manualshive.com logo in svg

M86 Security Web Filter HL, User Manual

Looking for a comprehensive user manual for M86 Security Web Filter HL? Look no further! Download our free manual from manualshive.com, providing step-by-step instructions to maximize your usage of this powerful web filtering tool. Gain full control and enhance your online security effortlessly with this indispensable resource.

Share
Download
background image

G

ROUP

 A

DMINISTRATOR

 S

ECTION

    

C

HAPTER

 1: P

OLICY

 

SCREEN

380

M86 S

ECURITY

 U

SER

 G

UIDE

Filter Options

The Filter Options tab is used for specifying which filter 
option(s) will be applied to the time profile.

Fig. 3:1-21  Time Profile window, Filter Options tab

NOTE

: See the Override Account window, Filter Options sub-

section in this chapter for information about entries that can be 
made for this component of the filtering profile.

Summary of Contents for Web Filter HL

Page 1: ...M86 Web Filter USER GUIDE Models HL SL MSA Software Version 5 0 00 Document Version 02 01 12 ...

Page 2: ...nd disclaims any implied war ranties of merchantability and fitness for a particular purpose M86 Security shall not be liable for any error or for incidental or consequential damages in connection with the furnishing performance or use of this manual or the examples herein Due to future enhancements and modifications of this product the information described in this documentation is subject to cha...

Page 3: ...r 1 Filtering Operations 12 Operational Modes 12 Invisible Mode 13 Router Mode 15 Firewall Mode 16 Group Types 18 Global Group 18 IP Groups 19 Filtering Profile Types 20 Static Filtering Profiles 22 Master IP Group Filtering Profile 22 IP Sub Group Filtering Profile 22 Individual IP Member Filtering Profile 22 Active Filtering Profiles 23 Global Filtering Profile 23 Override Account Profile 23 Tim...

Page 4: ...l Users 34 Block Specified Entities from Using IM P2P 34 Block IM for a Specific Entity 34 Block P2P for a Specific Entity 35 Chapter 3 Synchronizing Multiple Units 36 Web Filter Synchronization 36 Synchronization Setup 38 Setting up a Source Server 38 Setting up a Target Server 38 Types of Synchronization Processes 39 Filtering Profile Synchronization Process 39 Library Synchronization Process 40...

Page 5: ...e Administrator Console 50 Log On 50 Last Library Update message 52 Navigation Tips 54 Access Main Sections 54 Help Features 56 Access Help Topics 56 Tooltips 57 Screen and Window Navigation 59 Topic Links 59 Select Sub topics 60 Navigate a Tree List 61 Tree List Topics and Sub topics 62 Navigate a Window with Tabs 63 Console Tips and Shortcuts 64 Navigation Path 64 Refresh the Console 64 Select M...

Page 6: ...on Target Servers 77 Block Page Authentication window 78 Enter Edit Block Page Options 79 Block page 80 Options page 82 Option 2 83 Option 3 84 ShutDown window 85 Shut Down the Server 85 Reboot window 86 Reboot the Server 86 Network 88 LAN Settings window 88 Specify LAN Settings 89 NTP Servers window 90 Specify Network Time Protocol Servers 91 Add an NTP Server 91 Remove an NTP Server 91 Regional ...

Page 7: ...ce Access 105 Diagnostics 106 System Command window 106 Perform a Diagnostic Test View Data 107 Command Selections 108 Ping 108 Trace Route 108 Process list 108 TOP CPU processes 109 NIC configuration 109 Active connections 109 Routing table 109 Current memory usage 110 CPU usage 110 System performance 110 Recent logins 110 System uptime 111 df disk usage 111 dmesg print kernel ring buffer 111 Vie...

Page 8: ... Procedures 133 Undo an Applied Software Update 134 Software Update Log window 135 View Log Contents 135 Download Log View Print Contents 136 Download the Log 136 View the Contents of the Log 137 Save Print the Log File Contents 139 Synchronization 140 Setup window 141 Using Only One Web Filter on the Network 141 Using More than One Web Filter on the Network 142 Set up a Web Filter to be a Source ...

Page 9: ...ettings 162 Create a Backup Schedule 163 Remove a Backup Schedule 166 Download a File 167 Perform a Restoration 168 Upload a File to the Server 168 Restore Configurations to the Server 169 Remove a Backup File 169 View Backup and Restoration Details 170 Reset 171 Reset window 171 Reset All Server Settings 171 Radius Authentication Settings 172 Radius Authentication Settings window 172 Enable Radiu...

Page 10: ...ories 188 Set up Categories to Receive Strikes or No Strikes 188 Go to X Strikes Unlock Workstation GUI 189 Re login window 189 X Strikes Unlock Workstation 190 Unlock a Workstation 190 Set up an Email Address to Receive Alerts 192 Remove an Email Address from the Alert List 192 Close the Window 192 Warn Option Setting 193 Warn Option Setting window 193 Specify Interval for Re displaying the Warn ...

Page 11: ...ing window 223 Configure Quota Hit Settings 224 Reset Quotas 225 Reset Quotas Now 225 Set up a Schedule to Automatically Reset Quotas 225 Delete a Quota Reset Time from the Schedule 226 Quota Notice page 226 Quota Block page 228 UI SSL Certificate 229 UI SSL Certificate window 229 Generate an SSL Certificate for the Web Filter 230 Chapter 2 Policy screen 231 Global Group 233 Range to Detect window...

Page 12: ...ride Account 265 Delete an Override Account 265 Approved Content Settings window 266 Approved Content feature and VuSafe 266 Approved Content setup and configuration 267 Approved Content portal setup 267 Approved Content Settings entries 268 Minimum Filtering Level window 269 Minimum Filtering Categories 270 Create Edit Minimum Filtering Categories 271 Port 272 Create Edit a List of Service Ports ...

Page 13: ...90 Library Lookup 291 Library Lookup window 291 URL Lookup Removal 291 Perform a URL Check 291 Remove a URL 292 Submit an Email to the Administrator 293 Search Engine Keyword Lookup Removal 293 Perform a Search Engine Keyword Check 293 Remove a Search Engine Keyword 293 Reload the Library 294 Customer Feedback Module 294 Customer Feedback Module window 294 Disable Customer Feedback Module 295 Enab...

Page 14: ...RL Keyword Additions 314 Upload a List of URL Keyword Deletions 315 Reload the Library 315 Search Engine Keywords window 316 View a List of Search Engine Keywords 317 Add or Remove Search Engine Keywords 317 Add a Search Engine Keyword to the Library 317 Remove a Search Engine Keyword from the Library 318 Upload a List of Search Engine Keywords 318 Upload a List of Search Engine Keyword Additions ...

Page 15: ... Account 330 Delete a Logon Account 330 Go to Real Time Probe Reports GUI 331 Re login window 331 Real Time Probe Reports 332 Create a Real Time Probe 333 View Real Time Probe Details 336 Shadow Log Format 340 Shadow Log Format window 340 Specify the Shadow Log Format 340 Auto detect option 341 Post 2 0 10 log format option 341 Post 2 0 log format option 342 Post 1 9 log format option 342 Pre 1 9 ...

Page 16: ...URL 362 Filter Options 363 Create Edit the Filter Options 363 Exception URL window 366 Valid URL entries 367 Add URLs to Block URL or ByPass URL frame 368 Status column messages and icons 369 Remove URLs from Block URL or ByPass URL frame 371 Apply Settings 372 Time Profile window 372 Add a Time Profile 373 Category Profile 378 Redirect URL 379 Filter Options 380 Exception URL 381 Approved Content...

Page 17: ...RL window 397 Time Profile window 397 Approved Content Settings window 398 Delete Sub Group 399 Delete an IP Sub Group 399 Copy Sub Group 399 Copy an IP Sub Group 399 Individual IP 400 Member window 400 Enter the IP Address of the Member 401 Individual IP Profile window 401 Exception URL window 401 Time Profile window 401 Approved Content Settings window 402 Delete Individual IP 402 Delete an Indi...

Page 18: ...a List of URL Keywords 420 Add or Remove URL Keywords 420 Add a URL Keyword to the Library Category 420 Remove a URL Keyword from the Library 420 Upload a List of URL Keywords to the Library 421 Reload the Library 421 Search Engine Keywords window 422 View a List of Search Engine Keywords 423 Add or Remove Search Engine Keywords 423 Add a Search Engine Keyword to the Library 423 Remove a Search En...

Page 19: ...Blockers 444 Yahoo Toolbar Pop up Blocker 445 If Pop up Blocking is Enabled 445 Add Override Account to the White List 445 Google Toolbar Pop up Blocker 447 If Pop up Blocking is Enabled 447 Add Override Account to the White List 447 AdwareSafe Pop up Blocker 448 If Pop up Blocking is Enabled 448 Temporarily Disable Pop up Blocking 448 Mozilla Firefox Pop up Blocker 449 Add Override Account to the...

Page 20: ...units 461 Rear panels on HL units 463 Part 3 Troubleshooting 464 Hard drive failure 464 Step 1 Review the notification email 464 Step 2 Verify the failed drive in the Admin console 465 Step 3 Replace the failed hard drive 466 Step 4 Rebuild the hard drive 467 Step 5 Contact Technical Support 467 Power supply failure 467 Step 1 Identify the failed power supply 467 Step 2 Unplug the power cord 467 S...

Page 21: ...usage policy based on the end user s Internet usage habits About this User Guide The Web Filter User Guide primarily addresses the network administrator designated to configure and manage the Web Filter server on the network This administrator is referred to as the global administrator throughout this user guide In part this user guide also addresses administrators who manage user groups on the ne...

Page 22: ...ncludes information for administrators authorized by the global administrator to manage profiles of designated groups and their associated users on the Web Filter Group administrators also have rights to access certain library category functions Appendices Appendix A includes formats and rules used in the filtering profile file Appendix B includes infor mation on creating a customized block page A...

Page 23: ...n is followed by italicized text providing additional information about the current subject TIP The tip icon is followed by italicized text giving you hints on how to execute a task more efficiently WARNING The warning icon is followed by italicized text cautioning you about making entries in the application executing certain processes or procedures or the outcome of specified actions ...

Page 24: ...dow or screen used for indi cating whether or not you wish to select an option This object allows you to toggle between two choices By clicking in this box a check mark or an X is placed indi cating that you selected the option When this box is not checked the option is not selected dialog box a box that opens in response to a command made in a window or screen and requires your input You must cho...

Page 25: ... rows and columns of data as a result of various processes This data can be reorganized in the Administrator console by changing the order of the columns list box an area in a dialog box window or screen that accommo dates and or displays entries of items that can be added or removed navigation panel the panel that displays at the left of a screen This panel can contain links that can be clicked t...

Page 26: ...contains a down arrow to the right When you click the arrow a menu of items displays from which you make a selection radio button a small circular object in a dialog box window or screen used for selecting an option This object allows you to toggle between two choices By clicking a radio button a dot is placed in the circle indicating that you selected the option When the circle is empty the optio...

Page 27: ...pic is selected the window for that sub topic displays in the right panel of the screen or a pop up window or an alert box opens as appro priate text box an area in a dialog box window or screen that accommodates your data entry A text box is a type of field See field topic a topic displays as a link in the left panel the naviga tion panel of a screen By clicking the link for a topic the window fo...

Page 28: ...ouble clicking the item a minus sign replaces the plus sign and any entity within that branch of the tree displays An item in the tree is selected by clicking it window a window displays on a screen and can contain frames fields text boxes list boxes buttons checkboxes and radio buttons A window for a topic or sub topic displays in the right panel of the screen Other types of windows include pop u...

Page 29: ...ion User Guide at http www m86security com support R3000 documenta tion asp for information on setting up and using authentication synchronize multiple Web Filter units so that all servers will be updated with the same user profile and library configurations To help you become familiar with the Web Filter and how it functions on the network Chapter 1 of this section of the User Guide provides an o...

Page 30: ... 10 Google Chrome 16 or 17 Safari 5 0 or 5 1 Macintosh OS X Version 10 6 or 10 7 running Safari 5 0 or 5 1 Firefox 9 or 10 JavaScript enabled Java Virtual Machine Java Plug in Pop up blocking software if installed must be disabled Session cookies from the Web Filter must be allowed in order for the Administrator console to function properly NOTE Web Filter administrators must be set up with softwa...

Page 31: ...or 10 Google Chrome 16 or 17 Safari 5 0 or 5 1 Macintosh OS X Version 10 6 or 10 7 running Safari 5 0 or 5 1 Firefox 9 or 10 JavaScript enabled Pop up blocking software if installed must be disabled Network Requirements High speed connection from the Web Filter server to the client workstations HTTPS connection to M86 s software update server Internet connectivity for downloading Java virtual mach...

Page 32: ...NS 12 M86 SECURITY USER GUIDE Chapter 1 Filtering Operations Operational Modes Based on the setup of your network the Web Filter can be configured to use one of these operational modes for filtering the network invisible mode router mode firewall mode ...

Page 33: ... IP packet on the same Ethernet segment The unit will only intercept a session if an inappropriate request was submitted by a client In this scenario the Web Filter returns a message to the client and server to deny the request and a block page displays to deny the client access to the site or service Figure 1 1 1 depicts the invisible mode that removes the Web Filter from any inclusion in the net...

Page 34: ...message 4 is sent to the user plus a terminate message 4 is sent to the Internet server A Web Filter set up in the invisible mode can also work in the router mode Figure 1 1 2 illustrates an example of a monitor mode setup with the Web Filter connected to the managed switching hub In this setup the Web Filter port is configured with the port monitoring function enabled so that the Web Filter s por...

Page 35: ...inappropriate a block page is returned to the client to replace the actual requested Web page or service Since only outgoing packets need to be routed and not return packets the Web Filter only appears in the outgoing path of the network Figure 1 1 3 illustrates an example of the router mode setup in which the Web Filter is set up to act as the Internet router Fig 1 1 3 Router mode diagram As prev...

Page 36: ... Filter set up in this mode the unit will filter all requests If the request is appropriate the original packet will pass unchanged If the request is inappropriate the original packet will be blocked from being routed through Using the firewall mode while the outgoing request is delayed slightly to allow filtering to take place before the packet leaves the gateway router of the network return traf...

Page 37: ... unfiltered bad cached pages since no request can pass until it is filtered Figure 1 1 5 illustrates an example of a firewall mode setup in which requests are always sent to the caching server In this scenario the Web Filter will be affected if the caching proxy server contains unfiltered bad cached pages M86 recommends that cached content is cleared or expired after installing the Web Filter WARN...

Page 38: ...up to be maintained NOTES If authentication is enabled the global administrator can also access the LDAP branch of the tree If multiple Web Filter units are set up on the network and the synchronization feature is used a Web Filter that is set up to receive profile changes will only display the Global Group type in the tree list See Chapter 3 Synchronizing Multiple Units for more information on sy...

Page 39: ...e global administrator adds master IP groups adds and maintains override accounts at the global level and estab lishes and maintains the minimum filtering level The group administrator of a master IP group adds sub group and individual IP members override account time profiles and exception URLs and maintains filtering profiles of all members in the master IP group Fig 1 1 6 IP diagram with a samp...

Page 40: ... at the base of the hierarchical tree structure used by end users who do not belong to a group IP group master group master group filtering profile used by end users who belong to the master group master time profile used by master group users at a specified time IP group member sub group filtering profile used by a sub group member individual filtering profile used by an individual IP group membe...

Page 41: ...er X Strikes Blocking in the Filter Options section of the profile Radius profile used by end users on a Radius accounting server if the Radius server is connected to the Web Filter and the Radius authentication feature enabled TAR profile used if a Threat Analysis Reporter TAR server is connected to the Web Filter and an end user is locked out by TAR when attempting to access blocked content in a...

Page 42: ... and individual IP group members and is customized to allow deny users access to URLs or warn users about accessing specified URLs to redirect users to another URL instead of having a block page display and to specify usage of appropriate filter options IP Sub Group Filtering Profile An IP sub group filtering profile is created by the group administrator This filtering profile applies to end users...

Page 43: ...t are configured to be blocked A URL can be specified for use instead of the standard block page when users attempt to access material set up to be blocked Various filter options can be enabled Override Account Profile If any user needs access to a specified URL that is set up to be blocked the global administrator or group administrator can create an override account for that user This account gr...

Page 44: ...egories should be blocked left open a set number of minutes in which that category remains open can be defined assigned a warn setting or white listed filter options specify which features will be enabled X Strikes Blocking Google Bing Yahoo Youtube Ask AOL Safe Search Enforcement Search Engine Keyword Filter Control URL Keyword Filter Control minimum filtering level takes precedence over filterin...

Page 45: ...ading Category Groups excluding the Custom Categories group Updates to these categories are provided by M86 on an ongoing basis and administra tors also can add or delete individual URLs within a speci fied library category Custom Categories Custom library categories can be added by either global or group administrators As with M86 supplied categories additions and deletions can be made within a c...

Page 46: ... Secured HTTP Transmission HTTPS and Secure Shell SSH Rules A rule is comprised of library categories to block leave open assign a warn setting or include in a white list Access to an open library category can be restricted to a set number of minutes Each rule that is created by the global administrator is assigned a number A rule is selected when creating a filtering profile for an entity Minimum...

Page 47: ...cuted block if a category or a service port is given a block setting users will be denied access to the URL set up as blocked open if a category or the filter segment detected on the network is given an open pass setting users will be allowed access to the URL set up as opened NOTE Using the quota feature access to an open category can be restricted to a defined number of minutes always allowed if...

Page 48: ...filtering level is defined it applies to all master IP groups and members assigned filtering profiles The minimum filtering level combines with the user s profile to guarantee that categories blocked in the minimum filtering level are blocked in the user s profile 3 For master IP group members a A master IP group filtering profile takes precedence over the global profile b A master IP group time p...

Page 49: ... over an authentication profile or a time profile profile locking out the end user from library cate gories specified in the lockout profile in the TAR applica tion 8 An override account profile takes precedence over a TAR lockout profile This account may override the minimum filtering level if the override account was set up in the master IP group tree and the global adminis trator allows overrid...

Page 50: ...INTRODUCTORY SECTION CHAPTER 1 FILTERING OPERATIONS 30 M86 SECURITY USER GUIDE Fig 1 1 7 Sample filtering hierarchy diagram ...

Page 51: ... where they are normal ized and then inserted into a MySQL database The reporting server s client application accesses that database to generate queries and reports NOTE See Appendix E Configuring the Web Filter for Reporting for information on configuring the Web Filter and M86 reporting device Instant Messaging Peer to Peer Blocking The Web Filter has options for blocking and or logging the use ...

Page 52: ... encrypted IM will not be blocked if a client side VPN is set up to proxy traffic through a remote IP address outside the connection protected by the Web Filter Some versions of the AOL client create a network interface that send a network connection through a UDP proxy server which prevents blocking IM P2P Blocking Peer to Peer P2P involves communication between computing devices desktops servers...

Page 53: ...the Manual Update to M86 Supplied Categories window accessible via Library Updates Manual Update IM pattern files can be updated on demand Using IM and P2P To solely log IM and or P2P user activity the Pattern Blocking setting needs to be enabled in the Filter window To additionally block specified groups and or users from using components and features of IM and or P2P settings need to be made in ...

Page 54: ...the minimum filtering level profile must have both CHAT and specified individual Instant Messaging library cate gories set up to be blocked Block P2P for All Users To block P2P for all users on the network the Pattern Blocking option in the Filter window must be activated the global filtering profile must have the PR2PR library category set up to be blocked the minimum filtering level profile must...

Page 55: ...er guide for information about configuring the Operation Mode and Range to Detect functions Block P2P for a Specific Entity To block P2P for a specified group or user the Pattern Blocking option in the Filter window must be activated the PR2PR library category must be set up to be blocked for that entity the global filtering profile should not have P2P blocked unless blocking all P2P traffic with ...

Page 56: ...sses on the network that user s Internet usage is appropriately filtered and blocked The act of configuring multiple Web Filters to share the same user profile informa tion is known as synchronization The synchronization feature allows an administrator to control multiple Web Filters without the need to configure each one independently Web Filter synchronization uses a source target configuration ...

Page 57: ... been iden tified by the source unit via the Synchronization Setup window of the Web Filter console This means that all filtering configuration should be made on the source Web Filter This also means that any user level filter authentica tion should be performed on the source Web Filter so that these filtering changes can be disseminated to all Web Filter target units NOTE If the failover detectio...

Page 58: ...a standalone Web Filter to an M86 WFR server please consult the chart at http www m86security com software 8e6 hlp r3000 files 1system_sync_versions html for software version compati bility between the two products WARNING If an Web Filter is set up in the Source mode with a Network Address Translation NAT device between the source and target server s be sure that ports 26262 26268 and 88 are open...

Page 59: ...tion or user profile update the change is applied locally Once locally applied on the source server this update is sent to all target Web Filters Each target server will then immediately apply this filtering change The result is that profile updates occur on all Web Filter units in near real time In the event that a target server is unable to communicate with the source server the target server wi...

Page 60: ...ver this update will be placed in a queue for submission to target Web Filter servers The source server will then send the information in the queue to all target servers Each target server will receive this information and apply the update On the source server a separate queue exists for each identified target server A queue is used as a repository in the event of a communication failure between t...

Page 61: ...in activating a library change can take a little longer than in activating a filtering profile change This is due to the fact that the library on the Web Filter is loaded into the physical memory When a change is made to the library a new library must be loaded into memory with the changes So the delay between the library change taking place is the net of the amount of time it takes the source ser...

Page 62: ...e source Web Filter For purpose of differentiation these items will be referred to as functionally synchronized for purposes of this user guide These functionally synchronized items will be available for use on the target Web Filter The following options are available for synchronization Synchronize all items both profile and library changes and synchronize only library items As you will see by th...

Page 63: ...ent settings in the Global Group profile Functionally Synchronized Items Common Customization Block Page Authentication settings Authentication Form Customization Lock Page Customization Warn Page Customization Profile Control settings Quota Block Page Customization Quota Notice Page Customization Minimum Filtering Level Rules Global Group Profile Override Account addition deletion activation deac...

Page 64: ...ting Non synchronized Items Filter control settings Virtual IP and Authentication IP addresses IP addresses Default routes Software Update application Synchronization settings Filter Mode Backup Restore SNMP configuration Warn Option Setting Reporter configuration CMC Management UI SSL Certificate ...

Page 65: ...word additions deletions Keywords in URL additions deletions Functionally Synchronized Items Category Weight System additions deletions Non synchronized Items Common Customization Block Page Authentication settings Authentication Form Customization Lock Page Customization Warn Page Customization Profile Control settings Quota Block Page Customization Quota Notice Page Customization Minimum Filteri...

Page 66: ... activation deactivation Filter control settings Virtual IP and Authentication IP addresses IP addresses Default routes Software Update application Synchronization settings Filter Mode Backup Restore Radius Authentication Settings SNMP configuration X Strikes Blocking settings Warn Option Setting Reporter configuration CMC Management UI SSL Certificate ...

Page 67: ...r will need to be replaced due to hardware failure In cases in which the source Web Filter server is out of commission for an extended period of time this server should be replaced as soon as possible so that individual user authentication can be executed and the ability to control the filtering cluster is continually enabled In cases in which the Web Filter will not be immediately replaced one of...

Page 68: ... a safe storage place until it is needed 4 In the LAN Settings window accessible via System Network set up IP addresses to be the same as on the source server that is being replaced 5 Go to the Reboot window accessible via System Control and reboot the server 6 Once the Web Filter is rebooted reconnect to the console and access the Backup Restore window 7 Upload the last good configuration from th...

Page 69: ...gain and should operate normally Set up a New Source Server from Scratch In the event that you do not have a reliable backup file that can be used for establishing a new source server you must recreate the settings on the new source server Set up a Target Server as a Source Server 1 Log in to the console of the target server designated as the new source server 2 In the System section of the consol...

Page 70: ...iately to have a copy sent to you Access the Administrator Console Log On 1 Launch an Internet browser window supported by the Web Filter 2 In the address line of the browser window type in https and the Web Filter server s IP address or host name and use port number 1443 for a secure network connection plus login jsp For example if your IP address is 210 10 131 34 type in https 210 10 131 34 1443...

Page 71: ...word is user3 To change this username and password go to the Administrator window see the Administrator window of the System screen in the Global Administrator Section and create a global adminis trator account NOTE See Chapter 1 System screen in the Global Administrator Section for information on logging into the Web Filter user inter face if your password has expired 5 Click LOGIN to access the ...

Page 72: ...ated more than 7 days ago Do you want to update your libraries now Click either Yes or No to perform the following actions Yes clicking this button closes the dialog box and opens an alert box indicating that it will take a few minutes to perform the library update Click OK to close the alert box and to execute the command to update the libraries After the libraries are updated today s date will a...

Page 73: ...me screen Last Library Update text Click the checkbox Do not show Old Library Warning dialog box in future to disable the Last Library Update message box After the libraries are updated the welcome screen will appear as in Fig 1 4 2 with today s date as the Last Library Update in black text ...

Page 74: ...mains groups and individual users and their filtering profiles Library clicking this link displays the main screen for the Library section Library section windows are used for adding and maintaining library categories Library cate gories are used when creating or modifying a filtering profile Reporting clicking this link displays the main screen for the Reporting section The Reporting section cont...

Page 75: ...n your session has been terminated the login window re displays Note that on each screen in the right side of the banner the following displays X Strikes Blocking icon If the X Strikes Blocking feature is enabled this icon can be clicked by autho rized users to access the X Strikes Unlock Workstation window where workstations are unlocked Real Time Probe icon If the Real Time Probe feature is enab...

Page 76: ...tips Access Help Topics Each of the main section screens contains a link beneath the banner When that link is clicked a separate browser window opens with Help Topics for that section Fig 1 4 5 Help Topics window 1 Click a link to go to a specified topic 2 To view Help Topics for another section click the tab for that section Policy Library Reporting System or Help 3 Click Close Window to close th...

Page 77: ... beneath the banner additional information about that window can be obtained by hovering over that icon with your mouse or by pressing the F1 key on your keyboard Hover Display The yellow tooltip box displays when you hover over the icon with your mouse Fig 1 4 6 Tooltip mouseover effect To close the tooltip box move the mouse away from the icon ...

Page 78: ...TORY SECTION CHAPTER 4 GETTING STARTED 58 M86 SECURITY USER GUIDE Help pop up box The Help pop up box opens when you press the F1 key on your keyboard Fig 1 4 7 Help pop up box Click OK to close the pop up box ...

Page 79: ...trator console screens and windows use different navigation formats based on the contents of a given screen or window Screens can contain topic links and sub topic menus and or tree lists with topics and sub topic menus Windows can contain tabs that function as sub windows Topic Links In Library Reporting and System screens the navigation panel contains topic links By clicking a topic link the win...

Page 80: ...opics Some topics in Library and System screens consist of more than one window For these topics clicking a topic link opens a menu of sub topics Fig 1 4 9 Sub topics menu When a sub topic from this menu is selected the window for that sub topic displays in the right panel of the screen ...

Page 81: ... screens Fig 1 4 10 Tree menu A tree is comprised of a hierarchical list of items An entity associated with a branch of the tree is preceded by a plus sign when that branch of the tree is collapsed By double clicking the entity a minus sign replaces the plus sign and all branches within that branch of the tree display An item in the tree is selected by clicking it ...

Page 82: ...b topics Topics in the tree list display by default when the tree is opened Examples of tree list topics are circled in Fig 1 4 11 When a tree list topic is selected and clicked a menu of sub topics opens Fig 1 4 11 Tree list topics and sub topics Clicking a sub topic displays the corresponding window in the right panel or opens a window or alert box as appro priate ...

Page 83: ...ere are windows with tabs When selecting a window with tabs from the navigation panel the main tab for that window displays Entries made in a tab must be saved on that tab if the tab includes the Apply button NOTE In the Time Profile and Override Account windows entries are saved at the bottom of the window Fig 1 4 12 Window with tabs ...

Page 84: ...on Path The navigation path displays at the top of each window Fig 1 4 13 Navigation path This path reminds you of your location in the console The entire path shows the screen name followed by the topic name and sub topic name if applicable Refresh the Console Press F5 on your keyboard to refresh the Administrator console This feature is useful in the event that more than one browser window is op...

Page 85: ... items is selected click the appropriate button to perform the action on the items Copy and Paste Text To save time when making duplicate data entries text previ ously keyed into the GUI can be copied and pasted into other fields without needing to key in the same text again Copy command Copy text by using the cursor to highlight text and then pressing the Ctrl and C keys on the keyboard Paste com...

Page 86: ... to open the IP Calculator window If the IP address field in the window on the console is already populated note the IP Calculator window displays the IP address default Netmask in both the Dotted Decimals Notation e g 255 255 255 248 and CIDR Notation e g 29 format Min Host and Max Host IP addresses If the IP address field in the window on the console is empty in this window enter the IP address ...

Page 87: ...ion in this window click Close to close the IP Calculator Re size the User Interface For greater ease in viewing content in any screen re size the browser window by placing your cursor at any edge or corner of the user interface left clicking and then dragging the cursor to the left or right or inward or outward ...

Page 88: ...uit dialog box Fig 1 4 15 Quit dialog box 2 Click Yes to return to the Login window 3 Click the X in the upper right corner of the screen for the Login window to close it WARNING If you need to turn off the server see the ShutDown window of the System screen in the Global Administrator Section Technical Support Product Warranties For technical assistance or warranty repair please visit http www m8...

Page 89: ...cation if pertinent To attain this objective the global administrator performs the following tasks provides a suitable environment for the server including Hypertext Transfer Protocol over Secure Socket Layer HTTPS link to the current logging device power connection protected by an Uninterruptible Power Supply UPS high speed access to the server by authorized client workstations adds group adminis...

Page 90: ...cs displays in the navigation panel at the left of the screen Main topics in this section include the following Control settings Network settings Administrator account information Secure Logon Diagnostics Alert contacts Software Update Synchronization operation Mode Authentication settings see the M86 Web Filter Authentication User Guide for information about this topic Backup Restore operations R...

Page 91: ...s cannot be edited and the following topics and any asso ciated sub topics are not available Block Page Authentication Authentication Radius Authentication Settings X Strikes Blocking and Warn Option Setting If a Web Filter is set up in the Target mode to synchronize only library setting changes all topics and sub topics are available A help desk administrator will only see the Administrator and D...

Page 92: ...network filtering preferences on this server Fig 2 1 2 Filter window Local Filtering is used for specifying whether this server being configured will filter traffic on the network If enabling the HTTP Filtering feature that automatically detects a split packet HTTP headers less than or equal to the number of bytes specified will be inspected HTTPS Filtering lets you set the level of filtering for ...

Page 93: ...k set up in the Target mode NOTE This window displays greyed out if the synchronization feature is used and this server being configured is set up in the Target mode to synchronize both profile and library setting changes TIP See the Introductory Section for overviews on the following topics IM and P2P Chapter 2 Logging and Blocking Synchronization Chapter 3 Synchronizing Multiple Units Local Filt...

Page 94: ... packet Enable HTTP Packet Splitting Detection By default the feature that automatically detects a split HTTP packet is disabled 1 Click On to enable HTTP Packet Splitting Detection this action displays a field below the radio buttons 2 In the Inspect HTTP headers that are less than or equal to ___ Bytes field by default 48 displays for the number of bytes This entry can be modified to specify a d...

Page 95: ...t the Web Filter to communicate with HTTPS servers to obtain the certificate with a very strict validation of the return URL If High is selected by default the option is enabled for a library lookup to overrule the DNS validation of the host name in the certificate WARNING If using the High setting end users may be blocked from accessing acceptable Web sites if the host names of these sites do not...

Page 96: ... PROXY library category Web based Proxies Anonymizers must be applied to the group or user s filtering profile Or to block all users from accessing these proxy patterns the global filtering profile and minimum filtering level must have the PROXY library category set up to be blocked To block specified users from accessing IM services CHAT and specified Instant Messaging M86 supplied library catego...

Page 97: ...s if the Web Filter currently being configured is set up in the Source mode for synchronization The default setting has All Target s Filtering On Disable Filtering on Target Servers To disable All Target s Filtering click the Off radio button Each target server on the network will not filter the Range to Detect specified on that server Enable Filtering on Target Servers To enable All Target s Filt...

Page 98: ...page that displays when an end user attempts to access a site or service that is set up to be blocked Fig 2 1 3 Block Page Authentication window NOTE This feature is not available if the synchronization feature is used and this server being configured is set up in the Target mode to synchronize both profile and library setting changes See the Block Page Customization window and Common Customizatio...

Page 99: ...er has an Override Account allowing him her to access URLs set up to be blocked at the global or IP group level Re authentication select this option for the re authentication option The user can restore his her profile and NET USE connection by clicking an icon in a window to run a NET USE script NOTES Details about the Web based Authentication option can be found in the M86 Web Filter Authenticat...

Page 100: ...cating users on the network in the event that a user s machine loses its connection with the server or if the server is rebooted This format requires the entry of two backslashes the authentication server s computer name or computer IP address in capital letters a backslash and name of the share path 3 Click Apply to apply your settings Block page When a user attempts to access Internet content se...

Page 101: ...e block page HELP Clicking this link takes the user to M86 s Tech nical Support page that explains why access to the site or service may have been denied M86 Security Clicking this link takes the user to M86 s Web site By default these links are included in the block page under the following conditions For further options click here This phrase and link is included if any option was selected at th...

Page 102: ...age is submitted to the global administrator Options page The Options page displays when the user clicks the following link in the block page For further options click here Fig 2 1 5 Options page The following items previously described for the Block page display in the upper half of the Options page HELP link User Machine frame contents ...

Page 103: ... Account was selected at the Re authentication Options field This option is used by any user who has an override account set up for him her by the global group administrator or the group administrator An override account allows the user to access Internet content blocked at the global or IP group level The user should enter his her Username and Password and then click Override to open the Profile ...

Page 104: ... at the Re authentication Options field Re start your system and re login This phrase displays for Option 3 whether or not either of the other Re authentication Options Re authentication or Web based Authentication was selected If the user believes he she was incorrectly blocked from a specified site or service he she should re start his her machine and log back in Try re authenticating your user ...

Page 105: ...i e Firefox Safari or Chrome he she will see a message specifying that IE is the only browser type supported for re authentication ShutDown window The ShutDown window displays when ShutDown is selected from the Control menu This window is used for powering off the server Fig 2 1 8 ShutDown window Shut Down the Server In the ShutDown frame click ShutDown to power off the server To restart the serve...

Page 106: ...oot frame click Reboot to open the Reboot Web Filter dialog box 2 Click Yes to close the dialog box and to launch the Server Status message box informing you that the server is now disconnected When the Server Status box closes the Web Filter status message box opens and informs you that the server is rebooting itself and how much time has elapsed since this process began After the server is reboo...

Page 107: ...ed and that you must restart the server 3 Click OK to close the Web Filter ready alert box 4 Click OK to close the Server connected alert box 5 You must now re access the Web Filter Administrator console NOTE See Chapter 4 Getting Started from the Introductory Section for information about accessing the Web Filter user inter face and logging back into the server ...

Page 108: ...he network Click the Network link to view a menu of sub topics LAN Settings NTP Servers Regional Setting and Block Page Route Table LAN Settings window The LAN Settings window displays when LAN Settings is selected from the Network menu This window is used for configuring network connection settings for the Web Filter Fig 2 1 10 LAN Settings window ...

Page 109: ... the network TIP Be sure to place the LAN1 and LAN2 IP addresses in different subnets In the Primary IP field of the DNS frame the default IP address is 4 2 2 1 Enter the IP address of the first DNS server to be used for resolving the IP address of the authentication server with the machine name of that server In the Secondary IP field of the DNS frame the default IP address is 4 2 2 2 Enter the I...

Page 110: ...fying IP addresses of servers running Network Time Protocol NTP software NTP is a time synchronization system for computer clocks throughout the Internet The Web Filter will use the actual time from a clock at a specified IP address NOTE The System Time displays beneath the Details frame using the YYYY MM DD HH MM SS Coordinated Universal Time UTC format for the current time zone Fig 2 1 11 NTP Se...

Page 111: ...he primary time NTP server specified IP addresses are used in the order in which they display in the list box Add an NTP Server To add an NTP server 1 Enter the IP address in the NTP Server field 2 Click Add to include this IP address in the Servers list box 3 Click Apply to apply your settings Remove an NTP Server To remove an NTP server 1 Select the IP address from the Servers list box 2 Click D...

Page 112: ... 1 12 Regional Setting window Specify the Time Zone Language Set In the Details frame the Region US and the Location Pacific display by default To change these settings 1 At the Region pull down menu select your country from the available choices 2 At the Location pull down menu select the time zone for the specified region If necessary select a language set from the Language pull down menu to spe...

Page 113: ... Table window The Block Page Route Table window displays when Block Page Route Table is selected from the Network menu This window is used for building and maintaining a list of destina tion based routers the server will use for communicating with other segments of the network You need to set up a route table only if your local network is interconnected with another network and if users client mac...

Page 114: ...ortal to which packets will be transferred to and from the Internet TIP Click Calculator to open the IP Calculator window Use this calculator to calculate IP ranges without any overlaps 4 Click Add to include your entries in the IP Mask list box NOTE Follow steps 1 4 for each router you wish to include in the routing table Remove a Router To remove one or more routers from the IP Mask list box 1 S...

Page 115: ...les A Help Desk administrator can verify a user s current filtering profile status and can perform URL and search engine keyword lookups in library categories NOTE See the Group Details window in Chapter 1 Policy screen of the Group Administrator Section for information on setting up and maintaining accounts for IP group administrators See the M86 Web Filter Authentication User Guide for more info...

Page 116: ...ox includes the Account Name and corresponding account Type Admin Sub Admin or Help Desk for each active global administrator LDAP group administrator or help desk administrator previously set up in this window Add an Administrator Account To add an administrator account 1 In the Account Details frame enter the username in the Username field 2 In the Password field enter eight to 20 characters inc...

Page 117: ... one special character The password is case sensitive 3 Enter the same new password again in the Confirm Password field If the administrator s account type needs to be changed select the appropriate account type from the Type pull down menu Admin for global administrator Sub Admin for LDAP group administrator or Help Desk for help desk administrator 4 Click Modify to apply your settings NOTE A use...

Page 118: ...s and Logon Management Logon Settings window The Logon Settings window displays when Logon Settings is selected from the Secure Logon menu This window is used for enabling the password expiration feature in which you define the number of days a password will be valid before a new password must be used You can also enable the feature for locking out a user from the interface by user name and or IP ...

Page 119: ...lowing select from available choices 1 30 90 365 Never Expired make an entry for the number of days until passwords expire NOTE If a user s password has expired when he she enters his her username and password in the Login window and clicks LOGIN a login dialog box opens Fig 2 1 16 New password entry This dialog box displays his her Username and prompts him her to enter a new password in the Passw...

Page 120: ...ncorrect password At the Lockout by IP address field click the radio button corresponding to either of the following options On Choose this option to lock out the user by IP address if the incorrect password is entered for the number of times specified in the Allowable Number of Failed Password Attempts 1 10 field within the interval defined in the Failed Password Attempts Timespan in minutes 1 14...

Page 121: ...e enters an incorrect password for that same username within the 10 minute timespan a lockout would be made for that username on the third unsuccessful attempt However if the third failed login attempt is made outside of the 10 minute timespan there would be no lock out for that username In a similar scenario for an IP address using the same timespan and designated number of failed login attempts ...

Page 122: ...ocking usernames and IPs currently locked out of the Web Filter If the user account is a global Admin LDAP group administrator Sub Admin or help desk administrator Help Desk account the areas of user interface accessible to that administrator can be viewed Fig 2 1 17 Logon Management window NOTE An account IP address becomes locked if the Lockout by Username IP address feature is enabled in the Lo...

Page 123: ... Administrator window Help Desk help desk administrator account set up in the Administrator window Group IP group administrator account set up in the IP branch of the Policy tree Probe Real Time Probe account set up in the Real Time Probes Logon Accounts window XStrike X Strikes Blocking account set up in the X Strikes Blocking Logon Accounts window Expired Date either Never Expired or a date usin...

Page 124: ... and to remove the locked symbol from the Locked column for the row corre sponding to the username View Locked IP Address Unlock IP Address View Locked IPs The Current Locked IP Addresses frame displays any IP address currently locked Unlock an IP Address To unlock the IP address of a machine 1 In the Current Locked IP Addresses frame click the IP address to highlight it 2 Click Unlock to open the...

Page 125: ...t the Admin Sub Admin or Help Desk username from the list 2 Click View Access to open the Assign Access View window Fig 2 1 18 Assign Access View 3 The View Preview assign access frame displays the username in the greyed out Assign to user field Click any of the available tabs System Policy Library Report Help to view menu topics sub topics and branches of trees available to that administrator 4 C...

Page 126: ...opics System Command View Log File Troubleshooting Mode Active Profile Lookup and Admin Audit Trail System Command window The System Command window displays when System Command is selected from the Diagnostics menu This window is used for viewing server statistics and for performing diagnostic tests on the server Fig 2 1 19 System Command window WARNING Diagnostics tools utilize system resources i...

Page 127: ...ng table free current memory usage iostat CPU usage sar system performance recent logins uptime system uptime df disk usage and dmesg print kernel ring buffer NOTE See Command Selections for a list of commands and their functions If Ping or Trace Route was selected from the pull down menu a blank field displays to the right and must be populated 2 Click Execute to open a window containing the quer...

Page 128: ...our network configuration This diagnostic tool records each hop the data packet made identifying the IP addresses of gateway computers where the packet stopped en route to its final destination and the length of time of each hop Enter the IP address or host name of the specific Internet address to be validated and then click Execute to display results in the window Process list The Process list di...

Page 129: ...on NIC Configuration is used for verifying the server s network interface configuration at bootup When Execute is clicked information about the NIC mode and RX packets and TX packets displays in the window Active connections When Active Connections is selected and Execute is clicked information about opened connections displays in the window The first half of the results includes packet traffic da...

Page 130: ...l shows information on resources being used When Execute is clicked the window shows averages on various statistics These results can be stored in a compact binary format and then viewed at later date so that if you discover a system or application problem occurred you can analyze system activity during that time period With this data you can specify start and end times for reporting on that data ...

Page 131: ...wing disk usage information by file system When Execute is clicked rows of disk information display in the Result window including the following information for each disk Filesystem name 1K blocks on the disk number of Used blocks number of Available blocks Use locations where the disk is Mounted on dmesg print kernel ring buffer The Print Kernel Ring Buffer diagnostic tool is used for viewing the...

Page 132: ...ile window View Log Results In the Log File Details frame 1 Select the type of Log File to view Realtime Traffic Log shadow log used for viewing the Internet activity of all users on the network User Name Log usage log used for viewing the time and date a user logged on and off the network along with the user s profile information Software Update Log patch log used for viewing the results of a sof...

Page 133: ...iewing information on entries made by the admin istrator in the Web Filter console NOTE For information about the Authentication Log Authenti cationServer log eDirectory Agent Debug Log edirAgent log eDirectory Agent Event Log edirEvent log and Authentication Module Log authmodule log options see the View log results section in the M86 Web Filter Authentication User Guide 2 Choose the Last Number ...

Page 134: ...stem resources impacting the Web Filter s performance When you click Enable the Web Filter will stop filtering the network After you finish making the neces sary changes to the server be sure to click Disable to terminate your Troubleshooting Mode session Once Disable is clicked the Web Filter will resume filtering the network NOTES See the Operation Mode window for information about invisible rou...

Page 135: ...s Mode field the default choice on or off displays based on the operation mode that was selected The promiscuous mode is a mode of operation in which each data packet that is sent will be received and read by the Network Interface Card NIC 5 If necessary click the appropriate radio button to indicate whether to turn the promiscuous mode on or off If on is selected the Web Filter will watch all net...

Page 136: ...om the Diagnostics menu This window is used for verifying whether an entity has an active filtering profile This window also is used for troubleshooting synchronization on target Web Filters to verify whether settings for user profiles match the ones synced over from the source Web Filter Fig 2 1 24 Active Profile Lookup window NOTE In order to use this diagnostic tool IP groups and or members mus...

Page 137: ...g the Result frame that displays profile settings applied to the profile Fig 2 1 25 Active Profile Lookup results The default Login Summary tab displays the following information Domain name IP group domain name Profile name name of the profile additional profile information Time profile name for time profiles the name of the time profile displays Rule name if this profile uses a non custom rule t...

Page 138: ...isplays group and library categories with filter settings that determine whether or not the end user can access URLs set up for that category group library category TIP In the Category Groups tree double click the group enve lope to open that segment of the tree and to view library catego ries belonging to that group A check mark inside a green circle displays in the Pass Allow Warn Block column f...

Page 139: ...ithin that group has a filter setting in a column other than the filter setting designated for all collective library categories within that group For example if in the Adult Content category group some of the library catego ries have a block setting and other library categories have a warn setting there would be no category group filter setting since all library categories do not have the same fi...

Page 140: ... Keyword Filter Control option selected 4 Click the X in the upper right corner of the box to close it Admin Audit Trail window The Admin Audit Trail window displays when Admin Audit Trail is selected from the Diagnostics menu This window is used for specifying FTP criteria so that a log of server changes made by an administrator will be sent to the FTP server The log of changes made on the server...

Page 141: ...ected by default indicating that transfers will be made via unre stricted outgoing network connections Click Active if transfers will be initiated by the server 4 Type in the Username to be used 5 Type in the Password to be used and type it again in the Confirm Password field 6 Specify whether or not to Send Daily Log to FTP Server by clicking either the on or off radio button 7 Click Apply to app...

Page 142: ... the View tab Fig 2 1 27 Admin Audit Trail window View tab Click View Log to display data on recent activity For each change made on the server the log will contain the date and time the change was made Time IP address of the machine used by the administrator administrator s User name and a brief description of the Action performed on the server ...

Page 143: ...rom the Alert menu This window is used for setting up and maintaining email addresses of contacts who will receive automated notifications if problems on the network are detected during the Web Filter s self monitoring process Fig 2 1 28 Alert Settings window The following processes are monitored by the Web Filter CPU Processes If any CPU process fails to run the Web Filter alerts the administrato...

Page 144: ...ction should be taken to prevent the hard drive from reaching 100 percent utilization Log File Transmission If the Web Filter is unable to send log files as scheduled to an ER server or a third party FTP server the log files are placed in a queue so they can be sent when a connection is established with the server If these logs cannot be successfully trans mitted after a period of time an alert is...

Page 145: ...ail messages to designated administrators enter the email address of the Web Filter in the From Email Address field 5 Click Apply to apply your settings Modify Alert Settings 1 Make any of the following edits in the Emergency Email Notification frame change an email address by typing the new one over the existing one deactivate a contact by removing the check mark from the checkbox corresponding t...

Page 146: ...e used for sending email alert messages to specified administrators Fig 2 1 29 SMTP Server Settings window Enter Edit SMTP Server Settings 1 Enter the SMTP Server name for example mail logo com 2 By default the SMTP Server Port number used for sending email is 25 This should be changed if the sending mail connection fails 3 By default the Email queue size is 50 This can be changed to specify the m...

Page 147: ...ter the Username b Enter the Password and make the same entry in the Confirm Password field 5 Click Apply to apply your settings Verify SMTP Settings To verify that email messages can be sent to a specified address 1 Click Test Settings to open the box Fig 2 1 30 SMTP Test Settings box 2 Enter the email address in the box 3 Click OK to close the box and to process your request If all SMTP Server S...

Page 148: ...window is used for viewing information about software updates previously applied to this server or currently available to apply This screen is also used for accepting LA Beta software downloads if choosing to download Limited Availability LA and or Beta updates for previewing software features to be included in the General Availability GA release to be distributed to all Web Filters Fig 2 1 31 Loc...

Page 149: ...an be obtained Read Information about a Software Update In either the Available Software Updates frame or the History of Software Updates frame the Date Name Type of update GA LA or Beta and Synopsis are included for each software update To read information about a software update 1 Select a software update from the list 2 Click the README button to open the README box that contains information ab...

Page 150: ...GA software updates or LA Beta software updates if the download and installation of LA Beta software updates has been enabled in the Enable Disable Software Update Type Download frame see the Enable Disable Software Update Type Downloads sub section To apply a software update 1 Go to the Available Software Updates frame and select the software update to be applied 2 Click Apply to open the softwar...

Page 151: ...pdate application process Fig 2 1 35 Software update verification message box NOTE To verify whether or not a software update has been successfully applied go to System Diagnostics View Log File window and select Software Update Log patch log See View Log File window for more information 5 Click OK to close the alert box and to proceed This action opens the connection failure alert box indicating ...

Page 152: ... is used for enabling or disabling the download of Limited Availability LA and Beta software updates By default all active Web Filters will receive General Avail ability GA software downloads Clicking the checkbox preceding LA or Beta enables disables the request to down load that software update type LA and Beta software updates offer a preview of software to be released GA LA software updates ca...

Page 153: ...ADME and Apply Now Click Apply Now to open the Software Update Installa tion Key box Fig 2 1 37 Software Update Installation Key box 2 If you have an installation key for receiving LA or Beta software updates go to the Enter the installation key field and type in that key NOTE If you do not have an installation key click the link click here to go to the M86 Security Web site where you will need to...

Page 154: ...acceptance dialog box and to open the End User License Agreement dialog see Fig 2 1 34 5 Follow steps 4 and 8 in the preceding General Software Installation Procedures sub section to accept the EULA and apply the software update Undo an Applied Software Update NOTE Only the most recently applied software update can be uninstalled WARNING If a software update is uninstalled configuration settings w...

Page 155: ...te Log window displays when Software Update Log is selected from the Software Update menu This window is used for viewing the software update log that provides the status on the Web Filter s software update activity including checks for new software updates and downloaded and applied software updates Fig 2 1 40 Software Update Log window View Log Contents Click View Log to display contents of the ...

Page 156: ...ad is completed In the file download dialog box select the save option this action opens the window on your worksta tion where you specify the filename for the file and where to save the file 3 Select the folder in which to save the file and then enter the File name retaining the zip file extension Click Save to begin downloading the zip file to your worksta tion NOTE Proceed to View the Contents ...

Page 157: ...ile has been downloaded to your workstation you can view its contents 1 Find the log file in the folder and right click on it to open the menu Fig 2 1 41 Folder containing downloaded file 2 Choose Open With and then select a zip file executable program such as WinZip Executable to launch that application Fig 2 1 42 WinZip Executable program ...

Page 158: ... open the window containing the zip file Fig 2 1 43 WinZip window 4 Right click the zip file to open the menu and choose View to open the View dialog box Fig 2 1 44 View dialog box 5 Select Internal ASCII text viewer and then click View to open the View window containing the log file contents Fig 2 1 45 View window ...

Page 159: ... to save or print the contents of this file 1 Click Clipboard Copy wait for the dialog box to open and confirm that the text has been copied to the clip board and then click OK to close the dialog box 2 Open Notepad in Windows XP Start All Programs Accessories Notepad 3 Paste the contents from the clipboard into the Notepad file The correctly formatted Notepad file can now be saved and or printed ...

Page 160: ... aforementioned manner the menu option for Status also becomes available in the menu If the Web Filter is set up to send profile library setting changes that Web Filter will function as a Centralized Management Console and thus the CMC Management topic becomes available in the navigation panel NOTES For an overview on synchronization see Chapter 3 Synchronizing Multiple Units from the Introductory...

Page 161: ...rs as targets so that user profiles and or library settings can be copied to other servers This process ensures that all servers run in parallel on the network thereby eliminating the need to manually configure profile and library settings on each server Fig 2 1 46 Setup window Stand Alone mode Using Only One Web Filter on the Network By default the Stand Alone mode is selected in the Mode frame T...

Page 162: ...b Filter to be a Source Server A Web Filter configured to be a source server will send profile library setting changes to other Web Filter target servers WARNING If a Web Filter is set up in the Source mode with a Network Address Translation NAT device between the source and target server s be sure that ports 26262 26268 and 88 are open on the source server This setup is required so that the sourc...

Page 163: ...pliance Watchdog software release 3 0 00 must first be installed on a separate workstation and set up to watch that Web Filter Go to http www m86security com support Watchdog documentation asp to download this release If using the failover detection feature Local Filtering on this source server must be enabled Troubleshooting on this source server must be disabled The Operation Mode on this source...

Page 164: ...responding Location information if applicable in the list box The following optional steps can be performed Follow steps 5 to 7 for each server that should receive profile library setting changes from this server being configured Click Test Target s to open an alert box that provides the server mode status for each IP address you entered Click OK to close the alert box and make any adjustments if ...

Page 165: ... second scenario the source server has failed and needs to be replaced with another server One of the target servers is promoted to function as the new source server The newly designated source server should be updated with the most recent configurations via the latest valid backup from the failed source server Once this data is restored to the new source server each target server should be sent t...

Page 166: ...Source IP frame enter the Source IP address to use for sending profile library setting changes to this server being configured NOTE If a source server is set up with a NAT device the NAT IP address must be used instead of the source server s own IP address 3 Click Test Source to open an alert box that provides the server mode status for the IP address you entered 4 Click OK to close the alert box ...

Page 167: ...Status window The Status window displays when Status is selected from the Synchronization menu This menu selection is available only if this server currently being configured is either set up in the Source mode or Target mode If set up in the Source mode this window is used for veri fying that profile updates are being sent to the target server s as in the example below Fig 2 1 49 Status window So...

Page 168: ... nization last occurred for the target server TIPS The order in which columns display in the grid can be changed by clicking the column header and sliding the column to another position in the grid To change the sort order click the header of a column All rows will sort in descending order by that column If text in any column displays truncated followed by ellipses place the cursor over the beginn...

Page 169: ...ously synced to a specified target server 1 In the History column for that server click Details to open the History of Target window 2 Select the maximum Last Number of Lines from the pull down menu 100 200 300 400 500 for the most recent synchronization history that you wish to view 3 Click View to display lines of items in the History Log Fig 2 1 51 History of Target window 4 Click Close to clos...

Page 170: ...he Web Filter System Time displays above the Target Sync Status frame This is the current date and time from the Web Filter using the YYYY MM DD and HH MM SS format and includes the UTC code for the time zone Fig 2 1 52 Status window Target mode The Target Sync Status frame includes the following infor mation Source IP The IP address of the source server displays Connection Status OK or FAULT disp...

Page 171: ...date and time of the last successful synchronization displays using the YYYY MM DD and HH MM SS format History Log Click the Details button to open the History of Target window See View Items Previously Synced to the Server in this section for information on accessing and viewing the contents of this window ...

Page 172: ...d from the Mode menu This window is used for specifying the operational mode the Web Filter will use to filter the network and the settings the Web Filter will use for listening to traffic and sending traffic This window is also used for configuring the Web Filter to perform other opera tional capacities In the Mobile mode the Web Filter will solely filter workstations outside of the server locati...

Page 173: ...t that uses the mobile mode WARNING If using the router or firewall mode M86 recommends contacting one of our solutions engineers if you need any assis tance with setup procedures Specify the Listening Device In the Listening Device frame select the default listening Device for the selected mode LAN1 or LAN2 If using the invisible mode LAN1 displays by default If using the router or firewall mode ...

Page 174: ...s Choose from either of the two Protocol Methods Send Block Page via ARP Table this option uses the Address Resolution Protocol method to find the best possible destination MAC address of a specified host usually the Web Filter gateway Send Block to Specified Host MAC Address using this preferred method the block page will always be sent to the MAC address of a specified host usually the Web Filte...

Page 175: ...lely work with ICAP requests from an ICAP client proxy server When an end user makes a request for Internet content this request is routed to the proxy server which then submits the request to the ICAP server The ICAP server sends back a response to the proxy server which may send the request to the original Web Filter in some network setups and then return a response to the proxy server Based on ...

Page 176: ... Sections 0 86400 field enter the time in seconds in which the options response is valid By default 3600 displays 5 In the Preview Bytes 0 4096 field enter the number of bytes to be included in the response header to be sent by the ICAP client for preview by the ICAP server before the entire request is submitted to the ICAP server By default 1024 displays 6 In the Port field enter the port number ...

Page 177: ...will be allowed to pass without being overblocked Fig 2 1 54 Proxy Environment Settings window NOTE Basic Proxy Authentication must be used if using HTTPS in a proxy environment The Web Filter has been tested with ISA Blue Coat and Squid proxies Use a Local Proxy Server In the Proxy Setting frame the default setting is Off To specify that a local proxy server is used in the environment 1 Click the...

Page 178: ...ize HTTPS traffic and then click Add to include that IP address in the list box below TIP To remove an IP address from the list box select it and then click Remove 3 Click Apply to enable your settings Authentication Authentication includes options for configuring the Web Filter to authenticate and re authenticate users on the network Click the Authentication link to view a menu of sub topics Enab...

Page 179: ...tings modifications later if necessary Fig 2 1 55 Backup Restore window Backup tab WARNING A backup should be created and downloaded off the Web Filter server whenever a change is made to filtering settings on the Web Filter server For each backup configuration created or uploaded via this window a row is added to the Backup Configurations grid in the Restore tab The newly added row includes the f...

Page 180: ...olumn Backup Procedures M86 recommends performing backup procedures whenever changes are made to system configurations or to library configurations By creating backup files and saving these files off the Web Filter prior server settings can later be retrieved and uploaded to the Web Filter in the event that current settings are incorrect or if you wish to revert to settings from a previous backup ...

Page 181: ...ose the dialog box and to open the Backup Restore alert box that informs you it may take some time to back up configurations based on the amount of data to be saved 5 Click OK to close the Backup Restore alert box After configurations have been successfully saved the Message alert box opens to display a confirmation message 6 Click OK to close the Message alert box and to add a new row for that fi...

Page 182: ...e is used for transferring backup files to the server via FTP 4 In the Password and Confirm Password fields type in the password for the username specified in the FTP Directory field 5 Click Apply to open the Server Configuration dialog box asking if you wish to save your settings TIP Click No to close the dialog box without saving your settings 6 Click Yes to close the dialog box and to open a Me...

Page 183: ...iteria a Select from a list of time slots incremented by 15 minutes 12 00 to 11 45 By default the Start field displays the closest 15 minute future time and the End field displays a time that is one hour ahead of that time For example if the time is currently 11 12 11 15 displays in the Start field and 12 15 displays in the End field b Indicate whether this time slot is AM or PM c Today s date dis...

Page 184: ... is made enter the interval for the number of days this time profile will be used By default 1 displays indicating this profile will be used each day during the specified time period If 5 is entered this profile will be used every five days at the specified time Weekly If this selection is made enter the interval for the weeks this time profile will be used and specify the day s of the week Sunday...

Page 185: ...d and the Third Weekday are selected this profile will be used every three months on the third week day of the month If the month begins on a Thursday for example May 1st the third week day would be the following Monday May 5th in this example Yearly If this selection is made the year s month and day for this time profile s interval must be speci fied First enter the year s for the interval By def...

Page 186: ...the time profile will be effective up to a given date No end date If this selection is made the time profile will be effective indefinitely End by If this selection is made by default today s date displays using the MM DD YY format To choose another date click the arrow in the date drop down menu to open the calendar pop up box See the infor mation on the previous pages on how to use the calendar ...

Page 187: ...containing a message on how to download the log file to your worksta tion if using Windows Explorer 3 Click OK to close the alert box and to open the file down load dialog box 4 Select the save option this action opens the window on your workstation where you specify the filename for the file and where to save the file 5 Select the folder in which to save the file and then enter the File name reta...

Page 188: ...Configurations grid you must upload it to the server WARNING Be sure the file you are restoring uses the same version of the software currently used by the Web Filter Adminis trator console Refer to the Local Software Update window for available updates to the Web Filter s software See the Local Software Update window for more information about software updates Upload a File to the Server To uploa...

Page 189: ...File to upload this file to the server If the file is successfully uploaded the window s banner name says Upload Successful After a few seconds the window closes 7 Click Refresh to display a new row for the uploaded file in the Backup Configurations grid Restore Configurations to the Server To restore configurations or library modifications from a previous backup 1 Select the file from the Backup ...

Page 190: ...lick Log to open the Backup Restore Log box Fig 2 1 60 Backup Restore box The box includes rows of data about backup and restore processes performed via the Backup Restore window The following information displays for each row the date and time a process was attempted to be executed and a Message indicating whether that process succeeded or failed 2 Click OK to close the box ...

Page 191: ...server back to the default settings when the box was first acquired Fig 2 1 61 Reset window WARNING When Reset is clicked all settings made on the Web Filter will be removed and the box will be restored to its original state Any software updates applied to the server subsequent to receiving this box will need to be reapplied Reset All Server Settings Click Reset to reset the box to the original de...

Page 192: ...n Settings window NOTE The Radius Authentication Settings topic does not display if the synchronization feature is used and this server being configured is set up in the Target mode to synchronize both profile and library setting changes The Radius feature uses an external Radius accounting server that determines which accounts will be filtered and how they will be filtered The user profile in the...

Page 193: ...ber only if the Radius accounting server uses a different port number 3 In the Byte Order Mode field specify the format in which bytes will be transferred Click the radio button corresponding to Network Byte Order to transfer the most significant byte first Click the radio button corresponding to Host Byte Order to use the byte order stored in the server big endian or little endian order NOTE The ...

Page 194: ...io button A reply and accounting response packet will be submitted to the sender NAS or Radius server Enter an Authenticated Phrase to be shared by the Radius server and NAS At the Copy Proxy State field click the On radio button if you wish to copy the proxy state attribute to the packet NOTE The copy proxy state attribute will only be added to the response packet if the Reply Mode is On If the R...

Page 195: ...ing status of the Web Filter s filtering on a network Fig 2 1 63 SNMP window The following aspects of the Web Filter are monitored by SNMP data traffic sent received by a NIC CPU load average at a given time interval amount of free disk space for each disk partition time elapse since the box was last rebooted and the amount of memory currently in usage Enable SNMP The Monitoring mode is Off by def...

Page 196: ...Access Control List 1 In the Enter new IP to add field enter the IP address of an interface from to which the SNMP should receive send data 2 Click Add to include the entry in the Access control list box Repeat steps 1 and 2 for each IP address to be included in the list 3 After all entries are made click Save Changes Maintain the Access Control List 1 To remove one or more IP addresses from the l...

Page 197: ...indow HL and SL models View the Status of the Hard Drives The Hardware Failure Detection window displays the current RAID Array Status for each of the hard drives HD 1 and HD 2 If both hard drives are functioning without failure the text OK displays to the right of the hard drive number and no other text displays on the screen If any of the hard drives has failed the message FAIL displays to the r...

Page 198: ...e failed drive with your spare replacement drive 3 Click on the Rebuild button on the GUI 4 To return a failed drive to M86 or to order additional replacement drives please call M86 Technical Support NOTE For information on troubleshooting RAID refer to Appendix E RAID and Hardware Maintenance ...

Page 199: ...empts to such sites Unacceptable Internet sites pertain to sites included in categories that are blocked in a user s profile Fig 2 1 65 X Strikes Blocking window Configuration tab NOTES The X Strikes Blocking topic does not display if the synchronization feature is used and this server being configured is set up in the Target mode to synchronize both profile and library setting changes X Strikes B...

Page 200: ...the strike that will lock out that user from his her Internet access The default setting is 5 and the maximum limit is 1440 minutes 24 hours 4 Enter the number of seconds for the Flood Tolerance Delay which is the maximum amount of time that will elapse before a user who accesses the same inappro priate URL will receive another strike The default setting and the maximum limit is 4 seconds 5 Specif...

Page 201: ... workstations Click Reset All Strikes to remove all strikes from all workstations and to unlock all locked workstations Click Unlock All Locks to remove locks on all locked workstations Lock Page A user who receives the final strike that locks him her out the workstation will see the following lock page display on the screen Fig 2 1 66 Sample lock page The text informs the user Your Internet privi...

Page 202: ...ed Life Time field passes or unless an authorized staff member manually unlocks that user s workstation see Go to X Strikes Unlock Workstation GUI in this section Overblocking or Underblocking NOTES In order to prevent overblocking unacceptable Internet images links are allowed to pass by if they display within the four second tolerance time range of a given strike Thus only one strike will count ...

Page 203: ...ld be delivered at 0 seconds the second at 4 seconds the third at 8 seconds the fourth at 12 seconds and the fifth at 16 seconds If the configuration settings for this example overblock too many users too frequently the time span for the maximum number of strikes may need to be increased the maximum number of strikes may need to be increased If these configuration settings do not block users often...

Page 204: ...In the Interval Minutes to Wait Before Sending Alerts 24 hours field enter the number of minutes within the 24 hour period that should elapse between email alerts For example by entering 300 in this field and 30 in the previous field if there are any email alerts they will be sent at 5 30 00 AM 10 30 00 AM 3 30 00 PM 8 30 00 PM and at midnight when the time interval is reset To check the time s th...

Page 205: ...dual who will receive locked workstation email alerts 2 Click Add to include the email address in the Current Email Alerts list box NOTE The maximum number of email alert recipients is 50 If more than 50 recipients need to be included M86 recommends setting up an email alias list for group distribution Remove Email Alert Recipients 1 Select the email address es from the Current Email Alerts list b...

Page 206: ...d to unlock workstations 2 Enter the user s password in the Password and Confirm Password fields using eight to 20 characters and at least one alpha character one numeric character and one special character The password is case sensitive 3 Click Add to include the username in the Current Acces sible Users list box NOTE When an authorized staff member is added to this list that username is automati...

Page 207: ...ame to the Current Un Accessible Users list box Delete a Logon Account To delete a user s account 1 Select the username from the Current Accessible Users list box 2 Click Delete WARNING By deleting a logon account in addition to not being able to unlock workstations that user also will be removed from the list of users authorized to create real time probes See Chapter 4 Reporting screen Real Time ...

Page 208: ...lect library categories from the No Strike Categories list box 2 Click the right arrow to move the selected library cate gories to the Strike Categories list box TIP Use the left arrow to move selected Strike Categories to the No Strike Categories list box 3 Click Apply to apply your settings NOTE Library categories in the Strike Categories list box will only be effective for filtering profiles wi...

Page 209: ...locking icon or Go to X Strikes Unlock Workstation GUI either the Re login window or the X Strikes Unlock Workstation window opens Re login window The Re login window opens if the user s session needs to be validated Fig 2 1 71 Re login window 1 Enter your Username 2 Enter your Password 3 Click OK to close the Re login window and to re access the Web Filter console ...

Page 210: ... 1 72 X Strikes Unlock Workstation window Unlock a Workstation To unlock a specified workstation 1 Select that workstation from the grid 2 Click Unlock NOTE An authorized staff member can click a link in an email alert or type in https x x x x 1443 XStrike html in the address field of a browser window in which x x x x is the IP address of the Web Filter to view locked workstation criteria When usi...

Page 211: ...ndow Enter the Username and Password and click OK to open the X Strikes Unlock Workstation window see Fig 2 1 69 The Web Filter Introductory Window for X Strikes simultaneously opens with the Login window Fig 2 1 74 X Strikes introductory window This window must be left open during the entire session ...

Page 212: ...e email address in the Email Address to be Subscribed Unsubscribed text box 2 Click Subscribe Remove an Email Address from the Alert List To remove an administrator s email address from the notifi cation list 1 Enter the email address in the Email Address to be Subscribed Unsubscribed text box 2 Click Unsubscribe Close the Window Click the X in the upper right corner of the window to close the win...

Page 213: ... specify the number of minutes for the interval of time in which a warning page will redisplay for the end user who accesses a URL in a library category with a Warn setting for his her profile If the end user accesses another URL in a category with a Warn setting the warning page displays again and will continue to redisplay for the interval of time specified as long as the end user s browser is o...

Page 214: ... in the Target mode to synchronize both profile and library setting changes See the Warn Page Customization window in this chapter for information on customizing text in the warning page that displays for end users Specify Interval for Re displaying the Warn page 1 In the Warn Life Time minutes field by default 10 displays Enter the number of minutes 1 480 to be used in the interval for re display...

Page 215: ... to view a menu of sub topics Common Customization Authentication Form Lock Page Block Page Warn Page Profile Control Quota Block Page Quota Notice Page NOTES All Customization windows display greyed out if the synchronization feature is used and this server being configured is set up in the Target mode to synchronize both profile and library setting changes Refer to the M86 Web Filter Authenticat...

Page 216: ...s to be included in block lock profile and warning pages and or the authentication request form the end user will see Fig 2 1 76 Common Customization window By default in the Details frame all elements are selected to display in the HTML pages the Help link points to the FAQs page on M86 s public site that explains why access was denied and a sample email address is included for adminis trator con...

Page 217: ...plays Blocked URL followed by the blocked URL in block pages Copyright Display if enabled displays M86 Web Filter copyright information at the footer of block and lock pages and the authentication request form Title Display if enabled displays the title of the page in the title bar of the block and lock pages and the authentication request form Help Display if enabled displays the specified help l...

Page 218: ... email address specified in the Submission Email Address field described below is accessible to the end user by clicking the click here link NOTE If enabling the Submission Review Display feature an email address entry of the designated administrator in your orga nization must be made in the Submission Email Address field Submission Email Address By default admin company com displays in block page...

Page 219: ... will see when attempting to access Internet content blocked for their profiles and their workstations are currently locked Entries saved in this window display in the customized lock page if these features are also enabled in the Common Customization window and the X Strikes Blocking feature is enabled NOTE See X Strikes Blocking window in this chapter for informa tion on using the X Strikes Bloc...

Page 220: ...be displayed beneath the lock page header Any entries made in these fields will display centered in the customized lock page using the Arial font type 2 At the Explanation Display field by default On is selected This setting displays the reason the workstation is locked beneath the text from the Description field Click Off to not have the explanatory text display in the lock page 3 Click Apply TIP...

Page 221: ...ion window Fig 2 1 78 Sample Customized Lock Page By default the following data displays in the User Machine frame User Machine field The username displays for the LDAP user This field is blank for the IP group user IP field The user s IP address displays By default the following standard links are included in the lock page HELP Clicking this link takes the user to M86 s Tech nical Support page th...

Page 222: ...omization window The Block Page Customization window displays when Block Page Customization is selected from the Customization menu This feature is used if you want to display customized text and include a customized link in the block page end users will see when attempting to access Internet content blocked for their profiles Entries saved in this window display in the customized block page if th...

Page 223: ...r a static header to be displayed at the top of the block page In the Description field enter a static text message to be displayed beneath the block page header In the Link Text field enter text for the link s URL and in the Link URL field enter the corresponding hyper link in plain text using the http or https syntax Any entries made in these fields will display centered in the customized block ...

Page 224: ...lock Page By default the following data displays in the User Machine frame User Machine field The username displays for the LDAP user This field is blank for the IP group user IP field The user s IP address displays Category field The name of the library category that blocked the user s access to the URL displays If the content the user attempted to access is blocked by an Exception URL Exception ...

Page 225: ... to the Options window NOTE See the Options page in the Block Page Authentication window sub section for information on options that display in the Options window To submit this blocked site for review click here This phrase and link is included if an email address was entered in the Submission Email Address field in the Common Customization window Clicking this link launches the user s default em...

Page 226: ...nd users will see if attempting to access a URL in a library category set up with a Warn setting for his her profile Entries saved in this window display in the warning page if these features are also enabled in the Common Customization window and the Warn setting is applied to any library category or cate gory group NOTE See Warn Option Setting window in this chapter for more information about th...

Page 227: ...d enter a static text message to be displayed beneath the warning page header In the Link Text field enter text for the link s URL and in the Link URL field enter the corresponding hyper link in plain text using the http or https syntax Any entries made in these fields will display centered in the customized warning page using the Arial font type 2 Click Apply TIP Click Restore Default and then cl...

Page 228: ...in the Common Customization window Fig 2 1 82 Sample Customized Warning Page By default the following data displays in the User Machine frame User Machine field The username displays for the LDAP user This field is blank for the IP group user IP field The user s IP address displays Category field The name of the library category that warned the user about accessing the URL displays Blocked URL fie...

Page 229: ...s warning page will redisplay and the user must click this button once more in order to continue accessing the URL NOTE If using the Real Time Probe feature in the Real Time Information box the Filter Action column displays Warn for the first time the user saw the warning window and clicked Continue and Warned for each subsequent time the warning window opened for the user and he she clicked Conti...

Page 230: ... menu This window is used with the Override Account feature and lets you customize text in the window end users with override accounts will see when logging into their override accounts Such accounts give authorized users access to Internet content blocked for other end users Entries saved in this window display in the profile control pop up window if these features are also enabled in the Common ...

Page 231: ...yed at the top of the profile control pop up window In the Warning Text field enter a static text message to be displayed at the bottom of the pop up window 2 Click Apply TIP Click Restore Default and then click Apply to revert to the default settings in this window NOTE For a sample profile control pop up window see Option 3 from the Options page section of the Block Page Authentication window ...

Page 232: ... a quota time limit set for a passed category in his her profile and has attained or exceeded that limit Fig 2 1 84 Quota Block Page Customization window TIP An entry in any of the fields in this window is optional NOTE For more information about quotas see the Quota Setting window in this chapter Add Edit Entries 1 Make an entry in any of the following fields In the Header field enter a static he...

Page 233: ...rial font type 2 Click Apply TIP Click Restore Default and then click Apply to revert to the default settings in this window Preview Sample Quota Block Page 1 Click Preview to launch a separate browser window containing a sample customized quota block page based on entries saved in this window and in the Common Customization window Fig 2 1 85 Sample Customized Quota Block Page By default the follo...

Page 234: ...re included in the quota block page HELP Clicking this link takes the user to M86 s Tech nical Support page that explains why access to the site or service may have been denied M86 Security Clicking this link takes the user to M86 s Web site 2 Click the X in the upper right corner of the window to close the sample customized quota block page TIP If necessary make edits in the Quota Block Page Cust...

Page 235: ...time limit set for a passed category in his her profile and has used 75 percent of the allotted time in that category Fig 2 1 86 Quota Notice Page Customization window TIP An entry in any of the fields in this window is optional NOTE For more information about quotas see the Quota Setting window in this chapter Add Edit Entries 1 Make an entry in any of the following fields In the Header field ent...

Page 236: ... the Quota Percentage Display is enabled indicating the percentage of quota used by the individual will display in the quota notice page Click Off to not display this information in the quota notice page 3 Click Apply TIP Click Restore Default and then click Apply to revert to the default settings in this window Preview Sample Quota Notice Page 1 Click Preview to launch a separate browser window c...

Page 237: ...ing standard links are included in the quota notice page HELP Clicking this link takes the user to M86 s Tech nical Support page that explains why access to the site or service may have been denied M86 Security Clicking this link takes the user to M86 s Web site The following button is included in the quota notice page Continue Clicking this button closes the quota notice page and takes the user t...

Page 238: ...anagement window The Software Update Management window displays when Software Update Management is selected from the CMC Management menu This window is used for viewing soft ware updates currently applied to the source and target servers and any available software updates and applying software updates to these servers Fig 2 1 88 Software Update Management window View Software Update Information Th...

Page 239: ...d in the Local Software Update window or N A if no new software update is available Download Date date the latest software update was downloaded to the server or N A if none is available NOTE Definitions for Software Update Types GA LA and Beta are provided in the Enable Disable Software Update Type Down load frame at the bottom of the Local Software Update window General Availability GA software ...

Page 240: ...e Local Software Updates window for information about the EULA and applying software updates Only a software update number that is lesser to or equal to the source server s software update number can be applied to a target server TIP Multiple target servers can be selected to have a software update applied if these target servers are currently running the same software version number To undo a sof...

Page 241: ...w Filtering Status Information The Status frame displays the following columns of informa tion Hostname Location criteria entered in the LAN Settings window for the source server s hostname or the informa tion entered for the target server in the Target Location field of the Setup window Filtering Status OK displays if the server is being filtered or FAIL displays if the server is not being filter...

Page 242: ...D format if this information is available TIPS The order in which columns display in the grid can be changed by clicking the column header and sliding the column to another position in the grid Columns can be resized by mousing over the line in the header between two columns so that a double ended arrow displays and then clicking and dragging the cursor to the left or right ...

Page 243: ...igure URL hits that along with quotas specified in filtering profiles determine when a user will be blocked from further accessing URLs in a library group category This window is also used for resetting quotas so that users who have maxed out their quota time will regain access to a library group category with a quota time limit Fig 2 1 90 Quota Setting window TIP After making all configuration se...

Page 244: ...nging from one second to 3600 seconds one hour As an example of how a quota works in conjunction with hits if a quota is set to 10 minutes and the number of seconds per hit is set to 10 seconds then the user will be blocked from accessing URLs in the library group cate gory when 60 hits are made to that category i e 600 seconds 10 minutes divided by 10 seconds NOTE This field is greyed out if the ...

Page 245: ...e able to access URLs in any library group category with a quota Set up a Schedule to Automatically Reset Quotas A schedule can be set up to reset all quotas at the appointed hour s minute s each day 1 At the New Reset Time HH MM field Select the hour at which the quota will be reset 00 23 Select the minute at which the quota will be reset 00 59 2 Click Add to include this reset time in the Curren...

Page 246: ...emove the quota reset time from the list box TIP After making all configuration settings in this window during this session click Apply Quota Notice page When the end user has spent 75 percent of time in a quota restricted library group category the quota notice page displays Fig 2 1 91 Sample Quota Notice Page By default the following fields display Category field Name of the library category wit...

Page 247: ...eld is blank for the IP group user By default the following standard links are included in the quota notice page HELP Clicking this link takes the user to M86 s Tech nical Support page that explains why access to the site may have been denied M86 Security Clicking this link takes the user to M86 s Web site The end user can decide whether or not to access the requested URL By clicking Continue the ...

Page 248: ...ng a quota block page the end user will not be able to access content in that library group category until the quota is reset By default the following fields display Category field The name of the library category that triggered the quota block page displays Requested URL field The URL the user attempted to access displays IP field The user s IP address displays User Machine field The username dis...

Page 249: ...y access to the site or service may have been denied M86 Security Clicking this link takes the user to M86 s Web site UI SSL Certificate UI SSL Certificate window The UI SSL Certificate window displays when UI SSL Certif icate is selected from the navigation panel This window is used for generating a Secure Sockets Layer certificate that ensures secure exchanges between the Web Filter server and y...

Page 250: ...ox that asks if you wish to continue which would restart your server TIP Click No to close the window and to return to SSL Certificate window 2 Click Yes to generate the SSL certificate and restart the Web Filter 3 After the certificate is generated you will be prompted to click OK and close your browser Wait a few minutes before attempting to access the user interface ...

Page 251: ...ignated group administrator creates sub groups and individual IP members and adds and maintains their filtering profiles For the LDAP domain branch the global administrator must first set up authentication in order to enable the LDAP branch es For each domain the administrator then sets up and maintains groups and creates filtering profiles for groups and users The navigation panel at the left of ...

Page 252: ...ew a menu of topics or actions that can be performed for that entity NOTES Information on LDAP groups can be found in the M86 Web Filter Authentication User Guide Information on creating filtering profiles for IP groups can be found in the Group Administrator Section of this user guide If using the synchronization feature if the Web Filter being config ured is set up in the Target mode to synchron...

Page 253: ...lter being configured is set up in the Target mode to synchronize both profile and library setting changes the only sub topic that displays is Range to Detect Range to Detect window The Range to Detect window displays when Range to Detect is selected from the Global Group menu This window is used for defining segments of network traffic to be detected by the Web Filter in the invisible or router m...

Page 254: ...e The Mandatory Settings tab provides examples of settings that can be made NOTE If this Web Filter is using the Source mode and the Upstream Failover Detect feature is enabled if a downstream target server fails as detected by the Appliance Watchdog the Current Ranges information from the failed downstream target node displays in a Node tab following the Mandatory Settings tab in this window Fig ...

Page 255: ... Wizard clicking this button takes you to the Range to Detect Setup Wizard Follow the instructions in the Range to Detect Setup Wizard sub section to complete the addition of the segment on the network Advanced Settings clicking this button takes you to the Range to Detect Advanced Settings window Follow the instructions in the Range to Detect Advanced Settings sub section to complete the addi tio...

Page 256: ...Settings made using the Wizard are saved in Step 6 Step 1 In this step you define the source IP address es to be filtered Fig 2 2 5 Range to Detect Setup Wizard Step 1 Since the first four pages of the Wizard contain the same fields and buttons instructions provided for this step are not repeated for Steps 2 4 1 Choose the appropriate option for entering the IP address es IP Netmask use these fiel...

Page 257: ...he next page of the Wizard NOTE Click Cancel to be given the option to return to the main Range to Detect Settings window Step 2 Optional In this step you define the destination IP address es to be filtered NOTE By making entries in Destination IP fields traffic will be restricted to the range specified in the Source IP and Destination IP frames This reduces the load on the Web Filter thus enablin...

Page 258: ...indow Step 3 Step 4 Optional In this step you define the destination IP address es to be excluded from filtering Any entries from the list box in Step 1 automatically display in the list box above NOTE By making entries in Destination IP fields traffic will be restricted to the range specified in the Source IP and Destination IP frames This reduces the load on the Web Filter thus enabling it to ha...

Page 259: ...POLICY SCREEN M86 SECURITY USER GUIDE 239 Fig 2 2 8 Range to Detect Setup Wizard window Step 4 Step 5 Optional In this step you enter destination port numbers to be excluded from filtering Fig 2 2 9 Range to Detect Setup Wizard window Step 5 ...

Page 260: ...ck Remove 3 Click Next to go to the last page of the Wizard Step 6 In this final step of the Wizard you review your entries and make modifications if necessary Fig 2 2 10 Range to Detect Setup Wizard window Step 6 1 Review the contents in all list boxes 2 Perform one of the following actions click the Modify button to the right of the list box if you need to make changes This action takes you to t...

Page 261: ...gs window Fig 2 2 11 Range to Detect Advanced Settings window 1 Enter the settings in the list box using the correct syntax Refer to the examples above TIP Use the Calculator to calculate IP ranges without any over laps Enter the IP address select the Netmask and then click Calculate to display results in the Min Host and Max Host fields Click Close to exit NOTE Click Cancel to be given the option...

Page 262: ...e segment Start the Setup Wizard clicking this button takes you to Step 6 of the Range to Detect Setup Wizard see Fig 2 2 10 Follow the instructions in the Range to Detect Setup Wizard sub section for Step 6 Advanced Settings clicking this button takes you to the Range to Detect Advanced Settings window see Fig 2 2 11 Follow the instructions in the Range to Detect Advanced Settings sub section Rem...

Page 263: ...are Rule2 BLOCK Porn Rule3 Block IM and Porn Rule4 M86 CIPA Compliance which pertains to the Chil dren s Internet Protection Act and Rule5 Block All By default Rule1 displays in the Rule field BYPASS displays in the Rule Description field and Uncategorized Sites are allowed to Pass View Criteria for a Rule Select the rule from the Current Rules pull down menu to populate the Rule Details frame wit...

Page 264: ... green circle in the Pass column TIP In the Category Groups tree double click the group enve lope to open that segment of the tree and to view library catego ries belonging to that group To change the filter setting for a category group library category double click the column Allow Warn Block in the row corresponding to that category group library category to move the check mark to that column Al...

Page 265: ...d then pressing the Shift key on your keyboard while clicking the last category and then double clicking in the appropriate column 4 Make a selection from the Uncategorized Sites pull down menu to specify how to handle a URL that has not yet been categorized Pass Warn or Block 5 To use the quota feature to restrict the end user s access to a passed library group category do the following In the Qu...

Page 266: ...o include your rule to the list that displays in the pull down menu Modify a Rule After a rule is added it can later be modified To make changes to a rule 1 Select the rule from the Current Rules pull down menu 2 Modify settings for library groups and categories in the Rule Details frame 3 Click Save Rule Copy a Rule As a time saving practice a rule can be used as a basis when creating another sim...

Page 267: ...plays when Global Group Profile is selected from the Global Group menu This window is used for viewing creating the global default filtering profile that will be used by all users on the network unless a unique filtering profile is created for an entity Click the following tabs in this window Category Port Default Redirect URL and Filter Options Entries in these tabs comprise the profile string fo...

Page 268: ...nd Pornography Adult Content indicating that the end user can access URLs in all other library categories This filter setting is designated by the check mark inside a green circle in the Pass column for all category groups except Adult Content TIP In the Category Groups tree double click the group enve lope to open that segment of the tree and to view library catego ries belonging to that group 1 ...

Page 269: ...ropriate column Blocks of categories can be assigned the same filter setting by clicking the first category and then pressing the Shift key on your keyboard while clicking the last category and then double clicking in the appropriate column 2 Make a selection from the Uncategorized Sites pull down menu to specify how to handle a URL that has not yet been categorized Pass Warn or Block 3 To use the...

Page 270: ...turned Off If turned On enter the number of minutes in the Min field to indicate when the end user s access to passed library groups categories with quotas will be blocked If the end user spends this amount of time at URLs in any quota marked library group category the Overall Quota over rides the number of minutes defined for each individual quota 4 Click Apply to apply your settings at the globa...

Page 271: ... Port s list box 3 Click Apply to apply your settings at the global level To remove a port number from the list box 1 Select the port number 2 Click Remove 3 Click Apply to apply your settings at the global level Default Redirect URL Default Redirect URL displays when the Default Redirect URL tab is clicked This tab is used for specifying the URL to be used for redirecting users who attempt to acc...

Page 272: ...URL instead of the block page 2 Click Apply to apply your settings Filter Options Filter Options displays when the Filter Options tab is clicked This tab is used for specifying which filter option s will be applied to the global group filtering profile Fig 2 2 16 Global Group Profile window Filter Options tab Create Edit the Filter Options 1 Click the checkbox es corresponding to the option s to b...

Page 273: ...t option enabled Google Bing com Yahoo YouTube Ask com and AOL s strict SafeSearch Filtering option will be used whenever end users perform a Google Bing com Yahoo YouTube Ask com or AOL Web search or Image search WARNINGS This feature is not compatible with the proxy envi ronment as it will cause overblocking An inappropriate image will only be blocked if that image is included in M86 s library o...

Page 274: ...ategories NOTES Search engine keyword filtering relies on an exact keyword match For example if the word sex is set up to be blocked but sexes is not set up to be blocked a search will be allowed on sexes but not sex However if the word gin is set up to be blocked a search on cotton gin will be blocked since the word gin is blocked To set up search engine keywords in a Search Engine Keywords windo...

Page 275: ... character in a URL NOTE To set up URL keywords in a URL Keywords window see the following sections of this user guide for the specified library type M86 Supplied Categories see Chapter 3 Library screen URL Keywords window in this section Custom Category see the Group Administrator Section Chapter 2 Library screen URL Keywords window WARNING If this feature is activated use extreme caution when se...

Page 276: ... blocked at the minimum filtering level Fig 2 2 17 Override Account window NOTES A user can have only one override account If an over ride account was previously created for a user in a master IP group only that override account will be effective unless that account is deleted from the IP group See the Override Account window in Chapter 1 of the Group Administrator Section for infor mation on sett...

Page 277: ... in the list box of the Current Accounts frame and to open the window containing the Current Accounts name as well as tabs to be used for specifying the components of the override account profile 5 Click each of the tabs Rule Redirect Filter Options and specify criteria to complete the override account profile See Category Profile Redirect URL and Filter Options in this sub section for information...

Page 278: ...and or Block columns in the Rule Details frame with filter settings for each category group library category in the Category Groups tree TIP In the Category Groups tree double click the group enve lope to open that segment of the tree and to view library catego ries belonging to that group NOTE If a category group does not display any filter setting i e the check mark does not display in any colum...

Page 279: ...n the end user that the URL he she requested can be accessed but may be against the organization s policies The end user can view the URL after seeing a warning message and agreeing to its terms Block URLs in this category will be blocked TIPS Multiple categories can be assigned the same filter setting by clicking each category while pressing the Ctrl key on your keyboard and then double clicking ...

Page 280: ...ings window in Chapter 1 System screen for more information on configuring quota settings and resetting quotas for end users currently blocked by quotas The Overall Quota field becomes enabled if a quota is entered for any library group category By default the enabled Overall Quota is turned Off If turned On enter the number of minutes in the Min field to indicate when the end user s access to pas...

Page 281: ...cify the type of redirect URL to be used Default Block Page Authentication Request Form or Custom URL If Custom URL is selected enter the redirect URL in the corresponding text box The user will be redirected to the designated page at this URL instead of the block page 2 Click Apply to apply your settings to the override account profile 3 Click the Filter Options tab to continue creating the over ...

Page 282: ...ck the checkbox es corresponding to the option s to be applied to the override account filtering profile X Strikes Blocking With the X Strikes Blocking option enabled if the user attempts to access inappro priate sites on the Internet he she will be locked out from his her workstation after a specified number of tries within a fixed time period NOTE See the X Strikes Blocking window in Chapter 1 S...

Page 283: ...k com or AOL images returned by the query to load on the page The user will receive only one strike if all inappropriate images load within the tolerance time range of a given strike Search Engine Keyword Filter Control With the Search Engine Keyword Filter Control option enabled search engine keywords can be set up to be blocked When the user enters a keyword in the search engine if that keyword ...

Page 284: ...eyword search will be extended after the character in a URL NOTE To set up URL keywords in a URL Keywords window see the following sections of this user guide for the specified library type M86 Supplied Categories see Chapter 3 Library screen URL Keywords window Custom Category see the Group Administrator Section Chapter 2 Library screen URL Keywords window 2 Click Apply to apply your settings to ...

Page 285: ...y an override account 1 In the Current Accounts frame select the username from the list box 2 Click View Modify to open the window 3 Click the tab in which to make modifications Rule Redi rect Filter Options 4 Make your edits in this tab and in any other tab if neces sary 5 Click Apply 6 Click Close to close the window Delete an Override Account To delete an override account 1 In the Current Accou...

Page 286: ...nt Settings window Approved Content feature and VuSafe The Approved Content feature primarily used by the educa tion sector lets administrators specify which online videos posted to YouTube or SchoolTube are appropriate for students to view while blocking all other videos posted to these video viewing Web sites VuSafe is an online content library to which educators can post approved educational vi...

Page 287: ...ategory Groups Bandwidth Streaming Media Flash Video Approved Content portal setup To create a portal for users to view approved YouTube and or SchoolTube videos you will need the following Online Web page or intranet page that you or someone in your organization will maintain for users to view approved videos Text editor tool such as Notepad or TextPad MD5 checksum calculator tool Once you have a...

Page 288: ... to the Passkey list box 1 Enter the eight to 20 character code comprised of at least one alpha character one numeric character and one special character TIP The passkey entry is case sensitive and must precisely match the passkey used for the video 2 Click Add TIP To remove a passkey from the list box select it and then click Remove Step 3 Save your entries Click Apply to save your entries NOTE B...

Page 289: ...iltering profile other than the global default filtering profile The minimum filtering level is created by making selections from the list of library categories and service ports These settings can be bypassed if a user has an override account NOTE See the Override Account window in this chapter and in Chapter 1 of the Group Administrator Section for more informa tion about override accounts Click...

Page 290: ... each of these selected categories will be opened or blocked at the minimum filtering level Fig 2 2 22 Minimum Filtering Level window Min Filtering Categories By default Child Pornography and Pornography Adult Content are assigned a Block filter setting and all other active library categories are set to Pass Filter settings are designated by the check mark inside a green circle in the Pass or Bloc...

Page 291: ...tegory will pass to the end user Block URLs in this category will be blocked TIPS Multiple categories can be assigned the same filter setting by clicking each category while pressing the Ctrl key on your keyboard and then double clicking in the appropriate column Blocks of categories can be assigned the same filter setting by clicking the first category and then pressing the Shift key on your keyb...

Page 292: ...ng Level window Port tab Create Edit a List of Service Ports All service ports are filtered by default To block a service port from being accessed at the minimum filtering level 1 Enter the port number in the Port field 2 Click Add Each port number you add displays in the Block Port s list box 3 Click Apply to apply your settings at the minimum filtering level To remove a port number from the list...

Page 293: ... tab is clicked This tab is used for specifying whether users in a master IP group will be allowed to bypass the minimum filtering level with an override account or an exception URL Fig 2 2 24 Minimum Filtering Level window Min Filter Bypass tab NOTE See the Override Account window and Exception URL window of the Policy screen in the Group Administrator Section of this user guide for information o...

Page 294: ...RL frame click the On checkbox Users will be able to bypass settings at the minimum filtering level if URLs blocked at the minimum filtering level are set up to be accessed by users 2 Click Save to apply your settings See the Exception URL window in the Group Administrator Section for more information Refresh All Refresh All Main Branches From the Global Group menu click Refresh All to refresh the...

Page 295: ...he Group Name NOTES The name of the master IP group must be less than 20 characters cannot be IP or LDAP and cannot contain spaces The first character cannot be a digit The following characters cannot be used in the name period comma colon semi colon exclamation point question mark ampersand asterisk quotation mark apostrophe grave accent mark tilde caret _ underscore pipe slash backslash double b...

Page 296: ...ter one numeric character and one special character The password is case sensitive 4 Click OK to add the group to the tree NOTE Information on defining the group and its members and establishing their filtering profiles can be found in the Group Administrator Section of this user guide Refresh Refresh IP Groups From the IP group menu click Refresh whenever changes have been made in this branch of ...

Page 297: ...l at the left of the screen Updates Library Lookup Customer Feed back Module Category Weight System NNTP Newsgroup Pattern Detection Whitelist and Category Groups NOTE If the synchronization feature is used a Web Filter set up in the Target mode to synchronize both profile and library setting changes will only display the Updates Library Lookup Customer Feedback Module NNTP Newsgroup and Pattern D...

Page 298: ...lied library categories for that group Click a library category topic to view a menu of sub topics for that library category item Library Details URLs URL Keywords and Search Engine Keywords To add a custom category click Custom Categories and select Add Category NOTES Information on creating and maintaining Custom Cate gories can be found in the Group Administrator Section of this user guide See ...

Page 299: ...Log Configuration window The Configuration window displays when Configuration is selected from the Updates menu This window is used for making settings to allow the Web Filter to receive M86 supplied library category updates on a daily basis Fig 2 3 2 Configuration window Set a Time for Updates to be Retrieved 1 In the Schedule Time frame by default 1 00 am displays for the Current automatic updat...

Page 300: ... displays as the host name of the Proxy Server Enter the host name for the proxy server in this field 3 By default userid displays in the Username field Enter the username for the FTP account 4 Enter the same password in the Password and Confirm Password fields 5 Click Apply to apply your settings Select the Log Level 1 In the Log Level frame select the log level to be used for specifying the log ...

Page 301: ...daily updates due to an occurrence such as a power outage Fig 2 3 3 Manual Update window NOTE The Configuration window should be used for scheduling the Web Filter to automatically download libraries on a daily basis Specify the Type of On Demand Update 1 Choose from the following service options by clicking the corresponding radio button Weekly Update Select this option to update URL library cate...

Page 302: ...available Any software updates that are downloaded can be found in the System section of the console in the Local Soft ware Update window Using that window a software update can be selected and applied 2 Click Update Now to begin the update process TIP To view update activity select Library Update Log from the Updates menu NOTES For information on applying software updates see the Local Software U...

Page 303: ...l Languages 1 Make a selection from the Unselected Languages list box and click the right arrow to move that selection to the Selected Languages list box 2 Once the Selected Languages list box is populated the Optional Select Primary Language pull down menu includes the language selection s in addition to the default None selection To make an optional selection for a primary language choose the la...

Page 304: ...te Log is selected from the Updates menu This window is used for viewing transfer activity of library updates from the update server to your Web Filter and for downloading the activity log Fig 2 3 5 Library Update Log window View the Library Update Process When performing a manual on demand library update click View Log to display contents from the log file with the status of the library update Ke...

Page 305: ...window on your worksta tion where you specify the filename for the file and where to save the file 3 Select the folder in which to save the file and then enter the File name retaining the zip file extension Click Save to begin downloading the zip file to your worksta tion NOTE Proceed to View the Contents of the Log for information on viewing or printing the contents of the log file 4 After the fi...

Page 306: ...GUIDE Fig 2 3 6 Folder containing downloaded file 2 Choose Open With and then select a zip file executable program such as WinZip Executable to launch that application Fig 2 3 7 WinZip Executable program 3 If using WinZip click I Agree to open the window containing the zip file ...

Page 307: ... 287 Fig 2 3 8 WinZip window 4 Right click the zip file to open the menu and choose View to open the View dialog box Fig 2 2 9 View dialog box 5 Select Internal ASCII text viewer and then click View to open the View window containing the log file contents Fig 2 3 10 View window ...

Page 308: ...or print the contents of this file 1 Click Clipboard Copy wait for the dialog box to open and confirm that the text has been copied to the clip board and then click OK to close the dialog box 2 Open Notepad in Windows XP Start All Programs Accessories Notepad 3 Paste the contents from the clipboard into the Notepad file Fig 2 3 11 Notepad The correctly formatted Notepad file can now be saved and o...

Page 309: ...ected from the Updates menu This window is used for viewing transfer activity of emergency software updates from the update server to your Web Filter and for downloading the activity log Fig 2 3 12 Emergency Update Log window View the Emergency Software Update Process Click View Log to display contents from the emergency software update log file with the status of the software update ...

Page 310: ...ck OK in this box after the download is completed In the file download dialog box select the save option this action opens the window on your worksta tion where you specify the filename for the file and where to save the file 3 Select the folder in which to save the file and then enter the File name retaining the zip file extension Click Save to begin downloading the zip file to your worksta tion ...

Page 311: ...her a URL or search engine keyword or keyword phrase exists in a library category and to remove it if necessary Fig 2 3 13 Library Lookup window URL Lookup Removal Perform a URL Check To see if a URL has been included in the library 1 In the URL Lookup frame enter the URL For example enter http www coors com coors com or use a wild card by entering coors com A wildcard entry finds all URLs contain...

Page 312: ...E 4 7 47 41 4D 45 53 43 4F 4D query string e g http www youtube com watch v 3_Wfnj1llMU NOTES The pound sign character is not allowed in this entry The minimum number of wildcard levels that can be entered is three e g yahoo com and the maximum number of levels is six e g mail attachments message yahoo com 2 Click Lookup to open the alert box asking you to wait while the search is being performed ...

Page 313: ...al Perform a Search Engine Keyword Check To see if a search engine keyword or keyword phrase has been included in any library category 1 In the Search Engine Keyword Lookup frame enter the Search Engine Keyword or keyword phrase up to 75 alphanumeric characters 2 Click Lookup to display results in the Result Category list box showing the long name of all categories that contain the search engine k...

Page 314: ...ry windows have been made Customer Feedback Module Customer Feedback Module window The Customer Feedback Module window displays when Customer Feedback Module is selected from the navigation panel This window is used for enabling the Customer Feed back Module feature in which the most frequently visited non categorized URLs in your Web Filter s filter log will be FTPed to M86 on a daily basis The U...

Page 315: ...at an M86 technical suppport representative can use to contact you for assistance See Alert Settings window in Chapter 1 System screen for information about enabling this feature Disable Customer Feedback Module 1 At the Customer Feedback Module Auto Learning Feature field click Off to indicate that you wish to disable the Customer Feedback Module 2 Click Apply Enable Customer Feedback Module 1 At...

Page 316: ...in the URLs collected by the Customer Feedback Module and sent to M86 Security At no time will any personal information collected be released publicly nor will the Web request data be used for any purpose other than enhancing the URL library and related categories used by M86 Security for the purpose of filtering and reporting M86 Security agrees to discuss the information collected by the Custome...

Page 317: ...to M86 Security once you click the Accept button 4 After reading this text if you agree with the terms click in the checkbox to activate the Accept button 5 Click Accept to close the Disclaimer box and to open the Note dialog box Fig 2 3 16 Note dialog box 6 If you do not have a firewall or if you agree to open your firewall to cfm 8e6 com click Accept to proceed ...

Page 318: ...ht System window displays when Cate gory Weight System is selected from the navigation panel This feature lets you choose which category will be logged and reported for a URL request that exists in multiple cate gories possibly both M86 supplied and custom library cate gories with the same operational precedence Fig 2 3 17 Category Weight System window ...

Page 319: ...categories the highest operational prece dence would be logged If a URL exists in a category that is Always Allowed as well as a category set to be Blocked for that user Always Allowed would be logged because it holds the highest oper ational precedence However if an end user attempts to access a URL set to be Blocked in several categories the category with the highest weighting would be logged NO...

Page 320: ...ight Categories list box Once the Weight Categories list box is populated with categories you wish to include select a category and use the arrow keys to weight it against other categories TIP There are four arrow keys to the right of the Weight Cate gories list box From top to bottom the first arrow key moves the selection to the top of the list The second arrow key moves the selection up one pos...

Page 321: ...ws group is selected from the navigation panel This window is used for adding or removing a newsgroup from the libraries Fig 2 3 18 NNTP Newsgroup window Add a Newsgroup to the Library To add a newsgroup to the library 1 In the Newsgroup frame enter the Newsgroup address 2 Click Add If the newsgroup already exists an alert box will open to inform you that it exists ...

Page 322: ...1 In the Newsgroup frame enter the Newsgroup address 2 Click Remove After all changes have been made to library windows click Reload Library to refresh NOTE Since reloading the library utilizes system resources that impact the performance of the Web Filter M86 recommends clicking Reload Library only after modifications to all library windows have been made ...

Page 323: ...tern Detection Whitelist is selected from the navigation panel This window is used for creating a list of IP addresses always allowed to bypass pattern detection filtering Fig 2 3 19 Pattern Detection Whitelist window NOTE This feature can be used in conjunction with the Pattern Blocking feature which when enabled blocks IP address patterns See the Filter window sub section in Chapter 1 System scr...

Page 324: ...rom the list select the IP address from the IPs list box and then click Remove Multiple IP addresses can be selected by clicking each IP address while simultaneously pressing down the Ctrl key on the keyboard A block of IP addresses can be selected by clicking the first IP address in the list and then pressing down the Shift key on the keyboard while simultaneously clicking the last IP address in ...

Page 325: ...lso contains the Custom Categories category group Customized category groups and library categories must be set up and maintained by global or group administrators Fig 2 3 20 Library screen Category Groups menu NOTE See the Custom Categories sub section of the Group Administrator Section for information on setting up customized category groups and library categories WARNING The maximum number of l...

Page 326: ...ry Details URLs URL Keywords and Search Engine Keywords Menus for Instant Messaging library categories only include the sub topics Library Details and URLs Library Details window The Library Details window displays when Library Details is selected from the library category s menu of sub topics This window is a view only window Fig 2 3 21 Library Details window View Library Details This window disp...

Page 327: ... is used in a filtering profile for blocking a user s access to a specified site or service A URL can contain a domain name such as playboy in http www playboy com or an IP address such as 209 247 228 221 in http 209 247 228 221 A wildcard asterisk symbol followed by a period can be entered in a format such as playboy com for example to block access to all URLs ending in playboy com A query string...

Page 328: ...ory To view a list of all URLs that either have been added or deleted 1 Click the View tab 2 Make a selection from the pull down menu for Addition List Deletion List Wildcard Addition List or Wild card Deletion List 3 Click View List to display the specified items in the Select List list box Fig 2 3 23 URLs window View tab ...

Page 329: ...g types of URL formats also can be entered in this field IP address e g 209 247 228 221 in http 209 247 228 221 octal format e g http 0106 0125 0226 0322 hexadecimal short format e g http 0x465596d2 hexadecimal long format e g http 0x46 0x55 0x96 0xd2 decimal value format e g http 1180014290 escaped hexadecimal format e g http 57 57 57 41 44 44 49 43 54 49 4E 4 7 47 41 4D 45 53 43 4F 4D query stri...

Page 330: ...lick Add to display the associated wildcard URL s in the list box below 3 Select the wildcard URL s that you wish to add to the category 4 Click Apply Action NOTE Wildcard URL query results include all URLs containing text following the period after the wildcard symbol For example an entry of beer com would find a URL such as http virtualbartender beer com However if a specific URL was added to a ...

Page 331: ...me as pertinent 3 Click Remove to display the associated URLs in the list box below 4 Select the URL s that you wish to remove from the cate gory 5 Click Apply Action Reload the Library After all changes have been made to library windows click Reload Library to refresh NOTE Since reloading the library utilizes system resources that impact the performance of the Web Filter M86 recommends clicking R...

Page 332: ...ature for URL keyword filtering is not enabled in a filtering profile URL keywords can be added in this window but URL keyword filtering will not be in effect for the user s See the Filter Options tab in the Policy screen section for information about enabling URL keyword filtering WARNING Use extreme caution when setting up URL keywords for filtering If a keyword contains the same consecutive cha...

Page 333: ...he pull down menu for Addition List or Deletion List 2 Click View List to display the specified items in the Select List list box Add or Remove URL Keywords Add a URL Keyword to the Library Category To add a URL keyword to the library category 1 Enter the Keyword in the Edit Keyword List frame 2 Click Add Remove a URL Keyword from the Library To remove a URL keyword from the library category 1 Ent...

Page 334: ...the server by clicking the Append or Overwrite radio button Upload a List of URL Keyword Additions To upload a text file with URL keyword additions 1 Click Upload To Addition File to open the Upload Library Keyword window Fig 2 3 25 Upload Library Keyword window 2 Click Browse to open the Choose file window 3 Select the file to be uploaded 4 Click Upload File to upload this file to the server NOTE...

Page 335: ...w see Fig 2 3 25 2 Click Browse to open the Choose file window 3 Select the file to be uploaded 4 Click Upload File to upload this file to the server Reload the Library After all changes have been made to library windows click Reload to refresh NOTE Since reloading the library utilizes system resources that impact the performance of the Web Filter M86 recommends clicking Reload only after modifica...

Page 336: ...ining keywords included in its list Fig 2 3 26 Search Engine Keywords window NOTES Master lists cannot be uploaded to any M86 supplied library category See the Custom Categories sub section of the Group Administrator Section of this user guide for information on uploading a master list to the server If the feature for search engine keyword filtering is not enabled in a filtering profile search eng...

Page 337: ... up to be blocked a search will be allowed on sexes but not sex since a search engine keyword must exactly match a word set up to be blocked View a List of Search Engine Keywords To view a list of all search engine keywords phrases that either have been added or deleted 1 In the View Search Keyword Addition Deletion List frame make a selection from the pull down menu for Addition List or Deletion ...

Page 338: ...yword frame specify whether the contents of this file will add to the current file or overwrite the current file on the server by clicking the Append or Overwrite radio button Upload a List of Search Engine Keyword Additions To upload a text file with search engine keyword phrase additions 1 Click Upload To Addition to open the Upload Library Keyword window see Fig 2 3 25 2 Click Browse to open th...

Page 339: ...eyword window see Fig 2 3 25 2 Click Browse to open the Choose file window Select the file to be uploaded 3 Click Upload File to upload this file to the server Reload the Library After all changes have been made to library windows click Reload to refresh NOTE Since reloading the library utilizes system resources that impact the performance of the Web Filter M86 recommends clicking Reload only afte...

Page 340: ...tion Click Real Time Probe to display windows for configuring and maintaining real time probes This tool is used for monitoring Internet activities of speci fied users in real time If using M86 s Security Reporter SR or Enterprise Reporter ER as the Web Filter s reporting application click Shadow Log Format to specify the format in which Web Filter logs will be sent to the SR or ER NOTE Informatio...

Page 341: ...This window is used if a reporting application needs to be set up to receive logs from the Web Filter Fig 2 4 2 Report Configuration window Specify the Reporting Device By default no option is selected at the Export field If Web Filter logs will be exported to a reporting application 1 Click the checkbox corresponding to the reporter to be used for transferring logs M86 Security Reporter Enterpris...

Page 342: ... or ER server that will receive logs from the Web Filter Fig 2 4 3 Report Configuration window M86 SR ER option and tab Edit SR ER Server Information In the Log File Transfer Configuration frame by default the IP address 1 2 3 6 displays in the Remote Server list box To add the IP address assigned to the SR ER server 1 Enter the LAN 1 IP address in the Server field 2 Click Add to include this IP a...

Page 343: ...ured and logs have been transferred from the Web Filter to the SR ER you can view transfer activity Fig 2 4 4 Report Configuration window M86 SR ER option Log tab 1 Click the Log tab 2 Click View Log to view up to the last 300 lines of transfer activity in the View Log frame Other Device If Other Device was selected the Other Device tab displays by default On this tab you need to specify criteria ...

Page 344: ...e log files will be stored 3 At the User Authentication field User is selected by default indicating that a username and password will be required for FTP transfers Click the Anonymous radio button if no user authentication will be required for FTP transfers 4 By default the Username field is activated For this option userid displays by default Change the username by entering a valid one for FTP t...

Page 345: ... intervals of time 3 6 9 12 15 18 21 24 4 updates occur every four hours at these intervals of time 4 8 12 16 20 24 6 updates occur every six hours at these intervals of time 6 12 18 24 8 updates occur every eight hours at these intervals of time 8 16 24 12 updates occur every 12 hours at these intervals of time 12 and 24 24 updates occur every 24 hours 2 Click Save View Transfer Activity to the R...

Page 346: ...the navigation panel This feature lets the probe administrator monitor a user s Internet usage in real time to see if that user is using the Internet appropri ately Fig 2 4 6 Real Time Probe window Configuration tab Configuration Enable Real Time Probes 1 On the Configuration tab click On 2 Click Save to enable the Real Time Probes feature As a result all elements in this window become activated ...

Page 347: ...e in Minutes the probe will search for URLs up to 1440 minutes 24 hours The default setting is 1000 minutes 4 Enter the Maximum Report Lifetime in Days to keep a saved report before deleting it The default setting is 7 days 5 Click Save Exclude an IP Address from Real Time Probing 1 Enter the Excluded IP Address of a machine to be bypassed from real time probing 2 Click Add to add the IP address i...

Page 348: ...responding the to the Email Format to be used for the file Plain Text or HTML By default HTML is selected 2 Select the Maximum File Size of an Email Report MB that can be sent from 1MB increments up to 20MB The default is 5 MB 3 Click Save Set up Email Addresses to Receive Reports 1 Enter the Email Address of an individual who will receive completed probe reports 2 Click Add to include the email a...

Page 349: ...orts to be Emailed list box 2 Click Delete to remove the email address es from list Logon Accounts Click the Logon Accounts tab to display Logon Accounts Fig 2 4 8 Real Time Probe window Logon Accounts tab Set up Users Authorized to Create Probes 1 Enter the Username of a staff member who is authorized to create real time probes 2 Enter the user s password in the Password and Confirm Password fiel...

Page 350: ...eactivate an authorized user s account 1 Select the username from the Current Accessible Users list box 2 Click Disable to move the username to the Current Un Accessible Users list box Delete a Logon Account To delete a user s account 1 Select the username from the Current Accessible Users list box 2 Click Delete WARNING By deleting a logon account in addition to not being able to create real time...

Page 351: ...Time Probe icon or Go to Real Time Probe Reports GUI either the Re login window or the Real Time Probe Reports window opens Re login window The Re login window opens if the user s session needs to be validated Fig 2 4 9 Re login window 1 Enter your Username 2 Enter your Password 3 Click OK to close the Re login window and to re access the Web Filter console ...

Page 352: ...taff member can click a link in an email alert or type in https x x x x 1443 RtProbe jsp in the address field of a browser window in which x x x x is the IP address of the Web Filter to only see probes he she created When using the aforementioned URL the following occurs The Login window opens Fig 2 4 10 Login window Enter the Username and Password and click OK to open the Real Time Probe Reports ...

Page 353: ...R GUIDE 333 Fig 2 4 11 Real Time Probes introductory window This window must be left open during the entire session Create a Real Time Probe Click the Create tab to enter and specify criteria for the report you wish to generate Fig 2 4 12 Real Time Probe Reports Create tab ...

Page 354: ...ters to be included in the User Name s to be probed The entry in this field is case sensitive This selection generates a report with data for all usernames containing the consecutive characters you specified In this example if ART is entered ART GARTH and MARTA would be included in the report But Art or BARRETT would not be included since the former username does not contain all uppercase letters ...

Page 355: ... User Name or URL 4 If you wish to send the completed report to a specified email address enter the Email Address to Mail the Completed Report 5 Specify the Start Date Time by clicking the appropriate radio button Now click this radio button to run the probe now Schedule at click this radio button to schedule a time for running the probe Select the date and time from the pull down menus A probe th...

Page 356: ...ab The Start Date Time displays in the YYYY MM DD HH MM SS format Daily displays in the Recurrence column if the probe is scheduled to run on a daily basis The Status of the probe displays Completed In Progress or Scheduled By selecting a probe buttons for the probe become acti vated based on the state of the probe The following options are available for each of the probe statuses Completed View P...

Page 357: ...ry PASSED for any uncategorized sites allowed to pass and Approved Content if the Approved Content feature is enabled and the record pertains to an approved video Filter Action set up in the profile Pass Block reserved for ER SR Warn Warned X Strike Quota By Method the method used in creating the entry SE Keyword URL Keyword URL Wildcard Strict HTTPS Filter Action Pattern File Type Moderate HTTPS ...

Page 358: ...e Email option dialog box in which you specify an email address to send the completed report see Email option Click Close to close the Real Time Information window Properties option Clicking Properties opens the Probe Properties box Fig 2 4 15 Probe Properties box This box includes the following information for the probe Display Name Email Address to Mail the Completed Report Search Option criteri...

Page 359: ...box via the Stop button Clicking Delete opens the following dialog box asking if you want to delete the probe Fig 2 4 16 Probe Properties deletion box Click Yes to delete the probe and remove it from the View tab Email option Clicking Email opens the Email Address box Fig 2 4 17 Email Address box Enter the Email Address to Mail the Completed Report and click Send to send the completed report to th...

Page 360: ...rting device is the M86 Enterprise Reporter ER this window is used for specifying the log format the Web Filter will use for sending logs to the ER Fig 2 4 18 Shadow Log Format window Specify the Shadow Log Format The window is comprised of the Log Format frame containing radio buttons corresponding to the following options Auto detect Post 2 0 10 log format manual Post 2 0 log format manual Post ...

Page 361: ...r or if an ER is not connected to the Web Filter Log Format Post 1 9 log format displays by default if the ER is using software version 3 75 or later up until 4 1 or if an ER is not connected to the Web Filter Post 2 0 log format displays by default if the ER is using software version 4 1 or later Post 2 0 10 log format displays by default if the ER is using software version 4 1 20 or later Post 2...

Page 362: ...t 1 9 log format option If this Web Filter currently has the 1 9 or higher software update applied the Post 1 9 log option should be selected since the ER 3 75 or higher software update uses the new log structure Pre 1 9 log format option If this Web Filter currently has a software update lower than 1 9 applied the Pre 1 9 log option should be selected since ER software updates lower than 3 75 use...

Page 363: ...bers Chapter 2 includes information on creating and maintaining Custom Categories for libraries The group administrator performs the following tasks defines members of a master IP group adds sub group members and or individual IP members and creates their filtering profiles grants designated users access to Internet content blocked at the global level as appropriate via an over ride account and or...

Page 364: ...een The navigation panel at the left of the screen contains the IP branch of the Policy tree NOTE If the synchronization feature is used a server set up in the Target mode to synchronize both profile and library setting changes will not have branches of the tree accessible Double click the IP branch of the tree to open it and to display the master IP group Double click the master IP group to open ...

Page 365: ...N CHAPTER 1 POLICY SCREEN M86 SECURITY USER GUIDE 345 IP Refresh Refresh the Master IP Group Member Click Refresh whenever a change has been made to the master IP group or member level of the tree Fig 3 1 2 Policy screen IP menu ...

Page 366: ...f sub topics Group Details Members Override Account Group Profile Exception URL Time Profile Approved Content incl VuSafe Upload Download IP Profile Add Sub Group Add Individual IP Delete Group and Paste Sub Group Group Details window The Group Details window displays when Group Details is selected from the menu This window is used for viewing the Group Name and for changing the password of the gr...

Page 367: ...a character one numeric character and one special character The password is case sensitive 2 Click Apply to apply your settings Members window The Members window displays when Members is selected from the menu This window is used for adding and managing members of a master IP group For the invisible and router modes a member is comprised of an associated IP address and a sub group may also contain...

Page 368: ...the Source IP fields If Source IP Start End was selected enter the Start and End of the IP address range 2 Click Add to include the IP address entry in the Current Members list box TIP Click Calculator to open the IP Calculator and calculate IP ranges without any overlaps Enter the IP address specify the Netmask and then click Calculate to display results in the Min Host and Max Host fields Click ...

Page 369: ...the minimum filtering level if the option to bypass the minimum filtering level is activated Fig 3 1 5 Override Account window NOTES Override accounts can be created for any authorized user In order for a user with an override account to access cate gories and ports set up to be blocked at the master IP group level the global administrator must first activate the option to allow an override accoun...

Page 370: ...e same entry again in the Confirm Password field 4 Click Add to include the username in the list box of the Current Accounts frame and to open the window containing the Current Accounts name as well as tabs to be used for specifying the components of the override account profile 5 Click each of the tabs Rule Redirect Filter Options and specify criteria to complete the override account profile See ...

Page 371: ...nd or Block columns in the Rule Details frame with filter settings for each category group library category in the Category Groups tree TIP In the Category Groups tree double click the group enve lope to open that segment of the tree and to view library catego ries belonging to that group NOTE If a category group does not display any filter setting i e the check mark does not display in any column...

Page 372: ...n the end user that the URL he she requested can be accessed but may be against the organization s policies The end user can view the URL after seeing a warning message and agreeing to its terms Block URLs in this category will be blocked TIPS Multiple categories can be assigned the same filter setting by clicking each category while pressing the Ctrl key on your keyboard and then double clicking ...

Page 373: ...ings window in Chapter 1 System screen for more information on configuring quota settings and resetting quotas for end users currently blocked by quotas The Overall Quota field becomes enabled if a quota is entered for any library group category By default the enabled Overall Quota is turned Off If turned On enter the number of minutes in the Min field to indicate when the end user s access to pas...

Page 374: ...e she attempts to access a site or service set up to be blocked Fig 3 1 7 Override Account window Redirect tab Specify the type of redirect URL to be used Default Block Page Authentication Request Form or Custom URL If Custom URL is selected enter the redirect URL in the corresponding text box The user will be redirected to the designated page at this URL instead of the block page ...

Page 375: ...kes Blocking With the X Strikes Blocking option enabled if the user attempts to access inappropriate sites on the Internet he she will be locked out from his her workstation after a specified number of tries within a fixed time period NOTE See the X Strikes Blocking window in Chapter 1 System screen of the Global Administrator Section for information on setting up the X Strikes Blocking feature Go...

Page 376: ...ter Control With the Search Engine Keyword Filter Control option enabled search engine keywords can be set up to be blocked When the user enters a keyword in the search engine if that keyword has been set up to be blocked the search will not be performed Search engine keywords are entered in the Search Engine Keywords window of custom library categories NOTE To set up search engine keywords in a S...

Page 377: ...enter the username in the Name field 3 Enter the new Password 4 Make the same entry again in the Confirm Password field 5 Click View Modify to open the window 6 Click Apply 7 Click Close to close the window Modify an Override Account To modify an override account 1 In the Current Accounts frame select the username from the list box 2 Click View Modify to open the window 3 Click the tab in which to...

Page 378: ... Click the following tabs in this window Category Redirect URL and Filter Options Entries in these tabs comprise the profile string for the group NOTE The Group Profile window is similar to the Sub Group Profile window and the Individual IP Profile window except the latter windows are configured and maintained by the group administrator Category Profile Category Profile displays by default when Gr...

Page 379: ...ontent By default Uncategorized Sites are allowed to Pass NOTE By default the Available Filter Levels pull down menu also includes these five rule choices Rule1 BYPASS Rule2 BLOCK Porn Rule3 Block IM and Porn Rule4 M86 CIPA Compliance and Rule5 Block All Create Edit a List of Selected Categories To create the category profile 1 Select a filtering rule from the available choices in the Available Fi...

Page 380: ...e column Pass Allow Warn Block in the row corresponding to that category group library category to move the check mark to that column Pass URLs in this category will pass to the end user Allow URLs in this category will be added to the end user s white list Warn URLs in this category will warn the end user that the URL he she requested can be accessed but may be against the organization s policies...

Page 381: ... defined in the Quota Settings window to determine when the end user will be blocked from further access to URLs in that library group category TIP If a quota entry is made for a category group all library cate gories in that group will show the same number of quota minutes NOTE See the Quota Settings window in Chapter 1 System screen for more information on configuring quota settings and resettin...

Page 382: ...s a site or service set up to be blocked at the group level Fig 3 1 10 Group Profile window Redirect URL tab Create Edit the Redirect URL 1 Specify the type of redirect URL to be used Default Block Page Authentication Request Form or Custom URL If Custom URL is selected enter the redirect URL in the corresponding text box Users will be redirected to the designated page at this URL instead of the b...

Page 383: ... Filter Options 1 Click the checkbox es corresponding to the option s to be applied to the sub group filtering profile X Strikes Blocking Google Yahoo Youtube Ask AOL Safe Search Enforcement Search Engine Keyword Filter Control URL Keyword Filter Control 2 Click Apply to apply your settings X Strikes Blocking With the X Strikes Blocking option enabled an end user who attempts to access inappropria...

Page 384: ...M86 s library or is blocked by Google Bing com Yahoo YouTube Ask com or AOL If this option is used in conjunction with the X Strikes Blocking feature and a user is performing an inappropriate Google Bing com Yahoo YouTube Ask com or AOL Image search the number of strikes that user will receive is based upon the amount of time it will take for unacceptable Google Bing com Yahoo YouTube Ask com or A...

Page 385: ...s line of a browser window if that keyword has been set up to be blocked the user will be denied access to that site or service URL keywords are entered in the URL Keywords window of custom library categories With the Extend URL Keyword Filter Control option enabled a URL keyword search will be extended after the character in a URL NOTE To set up URL keywords in a URL Keywords window for Custom Ca...

Page 386: ...d Individual IP sections of the Policy tree Fig 3 1 12 Exception URL window NOTE Settings in this window work in conjunction with those made in the Override Account window and in the Minimum Filtering Level window maintained by the global administrator Users with an override account will be able to access URLs set up to be blocked in this window if the global administrator acti vates bypass settin...

Page 387: ...180014290 escaped hexadecimal format e g http 57 57 57 41 44 44 49 43 54 49 4E 47 47 41 4D 45 53 43 4F 4D query string e g http www youtube com watch v 3_Wfnj1llMU NOTE The pound sign character is not allowed in this entry case specific entries these entries are used by the Approved Content feature that blocks or allows end user accessibility to specific YouTube video URLs wildcard entry format th...

Page 388: ... by the query Fig 3 1 13 Add ByPass URLs window This window includes the pre populated Add checkbox preceding each URL in the table Uncheck any checkbox corresponding to a URL you do not want to include in your list TIPS Click the Check Uncheck All Add checkbox at the bottom of this window to toggle between selecting or de selecting all Add column checkboxes in this window See the subsequent Statu...

Page 389: ...olumn messages and icons If conflicting URL entries are found by the query the following message displays at the top of the query results window Mouseover table row for messages on conflicts and warnings In the Status column of a URL with a conflict one of two icons displays either the yellow warning triangle containing an exclamation point or the red circle with a line through it Mousing over the...

Page 390: ...lock lists the Ignore warnings and add URL checkbox displays to the left of the Add Selected button at the bottom of the window Fig 3 1 14 Conflicting URLs found by query Clicking this checkbox activates the Add Selected button Clicking Add Selected closes the window and moves the selected URLs to the opposite frame in the Exception URL window URL cannot be added due to conflicts If a URL found by...

Page 391: ...address URL to maximize results to be returned by the URL query 2 Click Remove to open the Remove Block URLs Remove ByPass URLs window to view all corresponding URLs found by the query Fig 3 1 15 Remove Block URLs window This window includes the pre populated Remove checkbox preceding each URL in the table Uncheck any checkbox corresponding to a URL you do not want to remove from your list TIP Cli...

Page 392: ...s Time Profile window The Time Profile window displays when Time Profile is selected from the group menu This window is used for setting up or modifying a filtering profile to be activated at a specified time Fig 3 1 16 Time Profile window The Current Time Profiles list box displays the Name and Description of any time profiles previously set up for the entity that are currently active NOTE This w...

Page 393: ...ime Profile 2 Type in three to 20 alphanumeric characters the under score _ character can be used for the profile name 3 Click OK to close the box and to open the Adding Time Profile window that displays the name of this profile at the top of the Time Profile frame Fig 3 1 18 Time Profile window Recurrence tab 4 In the Recurrence duration time frame specify Start and End time range criteria ...

Page 394: ... To choose another date click the arrow in the date drop down menu to open the calendar pop up box In this pop up box you can do the following Click the left or right arrow at the top of this box to navigate to the prior month or the next month Double click a date to select it and to close this box populating the date field with that date Click Today to close this box populating the date field wit...

Page 395: ...l for the months this time profile will be used and next specify which day of the month If Day is chosen select from 1 31 If a non specific day is chosen make selections from the two pull down menus for the following week of the month First Fourth or Last day of the month Sunday Saturday Day Weekday Weekend By default 1 displays and today s Day of the month is selected If today is the 6th these se...

Page 396: ... is entered and the First Monday of June are selected this profile will be used every two years on the first Monday in June For example if the current month and year are May 2010 the first Monday in June this year would be the 7th The next time this profile would be used will be in June 2012 6 In the Range of recurrence frame the Start date displays greyed out this is the same date as the Start da...

Page 397: ...ilter Options and Excep tion tabs 8 Click Apply to activate the time profile for the IP group at the specified time 9 Click Close to close the Adding Time Profile window and to return to the Time Profile window In this window the Current Time Profiles list box now shows the Name and Description of the time profile that was just added WARNING If there is an error in a time profile the Description f...

Page 398: ...file The Rule tab is used for creating the categories portion of the time profile Fig 3 1 19 Time Profile window Rule tab NOTE See the Override Account window Category Profile sub section in this chapter for information about entries that can be made for this component of the filtering profile ...

Page 399: ...cifying the URL to be used for redirecting users who attempt to access a site or service set up to be blocked Fig 3 1 20 Time Profile window Redirect URL tab NOTE See the Override Account window Redirect URL sub section in this chapter for information about entries that can be made for this component of the filtering profile ...

Page 400: ...ions tab is used for specifying which filter option s will be applied to the time profile Fig 3 1 21 Time Profile window Filter Options tab NOTE See the Override Account window Filter Options sub section in this chapter for information about entries that can be made for this component of the filtering profile ...

Page 401: ...at can be made for this component of the filtering profile Settings in this window work in conjunction with those made in the Override Account window and in the Minimum Filtering Level window maintained by the global administrator Users with an override account will be able to access URLs set up to be blocked in this window if the global administrator activates bypass settings in the Minimum Filte...

Page 402: ...pecific YouTube or SchoolTube videos from a designated portal or from VuSafe If this feature is enabled for this profile pass keys for approved videos are entered in the Passkey list box Fig 3 1 23 Time Profile window Approved Content tab NOTE See the Approved Content Settings window sub section in this chapter for information about entries that can be made for this component of the filtering prof...

Page 403: ...dow 3 Make modifications in the default Recurrence tab and or click the tab in which to make modifications Rule Redi rect Filter Options Exception Approved Content 4 Make edits in this tab and in any other tab if necessary 5 Click Apply 6 Click Close to close the Modify Time Profiles window and to return to the Time Profile window Delete a Time Profile To delete a time profile 1 Select the time pr...

Page 404: ...l managed by someone within the organization or videos posted to VuSafe Fig 3 1 24 Approved Content Settings window NOTE See Approved Content Settings window from Chapter 2 of the Global Administrator Section for information about the Approved Content feature and VuSafe Approved Content setup and configuration There are two parts to set up in order to use the Approved Content feature A portal for ...

Page 405: ... editor tool such as Notepad or TextPad MD5 checksum calculator tool NOTE See the M86 Approved Content Portal Setup document at http www m86security com software 8e6 docs ug misc wf ac 4 1 00 pdf for instructions on setting up a portal and pass keys for users to view YouTube or SchoolTube videos Approved Content Settings entries 1 Choose one of the following options by clicking its corre sponding ...

Page 406: ...s based on whether the Approved Content feature should be disabled or enabled for this profile Disable approved content for this profile Choosing this option disables the Approved Content feature for this profile Use specific passkey s Choosing this option lets the profile use passkeys added to the Passkey list box To add a passkey to the Passkey list box a Enter the case sensitive eight to 20 cha...

Page 407: ...load IP Profile is selected from the group menu This window is used for uploading or downloading a text file containing filtering profiles of multiple users or sub groups Fig 3 1 25 IP Profile Management window Upload IP Profiles 1 Click Upload File to open both the refresh message page see Fig 3 1 27 and the Upload IP Profiles window Fig 3 1 26 Upload IP Profiles window ...

Page 408: ...or examples of entries to include in a profile file go to http www m86security com software 8e6 hlp r3000 files 2group_ipprofiles html Once the file is selected the path displays in File field WARNING Any existing profiles will be overwritten by the contents of the uploaded file 3 Click Upload File in this window to display the message Upload IP Profiles Successfully 4 Click the X in the upper rig...

Page 409: ...If profiles have been created and or uploaded to the server 1 Click Download Profile to open a browser window containing the profiles Fig 3 1 28 Download IP Profiles window The contents of this window can viewed printed and or saved 2 Click the X in the upper right corner of the window to close it ...

Page 410: ...oint question mark ampersand asterisk quotation mark apostrophe grave accent mark tilde caret _ underscore pipe slash backslash double backslashes left parenthesis right paren thesis left brace right brace left bracket right bracket at sign pound sign dollar sign percent sign less than symbol greater than symbol plus symbol minus sign equals sign 3 Click OK to close the dialog box and to add the s...

Page 411: ...on exclamation point question mark ampersand asterisk quotation mark apostrophe grave accent mark tilde caret _ underscore pipe slash backslash double backslashes left parenthesis right paren thesis left brace right brace left bracket right bracket at sign pound sign dollar sign percent sign less than symbol greater than symbol plus symbol minus sign equals sign 3 Click OK to close the dialog box ...

Page 412: ...cess of creating sub groups if the sub group to be added has the same configuration settings as one that already exists A sub group can be pasted or copied to a group if the Copy Sub Group function was first performed at the sub group level Paste a Copied IP Sub Group From the group menu 1 Select Paste Sub Group to open the Paste Sub Group dialog box Fig 3 1 31 Paste Sub Group dialog box 2 In the ...

Page 413: ...L Time Profile Approved Content incl VuSafe Delete Sub Group and Copy Sub Group Sub Group IP Group window The Sub Group IP Group window displays when Sub Group Details is selected from the menu This window is used for viewing and adding or editing details on an IP group member Fig 3 1 32 Sub Group IP Group window view only View IP Sub Group Details If the sub group was previously defined the field...

Page 414: ...the IP Address frame click the appropriate radio button corresponding to the type of Member IP address range to be entered IP address with netmask or IP address range TIP Use the IP Range pull down menu to view the IP address es that can be entered in these fields 2 Corresponding to the selected radio button enter the IP address and specify the netmask or enter the IP address range in the text box...

Page 415: ...CREEN M86 SECURITY USER GUIDE 395 Members window The Members window displays when Members is selected from the menu This window is used for modifying the sub group s Member IP address if using the invisible or router mode Fig 3 1 34 Members window ...

Page 416: ...ddress range TIP Click Calculator to open the IP Calculator and calculate IP ranges without any overlaps 2 Click Modify to apply your settings Sub Group Profile window The Sub Group Profile window displays when Sub Group Profile is selected from the sub group menu This window is used for viewing creating the sub group s filtering profile Click the following tabs in this window Category Redirect UR...

Page 417: ...URL window in the Master IP Group sub section of this chapter for information on entries that can be made in this window Time Profile window The Time Profile window displays when Time Profile is selected from the sub group menu This window is used for setting up or modifying a filtering profile to be activated at a specified time NOTE See the Time Profile window in the Master IP Group sub section ...

Page 418: ...ganization or videos posted to VuSafe NOTES See the Approved Content Settings window in Chapter 2 of the Global Administrator Section of this user guide for informa tion about the Approved Content feature and VuSafe See the M86 Approved Content Portal Setup document at http www m86security com software 8e6 docs ug misc wf ac 4 1 00 pdf for information on setting up a portal and pass keys for viewi...

Page 419: ...oup function is used for expediting the process of creating sub groups if the sub group to be added has the same configuration settings as one that already exists Copy an IP Sub Group To copy configurations made for a specified sub group 1 Choose Copy Sub Group from the sub group menu 2 Select the group from the tree and choose Paste Sub Group from the group menu to paste the sub group to the grou...

Page 420: ...P member Click the individual IP member s link to view a menu of sub topics Members Individual IP Profile Exception URL Time Profile Approved Content incl VuSafe Delete Individual IP Member window The member window displays when Members is selected from the menu This window is used for modifying the indi vidual IP member s IP address if using the invisible or router mode Fig 3 1 35 Member window ...

Page 421: ...ofile window in this chapter for informa tion about entries that can be made for the following components of the filtering profile Category Profile Redirect URL Filter Options Exception URL window The Exception URL window displays when Exception URL is selected from the individual IP member menu This window is used for blocking the member s access to speci fied URLs and or for letting the member a...

Page 422: ...ortal managed by someone within the organization or videos posted to VuSafe NOTES See the Approved Content Settings window in Chapter 2 of the Global Administrator Section of this user guide for informa tion about the Approved Content feature and VuSafe See the M86 Approved Content Portal Setup document at http www m86security com software 8e6 docs ug misc wf ac 4 1 00 pdf for information on setti...

Page 423: ...p Library categories are used when creating or modifying filtering profiles Fig 3 2 1 Library screen A list of main topics displays in the navigation panel at the left of the screen Main topics in this section include the following Library Lookup and Category Groups the latter topic containing the Custom Categories sub topic NOTE If the synchronization feature is used a server set up in the Target...

Page 424: ...m the navigation panel This window is used for verifying whether or not a URL or search engine keyword or keyword phrase exists in a library category Fig 3 2 2 Library Lookup window NOTE This window is also used by global administrators except their permissions let them remove URLs and search engine keywords phrases The reload library function is used after making changes to the library ...

Page 425: ...6d2 hexadecimal long format e g http 0x46 0x55 0x96 0xd2 decimal value format e g http 1180014290 escaped hexadecimal format e g http 57 57 57 41 44 44 49 43 54 49 4E 4 7 47 41 4D 45 53 43 4F 4D query string e g http www youtube com watch v 3_Wfnj1llMU NOTES The pound sign character is not allowed in this entry The minimum number of wildcard levels that can be entered is three e g yahoo com and th...

Page 426: ...display results in the Result Category list box showing the long name of all categories that contain the search engine keyword phrase Custom Categories Custom Categories includes options for adding a custom category to the tree list and to refresh the menu Click the Custom Categories link to view a menu of topics Add Cate gory and Refresh Fig 3 2 3 Custom Categories menu NOTE Since custom categori...

Page 427: ...y the group administrator Add a Custom Library Category 1 Select Add Category to open the Create Category dialog box Fig 3 2 4 Create Category dialog box The Group Name field displays Custom Categories greyed out 2 In the Description field enter from three to 20 charac ters for the long name of the new category 3 In the Short Name field enter up to seven characters without any spaces for the short...

Page 428: ...ong name TIP If this is the first custom category you are adding you may need to double click Custom Categories to open the tree list NOTE The category must have URLs URL keywords and or search keywords added to its profile in order for it to be effective Refresh Refresh the Library Click Refresh after uploading a file to a customized library category ...

Page 429: ...ywords and Delete Category Fig 3 2 5 Library screen custom library category menu NOTE Since custom categories are not created by M86 updates cannot be provided Maintaining the list of URLs and keywords is the responsibility of the global or group administrator Library Details window The Library Details window displays when Library Details is selected from the library category s menu of sub topics ...

Page 430: ...rary Details window View Edit Library Details The following display and cannot be edited Custom Cate gories Group Name and library category Short Name 1 The long Description name displays and can be edited 2 After modifying the description for the library category click Apply to save your entry ...

Page 431: ...ster wildcard URL list A URL is used in a filtering profile for blocking a user s access to a specified site or service A URL can contain a domain name such as playboy in http www playboy com or an IP address such as 209 247 228 221 in http 209 247 228 221 A wildcard asterisk symbol followed by a period can be entered in a format such as playboy com for example to block access to all URLs ending i...

Page 432: ... view a list of all URLs that either have been added or deleted from the master URL list or master wildcard URL list 1 Click the View tab 2 Make a selection from the pull down menu for Master List or Wild Card Master List 3 Click View List to display the specified items in the Select List list box Fig 3 2 8 URLs window View tab ...

Page 433: ...coors com or coors com The following types of URL formats also can be entered in this field IP address e g 209 247 228 221 in http 209 247 228 221 octal format e g http 0106 0125 0226 0322 hexadecimal short format e g http 0x465596d2 hexadecimal long format e g http 0x46 0x55 0x96 0xd2 decimal value format e g http 1180014290 escaped hexadecimal format e g http 57 57 57 41 44 44 49 43 54 49 4E 4 7...

Page 434: ...lick Add to display the associated wildcard URL s in the list box below 3 Select the wildcard URL s that you wish to add to the category 4 Click Apply Action NOTE Wildcard URL query results include all URLs containing text following the period after the wildcard symbol For example an entry of beer com would find a URL such as http virtualbartender beer com However if a specific URL was added to a ...

Page 435: ...st frame as pertinent 3 Click Remove to display the associated URLs in the list box below 4 Select the URL s that you wish to remove from the cate gory 5 Click Apply Action Upload a Master List to the Library Upload a Master List of URLs To upload a master file with URL additions 1 Click Upload Master to open the Upload Custom Library URL window Fig 3 2 9 Upload Custom Library URL window 2 Click B...

Page 436: ... 4 Click Upload File to display the results of the library file content validation in the Library File Content IP Lookup Options window Fig 3 2 10 Library File Content IP Lookup Options URLs contained in the file are listed under the column for either Valid URL or Invalid URL 5 If the file contains invalid URLs click Back to return to the Upload URL window Another attempt to validate the file can ...

Page 437: ... Upload the file without IP Lookup If this option is selected an IP lookup for IP addresses that correspond to URLs in the uploaded file will not be performed b Click Upload to open the Upload Successful window NOTE In order for the URLs to take effect library categories must be reloaded Upload a Master List of Wildcard URLs To upload a master file with wildcard URL additions 1 Click Upload Wildca...

Page 438: ...le to display the results of the library file content validation in the Library File Content IP Lookup Options window Fig 3 2 12 Library File Content IP Lookup Options Wildcard URLs contained in the file are listed under the column for either Valid URL or Invalid URL 5 If the file contains invalid wildcard URLs click Back to return to the Upload WildCard URL window Another attempt to validate the ...

Page 439: ...t the performance of the Web Filter M86 recommends clicking Reload Library only after modifications to all library windows have been made URL Keywords window The URL Keywords window displays when URL Keywords is selected from the custom library category s menu of sub topics This window is used for adding or removing a URL keyword from a custom library category s master list A library category uses...

Page 440: ... that are not even within blocked categories For example if all URL keywords containing sex are blocked users will not be able to access a non pornographic site such as http www essex com View a List of URL Keywords To view a list of all URL keywords that either have been added or deleted 1 In the View Keyword Addition Deletion List frame make a selection from the pull down menu for Master List 2 ...

Page 441: ...le window 3 Select the file to be uploaded 4 Click Upload File to upload this file to the server NOTE A URL keywords text file must contain one URL keyword per line WARNING The text file uploaded to the server will overwrite the current file Reload the Library After all changes have been made to library windows in the Reload URL Keywords frame click Reload to refresh NOTE Since reloading the libra...

Page 442: ... Keywords window NOTE If the feature for search engine keyword filtering is not enabled in a filtering profile search engine keywords can be added in this window but search engine keyword filtering will not be in effect for the user s See the Filter Options tab in the Policy screen section for information about enabling search engine keyword filtering WARNING Use extreme caution when setting up se...

Page 443: ...ord Addition Deletion List frame make a selection from the pull down menu for Master List 2 Click View List to display the specified items in the Select List list box Add or Remove Search Engine Keywords Add a Search Engine Keyword to the Library To add a search engine keyword or keyword phrase to the library category 1 In the Edit Search Keyword List frame enter up to 75 alphanumeric characters i...

Page 444: ...phrase per line WARNING The text file uploaded to the server will overwrite the current file 4 Click Upload File to upload this file to the server Reload the Library After all changes have been made to library windows in the Reload Search Keywords frame click Reload to refresh NOTE Since reloading the library utilizes system resources that impact the performance of the Web Filter M86 recommends cl...

Page 445: ...e username or group name 2 IP address 3 Filtering profile criteria Rule number Rule0 Rule1 etc or rule criteria a Ports to Block or Filter b Categories to Block or Open c Filter Mode 4 Redirect URL optional 5 Filter Options optional For IP profiles the code 0x1 should be placed at the end with all filter options disabled 6 Quotas optional NOTE Each filtering profile should be entered on a separate...

Page 446: ...ter the defined port number s I Open all ports J Open the defined port number s M Set the defined port number s to trigger a warn message Q Block all ports R Block the defined port number s Port Numbers 21 FTP File Transfer Protocol 80 HTTP Hyper Text Transfer Protocol 119 NNTP Network News Transfer Protocol 443 HTTPS Secured HTTP Transmission Other Filter Mode Values 1 Default Block Mode 2 Monito...

Page 447: ...ile string indicating that all other categories should pass PASSED When positioned at the end of a string of categories or after a category command code this code indicates that unidentified categories will follow suit with categories defined by that code J pass R block or M receive warning message Category Codes For the list of category codes short names and their corresponding descriptions long ...

Page 448: ... entered at the end of the profile string unless the quota option is used in which case the quota should be entered at the end of the profile string To disable all filter codes for an IP profile enter 0x1 for the filter option Quota format To include quotas in a profile string enter them after the filter options using this format A semicolon Overall Quota minutes a comma the first library category...

Page 449: ...n one of the redirect URL tabs Go to Policy IP Group Name Sub Group Name Sub Group Profile Redirect URL Go to Policy Global Group Global Group Profile Default Redirect URL 2 Set the redirect URL to http server for block_page port for block page blockpage NOTE The Web Filter console does not accept the URL with a port setting port for block page so to get around this the block page must be placed a...

Page 450: ...ation IP Exclude IP Without excluding this IP address the Web Filter may capture filter block the following redirect link http server for block_page port for block page blockpage URL blocked url IP client IP CAT URL category USER client User Name Part II Customize the Block Page 1 Set up a Web server A Web server must be set up to hold the customized block page 2 Create a customized block page The...

Page 451: ... and post the required hidden form data shown in the table below Name Description Value URL Blocked URL From the query string of the block page URL IP IP that accessed the blocked URL see URL CAT Category of the blocked URL see URL USER User Name that accessed the blocked URL see URL Name Description Value SITE Optional value _BLOCK_SITE_ URL Blocked URL From the query string of the block page URL...

Page 452: ...the custom ized block page Examples include 1 HTML using Java Script to parse post form data 2 CGI written in Perl 3 CGI written in C See the Reference portion of this appendix for coding details NOTE Don t forget to replace Web Filter IP with the real IP in the HTML CGI before using these samples Part III Restart the Web Filter You must restart the Web Filter to make your changes effec tive ...

Page 453: ...lt i str indexOf start if i 0 len str length substr str substr i start length len start length j substr indexOf end if j 0 result substr substring 0 j else if j 0 len substr length result substr substr 0 len return result function getData str document location href len str length i str indexOf if i 0 query str substr i 1 len i 1 url parseData query URL document block URL value url ip parseData que...

Page 454: ...ck action http Web Filter IP 81 cgi block cgi document block submit script head body form method post name block input type hidden name SITE value _BLOCK_SITE_ input type hidden name URL value input type hidden name IP value input type hidden name CAT value input type hidden name USER value input type hidden name STEP value STEP2 form br Web Filter Customized Block Page HTML using Java Script to p...

Page 455: ...eb Filter customized block page Replace the Web Filter IP with the real IP before using This script provide data to the options CGI through query string Revision 1 Date 03 08 2004 method ENV REQUEST_METHOD if method post i string STDIN else string ENV QUERY_STRING url 1 if string URL S IP i ip 1 if string IP S CAT i cat 1 if string CAT S USER i user 1 if string USER S i print Content type text htm...

Page 456: ...he Web Filter IP with the real IP before using This script uses Java Script to post form data to options CGI Revision 1 Date 03 08 2004 method ENV REQUEST_METHOD if method post i string STDIN else string ENV QUERY_STRING url 1 if string URL S IP i ip 1 if string IP S CAT i cat 1 if string CAT S USER i user 1 if string USER S i print Content type text html n n print html n print head n print script...

Page 457: ...ue url n print input type hidden name CAT value cat n print input type hidden name USER value user n print input type hidden name STEP value STEP2 n print br Web Filter Customized Block Page CGI written with Perl using Java Script to post form data br n print URL url br n print IP ip br n print CAT cat br n print USER user br n print br For further options a href javascript do_options click here a...

Page 458: ...otypes void printhtml void unescape_url char url char x2c char what char makeword char line char stop void plustospace char str char fmakeword FILE f char stop int cl int to_upper char string void getquery char paramd char paramv void getnextquery char paramv int main int argc char argv int data_size size in bytes of POST input int index char paramd paramn paramv char step 120 printf content type ...

Page 459: ...ety of global variables to be used by other areas of the program data_size atoi getenv CONTENT_LENGTH for index 0 data_size feof stdin index entries index val char fmakeword stdin data_size plustospace entries index val unescape_url entries index val entries index name char makeword entries index val if strcmp entries index name IP 0 strcpy szIP entries index val else if strcmp entries index name ...

Page 460: ...input type hidden name URL value s n szURL printf input type hidden name CAT value s n szCategory printf input type hidden name USER value s n szUserName printf input type hidden name STEP value STEP2 n printf br Web Filter Customized Block Page CGI written with C using Java Script to post form data br n printf URL s br n szURL printf IP s br n szIP printf CAT s br n szCategory printf USER s br n ...

Page 461: ...it 16 digit what 1 A what 1 0xdf A 10 what 1 0 return digit char makeword char line char stop int x 0 y char word char malloc sizeof char strlen line 1 for x 0 line x line x stop x word x line x word x 0 if line x x y 0 while line y line x return word void plustospace char str register int x for x 0 str x x if str x str x char fmakeword FILE f char stop int cl int wsize ...

Page 462: ...e word ll 1 0 wsize 102400 word char realloc word sizeof char wsize 1 cl if word ll stop feof f cl if word ll stop ll word ll 0 return word ll to_upper Change the string to upper case int to_upper char string int len int i char tmp NULL if string strlen string if tmp char strdup string return 0 len strlen string for i 0 i len i string i toupper tmp i free tmp return 1 ...

Page 463: ...ENDICES SECTION APPENDIX B M86 SECURITY USER GUIDE 443 void getquery char paramd char paramv if paramd NULL paramv NULL else paramv char strtok paramd void getnextquery char paramv paramv char strtok NULL ...

Page 464: ...kstation will need to temporarily disable pop up blocking in order to authenticate him herself via the Options page Fig C 1 Options page This appendix provides instructions on how to use an over ride account if typical pop up blocking software is installed as in the following products Yahoo Toolbar Google Toolbar AdwareSafe Mozilla Firefox and Windows XP Service Pack 2 SP2 ...

Page 465: ... action opens the override account pop up window Add Override Account to the White List If the override account window was previously blocked by the Yahoo Toolbar it can be moved from the black list and added to the white list so that it will always be allowed to pass To do this 1 Go to the Yahoo Toolbar and click the pop up icon to open the pop up menu Fig C 2 Select menu option Always Allow Pop ...

Page 466: ...ps from source 3 Select the source from the Sources of Recently Blocked Pop Ups list box to activate the Allow button 4 Click Allow to move the selected source to the Always Allow Pop Ups From These Sources list box 5 Click Close to save your changes and to close the dialog box ...

Page 467: ...cking the Override button this action opens the override account pop up window Add Override Account to the White List To add the override account window to the white list so that it will always be allowed to pass go to the Google Toolbar and click the Pop up blocker button Fig C 4 Pop up blocker button enabled Clicking this button toggles to the Pop ups okay button adding the override account wind...

Page 468: ...r lets you toggle between enabling pop up blocking popups blocked and disabling pop up blocking Popup protection off by clicking the pop up icon 1 In the IE browser go to the SearchSafe toolbar and click the icon for popups blocked to toggle to Popup protec tion off This action turns off pop up blocking 2 In the Options page see Fig C 1 enter your Username and Password 3 Click the Override button ...

Page 469: ...he Firefox browser go to the toolbar and select Tools Options to open the Options dialog box 2 Click the Content tab at the top of this box to open the Content section Fig C 6 Mozilla Firefox Pop up Windows Options 3 With the Block pop up windows checkbox checked click the Exceptions button at right to open the Allowed Sites Pop ups box ...

Page 470: ...zilla Firefox Pop up Window Exceptions 4 Enter the Address of the web site to let the override account window pass 5 Click Allow to add the URL to the list box section below 6 Click Close to close the Allowed Sites Pop ups box 7 Click OK to close the Options dialog box ...

Page 471: ...locking feature in the IE browser Use the Internet Options dialog box 1 From the IE browser go to the toolbar and select Tools Internet Options to open the Internet Options dialog box 2 Click the Privacy tab Fig C 8 Enable pop up blocking 3 In the Pop up Blocker frame check Turn on Pop up Blocker 4 Click Apply and then click OK to close the dialog box ...

Page 472: ...nu selec tion changes to Turn Off Pop up Blocker and activates the Pop up Blocker Settings menu item You can toggle between the On and Off settings to enable or disable pop up blocking Temporarily Disable Pop up Blocking 1 In the Options page see Fig C 1 enter your Username and Password 2 Press and hold the Ctrl key on your keyboard while simultaneously clicking the Override button this action ope...

Page 473: ...ar and select Tools Pop up Blocker Pop up Blocker Settings to open the Pop up Blocker Settings dialog box Fig C 10 Pop up Blocker Settings 2 Enter the Address of Web site to allow and click Add to include this address in the Allowed sites list box Click Close to close the dialog box The override account window has now been added to your white list 3 In the Options page see Fig C 1 enter your Usern...

Page 474: ...r Settings to open the Pop up Blocker Settings dialog box see Fig C 10 2 In the Notifications and Filter Level frame click the checkbox for Show Information Bar when a pop up is blocked 3 Click Close to close the dialog box Access your Override Account 1 In the Options page see Fig C 1 enter your Username and Password 2 Click the Override button This action displays the following message in the In...

Page 475: ...ction opens the Allow pop ups from this site dialog box Fig C 13 Allow pop ups dialog box 5 Click Yes to add the override account to your white list and to close the dialog box NOTE To view your white list go to the Pop up Blocker Settings dialog box see Fig C 10 and see the entries in the Allowed sites list box 6 Go back to the Options page and click Override to open the override account window ...

Page 476: ... in the Web Filter Administrator console 1 Choose Reporting Report Configuration to display the Report Configuration window 2 Click the M86 Security Reporter M86 Enterprise Reporter checkbox to display the M86 Security Reporter M86 Enterprise Reporter tab Fig D 1 Report Configuration window SR ER tab 3 In the Log File Transfer Configuration frame enter the LAN 1 IP address assigned to the M86 SR o...

Page 477: ...gs have been transferred from the Web Filter to the SR ER click the Log tab to view transfer activity 5 On the Log tab click View Log to view up to the last 300 lines of transfer activity in the View Log frame NOTE It is recommended you wait one to two hours after the initial configuration so sufficient data is available for viewing Fig D 2 Report Configuration window Log tab ...

Page 478: ... menu choose Tools to display the Tools screen 3 From the Database Status menu choose File Watch Log 4 Click View to open the File Watch Status pop up box If logs are being transferred you will see an entry that includes the date time and IMPORTING shadow log machine1 Once you see an entry reporting information will be available one hour after the timestamp of the import listing NOTE Transfers occ...

Page 479: ...your RAID server M86 recommends that you always have a spare drive and spare power supply on hand Contact M86 Technical Support for replacement hard drives and power supplies Part 1 Hardware Components The Web Filter SL and HL RAID server contains two hard drives two power supplies and five sets of dual cooling fans 10 in total Part 2 Server Interface LED indicators in SL and HL units On an SL and...

Page 480: ...ering traffic Amber On Library being uploaded or one or more processes being started Red On Not filtering traffic LIBR Green On Library updated within the past two days or less Amber On Library updated more than two days ago but within the past three days Red On Library updated more than three days ago RAID Green On RAID mode enabled and running Off RAID mode is inactive Red On Check user interfac...

Page 481: ... icons func tion as follows UID button On an HL server when the UID button is pressed a steady blue LED displays on both the front and rear of the chassis see also Rear of chassis These indicators are used for easy location of the chassis in a large stack config uration The LED remains on until the button is pressed a second time Overheat Fan Fail icon This LED is unlit unless the chassis is overh...

Page 482: ...server and by an amber LED on an SL server An unlit LED on a drive carrier may indicate a hard drive failure See Hard drive failure in the Troubleshooting sub sec tion for information on detecting a hard drive failure and resolving this problem Power icon The LED is unlit when the server is turned off A steady green LED indicates power is being supplied to the unit s power supplies See also Rear o...

Page 483: ...en the UID button on the control panel is pressed This LED remains lit until the UID button is pressed again Power Supplies LED indicators The power supplies are located at the right on the rear of the chassis An LED indi cator is located above each of the power plugs See Power supply failure in the Troubleshooting sub section for infor mation on detecting a power supply failure and resolving this...

Page 484: ...in istrator of the server This email identifies the failed hard drive by its number HD 1 or HD 2 Upon receiving this alert the administrator should verify the status of the drives by first going to the Hardware Failure Detection window in the Administrator console WARNING Do not attempt to remove any of the drives from the unit at this time Verification of the failed drive should first be made in ...

Page 485: ...ction window The Hardware Failure Detection window displays the current RAID Array Status for the two hard drives HD 1 and HD 2 at the right side of the window Normally when both hard drives are functioning without failure the text OK displays to the right of the hard drive number and no other text displays in the window However if a hard drive has failed the message FAIL displays to the right of ...

Page 486: ...inistrator console go to the server to replace the drive Press the red release button to release the handle on the carrier and then extend the handle fully and pull the carrier out towards you Replace the failed drive with your spare replacement drive NOTE Contact Technical Support if you have any questions about replacing a failed hard drive ...

Page 487: ...our failed hard drive to M86 Power supply failure Step 1 Identify the failed power supply The administrator of the server is alerted to a power supply failure on the chassis by an audible alarm and an amber power supply LED or an unlit LED on the front and rear of the chassis NOTE A steady amber power supply LED also may indicate a disconnected or loose power supply cord Verify that the power supp...

Page 488: ...e towards you 3 Note that an audible alarm sounds and the LED is unlit when the power supply is disengaged Replace the failed power supply with your spare replacement power supply The alarm will turn off and the LED will be a steady green when the replacement power supply is securely locked in place Step 4 Contact Technical Support Contact Technical Support to order a new replacement power supply ...

Page 489: ...e Authorization number and for instructions on returning the unit to M86 A steady red LED on and not flashing indicates an over heating condition which may be caused by cables obstructing the airflow in the system or the ambient room temperature being too warm Check the routing of the cables and make sure all fans are present and operating normally The LED will remain steady as long as the over he...

Page 490: ... creating a rule or when setting up a filtering profile or the minimum filtering level If an item is given a block setting users will be denied access to it custom category A unique library category that is created by an administrator and can include URLs URL keywords and search engine keywords to be blocked Group adminis trators create and manage custom library categories for their own group filt...

Page 491: ...workstations either locally or across the Internet Using this feature of the Web Filter groups and or individual client machines can be set up to block the use of IM services specified in the library category invisible mode A Web Filter set up in the invisible mode will filter all connections on the Ethernet between client PCs and the Internet without stopping each IP packet on the same Ethernet s...

Page 492: ...lied in conjunction with a user s filtering profile If a user does not belong to a group or the user s group does not have a filtering profile the default global filtering profile is used and the minimum filtering level does not apply to that user If the minimum filtering level is set up to block a library category this setting will override an always allowed setting for that category in a user s ...

Page 493: ...etting assigned to a service port or library category when creating a rule or when setting up a filtering profile or the minimum filtering level If an item is given an open pass setting users will have access to it override account An account created by the global group administrator or the group administrator to give an autho rized user the ability to access Internet content blocked at the global...

Page 494: ... be filtered and how they will be filtered The user profile in the Radius accounting server holds the filter definition for the user Real Time Probe On the Web Filter this tool is used for monitoring the Internet activity of specified users in real time The report generated by the probe lets the adminis trator know whether end users are using the Internet appro priately router mode A Web Filter se...

Page 495: ... with an associ ated member IP address and filtering profile synchronization A process by which two or more machines run in parallel to each other User filtering profiles and library configurations can be set up to be synchronized between multiple Web Filters The clock on the Web Filter can be set up to be synchronized with a server on the Internet running Network Time Protocol NTP software time p...

Page 496: ...segment warn setting A setting assigned to a library category or uncategorized URLs when creating a rule or when setting up a filtering profile This designation indicates URLs in the library category or uncategorized URLs may potentially be in opposition to the organization s policies and are flagged with a warning message that displays for the end user if a URL from that library category or an un...

Page 497: ...ettings window 123 always allowed 27 definition 470 Appliance Watchdog 143 234 Approved Content 382 Real Time Probe 335 337 Approved Content portal setup 267 385 Approved Content Settings entries 385 Approved Content Settings window 266 384 398 402 Approved Content definition 470 authentication 158 Authentication menu 158 B backup procedures 160 Backup Restore menu 159 Backup Restore window 159 Be...

Page 498: ...up 358 minimum filtering level 270 Category Weight System menu 298 Category Weight System window 298 Centralized Management Console 37 140 checkbox terminology 4 CMC Management 140 144 CMC Management menu 218 Common Customization window 196 Configuration window 279 contact e mail addresses 123 Control menu 72 CPU Usage diagnostic tool 110 Ctrl key 65 Current memory usage diagnostic tool 110 custom...

Page 499: ...URL 381 exception URL 81 273 428 Exception URL window 366 397 401 F field terminology 4 filter option codes 428 filter options global group 252 filter setting 28 definition 470 Filter window 72 filtering 427 category codes 427 hierarchy diagram 30 profile components 24 profile types 20 rules 28 search engine keyword 254 static profiles 22 URL keyword 255 Firefox 10 firewall mode 16 definition 470 ...

Page 500: ...default redirect URL 251 filter options 252 menu 233 override account 256 port profile 250 272 Global Group Profile window 247 Google Chrome 10 Google Web Accelerator 76 Google Bing Yahoo Youtube Ask AOL Safe Search Enforcement global group filter option 253 grid terminology 5 group create IP group 275 delete profile 392 global 18 IP 19 275 types of 18 group administrator 1 2 definition 471 Group ...

Page 501: ...ofile options Global Group Profile 252 Group or member Profile 363 Override Account profile 262 355 Time Profile 380 set up Quotas 223 set up Real Time Probes 326 set up Search Engine Keywords Custom Categories 422 M86 Supplied Categories 316 set up URL Keywords Custom Categories 419 M86 Supplied Categories 312 set up URLs in categories Custom Categories 411 M86 Supplied Categories 307 set up X St...

Page 502: ...ssaging 31 306 definition 471 Internet Explorer 10 invisible mode 13 definition 471 diagram 13 diagram with port monitoring 14 IP group 19 275 345 category profile 358 create 275 diagram 19 IP Profile Management window 387 J Java Plug in 10 Java Virtual Machine 10 JavaScript 10 K keyword definition 471 search engine custom category 422 search engine M86 supplied category 316 update 281 URL custom ...

Page 503: ...tegory 312 URLs custom category 411 URLs M86 supplied category 307 weekly update 281 library categories 25 category codes list 427 custom 406 definition 471 M86 supplied 305 Library Details window 306 409 Library Lookup menu 291 404 Library Lookup window 291 404 Library screen 54 Library Update Log window 284 Limited Availability 128 list box terminology 5 Listening Device 153 Local Software Updat...

Page 504: ... 291 404 M M86 supplied category 25 306 definition 472 machine name definition 472 Macintosh 10 Manual Update to M86 Supplied Categories 281 Manual Update window 281 master IP group 19 definition 472 filtering profile 22 maintenance 346 setup 275 master list 316 definition 472 Member window Individual IP 400 Members window 347 395 Minimum Filtering Categories categories profile 270 minimum filteri...

Page 505: ...88 network requirements 11 Network Time Protocol NTP 90 NIC Configuration diagnostic tool 109 NNTP Newsgroup menu 301 NNTP Newsgroup window 301 NTP Servers window 90 O open setting 27 definition 473 Operation Mode window 152 Options page 82 override account 349 AdwareSafe popup blocking 448 block page authentication 79 definition 473 global group 256 Google Toolbar popup blocking 447 Mozilla Firef...

Page 506: ...3 Ping 108 Policy screen 54 pop up blocking disable 444 pop up box window terminology 6 port profile global 250 272 minimum filtering level 272 Print Kernel Ring Buffer diagnostic tool 111 Process list diagnostic tool 108 profile global group 247 group 358 individual IP member 401 minimum filtering level 269 sub group 396 Profile Control window 210 profile string definition 473 elements 426 protoc...

Page 507: ...indow 172 Radius profile 21 RAID 177 Range to Detect Settings window 143 Range to Detect window 233 Real Time Probe 474 Real Time Probe window 326 realtime traffic logs 112 re authentication block page authentication 79 Reboot window 86 Recent Logins diagnostic tool 110 redirect URL global group 251 refresh the GUI 64 Regional Setting window 92 Report Configuration window 321 Reporting screen 54 r...

Page 508: ...ine Keyword Filter Control global group filter option 254 search engine keyword filtering 254 Search Engine Keywords window 316 custom category 422 Secure Logon menu 98 Security Reporter 322 456 self monitoring process 123 service port 26 definition 475 Setup window 141 Shadow Log Format window 340 Shift key 65 ShutDown window 85 SMTP definition 475 SMTP Server Settings window 126 SNMP definition ...

Page 509: ...e window 396 sub group 344 393 add to master IP group 390 copy 399 definition 475 delete 399 paste 392 sub topic 60 terminology 7 synchronization 140 backup procedures 47 definition 475 delays 41 overview 36 server maintenance 47 Setup window 141 Status window 147 sync items 42 Synchronization menu 140 synchronization setup 38 System Command window 106 System Performance diagnostic tool 110 system...

Page 510: ...108 Traveler 305 definition 475 tree 61 62 terminology 8 Troubleshooting Mode window 114 U UI SSL Certificate menu 229 UI SSL Certificate window 229 update add software update to server 128 emergency software updates 289 library categories 284 software 135 Updates menu 279 Upload Download IP Profile 387 UPS 69 Upstream Failover Detect 234 URL Keyword Filter Control global group filter option 255 U...

Page 511: ...266 470 W Warn Option Setting window 193 Warn Page Customization window 206 warn setting 27 definition 476 Web access logging 31 Web Filter 1 Web based authentication block page authentication 79 white list definition 476 wildcard 291 307 310 405 411 414 window terminology 8 Windows 7 10 Windows Vista 10 Windows XP 10 workstation requirements 10 X X Strikes Blocking global group filter option 253 ...

Page 512: ...INDEX 492 M86 SECURITY USER GUIDE ...

Reviews:

No comments

Related manuals for Web Filter HL

Ebyte E43-900T13S3 Manual preview
E43-900T13S3
Brand: Ebyte Pages: 8
JCG Q8 Quick Start Manual preview
Q8
Brand: JCG Pages: 2
Quectel Wi-Fi-M.2 EVB User Manual preview
Wi-Fi-M.2 EVB
Brand: Quectel Pages: 23
Bridgeworks a204 Hardware Manual preview
a204
Brand: Bridgeworks Pages: 18
Allied Telesis AR725 Quick Start Manual preview
AR725
Brand: Allied Telesis Pages: 22
U.S. Products maxg Quick Installation Manual preview
maxg
Brand: U.S. Products Pages: 80
Telex Communications 2472AA Instruction Manual preview
2472AA
Brand: Telex Communications Pages: 28
Edgewater Networks 200EW/E Quick Start Manual preview
200EW/E
Brand: Edgewater Networks Pages: 7
Juniper NFX250 Quick Start Manual preview
NFX250
Brand: Juniper Pages: 7
FDI ELI70-CR Quick Start Manual preview
ELI70-CR
Brand: FDI Pages: 2
Z3 Technology Z3-SBE264-10 User Instructions preview
Z3-SBE264-10
Brand: Z3 Technology Pages: 67
Hamlet HRDSL742 User Manual preview
HRDSL742
Brand: Hamlet Pages: 122
Ubiquiti UniFi WiFi BaseStation XG Quick Start Manual preview
UniFi WiFi BaseStation XG
Brand: Ubiquiti Pages: 19
CG Emotron OSTO 100 Instruction Manual preview
Emotron OSTO 100
Brand: CG Pages: 112
Dataprobe iBoot Instruction Manual preview
iBoot
Brand: Dataprobe Pages: 16
Airlinkplus ASW224 User Manual preview
ASW224
Brand: Airlinkplus Pages: 20
ETAS XETK-S22.0 User Manual preview
XETK-S22.0
Brand: ETAS Pages: 84
VideoWave Adam Device User Manual preview
Adam Device
Brand: VideoWave Pages: 12

Brands by name

Popular brands

Load more brands