Interface displays to the right ...

Page 202: ...00 HL platform 10 100 1000 10 100 1000 R3000 SL platform 10 100 1000 10 100 1000 R3000 MSA platform includes R3000IR 10 100 1000 10 100 1000 Pre 2008 Models LAN1 LAN2 Standard R3000 10 100 10 100 R3000M 10 100 10 100 R3000G 10 100 1000 10 100 1000 R3000S 10 100 1000 10 100 1000 R3000H 10 100 1000 10 100 1000 R3000MSA mini tower 10 100 1000 10 100 R3000MSA 1U 10 100 1000 10 100 1000 R3000IR 1U 10 1...

Page 203: ...tore is selected from the navigation panel This window is used for saving configuration settings and or custom library additions deletions on or off the server and for restoring these settings modifications later if necessary Fig 2 1 71 Backup Restore window WARNING A backup should be created and downloaded off the R3000 server whenever a change is made to filtering settings on the R3000 server ...

Page 204: ...er When the character displays in place of the cursor you can expand the width of the column You also can use the scrollbar beneath the grid to view information to the right of the last column Backup Procedures 8e6 recommends performing backup procedures whenever changes are made to system configurations or to library configurations By creating backup files and saving these files off the R3000 ser...

Page 205: ...up file 4 Type in a descriptive Comment about that file 5 Click OK to close the dialog box and to open the Wait alert box that informs you it may take some time to back up configurations based on the amount of data to be saved 6 Click OK to close the Wait alert box After configurations have been successfully saved the Message alert box opens to display a confirmation message 7 Click OK to close th...

Page 206: ...nload to open the alert box containing a message on how to download the log file to your worksta tion if using Windows XP 3 Click OK to close the alert box In the File Download dialog box that opens click Save Fig 2 1 73 File Download box This action opens the Save As window Fig 2 1 74 Save As pop up window 4 Find the folder in which to save the file and then click Save to begin downloading the gz...

Page 207: ... TECHNOLOGIES R3000 ENTERPRISE FILTER USER GUIDE 183 After the file has completely downloaded the Download complete dialog box opens Fig 2 1 75 Download complete box You can now open this file open the folder where the file was saved or close this dialog box ...

Page 208: ...n the Backup Configurations grid you must upload it to the server WARNING Be sure the file you are restoring uses the same version of the software currently used by the R3000 Administrator console Refer to the Local Patch window for available updates to the R3000 s software See the Local Patch window for more information about software updates Upload a File to the Server To upload a gzip file to t...

Page 209: ...be uploaded CONFIG_ONLY LIBRARY_ONLY or both CONFIG_AND_LIBRARY 6 Click Upload File to upload this file to the server If the file is successfully uploaded the pop up window s banner name says Upload Successful After a few seconds the pop up window closes 7 Click Refresh to display a new row for the uploaded file in the Backup Configurations grid Restore Configurations to the Server To restore conf...

Page 210: ...ew details on backup and or restoration activities 1 Click Log to open the Backup Restore Log pop up box Fig 2 1 78 Backup Restore pop up box The pop up box includes rows of data about backup and restore processes performed via the Backup Restore window The following information displays for each row the date and time a process was attempted to be executed and a Message indicating whether that pro...

Page 211: ...esetting the server back to the default settings when the box was first acquired Fig 2 1 79 Reset window WARNING When Reset is clicked all settings made on the R3000 server will be removed and the box will be restored to its original state Any software updates applied to the server subse quent to receiving this box will need to be reapplied Reset All Server Settings Click Reset to reset the box to...

Page 212: ...displays when Radius Authentication Settings is selected from the naviga tion panel This window is used for controlling filtering levels of dial up users Fig 2 1 80 Radius Authentication Settings window NOTE The Radius Authentication Settings topic does not display if the synchronization feature is used and this server being configured is set up in the Target mode to synchronize both profile and l...

Page 213: ...default To use Radius click the On radio button This action displays the Radius Authentication Settings frame Specify Radius Authentication Settings 1 In the Radius Server field 1 2 3 9 displays by default Enter the IP address of the Radius accounting server 2 In the Radius Port number field 1813 displays by default Change this number only if the Radius accounting server uses a different port numb...

Page 214: ...on causes the Use R3000 IP as Source IP field to display greyed out 5 In the Reply Mode field specify whether the server that sent a request should receive a response To enable the Reply Mode option Click the On radio button A reply and accounting response packet will be submitted to the sender NAS or Radius server Enter an Authenticated Phrase to be shared by the Radius server and NAS At the Copy...

Page 215: ...INISTRATOR SECTION CHAPTER 1 SYSTEM SCREEN 8E6 TECHNOLOGIES R3000 ENTERPRISE FILTER USER GUIDE 191 Disable Radius To disable the Radius feature 1 At the Radius Mode field click the Off radio button 2 Click Apply ...

Page 216: ...se a third party Simple Network Management Protocol SNMP product for monitoring and managing the working status of the R3000 s filtering on a network Fig 2 1 81 SNMP window The following aspects of the R3000 are monitored by SNMP data traffic sent received by a NIC CPU load average at a given time interval amount of free disk space for each disk partition time elapse since the box was last reboote...

Page 217: ...assword that the manage ment R3000 console would use when requesting access Create Build the Access Control List 1 In the Enter new IP to add field enter the IP address of an interface from to which the SNMP should receive send data 2 Click Add to include the entry in the Access control list box Repeat steps 1 and 2 for each IP address to be included in the list 3 After all entries are made click ...

Page 218: ...are Failure Detection Hardware Failure Detection window If using an R3000 H SL or HL unit the Hardware Failure Detection window displays when Hardware Failure Detec tion is selected from the navigation panel This feature shows the status of each drive on the RAID server Fig 2 1 82 Hardware Failure Detection window ...

Page 219: ...nd no other text displays on the screen If any of the hard drives has failed the message FAIL displays to the right of the hard drive number and instruc tions for replacing the hard drive display below 1 Identify the failed drive based on the information provided on the GUI 2 Replace the failed drive with your spare replacement drive 3 Click on the Rebuild button on the GUI 4 To return a failed dr...

Page 220: ...ng is selected from the navigation panel This feature lets a global administrator set criteria for blocking a user s access to unacceptable Internet sites and locking a user s workstation after the user makes a specified X number of attempts to such sites Unacceptable Internet sites pertain to sites included in categories that are blocked in a user s profile Fig 2 1 83 X Strikes Blocking window Co...

Page 221: ...ick On 2 Enter the Maximum Strikes Before Locking the Workstation This is the number of attempts a user can make to access an unacceptable site before that user is prevented from using the Internet The default is 5 and the maximum limit is 1000 3 Enter the Time Span in Minutes to Track the No of Strikes Within Category This is the amount of time between a given user s first strike and the strike t...

Page 222: ...default Default Alternate Locked Block Page is selected indicating that the standard lock out block page will display To specify a different page click Custom URL and enter the URL in the text box 7 Click Save to save your configuration settings Reset All Workstations The following buttons can be clicked to reset workstations Click Reset All Strikes to remove all strikes from all workstations and ...

Page 223: ...e lock page You have been denied access according to your organization s Internet Usage Policy As a result your Internet privileges were temporarily suspended for a total of X amount of time in which X represents the number of minutes hours the user will be locked out from Internet usage on that workstation NOTE This message may differ depending on whether or not alternate text and settings were m...

Page 224: ...kes If users are receiving too many strikes or too few strikes within a given period of time you may need to modify the configuration settings Sample Settings Maximum strikes 5 Time span for the maximum number of strikes 5 minutes Within a five minute period if a user accesses five sites that contain blocked material that user will be locked out of his her workstation for five minutes However sinc...

Page 225: ...trikes may need to be increased If these configuration settings do not block users often enough the time span for the maximum number of strikes may need to be reduced the maximum number of strikes may need to be reduced Email Alert Click the Email Alert tab to display Email Alert Fig 2 1 85 X Strikes Blocking window Email Alert tab ...

Page 226: ...e number of minutes within the 24 hour period that should elapse between email alerts For example by entering 300 in this field and 30 in the previous field if there are any email alerts they will be sent at 5 30 00 AM 10 30 00 AM 3 30 00 PM 8 30 00 PM and at midnight when the time interval is reset To check the time s the email alert is scheduled to occur click the Display Sending Time button to ...

Page 227: ... email alerts 2 Click Add to include the email address in the Current Email Alerts list box NOTE The maximum number of email alert recipients is 50 If more than 50 recipients need to be included 8e6 recommends setting up an email alias list for group distribution Remove Email Alert Recipients 1 Select the email address es from the Current Email Alerts list box 2 Click Delete to remove the email ad...

Page 228: ...ounts tab Set up Users Authorized to Unlock Workstations 1 Enter the Username of a staff member who is authorized to unlock workstations 2 Enter the user s password in the Password and Confirm Password fields using eight to 20 characters and at least one alpha character one numeric character and one special character The password is case sensitive 3 Click Add to include the username in the Current...

Page 229: ...ser s account 1 Select the username from the Current Accessible Users list box 2 Click Disable to move the username to the Current Un Accessible Users list box Delete a Logon Account To delete a user s account 1 Select the username from the Current Accessible Users list box 2 Click Delete WARNING By deleting a logon account in addition to not being able to unlock workstations that user also will b...

Page 230: ...o Strikes 1 Select library categories from the No Strike Categories list box 2 Click the right arrow to move the selected library cate gories to the Strike Categories list box TIP Use the left arrow to move selected Strike Categories to the No Strike Categories list box 3 Click Apply to apply your settings NOTE Library categories in the Strike Categories list box will only be effective for filteri...

Page 231: ...nistrator clicks Go to X Strikes Unlock Workstation GUI either the Re login window or the X Strikes Unlock Workstation pop up window opens Re login window The Re login window opens if the user s session needs to be validated Fig 2 1 89 Re login window 1 Enter your Username 2 Enter your Password 3 Click OK to close the Re login window and to re access the R3000 console ...

Page 232: ...e and Expire Date Time of currently locked workstations Fig 2 1 90 X Strikes Unlock Workstation window NOTE An authorized staff member can click a link in an email alert or type in http x x x x 88 XStrike html in the address field of a browser window in which x x x x is the IP address of the R3000 to view locked workstation criteria Unlock a Workstation To unlock a specified workstation 1 Select t...

Page 233: ...nter the email address in the Email Address to be Subscribed Unsubscribed text box 2 Click Subscribe Remove an Email Address from the Alert List To remove an administrator s email address from the notifi cation list 1 Enter the email address in the Email Address to be Subscribed Unsubscribed text box 2 Click Unsubscribe Close the Pop up Window Click the X in the upper right corner of the pop up wi...

Page 234: ... administrator specify the number of minutes for the interval of time in which a warning page will redisplay for the end user who accesses a URL in a library category with a Warn setting for his her profile If the end user accesses another URL in a category with a Warn setting the warning page displays again and will continue to redisplay for the interval of time specified as long as the end user ...

Page 235: ...ed is set up in the Target mode to synchronize both profile and library setting changes See the Warn Page Customization window in this chapter for information on customizing text in the warning page that displays for end users Specify the Interval for Re displaying the Warn page 1 In the Warn Life Time minutes field by default 10 displays Enter the number of minutes 1 480 to be used in the interva...

Page 236: ...o view a menu of sub topics Common Customization Authentication Form Lock Page Block Page Warn Page Profile Control Quota Block Page Quota Notice Page NOTE All Customization windows display greyed out if the synchronization feature is used and this server being configured is set up in the Target mode to synchronize both profile and library setting changes Fig 2 1 92 System screen Customization men...

Page 237: ...ifying elements to be included in block lock profile and warning pages and or the authentication request form the end user will see Fig 2 1 93 Common Customization window By default in the Details frame all elements are selected to display in the HTML pages the Help link points to the FAQs page on 8e6 s public site that explains why access was denied and a sample email address is included for admi...

Page 238: ...ay if enabled displays Blocked URL followed by the blocked URL in block pages Copyright Display if enabled displays 8e6 R3000 copyright information at the footer of block and lock pages and the authentication request form Title Display if enabled displays the title of the page in the title bar of the block and lock pages and the authentication request form Help Display if enabled displays the spec...

Page 239: ... associated email address specified in the Submission Email Address field described below is accessible to the end user by clicking the click here link NOTE If enabling the Submission Review Display feature an email address entry of the designated administrator in your orga nization must be made in the Submission Email Address field Submission Email Address By default admin company com displays in...

Page 240: ...page end users will see when attempting to access Internet content blocked for their profiles and their workstations are currently locked Entries saved in this window display in the customized lock page if these features are also enabled in the Common Customization window and the X Strikes Blocking feature is enabled NOTE See X Strikes Blocking window in this chapter for informa tion on using the ...

Page 241: ...xt message to be displayed beneath the lock page header Any entries made in these fields will display centered in the customized lock page using the Arial font type 2 At the Explanation Display field by default On is selected This setting displays the reason the workstation is locked beneath the text from the Description field Click Off to not have the explanatory text display in the lock page 3 C...

Page 242: ...on Customization window Fig 2 1 95 Sample Customized Lock Page By default the following data displays in the User Machine frame User Machine field The username displays for the NT LDAP user This field is blank for the IP group user IP field The user s IP address displays By default the following standard links are included in the lock page HELP Clicking this link takes the user to 8e6 s Tech nical...

Page 243: ...click Preview in this window again to view a sample lock page Block Page Customization window The Block Page Customization window displays when Block Page Customization is selected from the Customization menu This feature is used if you want to display customized text and include a customized link in the block page end users will see when attempting to access Internet content blocked for their pro...

Page 244: ...ies 1 Make an entry in any of the following fields In the Header field enter a static header to be displayed at the top of the block page In the Description field enter a static text message to be displayed beneath the block page header In the Link Text field enter text for the link s URL and in the Link URL field enter the corresponding hyper link in plain text using the http or https syntax Any ...

Page 245: ... Customized Block Page By default the following data displays in the User Machine frame User Machine field The username displays for the NT LDAP user This field is blank for the IP group user IP field The user s IP address displays Category field The name of the library category that blocked the user s access to the URL displays If the content the user attempted to access is blocked by an Exceptio...

Page 246: ...k takes the user to the Options window NOTE See the Options page in the Block Page Authentication window sub section for information on options that display in the Options window To submit this blocked site for review click here This phrase and link is included if an email address was entered in the Submission Email Address field in the Common Customization window Clicking this link launches the u...

Page 247: ...he pop up window end users will see if attempting to access a URL in a library category set up with a Warn setting for his her profile Entries saved in this window display in the warning page if these features are also enabled in the Common Customization window and the Warn setting is applied to any library category or category group NOTE See Warn Option Setting window in this chapter for more inf...

Page 248: ...scription field enter a static text message to be displayed beneath the warning page header In the Link Text field enter text for the link s URL and in the Link URL field enter the corresponding hyper link in plain text using the http or https syntax Any entries made in these fields will display centered in the customized warning page using the Arial font type 2 Click Apply TIP Click Restore Defau...

Page 249: ...s window and in the Common Customization window Fig 2 1 99 Sample Customized Warning Page By default the following data displays in the User Machine frame User Machine field The username displays for the NT LDAP user This field is blank for the IP group user IP field The user s IP address displays Category field The name of the library category that warned the user about accessing the URL displays...

Page 250: ...ime interval this warning page will redisplay and the user must click this button once more in order to continue accessing the URL NOTE If using the Real Time Probe feature in the Real Time Information box the Filter Action column displays Warn for the first time the user saw the warning window and clicked Continue and Warned for each subsequent time the warning window opened for the user and he s...

Page 251: ...TER USER GUIDE 227 2 Click the X in the upper right corner of the window to close the sample customized warning page TIP If necessary make edits in the Warn Page Customization window or the Common Customization window and then click Preview in this window again to view a sample warning page ...

Page 252: ...verride accounts will see when logging into their override accounts Such accounts give authorized users access to Internet content blocked for other end users Entries saved in this window display in the profile control pop up window if these features are also enabled in the Common Customization window and override accounts are set up for designated end users NOTE See Override Account window in the...

Page 253: ...r to be displayed at the top of the profile control pop up window In the Warning Text field enter a static text message to be displayed at the bottom of the pop up window 2 Click Apply TIP Click Restore Default and then click Apply to revert to the default settings in this window NOTE For a sample profile control pop up window see Option 3 from the Options page section of the Block Page Authentica...

Page 254: ... from the Customization menu This window is used for making customizations to the quota block page the end user will see if he she has a quota time limit set for a passed category in his her profile and has attained or exceeded that limit Fig 2 1 101 Quota Block Page Customization window TIP An entry in any of the fields in this window is optional NOTE For more information about quotas see the Quo...

Page 255: ...e Description field enter a static text message to be displayed beneath the header In the Link Text field enter text for the link s URL and in the Link URL field enter the corresponding hyper link in plain text using the http or https syntax Any entries made in these fields will display centered in the customized quota block page using the Arial font type 2 Click Apply TIP Click Restore Default an...

Page 256: ...he following data displays in the Category frame Category field The name of the library category that blocked the user from accessing the URL displays Requested URL field The URL the user attempted to access displays IP field The user s IP address displays User Machine field The username displays for the NT LDAP user This field is blank for the IP group user By default the following standard links...

Page 257: ...w or the Common Customization window and then click Preview in this window again to view a sample quota block page Quota Notice Page Customization window The Quota Notice Page Customization window displays when Quota Notice Page is selected from the Customiza tion menu This window is used for making customizations to the quota notice page the end user will see if he she has a quota time limit set ...

Page 258: ...text message to be displayed beneath the header In the Link Text field enter text for the link s URL and in the Link URL field enter the corresponding hyper link in plain text using the http or https syntax Any entries made in these fields will display centered in the customized quota notice page using the Arial font type 2 By default the Quota Percentage Display is enabled indicating the percenta...

Page 259: ...4 Sample Customized Quota Notice Page By default the following data displays in the Category frame Category field The name of the library category containing a URL the user accessed that triggered the quota notice displays Requested URL field The URL the user accessed that triggered the quota notice displays IP field The user s IP address displays User Machine field The username displays for the N...

Page 260: ... takes the user to 8e6 s Web site The following button is included in the quota notice page Continue Clicking this button closes the quota notice page and takes the user to the URL he she requested 2 Click the X in the upper right corner of the window to close the sample customized quota notice page TIP If necessary make edits in the Quota Block Page Customi zation window or the Common Customizati...

Page 261: ...237 CMC Management CMC Management displays on an R3000 set up in the Source mode and includes Centralized Management Console options for viewing the filtering statuses of this source server and its target server s and managing soft ware updates on these servers Fig 2 1 105 System screen CMC Management menu ...

Page 262: ...t window The Patch Management window displays when Patch Management is selected from the CMC Management menu This window is used for viewing software updates currently applied to the source and target servers and any available software updates and applying software updates to these servers Fig 2 1 106 Patch Management window ...

Page 263: ...er Next Patch version name and number of the next software update to be applied or N A if there is none avail able Latest Patch Version name and number of the latest software update or N A if there is none available Down load Date date the latest software update was downloaded to the server or N A if there is none available TIPS The entire grid can be viewed by using the scroll bar at the bottom o...

Page 264: ... sub section for the Local Patches window for information about the EULA and applying software updates Only a software update number that is lesser to or equal to the source server s software update number can be applied to a target server TIP Multiple target servers can be selected to have a software update applied if these target servers are currently running the same software version number To ...

Page 265: ...PRISE FILTER USER GUIDE 241 Status window The Status window displays when Status is selected from the CMC Management menu This window is used for viewing the filtering status of the source and target server s for troubleshooting purposes Fig 2 1 107 Status window CMC Management menu ...

Page 266: ... or FAIL displays if the server is not being filtered NOTE Filtering Status information will only display if the Upstream Failover Detect option is enabled in the Synchroniza tion Setup window Last Library Update most recent date the library was updated on the server using the YYYY MM DD format if this information is available TIPS The order in which columns display in the grid can be changed by c...

Page 267: ...istrator configure URL hits that along with quotas specified in filtering profiles determine when a user will be blocked from further accessing URLs in a library group category This window is also used for resetting quotas so that users who have maxed out their quota time will regain access to a library group category with a quota time limit Fig 2 1 108 Quota Setting window TIP After making all co...

Page 268: ...for an amount of time ranging from one second to 3600 seconds one hour As an example of how a quota works in conjunction with hits if a quota is set to 10 minutes and the number of seconds per hit is set to 10 seconds then the user will be blocked from accessing URLs in the library group cate gory when 60 hits are made to that category i e 600 seconds 10 minutes divided by 10 seconds NOTE This fie...

Page 269: ...mit will now be able to access URLs in any library group category with a quota Set up a Schedule to Automatically Reset Quotas A schedule can be set up to reset all quotas at the appointed hour s minute s each day 1 At the New Reset Time HH MM field Select the hour at which the quota will be reset 00 23 Select the minute at which the quota will be reset 00 59 2 Click Add to include this reset time...

Page 270: ...ISE FILTER USER GUIDE Delete a Quota Reset Time from the Schedule 1 Select the quota reset time from the Current Reset Time s list box 2 Click Remove to remove the quota reset time from the list box TIP After making all configuration settings in this window during this session click Apply ...

Page 271: ... page displays Fig 2 1 109 Sample Quota Notice Page By default the following fields display Category field Name of the library category with the most hits Requested URL field The URL that triggered the Quota Notice page IP field The end user s IP address User Machine field The username displays for the NT LDAP user This field is blank for the IP group user By default the following standard links a...

Page 272: ...the user to 8e6 s Web site The end user can decide whether or not to access the requested URL By clicking Continue the user is redirected to the original requested site Quota Block page When the end user has spent 100 percent of time in a quota restricted library group category the quota block page displays Fig 2 1 110 Sample Quota Block Page Once receiving a quota block page the end user will not...

Page 273: ...the user attempted to access displays IP field The user s IP address displays User Machine field The username displays for the NT LDAP user This field may be blank for the IP group user By default the following standard links are included in the quota block page HELP Clicking this link takes the user to 8e6 s Technical Support page that explains why access to the site or service may have been deni...

Page 274: ...bers Fig 2 2 1 Group screen For the IP group branch the global administrator creates master IP groups For each master IP group the designated group administrator creates sub groups and individual IP members and adds and maintains their filtering profiles For the NT and LDAP domain branches the global adminis trator must first set up authentication in order to enable the NT LDAP branch es For each ...

Page 275: ...ins previously added to that branch Keep double clicking items in the tree list to view additional items Click an entity in the tree list to view a menu of topics or actions that can be performed for that entity NOTES Information on NT and LDAP groups can be found in the R3000 Authentication User Guide Information on creating filtering profiles for IP groups can be found in the Group Administrator...

Page 276: ...lobal Group link to view a menu of sub topics Range to Detect Rules Global Group Profile Over ride Account Minimum Filtering Level and Refresh All Fig 2 2 2 Group screen Global Group menu NOTE If the synchronization feature is used and this R3000 being configured is set up in the Target mode to synchronize both profile and library setting changes the only sub topic that displays is Range to Detect...

Page 277: ...mode Service ports that should be open ignored by the R3000 are also defined in this window Fig 2 2 3 Range to Detect Settings window main window NOTES Segments of network traffic should not be defined if using the firewall mode This window is disabled if using the mobile mode The main window Fig 2 2 3 lets you add segments to the network or modify or remove existing segments The Current Ranges li...

Page 278: ... is enabled if a downstream target server fails as detected by the 8e6 Appliance Watchdog the Current Ranges information from the failed downstream target node displays in a Node tab following the Mandatory Settings tab in this window Add a Segment to the Network To add a segment to be detected on the network 1 Click Add to go to the next page Fig 2 2 4 Range to Detect Settings second window ...

Page 279: ...cking this button takes you to the Range to Detect Setup Wizard Follow the instructions in the Range to Detect Setup Wizard sub section to complete the addition of the segment on the network Advanced Settings clicking this button takes you to the Range to Detect Advanced Settings window Follow the instructions in the Range to Detect Advanced Settings sub section to complete the addi tion of the se...

Page 280: ...omprised of six steps An entry is required in Step 1 but not in Steps 2 5 Settings made using the Wizard are saved in Step 6 Step 1 In this step you define the source IP address es to be filtered Fig 2 2 5 Range to Detect Setup Wizard Step 1 Since the first four pages of the Wizard contain the same fields and buttons instructions provided for this step are not repeated for Steps 2 4 1 Choose the a...

Page 281: ... single IP address 2 Click Add to include the segment in the list box above NOTE To modify the segment select it from the list box and click Modify to move the segment to the field s below for editing To remove the segment select it from the list box and click Remove 3 Click Next to go to the next page of the Wizard NOTE Click Cancel to be given the option to return to the main Range to Detect Set...

Page 282: ...address es to be filtered NOTE By making entries in Destination IP fields traffic will be restricted to the range specified in the Source IP and Destination IP frames This reduces the load on the R3000 thus enabling it to handle more traffic Fig 2 2 6 Range to Detect Setup Wizard window Step 2 NOTE For Steps 2 6 click Back to return to the previous page of the Wizard ...

Page 283: ...N CHAPTER 2 GROUP SCREEN 8E6 TECHNOLOGIES R3000 ENTERPRISE FILTER USER GUIDE 259 Step 3 Optional In this step you define the source IP address es to be excluded from filtering Fig 2 2 7 Range to Detect Setup Wizard window Step 3 ...

Page 284: ...o be excluded from filtering Any entries from the list box in Step 1 automatically display in the list box above NOTE By making entries in Destination IP fields traffic will be restricted to the range specified in the Source IP and Destination IP frames This reduces the load on the R3000 thus enabling it to handle more traffic Fig 2 2 8 Range to Detect Setup Wizard window Step 4 ...

Page 285: ... port numbers to be excluded from filtering Fig 2 2 9 Range to Detect Setup Wizard window Step 5 1 In the Individual Port field enter the port number to be excluded from filtering 2 Click Add to include the entry in the list box above NOTE To remove the port number select it from the list box and click Remove 3 Click Next to go to the last page of the Wizard ...

Page 286: ...tep 6 1 Review the contents in all list boxes 2 Perform one of the following actions click the Modify button to the right of the list box if you need to make changes This action takes you to that page of the Wizard where you make your edits Click Next until you return to Step 6 click Finish to accept all your entries This action takes you to the main Range to Detect Settings window where the segme...

Page 287: ...tings in the list box using the correct syntax Refer to the examples above TIP Use the Calculator to calculate IP ranges without any over laps Enter the IP address select the Netmask and then click Calculate to display results in the Min Host and Max Host fields Click Close to exit NOTE Click Cancel to be given the option to return to the main Range to Detect Settings window without saving your se...

Page 288: ...r modifying the segment Start the Setup Wizard clicking this button takes you to Step 6 of the Range to Detect Setup Wizard see Fig 2 2 10 Follow the instructions in the Range to Detect Setup Wizard sub section for Step 6 Advanced Settings clicking this button takes you to the Range to Detect Advanced Settings window see Fig 2 2 11 Follow the instructions in the Range to Detect Advanced Settings s...

Page 289: ...ing a filtering profile for an entity Fig 2 2 12 Rules window By default Rule1 BYPASS displays in the Current Rules pull down menu The other choices in this pull down menu are Rule2 BLOCK Porn Rule3 Block IM and Porn Rule4 8e6 CIPA Compliance which pertains to the Chil dren s Internet Protection Act and the Block All rule By default Rule1 displays in the Rule field BYPASS displays in the Rule Desc...

Page 290: ... the Category Groups tree are set to pass indicating that the end user can access URLs in all library catego ries This filter setting is designated by the check mark inside a green circle in the Pass column TIP In the Category Groups tree double click the group enve lope to open that segment of the tree and to view library catego ries belonging to that group To change the filter setting for a cate...

Page 291: ...t category and then pressing the Shift key on your keyboard while clicking the last category and then double clicking in the appropriate column 4 Make a selection from the Uncategorized Sites pull down menu to specify how to handle a URL that has not yet been categorized Pass Warn or Block 5 To use the quota feature to restrict the end user s access to a passed library group category do the follow...

Page 292: ...ck Add Rule to include your rule to the list that displays in the pull down menu Modify a Rule After a rule is added it can later be modified To make changes to a rule 1 Select the rule from the Current Rules pull down menu 2 Modify settings for library groups and categories in the Rule Details frame 3 Click Save Rule Copy a Rule As a time saving practice a rule can be used as a basis when creatin...

Page 293: ...RATOR SECTION CHAPTER 2 GROUP SCREEN 8E6 TECHNOLOGIES R3000 ENTERPRISE FILTER USER GUIDE 269 5 Click Save Rule Remove a Rule To delete a rule 1 Select the rule from the Current Rules pull down menu 2 Click Delete Rule ...

Page 294: ...the Global Group menu This window is used for viewing creating the global default filtering profile that will be used by all users on the network unless a unique filtering profile is created for an entity Click the following tabs in this window Category Port Default Redirect URL and Filter Options Entries in these tabs comprise the profile string for the global group Fig 2 2 13 Global Group Profil...

Page 295: ...ornog raphy and Pornography Adult Content indicating that the end user can access URLs in all other library categories This filter setting is designated by the check mark inside a green circle in the Pass column for all category groups except Adult Content TIP In the Category Groups tree double click the group enve lope to open that segment of the tree and to view library catego ries belonging to ...

Page 296: ...ng in the appropriate column Blocks of categories can be assigned the same filter setting by clicking the first category and then pressing the Shift key on your keyboard while clicking the last category and then double clicking in the appropriate column 2 Make a selection from the Uncategorized Sites pull down menu to specify how to handle a URL that has not yet been categorized Pass Warn or Block...

Page 297: ...omes enabled if a quota is entered for any library group category By default the enabled Overall Quota is turned Off If turned On enter the number of minutes in the Min field to indicate when the end user s access to passed library groups categories with quotas will be blocked If the end user spends this amount of time at URLs in any quota marked library group category the Overall Quota over rides...

Page 298: ... Fig 2 2 14 Global Group Profile window Port tab Create Edit a List of Service Ports All service ports are filtered by default To block a service port from being accessed by global filtering profile users 1 Enter the port number in the Port field 2 Click Add Each port number you add displays in the Block Port s list box 3 Click Apply to apply your settings at the global level To remove a port numb...

Page 299: ...ying the URL to be used for redirecting users who attempt to access a site or service set up to be blocked for the global filtering profile Fig 2 2 15 Global Group Profile window Default Redirect URL tab Create Edit the Redirect URL 1 Specify the type of redirect URL to be used Default Block Page Authentication Request Form or Custom URL If Custom URL is selected enter the redirect URL in the corr...

Page 300: ...e global group filtering profile Fig 2 2 16 Global Group Profile window Filter Options tab Create Edit the Filter Options 1 Click the checkbox es corresponding to the option s to be applied to the global group filtering profile X Strikes Blocking Google Yahoo Ask com AOL Safe Search Enforcement Search Engine Keyword Filter Control URL Keyword Filter Control If URL Keyword Filter Control is selecte...

Page 301: ... strict SafeSearch Filtering option will be used whenever end users perform a Google Yahoo Ask com or AOL Web search or Image search WARNINGS This feature is not compatible with the proxy envi ronment as it will cause overblocking An inappropriate image will only be blocked if that image is included in 8e6 s library or is blocked by Google Yahoo Ask com or AOL If this option is used in conjunction...

Page 302: ...stom library categories NOTES Search engine keyword filtering relies on an exact keyword match For example if the word sex is set up to be blocked but sexes is not set up to be blocked a search will be allowed on sexes but not sex However if the word gin is set up to be blocked a search on cotton gin will be blocked since the word gin is blocked To set up search engine keywords in a Search Engine ...

Page 303: ...nded after the character in a URL NOTE To set up URL keywords in a URL Keywords window see the following sections of this user guide for the specified library type 8e6 Supplied Categories see Chapter 3 Library screen URL Keywords window in this section Custom Category see the Group Administrator Section Chapter 2 Library screen URL Keywords window WARNING If this feature is activated use extreme c...

Page 304: ... displays when Override Account is selected from the Global Group menu This window is used for creating an override account that allows an IP group user to bypass settings at the minimum filtering level A user with an override account will be able to access categories and service ports blocked at the minimum filtering level Fig 2 2 17 Override Account window ...

Page 305: ...is installed on his her workstation Add an Override Account To create an Override Account profile 1 In the Account Details frame enter the username in the Name field 2 Enter the Password 3 Make the same entry again in the Confirm Password field 4 Click Add to include the username in the list box of the Current Accounts frame and to open the pop up window containing the Current Accounts name as wel...

Page 306: ...eate the category profile 1 Select a filtering rule from the available choices in the Available Filter Levels pull down menu This action automatically populates the Pass Allow Warn and or Block columns in the Rule Details frame with filter settings for each category group library category in the Category Groups tree TIP In the Category Groups tree double click the group enve lope to open that segm...

Page 307: ...ark to that column Pass URLs in this category will pass to the end user Allow URLs in this category will be added to the end user s white list Warn URLs in this category will warn the end user that the URL he she requested can be accessed but may be against the organization s policies The end user can view the URL after seeing a warning message and agreeing to its terms Block URLs in this category...

Page 308: ...Quota Settings window in Chapter 1 System screen for more information on configuring quota settings and resetting quotas for end users currently blocked by quotas The Overall Quota field becomes enabled if a quota is entered for any library group category By default the enabled Overall Quota is turned Off If turned On enter the number of minutes in the Min field to indicate when the end user s acc...

Page 309: ... site or service set up to be blocked Fig 2 2 19 Override Account pop up window Redirect tab 1 Specify the type of redirect URL to be used Default Block Page Authentication Request Form or Custom URL If Custom URL is selected enter the redirect URL in the corresponding text box The user will be redirected to the designated page at this URL instead of the block page 2 Click Apply to apply your sett...

Page 310: ...s tab is used for specifying which filter option s will be applied to the override account profile Fig 2 2 20 Override Account pop up window Filter Options tab 1 Click the checkbox es corresponding to the option s to be applied to the override account filtering profile X Strikes Blocking With the X Strikes Blocking option enabled if the user attempts to access inappro priate sites on the Internet ...

Page 311: ...e and a user is performing an inappropriate Google Yahoo Ask com or AOL Image search the number of strikes that user will receive is based upon the amount of time it will take for unacceptable Google Yahoo Ask com or AOL images returned by the query to load on the page The user will receive only one strike if all inappropriate images load within the tolerance time range of a given strike Search En...

Page 312: ...e of a browser window if that keyword has been set up to be blocked the user will be denied access to that site or service URL keywords are entered in the URL Keywords window of 8e6 supplied library categories and custom library categories With the Extend URL Keyword Filter Control option enabled a URL keyword search will be extended after the character in a URL NOTE To set up URL keywords in a UR...

Page 313: ...e new Password 4 Make the same entry again in the Confirm Password field 5 Click View Modify to open the pop up window 6 Click Apply 7 Click Close to close the pop up window Modify an Override Account To modify an override account 1 In the Current Accounts frame select the username from the list box 2 Click View Modify to open the pop up window 3 Click the tab in which to make modifications Rule R...

Page 314: ...ed by making selections from the list of library categories and service ports These settings can be bypassed if a user has an override account NOTE See the Override Account window in this chapter and in Chapter 1 of the Group Administrator Section for more informa tion about override accounts Click the following tabs in this window Category Port and Min Filter Bypass Entries in the Category and Po...

Page 315: ...ild Pornography and Pornography Adult Content are assigned a Block filter setting and all other active library categories are set to Pass Filter settings are designated by the check mark inside a green circle in the Pass or Block column TIP In the Category Groups tree double click the group enve lope to open that segment of the tree and to view library catego ries belonging to that group ...

Page 316: ...Ls in this category will pass to the end user Block URLs in this category will be blocked TIPS Multiple categories can be assigned the same filter setting by clicking each category while pressing the Ctrl key on your keyboard and then double clicking in the appropriate column Blocks of categories can be assigned the same filter setting by clicking the first category and then pressing the Shift key...

Page 317: ... level Fig 2 2 22 Minimum Filtering Level window Port tab Create Edit a List of Service Ports All service ports are filtered by default To block a service port from being accessed at the minimum filtering level 1 Enter the port number in the Port field 2 Click Add Each port number you add displays in the Block Port s list box 3 Click Apply to apply your settings at the minimum filtering level To r...

Page 318: ...isplays when the Min Filter Bypass tab is clicked This tab is used for specifying whether users in a master IP group will be allowed to bypass the minimum filtering level with an override account or an exception URL Fig 2 2 23 Minimum Filtering Level window Min Filter Bypass tab NOTE See the Override Account window and Exception URL window of the Group screen in the Group Administrator Section of ...

Page 319: ...l be able to access content blocked at the minimum filtering level 2 Click Save to apply your settings To allow users to bypass exception URLs set up to be blocked at the minimum filtering level 1 In the Exception URL frame click the On checkbox Users will be able to bypass settings at the minimum filtering level if URLs blocked at the minimum filtering level are set up to be accessed by users 2 C...

Page 320: ...al Group menu click Refresh All to refresh the main branches of the tree This action should be performed whenever authentication has been enabled or disabled If authentication is enabled when Refresh All is clicked the NT and LDAP branches of the tree display When authenti cation is disabled when Refresh All is clicked only the IP branch of the tree displays ...

Page 321: ... SCREEN 8E6 TECHNOLOGIES R3000 ENTERPRISE FILTER USER GUIDE 297 IP IP includes options for adding a master IP group and to refresh the tree list Click the IP link to view a menu of sub topics Add Group and Refresh Fig 2 2 24 Group screen IP menu ...

Page 322: ...igit The following characters cannot be used in the name period comma colon semi colon exclamation point question mark ampersand asterisk quotation mark apostrophe grave accent mark tilde caret _ underscore pipe slash backslash double backslashes left parenthesis right paren thesis left brace right brace left bracket right bracket at sign pound sign dollar sign percent sign less than symbol greate...

Page 323: ...OK to add the group to the tree NOTE Information on defining the group and its members and establishing their filtering profiles can be found in the Group Administrator Section of this user guide Refresh Refresh IP Groups From the IP group menu click Refresh whenever changes have been made in this branch of the tree ...

Page 324: ... main topics displays in the navigation panel at the left of the screen Updates Library Lookup Customer Feed back Module Category Weight System NNTP Newsgroup and Category Groups NOTE If the synchronization feature is used an R3000 set up in the Target mode to synchronize both profile and library setting changes will only display the Updates Library Lookup Customer Feedback Module and NNTP Newsgro...

Page 325: ...a library category topic to view a menu of sub topics for that library category item Library Details URLs URL Keywords and Search Engine Keywords To add a custom category click Custom Categories and select Add Category NOTES Information on creating and maintaining Custom Cate gories can be found in the Group Administrator Section of this user guide See Appendix A in the Appendices Section for the ...

Page 326: ...TER USER GUIDE Updates Updates includes options for making configurations for library category activities Click the Updates link to view a menu of sub topics Configuration Manual Update Addi tional Language Support Library Update Log and Emer gency Update Log Fig 2 3 2 Library screen Updates menu ...

Page 327: ... menu This window is used for making settings to allow the R3000 to receive 8e6 supplied library category updates on a daily basis Fig 2 3 3 Configuration window Set a Time for Updates to be Retrieved 1 In the Schedule Time frame by default 1 00 am displays for the Current automatic update time At this pull down menu specify the time at which library updates will be retrieved 2 Click Apply to appl...

Page 328: ... of the Proxy Server Enter the host name for the proxy server in this field 3 By default userid displays in the Username field Enter the username for the FTP account 4 Enter the same password in the Password and Confirm Password fields 5 Click Apply to apply your settings Select the Log Level 1 In the Log Level frame select the log level to be used for specifying the log contents Log Level 1 inclu...

Page 329: ... Manual Update is selected from the Updates menu This window is used for updating specified 8e6 supplied library categories on demand from the update server if the R3000 has not received daily updates due to an occurrence such as a power outage Fig 2 3 4 Manual Update window NOTE The Configuration window should be used for scheduling the R3000 to automatically download libraries on a daily basis ...

Page 330: ...he core library files Patch Update Select this option to download new software updates for the R3000 if available Any soft ware updates that are downloaded can be found in the System section of the console in the Local Patch window Using that window a software update can be selected and applied 2 Click Update Now to begin the update process TIP To view update activity select Library Update Log fro...

Page 331: ... is used for including additional 8e6 supported languages in library downloads Fig 2 3 5 Additional Language Support window Select Additional Languages 1 Make a selection from the Unselected Languages list box and click the right arrow to move that selection to the Selected Languages list box 2 Once the Selected Languages list box is populated the Optional Select Primary Language pull down menu in...

Page 332: ...onal selection for a primary language choose the language from the Optional Select Primary Language pull down menu TIP To move a language selection back to the Unselected Languages list box select the item and then click the left arrow 3 Click Apply to have URLs from the selected language s included in the library categories ...

Page 333: ...r activity of library updates from the update server to your R3000 and for downloading the activity log Fig 2 3 6 Library Update Log window View the Library Update Process When performing a manual on demand library update click View Log to display contents from the log file with the status of the library update Keep clicking this button to continue viewing log file data NOTE See Appendix B Travele...

Page 334: ...ge on how to download the log file to your worksta tion if using Windows XP 2 Click OK to close the alert box Two pop up boxes open A second alert box asks you to confirm that the file was successfully saved to your machine Click OK in this box after the download is completed In the File Download dialog box click Save Fig 2 3 7 Download Log dialog box This action opens the Save As window Fig 2 3 8...

Page 335: ...box opens Fig 2 3 9 Download Complete box 4 You can now open this file open the folder where the file was saved or close this dialog box NOTE Proceed to View the Contents of the Log for information on viewing or printing the contents of the log file 5 Click OK to close the alert box asking you to verify that the log file was successfully saved to your machine View the Contents of the Log Once the ...

Page 336: ... FILTER USER GUIDE Fig 2 3 10 Folder containing downloaded file 2 Choose Open With and then select a zip file executable program such as WinZip Executable to launch that application Fig 2 3 11 WinZip Executable program 3 If using WinZip click I Agree to open the window containing the zip file ...

Page 337: ...USER GUIDE 313 Fig 2 3 12 WinZip window 4 Right click the zip file to open the pop up menu and choose View to open the View dialog box Fig 2 2 13 View dialog box 5 Select Internal ASCII text viewer and then click View to open the View window containing the log file contents Fig 2 3 14 View window ...

Page 338: ...e contents of this file 1 Click Clipboard Copy wait for the dialog box to open and confirm that the text has been copied to the clip board and then click OK to close the dialog box 2 Open Notepad in Windows XP Start All Programs Accessories Notepad in Windows 2000 Start Programs Accessories Notepad 3 Paste the contents from the clipboard into the Notepad file Fig 2 3 15 Notepad The correctly forma...

Page 339: ...ndow is used for viewing transfer activity of emergency software updates from the update server to your R3000 and for downloading the activity log Fig 2 3 16 Emergency Update Log window View the Emergency Software Update Process Click View Log to display contents from the emergency software update log file with the status of the software update NOTES See Appendix B Traveler Log Messages for inform...

Page 340: ...hine Click OK in this box after the download is completed In the File Download dialog box click Save this action opens the Save As window 3 Find the folder in which to save the file and then enter the File name retaining the zip file extension Click Save to begin downloading the zip file to your worksta tion After the file has completely downloaded the Down load complete dialog box opens 4 You can...

Page 341: ...Library Lookup Library Lookup window The Library Lookup window displays when Library Lookup is selected from the navigation panel This window is used for verifying whether a URL or search engine keyword or keyword phrase exists in a library category and to remove it if necessary Fig 2 3 17 Library Lookup window ...

Page 342: ... in http 209 247 228 221 octal format e g http 0106 0125 0226 0322 hexadecimal short format e g http 0x465596d2 hexadecimal long format e g http 0x46 0x55 0x96 0xd2 decimal value format e g http 1180014290 escaped hexadecimal format e g http 57 57 57 41 44 44 49 43 54 49 4E 4 7 47 41 4D 45 53 43 4F 4D NOTE The minimum number of wildcard levels that can be entered is three e g yahoo com and the max...

Page 343: ...rom the Result Category list box 2 Click Remove Submit an Email to the Administrator If using a non Web based email client such as Outlook you can send an email to the administrator at your organization regarding a URL or search engine keyword that appears to be incorrectly categorized 1 Select the item s from the Result Category list box 2 Click Email Result ...

Page 344: ... in the Result Category list box showing the long name of all categories that contain the search engine keyword phrase Remove a Search Engine Keyword To remove a search engine keyword phrase from library categories 1 After performing the search engine keyword search select the categories from the Result Category list box 2 Click Remove Reload the Library Once all changes have been made to library ...

Page 345: ...Customer Feed back Module feature in which the most frequently visited non categorized URLs in your R3000 s filter log will be FTPed to 8e6 on a daily basis The URLs collected by 8e6 will be reviewed and added to 8e6 s standard library catego ries as appropriate so they can be blocked Fig 2 3 18 Customer Feedback Module window WARNING This feature is enabled by default Please refer to the sub sect...

Page 346: ... Feedback Module 2 Click Apply Enable Customer Feedback Module 1 At the Customer Feedback Module Auto Learning Feature field click On to indicate that you wish to enable the Customer Feedback Module 2 Click Apply to open the Disclaimer dialog box Fig 2 3 19 Disclaimer box 3 Scroll down to read the text in this box Customer Feedback Module Disclosure Statement Customer Feedback Module shall mean th...

Page 347: ... nor will the Web request data be used for any purpose other than enhancing the URL library and related categories used by 8e6 Technologies for the purpose of filtering and reporting 8e6 Technologies agrees to discuss the information collected by the Customer Feedback Module only with 8e6 Technologies employees who have a need to know and who have been informed of the confidential nature of the in...

Page 348: ...After reading this text if you agree with the terms click in the checkbox to activate the Accept button 5 Click Accept to close the Disclaimer box and to open the Note dialog box Fig 2 3 20 Note dialog box 6 If you do not have a firewall or if you agree to open your firewall to cfm 8e6 com click Accept to proceed ...

Page 349: ... Category Weight System window displays when Cate gory Weight System is selected from the navigation panel This feature lets you choose which category will be logged and reported for a URL request that exists in multiple cate gories possibly both 8e6 supplied and custom library cate gories with the same operational precedence Fig 2 3 21 Category Weight System window ...

Page 350: ...sts in multiple categories the highest operational prece dence would be logged If a URL exists in a category that is Always Allowed as well as a category set to be Blocked for that user Always Allowed would be logged because it holds the highest oper ational precedence However if an end user attempts to access a URL set to be Blocked in several categories the category with the highest weighting wo...

Page 351: ...m to the No Weight Categories list box Once the Weight Categories list box is populated with categories you wish to include select a category and use the arrow keys to weight it against other categories TIP There are four arrow keys to the right of the Weight Cate gories list box From top to bottom the first arrow key moves the selection to the top of the list The second arrow key moves the select...

Page 352: ...s when NNTP News group is selected from the navigation panel This window is used for adding or removing a newsgroup from the libraries Fig 2 3 22 NNTP Newsgroup window Add a Newsgroup to the Library To add a newsgroup to the library 1 In the Newsgroup frame enter the Newsgroup address 2 Click Add If the newsgroup already exists an alert box will open to inform you that it exists ...

Page 353: ...from the library 1 In the Newsgroup frame enter the Newsgroup address 2 Click Remove After all changes have been made to library windows click Reload Library to refresh NOTE Since reloading the library utilizes system resources that impact the performance of the R3000 8e6 recommends clicking Reload Library only after modifications to all library windows have been made ...

Page 354: ...at supplies updates to the R3000 Category Groups also contains the Custom Categories category group Customized category groups and library categories must be set up and maintained by global or group administrators Fig 2 3 23 Library screen Category Groups menu NOTE See the Custom Categories sub section of the Group Administrator Section for information on setting up customized category groups and ...

Page 355: ... category groups Double click a category group s envelope to open that segment of the tree and to view library categories belonging to that group Click the 8e6 supplied category link to view a menu of sub topics Library Details URLs URL Keywords and Search Engine Keywords Menus for Instant Messaging library categories only include the sub topics Library Details and URLs ...

Page 356: ...Details window The Library Details window displays when Library Details is selected from the library category s menu of sub topics This window is a view only window Fig 2 3 24 Library Details window View Library Details This window displays the Group Name Description and Short Name of the 8e6 supplied library category ...

Page 357: ...r removing a URL from a library category A URL can contain a domain name such as playboy in http www playboy com or an IP address such as 209 247 228 221 in http 209 247 228 221 A wildcard asterisk symbol followed by a period can be entered in a format such as playboy com for example to block access to all URLs ending in playboy com A URL is used in a filtering profile for blocking a user s access...

Page 358: ... Library Category To view a list of all URLs that either have been added or deleted 1 Click the View tab 2 Make a selection from the pull down menu for Addition List Deletion List Wildcard Addition List or Wild card Deletion List 3 Click View List to display the specified items in the Select List list box Fig 2 3 26 URLs window View tab ...

Page 359: ...d IP address e g 209 247 228 221 in http 209 247 228 221 octal format e g http 0106 0125 0226 0322 hexadecimal short format e g http 0x465596d2 hexadecimal long format e g http 0x46 0x55 0x96 0xd2 decimal value format e g http 1180014290 escaped hexadecimal format e g http 57 57 57 41 44 44 49 43 54 49 4E 4 7 47 41 4D 45 53 43 4F 4D 2 Click Add to display the associated URL s in the list box below...

Page 360: ...that you wish to add to the category 4 Click Apply Action NOTE Wildcard URL query results include all URLs containing text following the period after the wildcard symbol For example an entry of beer com would find a URL such as http virtualbartender beer com However if a specific URL was added to a library category that is not set up to be blocked and a sepa rate wildcard entry containing a portio...

Page 361: ...Card URL List frame as pertinent 3 Click Remove to display the associated URLs in the list box below 4 Select the URL s that you wish to remove from the cate gory 5 Click Apply Action Reload the Library After all changes have been made to library windows click Reload Library to refresh NOTE Since reloading the library utilizes system resources that impact the performance of the R3000 8e6 recommend...

Page 362: ...RL keywords from a library category A library category uses URL keywords to block a user s access to Internet addresses containing keywords included in its list Fig 2 3 27 URL Keywords window NOTE If the feature for URL keyword filtering is not enabled in a filtering profile URL keywords can be added in this window but URL keyword filtering will not be in effect for the user s See the Filter Optio...

Page 363: ...e such as http www essex com View a List of URL Keywords To view a list of all URL keywords that either have been added or deleted 1 In the View Keyword Addition Deletion List frame make a selection from the pull down menu for Addition List or Deletion List 2 Click View List to display the specified items in the Select List list box Add or Remove URL Keywords Add a URL Keyword to the Library Categ...

Page 364: ...ile on the server by clicking the Append or Overwrite radio button Upload a List of URL Keyword Additions To upload a text file with URL keyword additions 1 Click Upload To Addition File to open the Upload Library Keyword pop up window Fig 2 3 28 Upload Library Keyword pop up window 2 Click Browse to open the Choose file window 3 Select the file to be uploaded 4 Click Upload File to upload this fi...

Page 365: ...Keyword pop up window see Fig 2 3 28 2 Click Browse to open the Choose file window 3 Select the file to be uploaded 4 Click Upload File to upload this file to the server Reload the Library After all changes have been made to library windows click Reload to refresh NOTE Since reloading the library utilizes system resources that impact the performance of the R3000 8e6 recommends clicking Reload only...

Page 366: ...ndow is used for adding and removing search engine keywords phrases to and from a library category A library category uses search engine keywords to block searches on subjects containing keywords included in its list Fig 2 3 29 Search Engine Keywords window NOTE Master lists cannot be uploaded to any 8e6 supplied library category See the Custom Categories sub section of the Group Administrator Sec...

Page 367: ...n blocked categories For example if all searches on gin are set up to be blocked users will not be able to run a search on a subject such as cotton gin However if the word sex is set up to be blocked a search will be allowed on sexes but not sex since a search engine keyword must exactly match a word set up to be blocked View a List of Search Engine Keywords To view a list of all search engine key...

Page 368: ... Add Del Keyword frame specify whether the contents of this file will add to the current file or overwrite the current file on the server by clicking the Append or Overwrite radio button Upload a List of Search Engine Keyword Additions To upload a text file with search engine keyword phrase additions 1 Click Upload To Addition to open the Upload Library Keyword pop up window see Fig 2 3 28 2 Click...

Page 369: ...oad Library Keyword pop up window see Fig 2 3 28 2 Click Browse to open the Choose file window Select the file to be uploaded 3 Click Upload File to upload this file to the server Reload the Library After all changes have been made to library windows click Reload to refresh NOTE Since reloading the library utilizes system resources that impact the performance of the R3000 8e6 recommends clicking R...

Page 370: ... the left of the screen click Report Configuration to display the Report Configuration window used if the R3000 s log files will be transferred to a reporting application Click Real Time Probe to display windows for configuring and maintaining real time probes This tool is used for monitoring Internet activities of speci fied users in real time If using 8e6 s Enterprise Reporter ER as the R3000 s ...

Page 371: ...00 ENTERPRISE FILTER USER GUIDE 347 NOTE Information on configuring the Enterprise Reporter ER to work with the R3000 can be found in Appendix F of the Appen dices Section WARNING A version of the Enterprise Reporter prior to 3 0 should not be configured to work with the R3000 ...

Page 372: ...selected from the navigation panel This window is used if a reporting application needs to be set up to receive logs from the R3000 Fig 2 4 2 Report Configuration window Specify the Reporting Device By default no option is selected at the Export field If R3000 logs will be exported to a reporting application 1 Click the checkbox corresponding to the reporter to be used for transferring logs 8e6 En...

Page 373: ... you need to specify criteria for the ER server that will receive logs from the R3000 Fig 2 4 3 Report Configuration window 8e6 ER option ER tab Edit ER Server Information In the Log File Transfer Configuration frame by default the IP address 1 2 3 6 displays in the Remote Server list box To add the IP address assigned to the ER server 1 Enter the LAN 1 IP address in the Server field 2 Click Add t...

Page 374: ... IP address 2 Click Remove Execute Log Transfer Now In the Initiating Log Transfer frame click Initiate to transfer the log on demand View Transfer Activity to the ER After the ER has been configured and logs have been trans ferred from the R3000 to the ER you can view transfer activity Fig 2 4 4 Report Configuration window 8e6 ER option Log tab 1 Click the Log tab ...

Page 375: ...by default On this tab you need to specify criteria for the reporter that will receive logs from the R3000 Fig 2 4 5 Report Configuration window Other Device option and tab Enter or Edit Server Information In the Server Configuration frame 1 By default ftpserver company com displays in the Remote Server field Enter the IP address of the remote server 2 In the FTP Directory field storage r3000logs ...

Page 376: ...ymous is selected these fields are deactivated 6 Click Save In the FTP Log Update frame 1 At the Hour field make a selection from the pull down menu 1 2 3 4 6 8 12 24 to specify the interval between hours in military time when the update should occur 1 updates occur each hour 2 updates occur every two hours at these intervals of time 2 4 6 8 10 12 14 16 18 20 22 24 3 updates occur every three hour...

Page 377: ...LTER USER GUIDE 353 View Transfer Activity to the Reporting Device After logs have been transferred from the R3000 to the reporting device the Log tab can be clicked to view transfer activity On this tab click View Log to view up to the last 300 lines of transfer activity in the View Log frame ...

Page 378: ...me Probe Real Time Probe window The Real Time Probe window displays when Real Time Probe is selected from the navigation panel This feature lets the probe administrator monitor a user s Internet usage in real time to see if that user is using the Internet appropri ately Fig 2 4 6 Real Time Probe window Configuration tab ...

Page 379: ...0 probes 2 Enter the Maximum Probes that can be Scheduled equal to or less than the maximum probes that can run at the same time The default setting is 5 probes 3 Enter the Maximum Run Time in Minutes the probe will search for URLs up to 1440 minutes 24 hours The default setting is 1000 minutes 4 Enter the Maximum Report Lifetime in Days to keep a saved report before deleting it The default settin...

Page 380: ...ent White list of IPs list box 2 Click Delete to remove the IP address es from the white list Report Recipients Click the Report Recipients tab to display Email Report Fig 2 4 7 Real Time Probe window Report Recipients tab Specify Email File Criteria 1 Click the radio button corresponding the to the Email Format to be used for the file Plain Text or HTML By default HTML is selected ...

Page 381: ...dress of an individual who will receive completed probe reports 2 Click Add to include the email address in the Current List of Completed Reports to be Emailed list box NOTE The maximum number of report recipients is 50 If more than 50 recipients need to be included 8e6 recommends setting up an email alias list for group distribution Remove Email Addresses 1 Select the email address es from the Cu...

Page 382: ...ounts tab Set up Users Authorized to Create Probes 1 Enter the Username of a staff member who is authorized to create real time probes 2 Enter the user s password in the Password and Confirm Password fields using eight to 20 characters and at least one alpha character one numeric character and one special character The password is case sensitive 3 Click Add to include the username in the Current A...

Page 383: ...ser s account 1 Select the username from the Current Accessible Users list box 2 Click Disable to move the username to the Current Un Accessible Users list box Delete a Logon Account To delete a user s account 1 Select the username from the Current Accessible Users list box 2 Click Delete WARNING By deleting a logon account in addition to not being able to create real time probes that user will al...

Page 384: ...administrator clicks Go to Real Time Probe Reports GUI either the Re login window or the Real Time Probe Reports pop up window opens Re login window The Re login window opens if the user s session needs to be validated Fig 2 4 9 Re login window 1 Enter your Username 2 Enter your Password 3 Click OK to close the Re login window and to re access the R3000 console ...

Page 385: ...4 11 showing the global administrator information on all active probes NOTE An authorized staff member can click a link in an email alert or type in http x x x x 88 RtProbe jsp in the address field of a browser window in which x x x x is the IP address of the R3000 to only see probes he she created Create a Real Time Probe Click the Create tab to enter and specify criteria for the report you wish ...

Page 386: ...ter the characters to be included in the User Name s to be probed The entry in this field is case sensitive This selection generates a report with data for all usernames containing the consecutive characters you specified In this example if ART is entered ART GARTH and MARTA would be included in the report But Art or BARRETT would not be included since the former username does not contain all uppe...

Page 387: ...leted report to a specified email address enter the Email Address to Mail the Completed Report 5 Specify the Start Date Time by clicking the appropriate radio button Now click this radio button to run the probe now Schedule at click this radio button to schedule a time for running the probe Select the date and time from the pull down menus A probe that is scheduled to run at a specified date and t...

Page 388: ...ew details about active probes Fig 2 4 11 Real Time Probe Reports View tab The Display Name shows the name assigned to the probe on the Create tab The Start Date Time displays in the YYYY MM DD HH MM SS format Daily displays in the Recurrence column if the probe is scheduled to run on a daily basis The Status of the probe displays Completed In Progress or Scheduled ...

Page 389: ...probe is Completed or In Progress clicking View opens the Real Time Information box Fig 2 4 12 Real Time Information box This box displays the number of minutes left for the probe to run Run Time Left and user details for each item in the grid Date Time in the YYYY MM DD HH MM SS format IP Address User Name library Category Filter Action set up in the profile Pass Block reserved for ER Warn Warned...

Page 390: ...o Email After the probe is completed the Email button is avail able instead of the Stop button Clicking Email opens the Email option dialog box in which you specify an email address to send the completed report see Email option Click Close to close the Real Time Information box Properties option Clicking Properties opens the Probe Properties box Fig 2 4 13 Probe Properties box This box includes th...

Page 391: ... Infor mation box via the Stop button Clicking Delete opens the following dialog box asking if you want to delete the probe Fig 2 4 14 Probe Properties deletion box Click Yes to delete the probe and remove it from the View tab Email option Clicking Email opens the Email Address box Fig 2 4 15 Email Address box Enter the Email Address to Mail the Completed Report and click Send to send the complete...

Page 392: ...rmat Shadow Log Format window The Shadow Log Format window displays when Shadow Log Format is selected from the navigation panel If the R3000 s reporting device is the 8e6 Enterprise Reporter ER this window is used for specifying the log format the R3000 will use for sending logs to the ER Fig 2 4 16 Shadow Log Format window ...

Page 393: ...and higher is compatible with R3000 software version 2 0 and higher and the ER table structure in software release 3 75 and higher up until 4 1 is compatible with R3000 software version 1 9 and higher up until 2 0 Auto detect option By default Auto detect is selected Using this option the R3000 will search for a connection to an ER and identify the software version of the software update applied t...

Page 394: ...higher software update applied the Post 2 0 log option should be selected since the ER 4 1 or higher software update uses the new log structure Post 1 9 log format option If this R3000 currently has the 1 9 or higher software update applied the Post 1 9 log option should be selected since the ER 3 75 or higher software update uses the new log structure Pre 1 9 log format option If this R3000 curre...

Page 395: ... and group members Chapter 2 includes information on creating and maintaining Custom Categories for libraries The group administrator performs the following tasks defines members of a master IP group adds sub group members and or individual IP members and creates their filtering profiles grants designated users access to Internet content blocked at the global level as appropriate via an over ride ...

Page 396: ...mobile mode and may contain a netmask within a valid IP address range Fig 3 1 1 Group screen The navigation panel at the left of the screen contains the IP branch of the Group tree NOTE If the synchronization feature is used a server set up in the Target mode to synchronize both profile and library setting changes will not have branches of the tree accessible Double click the IP branch of the tree...

Page 397: ...SER GUIDE 373 Click an entity in the tree list to view a menu of topics or actions that can be performed for that entity IP Refresh Refresh the Master IP Group Member Click Refresh whenever a change has been made to the master IP group or member level of the tree Fig 3 1 2 Group screen IP menu ...

Page 398: ...ts setting up an override account and or exception URLs to bypass global settings and uploading or downloading IP profiles Click the master IP group s link to view a menu of sub topics Group Details Members Override Account Group Profile Exception URL Time Profile Upload Download IP Profile Add Sub Group Add Individual IP Delete Group and Paste Sub Group Fig 3 1 3 Group screen master IP group menu...

Page 399: ...nd for changing the password of the group administrator Fig 3 1 4 Group window Change the Group Administrator Password In the Group Administrator frame the Group Name displays To change the password for this group 1 Enter the password in the Password and Confirm Pass word fields using eight to 20 characters and at least one alpha character one numeric character and one special character The passwo...

Page 400: ...sed for adding and managing members of a master IP group For the invisible and router modes a member is comprised of an associated IP address and a sub group may also contain a netmask For the mobile mode a member s MAC address is used for obtaining the end user s filtering profile NOTE See Appendix E 8e6 Mobile Client for information on adding members when using the mobile mode Fig 3 1 5 Members ...

Page 401: ...he netmask in the Source IP fields If Source IP Start End was selected enter the Start and End of the IP address range 2 Click Add to include the IP address entry in the Current Members list box TIP Click Calculator to open the IP Calculator and calculate IP ranges without any overlaps Enter the IP address specify the Netmask and then click Calculate to display results in the Min Host and Max Host...

Page 402: ...selected from the menu This window is used for creating an override account that allows an end user from a master IP group to bypass settings at the minimum filtering level A user with an override account will be able to access categories and service ports blocked at the minimum filtering level if the option to bypass the minimum filtering level is activated Fig 3 1 6 Override Account window ...

Page 403: ...er with an override account can authenticate if a pop up blocker is installed on his her workstation Add an Override Account To create an Override Account profile 1 In the Account Details frame enter the username in the Name field 2 Enter the Password 3 Make the same entry again in the Confirm Password field 4 Click Add to include the username in the list box of the Current Accounts frame and to o...

Page 404: ...ate the category profile 1 Select a filtering rule from the available choices in the Available Filter Levels pull down menu This action automatically populates the Pass Allow Warn and or Block columns in the Rule Details frame with filter settings for each category group library category in the Category Groups tree TIP In the Category Groups tree double click the group enve lope to open that segme...

Page 405: ...rk to that column Pass URLs in this category will pass to the end user Allow URLs in this category will be added to the end user s white list Warn URLs in this category will warn the end user that the URL he she requested can be accessed but may be against the organization s policies The end user can view the URL after seeing a warning message and agreeing to its terms Block URLs in this category ...

Page 406: ...Quota Settings window in Chapter 1 System screen for more information on configuring quota settings and resetting quotas for end users currently blocked by quotas The Overall Quota field becomes enabled if a quota is entered for any library group category By default the enabled Overall Quota is turned Off If turned On enter the number of minutes in the Min field to indicate when the end user s acc...

Page 407: ... user if he she attempts to access a site or service set up to be blocked Fig 3 1 8 Override Account pop up window Redirect tab Specify the type of redirect URL to be used Default Block Page Authentication Request Form or Custom URL If Custom URL is selected enter the redirect URL in the corresponding text box The user will be redirected to the designated page at this URL instead of the block page...

Page 408: ...ick the checkbox es corresponding to the option s to be applied to the override account filtering profile X Strikes Blocking With the X Strikes Blocking option enabled if the user attempts to access inappropriate sites on the Internet he she will be locked out from his her workstation after a specified number of tries within a fixed time period NOTE See the X Strikes Blocking window in Chapter 1 S...

Page 409: ...lerance time range of a given strike Search Engine Keyword Filter Control With the Search Engine Keyword Filter Control option enabled search engine keywords can be set up to be blocked When the user enters a keyword in the search engine if that keyword has been set up to be blocked the search will not be performed Search engine keywords are entered in the Search Engine Keywords window of custom l...

Page 410: ...enter the username in the Name field 3 Enter the new Password 4 Make the same entry again in the Confirm Password field 5 Click View Modify to open the pop up window 6 Click Apply 7 Click Close to close the pop up window Modify an Override Account To modify an override account 1 In the Current Accounts frame select the username from the list box 2 Click View Modify to open the pop up window 3 Clic...

Page 411: ...TION CHAPTER 1 GROUP SCREEN 8E6 TECHNOLOGIES R3000 ENTERPRISE FILTER USER GUIDE 387 Delete an Override Account To delete an override account 1 In the Current Accounts frame select the username from the list box 2 Click Remove ...

Page 412: ...w Category Redirect URL and Filter Options Entries in these tabs comprise the profile string for the group Category Profile Category Profile displays by default when Group Profile is selected from the group menu or when the Category tab is clicked This tab is used for assigning filter settings to cate gory groups library categories for the group s filtering profile Fig 3 1 10 Group Profile window ...

Page 413: ...ory group library category in the Category Groups tree TIP In the Category Groups tree double click the group enve lope to open that segment of the tree and to view library catego ries belonging to that group NOTE If a category group does not display any filter setting i e the check mark does not display in any column for the category group one or more library categories within that group has a se...

Page 414: ... in the appropriate column 3 Make a selection from the Uncategorized Sites pull down menu to specify how to handle a URL that has not yet been categorized Pass Warn or Block 4 To use the quota feature to restrict the end user s access to a passed library group category do the following In the Quota column enter the number of minutes the user will be able to access the library group category The mi...

Page 415: ...ose to close the pop up window and to return to the Override Account window Redirect URL Redirect URL displays when the Redirect URL tab is clicked This tab is used for specifying the URL to be used for redirecting users who attempt to access a site or service set up to be blocked at the group level Fig 3 1 11 Group Profile window Redirect URL tab Create Edit the Redirect URL 1 Specify the type of...

Page 416: ...ttings Filter Options Filter Options displays when the Filter Options tab is clicked This tab is used for specifying which filter option s will be applied to the group s filtering profile Fig 3 1 12 Group Profile window Filter Options tab Create Edit the Filter Options 1 Click the checkbox es corresponding to the option s to be applied to the sub group filtering profile X Strikes Blocking Google Y...

Page 417: ...ers perform a Google Yahoo Ask com or AOL Web search or Image search WARNINGS This feature is not compatible with the proxy envi ronment as it will cause overblocking An inappropriate image will only be blocked if that image is included in 8e6 s library or is blocked by Google Yahoo Ask com or AOL If this option is used in conjunction with the X Strikes Blocking feature and a user is performing an...

Page 418: ... Control option enabled URL keywords can be set up to be blocked When a user enters a keyword in the address line of a browser window if that keyword has been set up to be blocked the user will be denied access to that site or service URL keywords are entered in the URL Keywords window of custom library categories With the Extend URL Keyword Filter Control option enabled a URL keyword search will ...

Page 419: ... 1 13 Exception URL window NOTE Settings in this window work in conjunction with those made in the Override Account window and in the Minimum Filtering Level window maintained by the global administrator Users with an override account will be able to access URLs set up to be blocked in this window if the global administrator acti vates bypass settings in the Minimum Filtering Bypass Options tab Se...

Page 420: ...accessed by the group again 1 Select the URL from the Block URLs list box 2 Click Remove ByPass URL frame To allow a URL that is blocked at the minimum filtering level to be accessed by the group 1 In the ByPass URL field enter the URL 2 Click Add to include the URL in the ByPass URLs list box To block the group s access to the URL again 1 Select the URL from the ByPass URLs list box 2 Click Remov...

Page 421: ...the group menu This window is used for setting up or modifying a filtering profile to be activated at a specified time Fig 3 1 14 Time Profile window The Current Time Profiles list box displays the Name and Description of any time profiles previously set up for the entity that are currently active Add a Time Profile To create a time profile 1 Click Add to open the Adding Time Profile pop up box ...

Page 422: ...Time Profile 2 Type in three to 20 alphanumeric characters the under score _ character can be used for the profile name 3 Click OK to close the pop up box and to open the Adding Time Profile pop up window that displays the name of this profile at the top of the Time Profile frame Fig 3 1 16 Time Profile window Recurrence tab ...

Page 423: ...splays in the Start field and 12 15 displays in the End field b Indicate whether this time slot is AM or PM c Today s date displays using the MM DD YY format To choose another date click the arrow in the date drop down menu to open the calendar pop up box In this pop up box you can do the following Click the left or right arrow at the top of this box to navigate to the prior month or the next mont...

Page 424: ...s entered and Wednesday and Friday are selected this profile will be used every two weeks on Wednesday and Friday Monthly If this selection is made first enter the interval for the months this time profile will be used and next specify which day of the month If Day is chosen select from 1 31 If a non specific day is chosen make selections from the two pull down menus for the following week of the ...

Page 425: ... down menus for the following week of the month First Fourth or Last day of the month Sunday Saturday Day Weekday Weekend month January December By default the First Sunday of January are selected If 2 is entered and the First Monday of June are selected this profile will be used every two years on the first Monday in June For example if the current month and year are May 2008 the first Monday in ...

Page 426: ...he time profile See Category Profile Redirect URL Filter Options and Exception URL in this sub section for infor mation on the Rule Redirect Filter Options and Excep tion tabs 8 Click Apply to activate the time profile for the IP group at the specified time 9 Click Close to close the Adding Time Profile pop up window and to return to the Time Profile window In this window the Current Time Profiles...

Page 427: ...tegory Profile The Rule tab is used for creating the categories portion of the time profile Fig 3 1 17 Time Profile pop up window Rule tab NOTE See the Override Account window Category Profile sub section in this chapter for information about entries that can be made for this component of the filtering profile ...

Page 428: ...ed for specifying the URL to be used for redirecting users who attempt to access a site or service set up to be blocked Fig 3 1 18 Time Profile pop up window Redirect URL tab NOTE See the Override Account window Redirect URL sub section in this chapter for information about entries that can be made for this component of the filtering profile ...

Page 429: ...Filter Options tab is used for specifying which filter option s will be applied to the time profile Fig 3 1 19 Time Profile pop up window Filter Options tab NOTE See the Override Account window Filter Options sub section in this chapter for information about entries that can be made for this component of the filtering profile ...

Page 430: ...Settings in this window work in conjunction with those made in the Override Account window and in the Minimum Filtering Level window maintained by the global administrator Users with an override account will be able to access URLs set up to be blocked in this window if the global administrator acti vates bypass settings in the Minimum Filtering Bypass Options tab See the Override Account window in...

Page 431: ...ock URLs list box To allow the URL to be accessed by the group again 1 Select the URL from the Block URLs list box 2 Click Remove To allow a URL that is blocked at the minimum filtering level to be accessed by the group 1 In the ByPass URL field enter the URL 2 Click Add to include the URL in the ByPass URLs list box To block the group s access to the URL again 1 Select the URL from the ByPass URL...

Page 432: ...me Profiles pop up window 3 Make modifications in the default Recurrence tab and or click the tab in which to make modifications Rule Redi rect Filter Options Exception 4 Make edits in this tab and in any other tab if necessary 5 Click Apply 6 Click Close to close the Modify Time Profiles pop up window and to return to the Time Profile window Delete a Time Profile To delete a time profile 1 Select...

Page 433: ...load Download IP Profile window The Upload Download IP Profile window displays when Upload Download IP Profile is selected from the group menu This window is used for uploading or downloading a text file containing filtering profiles of multiple users or sub groups Fig 3 1 21 Upload Download IP Profile window ...

Page 434: ...e containing the IP profiles to be uploaded This text file of user group profiles must be entered in a specific format NOTE For examples of entries to include in a profile file go to http www 8e6 com r3000help files 2group_ipprofiles html Once the file is selected the path displays in File field WARNING Any existing profiles will be overwritten by the contents of the uploaded file 3 Click Upload F...

Page 435: ...nload Profile If profiles have been created and or uploaded to the server 1 Click Download Profile to open a browser window containing the profiles Fig 3 1 23 Download IP Profiles window The contents of this window can viewed printed and or saved 2 Click the X in the upper right corner of the window to close it ...

Page 436: ...cannot contain spaces The first character cannot be a digit The following characters cannot be used in the name period comma colon semi colon exclamation point question mark ampersand asterisk quotation mark apostrophe grave accent mark tilde caret _ underscore pipe slash backslash double backslashes left parenthesis right paren thesis left brace right brace left bracket right bracket at sign poun...

Page 437: ...g box Fig 3 1 25 Create Individual IP box 2 Enter the Member Name for the Individual IP address NOTES The name of the individual IP address must be less than 20 characters cannot be IP NT or LDAP and cannot contain spaces The first character cannot be a digit The following characters cannot be used in the name period comma colon semi colon exclamation point question mark ampersand asterisk quotati...

Page 438: ...dding an Individual IP member to the tree list the user will be blocked from Internet access until the minimum filtering level profile is defined via the Minimum Filtering Level window The minimum filtering level is established by the global administrator Delete Group Delete a Master IP Group Profile To delete a group profile choose Delete Group from the group menu This action removes the master I...

Page 439: ...he same configuration settings as one that already exists A sub group can be pasted or copied to a group if the Copy Sub Group function was first performed at the sub group level Paste a Copied IP Sub Group From the group menu 1 Select Paste Sub Group to open the Paste Sub Group dialog box Fig 3 1 26 Paste Sub Group dialog box 2 In the Input sub group name field enter the name of the sub group 3 C...

Page 440: ... Sub Group Sub Group includes options for creating and maintaining the filtering profile for the sub group Click the sub group s link to view a menu of sub topics Sub Group Details Members Sub Group Profile Exception URL Time Profile Delete Sub Group and Copy Sub Group Fig 3 1 27 Group screen Sub Group menu ...

Page 441: ...e menu This window is used for viewing and adding or editing details on an IP group member Fig 3 1 28 Sub Group IP Group window view only View IP Sub Group Details If the sub group was previously defined the fields in the Sub Group Details frame cannot be edited The following infor mation displays Sub Group Name IP Range Member IP address and netmask or IP address range and MAC Address es if using...

Page 442: ...the Apply button remain activated Fig 3 1 29 Sub Group IP Group window fields activated 1 In the IP Address frame click the appropriate radio button corresponding to the type of Member IP address range to be entered IP address with netmask or IP address range TIP Use the IP Range pull down menu to view the IP address es that can be entered in these fields 2 Corresponding to the selected radio butt...

Page 443: ...tivated see Fig 3 1 28 Members window The Members window displays when Members is selected from the menu This window is used for modifying the sub group s Member IP address if using the invisible or router mode If using the mobile mode MAC address es can be selected for inclusion in the sub group NOTE See Appendix E 8e6 Mobile Client for information on modifying members when using the mobile mode ...

Page 444: ...ember IP Start and End of the IP address range TIP Click Calculator to open the IP Calculator and calculate IP ranges without any overlaps 2 Click Modify to apply your settings Sub Group Profile window The Sub Group Profile window displays when Sub Group Profile is selected from the sub group menu This window is used for viewing creating the sub group s filtering profile Click the following tabs i...

Page 445: ...pter for information on entries that can be made in this window Time Profile window The Time Profile window displays when Time Profile is selected from the sub group menu This window is used for setting up or modifying a filtering profile to be activated at a specified time NOTE See the Time Profile window in the group tree section of this chapter for information on entries that can be made for th...

Page 446: ...roups if the sub group to be added has the same configuration settings as one that already exists Copy an IP Sub Group To copy configurations made for a specified sub group 1 Choose Copy Sub Group from the sub group menu 2 Select the group from the tree and choose Paste Sub Group from the group menu to paste the sub group to the group See Paste Sub Group dialog box in the Group section of this cha...

Page 447: ...dividual IP Individual IP includes options for creating and maintaining the filtering profile for the Individual IP member Click the individual IP member s link to view a menu of sub topics Members Individual IP Profile Exception URL Time Profile Delete Individual IP Fig 3 1 31 Group screen Individual IP menu ...

Page 448: ... member s IP address if using the invisible or router mode If using the mobile mode the member s MAC address can be selected for inclusion in the sub group NOTE See Appendix E 8e6 Mobile Client for information on modifying members when using the mobile mode Fig 3 1 32 Member window Enter the IP Address of the Member In the Modify Individual Group Member frame 1 Enter the IP address in the Member f...

Page 449: ...ception URL window The Exception URL window displays when Exception URL is selected from the individual IP member menu This window is used for blocking the member s access to speci fied URLs and or for letting the member access specified URLs blocked at the minimum filtering level NOTE See the Exception URL window in the group tree section of this chapter for information on entries that can be mad...

Page 450: ...N 426 8E6 TECHNOLOGIES R3000 ENTERPRISE FILTER USER GUIDE Delete Individual IP Delete an Individual IP Member To delete an individual IP member choose Delete Individual IP from the individual IP member menu This action removes the member from the tree ...

Page 451: ...ies for a group Library categories are used when creating or modifying filtering profiles Fig 3 2 1 Library screen A list of main topics displays in the navigation panel at the left of the screen Main topics in this section include the following Library Lookup and Category Groups the latter topic containing the Custom Categories sub topic NOTE If the synchronization feature is used a server set up...

Page 452: ...s selected from the navigation panel This window is used for verifying whether or not a URL or search engine keyword or keyword phrase exists in a library category Fig 3 2 2 Library Lookup window NOTE This window is also used by global administrators except their permissions let them remove URLs and search engine keywords phrases The reload library function is used after making changes to the libr...

Page 453: ...e g http 0106 0125 0226 0322 hexadecimal short format e g http 0x465596d2 hexadecimal long format e g http 0x46 0x55 0x96 0xd2 decimal value format e g http 1180014290 escaped hexadecimal format e g http 57 57 57 41 44 44 49 43 54 49 4E 4 7 47 41 4D 45 53 43 4F 4D NOTE The minimum number of wildcard levels that can be entered is three e g yahoo com and the maximum number of levels is six e g mail ...

Page 454: ...rch engine keyword or keyword phrase has been included in any library category 1 In the Search Engine Keyword Lookup frame enter the Search Engine Keyword or keyword phrase up to 75 alphanumeric characters 2 Click Lookup to display results in the Result Category list box showing the long name of all categories that contain the search engine keyword phrase ...

Page 455: ...Click the Custom Categories link to view a menu of topics Add Cate gory and Refresh Fig 3 2 3 Custom Categories menu NOTE Since custom categories are not created by 8e6 updates cannot be provided Maintaining the list of URLs and keywords is the responsibility of the global or group administrator WARNING The maximum number of categories that can be saved is 250 This figure includes both 8e6 supplie...

Page 456: ...e Category dialog box Fig 3 2 4 Create Category dialog box The Group Name field displays Custom Categories greyed out 2 In the Description field enter from three to 20 charac ters for the long name of the new category 3 In the Short Name field enter up to seven characters without any spaces for the short name of the new cate gory NOTE Once the short name has been saved it cannot be edited 4 Click ...

Page 457: ...e first custom category you are adding you may need to double click Custom Categories to open the tree list NOTE The category must have URLs URL keywords and or search keywords added to its profile in order for it to be effective Refresh Refresh the Library Click Refresh after uploading a file to a customized library category ...

Page 458: ...Custom Categories tree list Click the custom library category link to view a menu of sub topics Library Details URLs URL Keywords Search Engine Keywords and Delete Category Fig 3 2 5 Library screen custom library category menu NOTE Since custom categories are not created by 8e6 updates cannot be provided Maintaining the list of URLs and keywords is the responsibility of the global or group adminis...

Page 459: ... topics This window is used for editing the long name of the custom library category and for viewing name criteria previously entered Fig 3 2 6 Library Details window View Edit Library Details The following display and cannot be edited Custom Cate gories Group Name and library category Short Name 1 The long Description name displays and can be edited 2 After modifying the description for the libra...

Page 460: ...ustom library category s master URL list or master wildcard URL list A URL can contain a domain name such as playboy in http www playboy com or an IP address such as 209 247 228 221 in http 209 247 228 221 A wildcard asterisk symbol followed by a period can be entered in a format such as playboy com for example to block access to all URLs ending in playboy com A URL is used in a filtering profile ...

Page 461: ...ry Category To view a list of all URLs that either have been added or deleted from the master URL list or master wildcard URL list 1 Click the View tab 2 Make a selection from the pull down menu for Master List or Wild Card Master List 3 Click View List to display the specified items in the Select List list box Fig 3 2 8 URLs window View tab ...

Page 462: ...ts also can be entered in this field IP address e g 209 247 228 221 in http 209 247 228 221 octal format e g http 0106 0125 0226 0322 hexadecimal short format e g http 0x465596d2 hexadecimal long format e g http 0x46 0x55 0x96 0xd2 decimal value format e g http 1180014290 escaped hexadecimal format e g http 57 57 57 41 44 44 49 43 54 49 4E 4 7 47 41 4D 45 53 43 4F 4D 2 Click Add to display the ass...

Page 463: ...that you wish to add to the category 4 Click Apply Action NOTE Wildcard URL query results include all URLs containing text following the period after the wildcard symbol For example an entry of beer com would find a URL such as http virtualbartender beer com However if a specific URL was added to a library category that is not set up to be blocked and a sepa rate wildcard entry containing a portio...

Page 464: ...brary Category To remove a URL or wildcard URL from the library category 1 Click the Action tab 2 Enter the URL in the Edit URL List frame or Edit Wild Card URL List frame as pertinent 3 Click Remove to display the associated URLs in the list box below 4 Select the URL s that you wish to remove from the cate gory 5 Click Apply Action ...

Page 465: ...itions 1 Click Upload Master to open the Upload Custom Library URL pop up window Fig 3 2 9 Upload Custom Library URL window 2 Click Browse to open the Choose file pop up window 3 Select the file to be uploaded TIP A URL text file must contain one URL per line WARNING The text file uploaded to the server will overwrite the current file NOTE Before the file is uploaded to the server it will first be...

Page 466: ...ookup Options URLs contained in the file are listed under the column for either Valid URL or Invalid URL 5 If the file contains invalid URLs click Back to return to the Upload URL window Another attempt to validate the file can be made after corrections have been made to the file If the file contains valid URLs a Go to the IP Lookup Options section and click the radio button corresponding to the o...

Page 467: ...resses that correspond to URLs in the uploaded file will not be performed b Click Upload to open the Upload Successful pop up window NOTE In order for the URLs to take effect library categories must be reloaded Upload a Master List of Wildcard URLs To upload a master file with wildcard URL additions 1 Click Upload Wildcard Master to open the Upload Custom Library WildCard URL pop up window Fig 3 2...

Page 468: ...the server it will first be vali dated 4 Click Upload File to display the results of the library file content validation in the Library File Content IP Lookup Options pop up window Fig 3 2 12 Library File Content IP Lookup Options Wildcard URLs contained in the file are listed under the column for either Valid URL or Invalid URL 5 If the file contains invalid wildcard URLs click Back to return to ...

Page 469: ...op up window NOTE In order for the URLs to take effect library categories must be reloaded Reload the Library After all changes have been made to library windows click Reload Library to refresh NOTE Since reloading the library utilizes system resources that impact the performance of the R3000 8e6 recommends clicking Reload Library only after modifications to all library windows have been made ...

Page 470: ...ord from a custom library category s master list A library category uses URL keywords to block a user s access to Internet addresses containing keywords included in its list Fig 3 2 13 URL Keywords window NOTE If the feature for URL keyword filtering is not enabled in a filtering profile URL keywords can be added in this window but URL keyword filtering will not be in effect for the user s See the...

Page 471: ...ss a non pornographic site such as http www essex com View a List of URL Keywords To view a list of all URL keywords that either have been added or deleted 1 In the View Keyword Addition Deletion List frame make a selection from the pull down menu for Master List 2 Click View List to display the specified items in the Select List list box Add or Remove URL Keywords Add a URL Keyword to the Library...

Page 472: ...e to open the Choose file window 3 Select the file to be uploaded 4 Click Upload File to upload this file to the server NOTE A URL keywords text file must contain one URL keyword per line WARNING The text file uploaded to the server will overwrite the current file Reload the Library After all changes have been made to library windows in the Reload URL Keywords frame click Reload to refresh NOTE Si...

Page 473: ...ases to and from a custom library category s master list A library category uses search engine keywords to block searches on subjects containing keywords included in its list Fig 3 2 15 Search Engine Keywords window NOTE If the feature for search engine keyword filtering is not enabled in a filtering profile search engine keywords can be added in this window but search engine keyword filtering wil...

Page 474: ...if the word sex is set up to be blocked a search will be allowed on sexes but not sex since a search engine keyword must exactly match a word set up to be blocked View a List of Search Engine Keywords To view a list of all search engine keywords that either have been added or deleted 1 In the View Search Keyword Addition Deletion List frame make a selection from the pull down menu for Master List ...

Page 475: ...click Upload Master to open the Upload Library Keyword pop up window see Fig 3 2 14 2 Click Browse to open the Choose file window 3 Select the file to be uploaded TIP A search engine keyword text file must contain one keyword phrase per line WARNING The text file uploaded to the server will overwrite the current file 4 Click Upload File to upload this file to the server Reload the Library After al...

Page 476: ...REEN 452 8E6 TECHNOLOGIES R3000 ENTERPRISE FILTER USER GUIDE Delete Category Delete a Custom Category To delete a custom library category choose Delete Cate gory from the menu This action removes the library cate gory from the Custom Categories list ...

Page 477: ... contact us by phone by email or in writing Hours Regular office hours are from Monday through Friday 8 a m to 5 p m PST After hours support is available for emergency issues only Requests for assistance are routed to a senior level techni cian through our forwarding service Contact Information Domestic United States 1 Call 1 888 786 7999 2 Select option 3 International 1 Call 1 714 282 6111 2 Sel...

Page 478: ...e Numbers 8e6 Corporate Headquarters USA 828 West Taft Avenue Orange CA 92865 4232 USA Local 714 282 6111 Fax 714 282 6116 Domestic US 1 888 786 7999 International 1 714 282 6111 8e6 Taiwan 7 Fl No 1 Sec 2 Ren Ai Rd Taipei 10055 Taiwan R O C Taipei Local 2397 0300 Fax 2397 0306 Domestic Taiwan 02 2397 0300 International 886 2 2397 0300 ...

Page 479: ... problem and attempt to resolve the issue directly If your issue needs to be escalated you will be given a ticket number for reference and a senior level technician will contact you to resolve the issue If your issue requires immediate attention such as your network traffic being affected or all blocked sites being passed you will be contacted by a senior level techni cian within one hour Your tro...

Page 480: ...gies 8e6 Technologies warrants that the 8e6 product s do es not infringe on any third party copyrights or patents This warranty shall not apply to the extent that infringement is based on any misuse or modification of the hardware equip ment or software provided This warranty does not apply if the infringement is based in whole or in part on the customer s modification of the hardware equipment or...

Page 481: ...nician can be reached by voice line Technical support information Online http www 8e6 com support html Toll Free 888 786 7999 press 3 Telephone 1 714 282 6111 press 3 E mail support 8e6 com Have the following information ready before calling tech nical support Product Description ______________________________ Purchase Date __________________________________ Extended warranty purchased ___________...

Page 482: ...s will be furnished as necessary to maintain the proper operational condition of the product s If parts are discontinued from production during the Warranty Period immediate replacement product s or hardware parts will be available for exchange with defective parts from 8e6 Technologies local reseller or distributor Extended Technical Support and Service Extended technical support is available to ...

Page 483: ...s 1 The username or group name 2 IP address or MAC address 3 Filtering profile criteria Rule number Rule0 Rule1 etc or rule criteria a Ports to Block or Filter b Categories to Block or Open c Filter Mode 4 Redirect URL optional 5 Filter Options optional For IP profiles the code 0x1 should be placed at the end with all filter options disabled 6 Quotas optional NOTE Each filtering profile should be ...

Page 484: ...ll ports B Filter the defined port number s I Open all ports J Open the defined port number s M Set the defined port number s to trigger a warn message Q Block all ports R Block the defined port number s Port Numbers 21 FTP File Transfer Protocol 80 HTTP Hyper Text Transfer Protocol 119 NNTP Network News Transfer Protocol 443 HTTPS Secured HTTP Transmission Other Filter Mode Values 1 Default Block...

Page 485: ...I Positioned at the end of a profile string indicating that all other categories should pass PASSED When positioned at the end of a string of categories or after a category command code this code indicates that unidentified categories will follow suit with categories defined by that code J pass R block or M receive warning message Category Codes For the list of category codes short names and their...

Page 486: ...hat 0x1307 should be entered at the end of the profile string unless the quota option is used in which case the quota should be entered at the end of the profile string To disable all filter codes for an IP profile enter 0x1 for the filter option Quota format To include quotas in a profile string enter them after the filter options using this format A semicolon Overall Quota minutes a comma the fi...

Page 487: ...fied time via the Configuration window See the Library screen s Configuration window and Manual Update window in the Global Group Section for more information about updating 8e6 supplied library categories NOTE In the Global Administrator Section Library screen see the Library Update Log window for information about viewing the library update log Messages in this Appendix are grouped according to ...

Page 488: ...r is running cannot start another traveler Installscript is running cannot start another traveler Traveler_Full_Download is running cannot start another traveler System Command Execution Run system command killCmd Failed in executing killCmd Temp Files Create tmp file getpid Write pid to tmp file Traveler failed to create the tmp file ServerConstants TRAVELER_TEMP Temp file deleted Fail to rename ...

Page 489: ...l Downloading files Processing downloaded files Processing downloaded files Fail Decrypting file Decryption success A problem occurred while deleting filename HTTPS download complete filename For HTTPS downloads File does not exist on the update server Login error Could not write history file exception Could not read emergency date from emergency update file Failed to download filename Exception F...

Page 490: ...r occurred during the Traveler process Connection is lost Finished updating library Fail to download all libraries Failed to sort the library files Started reloading library Finished reloading library Library filename does not exist Fail to encrypt category library Printstack Trace PrintstackTrace Fail to back up file for FileUrl PrintStackTrace java error message PrintstackTrace Fail to back up f...

Page 491: ...raveler encounters an exception Alert emails could not be read email alert configuration file does not exist Reloading library encounters an exception Send alert encountered an exception Traveler exits after reaching time limit time limit mins Log file could not be set Exception List could not be read from file ...

Page 492: ...ailed to download deleted category Failed to download category library Successfully downloaded category library Fail to unzip category Weekly Update has completed Summary Messages Failed to download File does not exist Failed to unzip Was not a primary language deletion file Failed to sort the library files Failed to merge files for category File is the most current version Successfully updated Ch...

Page 493: ...nload full library keyword library all categories Successfully download category deletion library Fail to download category deletion library Trial itotal Fail to download category deletion library Complete Update has successfully completed IM and P2P Pattern File Update Successfully downloaded pattern Failed to download pattern IM and P2P Update has successfully completed Newsgroup Library Update ...

Page 494: ...ssfully downloaded category Fail to download category Search Engine Keyword Library Update has successfully completed Patch Update Download patch Downloading patch Dated patchdate The patch has been downloaded already Successfully processed patch Failed to download patch Patch Update has completed Emergency Update Emergency update Could not read emergency date from emergency update file Emergency ...

Page 495: ...ions page Part I Modify the R3000 1 Enable block page redirection Select either of the following options to modify the R3000 Option 1 lets you modify the back end and Option 2 lets you modify the R3000 console Option 1 Modify the back end PROS No need to set up the redirect URL for each group CONS Redirect URL must be set up in the back end LDC_http_default_redirecturl http server for block_page p...

Page 496: ...is the block page must be placed at the default HTTP port which is 80 Since the console may not allow certain characters e g _ if such characters are used in the URL a modified name must be used instead for the blockpage As a result the R3000 will redirect the block page to the customized one with the following link format http server for block_page port for block page blockpage URL blocked url IP...

Page 497: ...d block page must be accessible via this link http server for block_page port for block page blockpage Show 8e6 s information in the block page optional The following information is passed to the blockpage through the query string Name Description Value URL Blocked URL From the query string of the block page URL IP IP that accessed the blocked URL see URL CAT Category of the blocked URL see URL US...

Page 498: ... the custom ized block page Examples include 1 HTML using Java Script to parse post form data 2 CGI written in Perl 3 CGI written in C See the Reference portion of this appendix for coding details NOTE Don t forget to replace R3000 IP with the real IP in the HTML CGI before using these samples Part III Restart the R3000 You must restart the R3000 to make your changes effective Name Description Val...

Page 499: ... str indexOf start if i 0 len str length substr str substr i start length len start length j substr indexOf end if j 0 result substr substring 0 j else if j 0 len substr length result substr substr 0 len return result function getData str document location href len str length i str indexOf if i 0 query str substr i 1 len i 1 url parseData query URL document block URL value url ip parseData query I...

Page 500: ...nt block action http R3000 IP 81 cgi block cgi document block submit script head body form method post name block input type hidden name SITE value _BLOCK_SITE_ input type hidden name URL value input type hidden name IP value input type hidden name CAT value input type hidden name USER value input type hidden name STEP value STEP2 form br R3000 Customized Block Page HTML using Java Script to parse...

Page 501: ...stomized block page Replace the R3000 IP with the real IP before using This script provide data to the options CGI through query string Revision 1 Date 03 08 2004 method ENV REQUEST_METHOD if method post i string STDIN else string ENV QUERY_STRING url 1 if string URL S IP i ip 1 if string IP S CAT i cat 1 if string CAT S USER i user 1 if string USER S i print Content type text html n n print html ...

Page 502: ...real IP before using This script uses Java Script to post form data to options CGI Revision 1 Date 03 08 2004 method ENV REQUEST_METHOD if method post i string STDIN else string ENV QUERY_STRING url 1 if string URL S IP i ip 1 if string IP S CAT i cat 1 if string CAT S USER i user 1 if string USER S i print Content type text html n n print html n print head n print script language JavaScript n pri...

Page 503: ...me URL value url n print input type hidden name CAT value cat n print input type hidden name USER value user n print input type hidden name STEP value STEP2 n print br R3000 Customized Block Page CGI written with Perl using Java Script to post form data br n print URL url br n print IP ip br n print CAT cat br n print USER user br n print br For further options a href javascript do_options click h...

Page 504: ...nction prototypes void printhtml void unescape_url char url char x2c char what char makeword char line char stop void plustospace char str char fmakeword FILE f char stop int cl int to_upper char string void getquery char paramd char paramv void getnextquery char paramv int main int argc char argv int data_size size in bytes of POST input int index char paramd paramn paramv char step 120 printf co...

Page 505: ...ray set a variety of global variables to be used by other areas of the program data_size atoi getenv CONTENT_LENGTH for index 0 data_size feof stdin index entries index val char fmakeword stdin data_size plustospace entries index val unescape_url entries index val entries index name char makeword entries index val if strcmp entries index name IP 0 strcpy szIP entries index val else if strcmp entri...

Page 506: ...n szIP printf input type hidden name URL value s n szURL printf input type hidden name CAT value s n szCategory printf input type hidden name USER value s n szUserName printf input type hidden name STEP value STEP2 n printf br R3000 Customized Block Page CGI written with C using Java Script to post form data br n printf URL s br n szURL printf IP s br n szIP printf CAT s br n szCategory printf USE...

Page 507: ...0 what 0 0 digit 16 digit what 1 A what 1 0xdf A 10 what 1 0 return digit char makeword char line char stop int x 0 y char word char malloc sizeof char strlen line 1 for x 0 line x line x stop x word x line x word x 0 if line x x y 0 while line y line x return word void plustospace char str register int x for x 0 str x x if str x str x char fmakeword FILE f char stop int cl int wsize ...

Page 508: ...c f if ll wsize word ll 1 0 wsize 102400 word char realloc word sizeof char wsize 1 cl if word ll stop feof f cl if word ll stop ll word ll 0 return word ll to_upper Change the string to upper case int to_upper char string int len int i char tmp NULL if string strlen string if tmp char strdup string return 0 len strlen string for i 0 i len i string i toupper tmp i free tmp return 1 ...

Page 509: ...N APPENDIX C 8E6 TECHNOLOGIES R3000 ENTERPRISE FILTER USER GUIDE 485 void getquery char paramd char paramv if paramd NULL paramv NULL else paramv char strtok paramd void getnextquery char paramv paramv char strtok NULL ...

Page 510: ...on his her workstation will need to temporarily disable pop up blocking in order to authenticate him herself via the Options page Fig D 1 Options page This appendix provides instructions on how to use an over ride account if typical pop up blocking software is installed as in the following products Yahoo Toolbar Google Toolbar AdwareSafe Mozilla Firefox and Windows XP Service Pack 2 SP2 ...

Page 511: ...de button this action opens the override account pop up window Add Override Account to the White List If the override account window was previously blocked by the Yahoo Toolbar it can be moved from the black list and added to the white list so that it will always be allowed to pass To do this 1 Go to the Yahoo Toolbar and click the pop up icon to open the pop up menu Fig D 2 Select menu option Alw...

Page 512: ... 3 Allow pop ups from source 3 Select the source from the Sources of Recently Blocked Pop Ups list box to activate the Allow button 4 Click Allow to move the selected source to the Always Allow Pop Ups From These Sources list box 5 Click Close to save your changes and to close the dialog box ...

Page 513: ...simultaneously clicking the Override button this action opens the override account pop up window Add Override Account to the White List To add the override account window to the white list so that it will always be allowed to pass go to the Google Toolbar and click the blocked icon Fig D 4 blocked icon enabled Clicking this icon toggles to the Site pop ups allowed icon adding the override account ...

Page 514: ...rchSafe toolbar lets you toggle between enabling pop up blocking popups blocked and disabling pop up blocking Popup protection off by clicking the pop up icon 1 In the IE browser go to the SearchSafe toolbar and click the icon for popups blocked to toggle to Popup protec tion off This action turns off pop up blocking 2 In the Options page see Fig D 1 enter your Username and Password 3 Click the Ov...

Page 515: ...e Preferences dialog box 2 Go to the Category list box and select Privacy Security Popup Windows to display the Popup Windows page Fig D 6 Mozilla Firefox Popup Windows Preferences 3 With the Block unrequested popup windows checkbox checked click Allowed Sites and enter the URL to allow the override account window to pass 4 Click OK to save your changes and to close the dialog box ...

Page 516: ...enable the pop up blocking feature in the IE browser Use the Internet Options dialog box 1 From the IE browser go to the toolbar and select Tools Internet Options to open the Internet Options dialog box 2 Click the Privacy tab Fig D 7 Enable pop up blocking 3 In the Pop up Blocker frame check Block pop ups 4 Click Apply and then click OK to close the dialog box ...

Page 517: ...locker this menu selec tion changes to Turn Off Pop up Blocker and activates the Pop up Blocker Settings menu item You can toggle between the On and Off settings to enable or disable pop up blocking Temporarily Disable Pop up Blocking 1 In the Options page see Fig D 1 enter your Username and Password 2 Press and hold the Ctrl key on your keyboard while simultaneously clicking the Override button t...

Page 518: ...o to the toolbar and select Tools Pop up Blocker Pop up Blocker Settings to open the Pop up Blocker Settings dialog box Fig D 9 Pop up Blocker Settings 2 Enter the Address of Web site to allow and click Add to include this address in the Allowed sites list box Click Close to close the dialog box The override account window has now been added to your white list 3 In the Options page see Fig D 1 ent...

Page 519: ...r Pop up Blocker Settings to open the Pop up Blocker Settings dialog box see Fig D 9 2 In the Notifications and Filter Level frame click the checkbox for Show Information Bar when a pop up is blocked 3 Click Close to close the dialog box Access your Override Account 1 In the Options page see Fig D 1 enter your Username and Password 2 Click the Override button This action displays the following mes...

Page 520: ...is Site this action opens the Allow pop ups from this site dialog box Fig D 12 Allow pop ups dialog box 5 Click Yes to add the override account to your white list and to close the dialog box NOTE To view your white list go to the Pop up Blocker Settings dialog box see Fig D 9 and see the entries in the Allowed sites list box 6 Go back to the Options page and click Override to open the override acc...

Page 521: ... the road uploaded to the R3000 set in the mobile mode and Mobile Client software installed on end users workstations 8e6 Mobile Client ensures Internet activity of all end users located outside the organization will be tracked and filtered in the same manner as end users on the R3000 filtering appliance used in house thereby giving you the administrator assurance that your organization will be pr...

Page 522: ...or higher Macintosh OS X Version 10 4 running Safari Firefox 1 0 or higher or IE 6 0 or higher JavaScript enabled Pop up blocking software if installed must be disabled Network Requirement High speed connection from the external mobile R3000 server to mobile PCs Remote Filtering Components Mobile Client software installed on each end user s mobile PC External mobile R3000 filtering appliance confi...

Page 523: ...e two components are installed the following scenario occurs on the network 1 The end user logs into his her mobile PC located outside of the organization and then makes a URL request 2 The Mobile Client detects the mobile R3000 appliance and that external R3000 appliance grants the URL request or blocks the request based on the end user s profile supplied by the Mobile Client 3 If the end user co...

Page 524: ...ng appliance and an 8e6 ER Enter prise Reporter reporting appliance on the network Fig E 1 2 Diagram showing 8e6 Mobile Client with R3000 and ER 8e6 Mobile Client 1 A URL request is made from an end user s mobile PC to access inappropriate content on the Internet 2 The Mobile Client installed on the end user s workstation sends a parallel request to the mobile R3000 appliance 3 The mobile R3000 ap...

Page 525: ...e site is disallowed the Mobile Client software blocks the connection to the Web server Enterprise Reporter A The mobile R3000 appliance sends logs to the local Enterprise Reporter ER for processing B Using the ER Web Client an administrator can generate customized reports on the remote end user in minutes ...

Page 526: ...3000 Quick Start Guide the booklet packaged with your R3000 unit This guide explains how to configure the server so that it can be accessed via an IP address on your network NOTE If you do not have the R3000 Quick Start Guide contact 8e6 Technologies immediately to have a copy sent to you The basic requirements for initial network setup are as follows The mobile R3000 server should be set up on th...

Page 527: ...2 1 Operation Mode window mobile mode 2 In the Listening Device frame select the default listening Device for the selected mode LAN1 or LAN2 3 In the Block Page Device frame at the Device to send block page pull down menu select the device for sending block pages to client PCs 4 In the Mobile Client Control frame in the Client Resyn chronization Time field specify the interval of minutes for the e...

Page 528: ...Account Exception URL NT LDAP Authentication and the Warn filter setting An end user with categories blocked in his her profile will be blocked from categories with a Warn setting instead of receiving a warning page If his her profile does not contain blocked categories but instead contains categories with Warn settings the global group profile will be assigned instead 5 Click Apply to apply your ...

Page 529: ... used for obtaining mobile PC members filtering profiles Fig E 2 2 Members window master IP group with MAC addresses 1 In the New Members frame select Source MAC 2 Enter the member s MAC address 3 Click Add to include the MAC address entry in the Current Members list box NOTES Follow steps 2 3 for each MAC address to be added To remove a member from the Current Members list box select the MAC addr...

Page 530: ...b Group Member frame is comprised of the IP Address and MAC Address frames 1 In the MAC Address frame Source MAC addresses previously added in the master IP group s Members window display in the Available MAC s and or Member MAC s list box es Specify whether or not to add remove MAC addresses to from the sub group To add MAC addresses to the sub group select each sub group by highlighting it in th...

Page 531: ...e MAC s list box TIPS Multiple MAC addresses can be moved to a list box by clicking each MAC address while pressing the Ctrl key on your keyboard and then clicking the arrow key pointing to that list box Blocks of MAC addresses can be moved to a list box by clicking the first MAC address and then pressing the Shift key on your keyboard while clicking the last MAC address and then clicking the arro...

Page 532: ... window is used for viewing this sub group s MAC addresses previously added in the sub group s Members window Fig E 2 4 Sub Group IP Group window view MAC Addresses MAC addresses display in the Member MAC s list box in the MAC Address frame If the sub group has been completely defined IP address criteria was entered in the IP Address frame and saved in this window ...

Page 533: ...ember When using the mobile mode the Individual IP s Member window is used for selecting the member s MAC address for inclusion in the sub group Fig E 2 5 Member window with MAC Address 1 In the Modify Individual Group Member frame select the member s MAC Address from the pull down menu 2 Click Modify to apply your changes ...

Page 534: ...G Any existing profiles will be overwritten by the contents of the uploaded file If the end user has both an IP address and a MAC address each profile should be entered on a separate line in the file For example if end user tlind has the IP address 150 100 30 2 and MAC address 00 04 21 AF 33 E1 the following entries for that user s profile would be made on two separate lines in the master IP group...

Page 535: ...s used for verifying whether an entity has an active filtering profile for his her MAC address This window also is used for troubleshooting synchronization on target R3000 servers to verify whether settings for user profiles match the ones synced over from the source R3000 server Fig E 2 7 Active Profile Lookup window with MAC Address NOTE See Active Profile Lookup window in Chapter 1 System scree...

Page 536: ...comprised of the following resources Unconfigured packages containing the Mobile Client software the distributor 8e6client msi for Windows and 8e6clientInstaller mpkg tar for Macintosh OS X A tool for setting or modifying the configuration of the Mobile Client packages the configuration editor CfgClient exe An msi package that can be assigned via Group Policy to workstations to remove a previously...

Page 537: ... folder does not contain the msi file contact technical support If you have a Macintosh only environment you will need to download the Macintosh file from the 8e6MobileClient folder and install it on your machine If the 8e6MobileClient folder does not contain the file for a Macintosh only environment contact tech nical support 3 Click the msi file for the 8e6 Mobile Client application to download ...

Page 538: ...n specifying the Destination Folder into which the downloaded file will be installed Fig E 3 2 Destination Folder step of wizard 6 Specify the destination folder to be used and then click Next to go to the page that confirms the installation process is ready to begin Fig E 3 3 Installation process ready to begin ...

Page 539: ...SE FILTER USER GUIDE 515 7 Click Next to begin the installation process Fig E 3 4 Installation process in progress The following page displays when the installation process is complete Fig E 3 5 Installation complete 8 Click Finish to close the wizard dialog box ...

Page 540: ...he 8e6 Mobile Client Configuration Editor can be found at Start Programs 8e6 Mobile Client Deployment Kit Mobile Client Configuration Editor Fig E 3 6 8e6 Mobile Client Configuration Editor Upon first launching the Configuration Editor all fields checkboxes and buttons are deactivated To begin using the Configuration Editor consult the help topics at Start Programs 8e6 Mobile Client Deploy ment Ki...

Page 541: ...for Macintosh OS X machines 3 Click Open to load the specified file As a result of this action the path and filename of the opened package displays at the bottom of the window and some fields and checkboxes now become activated including the Proxy address or host name and Port fields and the Proxy authentication required and Block all URLs if Mobile Server cannot be found checkboxes the latter whi...

Page 542: ...APPENDICES SECTION APPENDIX E 518 8E6 TECHNOLOGIES R3000 ENTERPRISE FILTER USER GUIDE Fig E 3 8 Windows package opened Fig E 3 9 Macintosh package opened ...

Page 543: ...s dialog box Fig E 3 10 Add Remove Mobile Filter Host s 2 In the IP or Host Name field enter the public IP address or hostname of your mobile filter host 3 By default 443 displays in the Port field and should not be modified unless the server is on another port 4 Click Add to include the entry in the list box below 5 After entering each mobile R3000 click OK to close the dialog box and to display ...

Page 544: ...field enter the public IP address or hostname of your internal filter host 3 By default 81 displays in the Port field and should not be modified unless the R3000 is using a different port 4 Click Add to include the entry in the list box below 5 After entering each internal R3000 click OK to close the dialog box and to display your entries in the Internal filter host s field of the 8e6 Mobile Clien...

Page 545: ... IP address or host name of your proxy server 2 In the Port field enter the port number for this proxy server Fig E 3 12 Proxy address fields 3 If authentication is required for the Mobile Client to communicate with this proxy server do the following a Click the Proxy authentication required checkbox this action activates the Username and Password fields b Enter the proxy server Username c Enter t...

Page 546: ...y default This setting indicates that if the Mobile Client cannot detect the mobile R3000 all URLs requested by the end user will be blocked Uncheck this box if the end user s workstation should be permitted unrestricted Internet access when the mobile R3000 is unavailable WARNING By deselecting this option technically savvy end users may bypass filtering permanently by disrupting communica tions ...

Page 547: ...time of the installation and thus will be presented with a reboot prompt By checking the Force auto reboot even if user is logged in during installation checkbox the reboot prompt is suppressed and an immediate reboot of the workstation is forced thus ensuring the Mobile Client will be loaded and active as soon as possible NOTE The forced reboot option does not provide the end user with an opportu...

Page 548: ... name 8e6MobileClient 8e6client msi 2 Create a new Group Policy Object GPO a in the GPMC select Group Policy Management Forest Domains domain name Group Policy Objects b Right click and choose New then create a name for the policy suggested name 8e6 Mobile Client Deployment Click OK c In the Group Policy Object Editor open the policy name Computer Configuration Software Settings Software installat...

Page 549: ...tations but not servers There are two types of filters Security filters and WMI filters To create a Security filter a Select the new policy link Note the Security Filtering section in the Scope panel to the right b Click Authenticated Users and then Remove c Click Add and then click Object Types Check the Computers type and uncheck the Users type Click OK d Enter the names of all the computers to ...

Page 550: ...h its policies by running gpup date exe NOTE By default Windows periodically refreshes the group policy automatically Using gpupdate allows you to force an immediate refresh for test purposes this is not something all users on the network should be required to do b Reboot the workstation and log in NOTE In some cases involving Windows XP workstations it may be necessary to reboot twice for Group P...

Page 551: ...workstation Fig E 3 14 Begin Mobile Client installation After the application has been installed the workstation automatically shuts down and restarts if the Force auto reboot even if user is logged in during installation option was specified If this option was not selected a dialog box opens asking if you wish to complete the installation process now or later Fig E 3 15 Finish installation proces...

Page 552: ...er is deployed on the workstation the Mobile Client will be uninstalled from end users machines NOTE The Remover does not require configuration prior to distri bution You will probably want to change the name of the policy e g Remove 8e6 Mobile Client Once the new policy has been processed on all target machines and the Mobile Client has been removed you can delete or unlink the removal policy wit...

Page 553: ...6 Mobile Client program and click Remove in Windows XP and Change Remove in Windows 2000 to open the Uninstall 8e6 Mobile Client dialog box Fig E 3 16 Uninstall 8e6 Mobile Client dialog box 3 Click UNINSTALL to close the Uninstall 8e6 Mobile Client dialog box and to open the Uninstall dialog box Fig E 3 17 Second Uninstall dialog box 4 Copy the eight digit number displayed in the ID field In this ...

Page 554: ...e Uninstall Key pop up window Fig E 3 18 Generate a key In the Machine ID field enter or paste the eight digit ID number from the Uninstall dialog box In this example 23526528 6 Click the Generate button to display the generated six character Uninstall key Fig E 3 19 Generate a key Copy this Uninstall key In this example 0d72dd NOTE Click Close to close the Create Uninstall Key pop up window ...

Page 555: ... and enter the generated password key in the Key field In this example 0d72dd Fig E 3 20 Uninstall the Mobile Client 8 Click OK to begin the uninstallation process When the Mobile Client has been uninstalled a message displays asking you to restart the machine Fig E 3 21 Restart message 9 Click Restart to restart the machine ...

Page 556: ...ompleted in order for the ER to receive logs from the R3000 Entries in the R3000 Administrator console 1 Choose Reporting Report Configuration to display the Report Configuration window 2 Click the 8e6 Enterprise Reporter checkbox to display the 8e6 Enterprise Reporter tab Fig F 1 Report Configuration window ER tab 3 In the Log File Transfer Configuration frame enter the LAN 1 IP address assigned ...

Page 557: ...k Remove 4 After the ER has been configured and logs have been transferred from the R3000 to the ER click the Log tab to view transfer activity 5 On the Log tab click View Log to view up to the last 300 lines of transfer activity in the View Log frame NOTE It is recommended you wait one to two hours after the initial configuration so sufficient data is available for viewing Fig F 2 Report Configur...

Page 558: ...e pull down menu choose Tools to display the Tools screen 3 From the Database Status menu choose File Watch Log 4 Click View to open the File Watch Status pop up box If logs are being transferred you will see an entry that includes the date time and IMPORTING shadow log machine1 Once you see an entry reporting information will be available one hour after the timestamp of the import listing NOTE Tr...

Page 559: ...rives power supplies or fans NOTE As part of the ongoing maintenance procedure for your RAID server 8e6 recommends that you always have a spare drive and spare power supply on hand Contact 8e6 Technical Support for replacement hard drives and power supplies Part 1 Hardware Components The R3000 H SL and HL RAID server contains two hard drives two power supplies and five sets of dual cooling fans 10...

Page 560: ... 2 Server Interface LED indicators in SL and HL units On an SL and HL unit the following LED indicators for software and hardware status monitoring display on the left side of the front panel FLTR Filtering Status LIBR Library Update Status RAID Hard Drive Status UPDT Software Update Status ...

Page 561: ...ary being uploaded or one or more processes being started Red On Not filtering traffic LIBR Green On Library updated within the past two days or less Amber On Library updated more than two days ago but within the past three days Red On Library updated more than three days ago RAID Green On RAID mode enabled and running Off RAID mode is inactive Red On Hard drive fault or failure UPDT Amber On Soft...

Page 562: ...an icon alerts you to the status of that feature on the unit H chassis front panel SL chassis front panel HL chassis front panel The buttons and LED indicators for the depicted icons func tion as follows UID button On an H or HL server when the UID button is pressed a steady blue LED displays on both the front and rear of the chassis see also Rear of chassis These indicators are used for easy loca...

Page 563: ...n to displaying in the control panel this icon also displays on the front panel on each hard drive carrier Hard drive activity is indi cated by a green LED on an H or HL server and by an amber LED on an SL server An unlit LED on a drive carrier may indicate a hard drive failure See Hard drive failure in the Troubleshoot ing sub section for information on detecting a hard drive failure and resolvin...

Page 564: ...di cator displays when the UID button on the control panel is pressed This LED remains lit until the UID button is pressed again Power Supplies LED indicators The power supplies are located at the right on the rear of the chassis An LED indi cator is located above each of the power plugs See Power supply failure in the Troubleshooting sub section for infor mation on detecting a power supply failur...

Page 565: ...ent to the admin istrator of the server This email identifies the failed hard drive by its number HD 1 or HD 2 Upon receiving this alert the administrator should verify the status of the drives by first going to the Hardware Failure Detection window in the Administrator console WARNING Do not attempt to remove any of the drives from the unit at this time Verification of the failed drive should fir...

Page 566: ...e Failure Detection window The Hardware Failure Detection window displays the current RAID Array Status for the two hard drives HD 1 and HD 2 at the right side of the window Normally when both hard drives are functioning without failure the text OK displays to the right of the hard drive number and no other text displays in the window However if a hard drive has failed the message FAIL displays to...

Page 567: ...ive in the Administrator console go to the server to replace the drive Press the red release button to release the handle on the carrier and then extend the handle fully and pull the carrier out towards you Replace the failed drive with your spare replacement drive NOTE Contact Technical Support if you have any questions about replacing a failed hard drive ...

Page 568: ...on returning your failed hard drive to 8e6 Power supply failure Step 1 Identify the failed power supply The administrator of the server is alerted to a power supply failure on the chassis by an audible alarm and an amber power supply LED or an unlit LED on the front and rear of the chassis NOTE A steady amber power supply LED also may indicate a disconnected or loose power supply cord Verify that ...

Page 569: ...r supply module towards you 3 Note that an audible alarm sounds and the LED is unlit when the power supply is disengaged Replace the failed power supply with your spare replacement power supply The alarm will turn off and the LED will be a steady green when the replacement power supply is securely locked in place Step 4 Contact Technical Support Contact Technical Support to order a new replacement...

Page 570: ...urn Merchandise Authorization number and for instructions on returning the unit to 8e6 A steady red LED on and not flashing indicates an over heating condition which may be caused by cables obstructing the airflow in the system or the ambient room temperature being too warm Check the routing of the cables and make sure all fans are present and operating normally The LED will remain steady as long ...

Page 571: ... unique library category that is created by an administrator and can include URLs URL keywords and search engine keywords to be blocked Group adminis trators create and manage custom library categories for their own group filter setting A setting made for a service port A service port with a filter setting uses filter settings created for library categories block open or always allow settings to d...

Page 572: ...g this feature of the R3000 groups and or individual client machines can be set up to block the use of IM services specified in the library category invisible mode An R3000 set up in the invisible mode will filter all connections on the Ethernet between client PCs and the Internet without stopping each IP packet on the same Ethernet segment The unit will only intercept a session if an inappropriat...

Page 573: ...ed and the minimum filtering level does not apply to that user mobile mode The operations mode used on an R3000 configured for filtering end users on machines located outside of the in house network name resolution A process that occurs when the R3000 attempts to resolve the IP address of the authentication server with the machine name of that server This contin uous and regulated automated proced...

Page 574: ...the authen tication server on a Windows NT domain This server main tains the master copy of the directory database used for vali dating users peer to peer P2P involves communication between computing devices desktops servers and other smart devices that are linked directly to each other Using this feature of the R3000 groups and or individual client machines can be set up to block the use of P2P s...

Page 575: ...he administrator know whether end users are using the Internet appropriately router mode An R3000 set up in the router mode will act as an Ethernet router filtering IP packets as they pass from one card to another While all original packets from client PCs are allowed to pass if the R3000 determines that a request is inappropriate a block page is returned to the client to replace the actual reques...

Page 576: ...n the R3000 server can be set up to be synchronized with a server on the Internet running Network Time Protocol NTP software time profile A customized filtering profile set up to be effective at a specified time period for designated users Traveler 8e6 s executable program that downloads updates to your R3000 on demand or at a scheduled time URL An abbreviation for Uniform Resource Locator the glo...

Page 577: ...up a filtering profile This designation indicates URLs in the library category or uncategorized URLs may potentially be in opposition to the organization s policies and are flagged with a warning message that displays for the end user if a URL from that library category or an uncategorized URL is requested white list A list of approved library categories for a speci fied entity s filtering profile...

Page 578: ...APPENDICES SECTION APPENDIX H 554 8E6 TECHNOLOGIES R3000 ENTERPRISE FILTER USER GUIDE ...

Page 579: ...s 22 Active Profile Lookup window 124 Additional Language Support window 307 Admin Audit Trail window 129 Administrator menu 100 Administrator window 100 alert box terminology 4 Alert menu 132 Alert window 133 always allowed 26 definition 547 authentication 174 Authentication menu 174 B backup procedures 180 Backup Restore menu 179 Backup Restore window 179 block page 12 14 21 22 84 98 168 503 cus...

Page 580: ...filtering level 290 Category Weight System menu 325 Category Weight System window 325 Centralized Management Console 37 150 checkbox terminology 4 CMC Management 150 156 CMC Management menu 237 Common Customization window 213 Configuration window 303 contact e mail addresses 133 Control menu 72 CPU Usage diagnostic tool 117 Ctrl key 66 Current memory usage diagnostic tool 117 custom categories 24 ...

Page 581: ...RL 82 294 406 462 Exception URL window 395 421 425 F field terminology 4 filter option codes 462 filter options global group 276 filter setting 26 definition 547 Filter window 73 filtering 461 category codes 461 hierarchy diagram 29 profile components 23 profile types 19 rules 27 search engine keyword 278 static profiles 21 URL keyword 279 Firefox 10 498 firewall mode 15 definition 547 diagram wit...

Page 582: ...RL 275 filter options 276 menu 252 override account 280 port profile 274 293 Global Group Profile window 270 Google Web Accelerator 77 Google Yahoo Safe Search Enforcement global group filter option 277 grid terminology 5 group create IP group 298 delete profile 414 global 17 IP 18 297 types of 17 group administrator 1 2 definition 548 Group Details window 375 group name definition 548 Group Profi...

Page 583: ...ion 548 delete 426 profile type 21 Individual IP Profile window 425 instant messaging 31 331 definition 548 Internet Explorer 10 invisible mode 12 definition 548 diagram 12 diagram with port monitoring 13 IP group 18 297 373 category profile 388 create 298 diagram 18 J Java Plug in 10 Java Virtual Machine 10 JavaScript 10 498 K keyword definition 548 search engine 8e6 supplied category 342 search ...

Page 584: ...egories 305 update logs 309 URL keywords 8e6 supplied category 338 URL keywords custom category 446 URLs 8e6 supplied category 333 URLs custom category 436 weekly update 306 library categories 24 8e6 supplied 330 category codes list 461 custom 431 definition 548 Library Details window 332 435 Library Lookup menu 317 428 Library Lookup window 317 428 Library screen 55 Library Update Log window 309 ...

Page 585: ...k page authentication 81 Logon Settings window 104 lookup library 317 428 M machine name definition 549 Macintosh 10 498 Manual Update to 8e6 Supplied Categories 305 Manual Update window 305 master IP group 18 definition 549 filtering profile 21 maintenance 374 setup 298 master list 342 definition 549 Member window Individual IP MAC address 509 Member window Individual IP 424 Members window 376 41...

Page 586: ...s 55 net use definition 549 NetBIOS definition 549 Network Address Translation NAT definition 550 Network menu 91 network requirements 10 498 Network Time Protocol NTP 94 NIC Configuration diagnostic tool 116 NIC Mode menu 175 NIC Mode Speeds Chart 178 NIC Mode window 175 NNTP Newsgroup menu 328 NNTP Newsgroup window 328 NTP Servers window 94 O open setting 26 definition 550 Operation Mode window ...

Page 587: ... 105 global and NT LDAP group administrator 101 override account 378 unlock IP address 110 unlock username 109 patch emergency update logs 315 update logs 144 Patch Management window 238 Patch menu 138 patch update 306 Patch Update Log window 144 patches 139 PDC definition 550 peer to peer 31 definition 550 Ping 115 pop up blocking disable 486 pop up box window terminology 6 port profile global 27...

Page 588: ...0 pull down menu terminology 6 Q Quick Start Guide 50 quota definition 551 format 462 Quota Block Page Customization window 230 Quota Notice Page Customization window 233 Quota Setting menu 243 Quota Setting window 243 R R2000 1 R3000 Enterprise Filter 1 R3000 Quick Start Guide 502 radio button terminology 6 Radius definition 551 Radius Authentication Settings menu 188 Radius Authentication Settin...

Page 589: ... Configuration window 348 Reporting screen 55 requirements environment 10 498 Reset menu 187 Reset window 187 restore download a file 182 perform a restoration 184 settings 179 router mode 14 definition 551 diagram 14 Routing table diagnostic tool 116 rule 25 definition 551 Rules window 265 S Safari 10 498 screen terminology 6 search engine definition 551 search engine keyword 8e6 supplied categor...

Page 590: ...P Server Settings window 136 SNMP definition 552 SNMP window 192 Source mode 37 73 153 Stand Alone mode 37 73 150 static filtering profiles 21 Status window 160 Status window CMC Management 241 Sub Group IP Group window 417 MAC addresses 508 Sub Group Profile window 420 sub group 372 416 add to master IP group 412 copy 422 definition 552 delete 421 paste 415 sub topic 61 terminology 7 synchronizat...

Page 591: ...et mode 37 158 technical support 453 text box terminology 7 time profile add 397 definition 552 delete 408 modify 408 profile type 22 Time Profile window 397 421 425 time based profile 80 tolerance timer 200 277 287 385 393 tooltips 58 TOP CPU processes diagnostic tool 116 topic 60 terminology 7 Trace Route 115 Traveler 2 306 330 463 definition 552 tree 62 63 terminology 8 Troubleshooting Mode win...

Page 592: ...ry 338 custom category 446 URL definition 552 URLs window 333 8e6 supplied category 333 custom category 436 usage logs 120 V View Log File window 119 virtual IP address definition 552 VLAN 552 W Warn Option Setting window 210 Warn Page Customization window 223 warn setting 26 definition 553 Web access logging 30 Web based authentication block page authentication 80 white list definition 553 wildca...

Page 593: ...INDEX 8E6 TECHNOLOGIES R3000 ENTERPRISE FILTER USER GUIDE 569 X X Strikes Blocking global group filter option 277 X Strikes Blocking window 196 ...

Page 594: ...INDEX 570 8E6 TECHNOLOGIES R3000 ENTERPRISE FILTER USER GUIDE ...

Reviews:

No comments

Related manuals for Enterprise Filter Authentication R3000

H3C SecPath M9000-S NSQM2FWDFG0 Manual preview
SecPath M9000-S NSQM2FWDFG0
Brand: H3C Pages: 4
Fortinet Fortigate 100D Install Manual preview
Fortigate 100D
Brand: Fortinet Pages: 84
3Com SuperStack 3 User Manual preview
SuperStack 3
Brand: 3Com Pages: 64
ZyXEL Communications ZyWALL 1050 Manual preview
ZyWALL 1050
Brand: ZyXEL Communications Pages: 1101
Mackie FireWire Specifications preview
FireWire
Brand: Mackie Pages: 1
Aaeon FWS-7360 User Manual preview
FWS-7360
Brand: Aaeon Pages: 100
Watchguard Firebox T35-R Quick Start Manual preview
Firebox T35-R
Brand: Watchguard Pages: 27
Global Technology Associates GB-2000X Specification Sheet preview
GB-2000X
Brand: Global Technology Associates Pages: 2
ei3 Amphion S14-H Green Box User Manual preview
Amphion S14-H Green Box
Brand: ei3 Pages: 26

Brands by name

Popular brands

Load more brands