M86 Security IR Web Filter User Manual Download

Page: 1 / 540

M86 IR Web Filter

USER GUIDE

Software Version: 4.0.10

Document Version: 06.08.10

Summary of Contents for IR Web Filter

Page 1: ...M86 IR Web Filter USER GUIDE Software Version 4 0 10 Document Version 06 08 10...

Page 2: ...entation and disclaims any implied war ranties of merchantability and fitness for a particular purpose M86 Security shall not be liable for any error or for incidental or consequential damages in conn...

Page 3: ...1 Filtering Operations 12 Operational Modes 12 Invisible Mode 13 Router Mode 15 Firewall Mode 16 Group Types 18 Global Group 18 IP Groups 19 Filtering Profile Types 20 Static Filtering Profiles 22 Ma...

Page 4: ...Users 34 Block Specified Entities from Using IM P2P 35 Block IM for a Specific Entity 35 Block P2P for a Specific Entity 35 Chapter 3 Synchronizing Multiple Units 36 Web Filter Synchronization 36 Syn...

Page 5: ...ccess the Web Filter Login window 50 Access the Web Filter from the IR Portal 51 Enter Web Filter s URL in the Address field 51 Last Library Update message 53 Navigation Tips 55 Access Main Sections 5...

Page 6: ...Servers 77 Enable Filtering on Target Servers 77 Block Page Authentication window 78 Enter Edit Block Page Options 79 Block page 80 Options page 82 Option 2 83 Option 3 84 ShutDown window 85 Shut Dow...

Page 7: ...Admin Sub Admin User Interface Access 105 Diagnostics 106 System Command window 106 Perform a Diagnostic Test View Data 107 Command Selections 108 Ping 108 Trace Route 108 Process list 108 TOP CPU pro...

Page 8: ...tents 133 Download Log View Print Contents 133 Download the Log 133 View the Contents of the Log 134 Save Print the Log File Contents 136 Synchronization 137 Setup window 138 Using Only One Web Filter...

Page 9: ...ckup Schedule 165 Download a File 166 Perform a Restoration 167 Upload a File to the Server 167 Restore Configurations to the Server 168 Remove a Backup File 168 View Backup and Restoration Details 16...

Page 10: ...187 X Strikes Unlock Workstation 188 Unlock a Workstation 188 Set up an Email Address to Receive Alerts 190 Remove an Email Address from the Alert List 190 Close the Pop up Window 190 Warn Option Set...

Page 11: ...le to Automatically Reset Quotas 222 Delete a Quota Reset Time from the Schedule 223 Quota Notice page 223 Quota Block page 225 SSL Certificate 226 SSL Certificate window 226 Generate an SSL Certifica...

Page 12: ...264 Create Edit Minimum Filtering Categories 265 Port 266 Create Edit a List of Service Ports 266 Minimum Filtering Bypass Options 267 Specify Minimum Filtering Bypass Options 268 Refresh All 268 Ref...

Page 13: ...k Module 288 Customer Feedback Module window 288 Disable Customer Feedback Module 289 Enable Customer Feedback Module 289 Category Weight System 292 Category Weight System window 292 View the Current...

Page 14: ...Keyword from the Library 311 Upload a List of Search Engine Keywords 311 Upload a List of Search Engine Keyword Additions 311 Upload a List of Search Engine Keyword Deletions 312 Reload the Library 31...

Page 15: ...mat option 334 Post 1 9 log format option 334 Pre 1 9 log format option 334 Apply Setting 334 GROUP ADMINISTRATOR SECTION 335 Introduction 335 Chapter 1 Policy screen 336 IP 337 Refresh 337 Refresh th...

Page 16: ...Time Profile 364 Category Profile 369 Redirect URL 370 Filter Options 371 Exception URL 372 Modify a Time Profile 373 Delete a Time Profile 373 Upload Download IP Profile window 374 Upload IP Profiles...

Page 17: ...ry 394 Add a Custom Library Category 394 Refresh 395 Refresh the Library 395 Custom library category 396 Library Details window 397 View Edit Library Details 397 URLs window 398 View a List of URLs in...

Page 18: ...12 TECHNICAL SUPPORT PRODUCT WARRANTIES 413 Technical Support 413 Hours 413 Contact Information 413 Domestic United States 413 International 413 E Mail 414 Office Locations and Phone Numbers 414 M86 C...

Page 19: ...lockers 438 Yahoo Toolbar Pop up Blocker 439 If Pop up Blocking is Enabled 439 Add Override Account to the White List 439 Google Toolbar Pop up Blocker 441 If Pop up Blocking is Enabled 441 Add Overri...

Page 20: ...ubleshoot MAC Addresses 461 Mobile Client Section 462 Download and Install the Deployment Kit 463 Access the Mobile Client Deployment Tool window 466 Configure a New Package Set 467 Specify Package cr...

Page 21: ...CONTENTS M86 SECURITY USER GUIDE xxi Uninstallation from a Windows group 493 Uninstallation from an individual computer 493 Appendix E 496 Glossary 496 INDEX 503...

Page 22: ...CONTENTS xxii M86 SECURITY USER GUIDE...

Page 23: ...ply with your organization s Internet usage policy based on the end user s Internet usage habits About this User Guide The Web Filter User Guide primarily addresses the network administrator designate...

Page 24: ...for administrators authorized by the global administrator to manage profiles of designated groups and their associated users on the Web Filter Group administrators also have rights to access certain...

Page 25: ...is followed by italicized text providing additional information about the current subject TIP The tip icon is followed by italicized text giving you hints on how to execute a task more efficiently WA...

Page 26: ...ow or screen used for indi cating whether or not you wish to select an option This object allows you to toggle between two choices By clicking in this box a check mark or an X is placed indi cating th...

Page 27: ...rows and columns of data as a result of various processes This data can be reorganized in the Administrator console by changing the order of the columns list box an area in a dialog box window or scre...

Page 28: ...ontains a down arrow to the right When you click the arrow a menu of items displays from which you make a selection radio button a small circular object in a dialog box window or screen used for selec...

Page 29: ...ic is selected the window for that sub topic displays in the right panel of the screen or a pop up window or an alert box opens as appro priate text box an area in a dialog box window or screen that a...

Page 30: ...uble clicking the item a minus sign replaces the plus sign and any entity within that branch of the tree displays An item in the tree is selected by clicking it window a window displays on a screen an...

Page 31: ...on User Guide at http www m86security com support R3000 documenta tion asp for information on setting up and using authentication synchronize multiple Web Filter units so that all servers will be upda...

Page 32: ...cintosh OS X Version 10 5 or 10 6 running Safari 4 0 Firefox 3 5 JavaScript enabled Java Virtual Machine Java Plug in use the version specified for the Web Filter software version Pop up blocking soft...

Page 33: ...orer IE 7 0 or 8 0 Firefox 3 5 Macintosh OS X Version 10 5 or 10 6 running Safari 4 0 Firefox 3 5 JavaScript enabled Pop up blocking software if installed must be disabled Network Requirements High sp...

Page 34: ...S 12 M86 SECURITY USER GUIDE Chapter 1 Filtering Operations Operational Modes Based on the setup of your network the Web Filter can be configured to use one of these operational modes for filtering th...

Page 35: ...IP packet on the same Ethernet segment The unit will only intercept a session if an inappropriate request was submitted by a client In this scenario the Web Filter returns a message to the client and...

Page 36: ...essage 4 is sent to the user plus a terminate message 4 is sent to the Internet server A Web Filter set up in the invisible mode can also work in the router mode Figure 1 1 2 illustrates an example of...

Page 37: ...nappropriate a block page is returned to the client to replace the actual requested Web page or service Since only outgoing packets need to be routed and not return packets the Web Filter only appears...

Page 38: ...Filter set up in this mode the unit will filter all requests If the request is appropriate the original packet will pass unchanged If the request is inappropriate the original packet will be blocked f...

Page 39: ...unfiltered bad cached pages since no request can pass until it is filtered Figure 1 1 5 illustrates an example of a firewall mode setup in which requests are always sent to the caching server In this...

Page 40: ...p to be maintained NOTES If authentication is enabled the global administrator can also access the LDAP branch of the tree If multiple Web Filter units are set up on the network and the synchronizatio...

Page 41: ...global administrator adds master IP groups adds and maintains override accounts at the global level and estab lishes and maintains the minimum filtering level The group administrator of a master IP g...

Page 42: ...at the base of the hierarchical tree structure used by end users who do not belong to a group IP group master group master group filtering profile used by end users who belong to the master group mast...

Page 43: ...r X Strikes Blocking in the Filter Options section of the profile Radius profile used by end users on a Radius accounting server if the Radius server is connected to the Web Filter and the Radius auth...

Page 44: ...and individual IP group members and is customized to allow deny users access to URLs or warn users about accessing specified URLs to redirect users to another URL instead of having a block page displa...

Page 45: ...are configured to be blocked A URL can be specified for use instead of the standard block page when users attempt to access material set up to be blocked Various filter options can be enabled Overrid...

Page 46: ...gories should be blocked left open a set number of minutes in which that category remains open can be defined assigned a warn setting or white listed filter options specify which features will be enab...

Page 47: ...ding Category Groups excluding the Custom Categories group Updates to these categories are provided by M86 on an ongoing basis and administra tors also can add or delete individual URLs within a speci...

Page 48: ...Secured HTTP Transmission HTTPS and Secure Shell SSH Rules A rule is comprised of library categories to block leave open assign a warn setting or include in a white list Access to an open library cate...

Page 49: ...uted block if a category or a service port is given a block setting users will be denied access to the URL set up as blocked open if a category or the filter segment detected on the network is given a...

Page 50: ...iltering level is defined it applies to all master IP groups and members assigned filtering profiles The minimum filtering level combines with the user s profile to guarantee that categories blocked i...

Page 51: ...over an authentication profile or a time profile profile locking out the end user from library cate gories specified in the lockout profile in the TAR applica tion 8 An override account profile takes...

Page 52: ...INTRODUCTORY SECTION CHAPTER 1 FILTERING OPERATIONS 30 M86 SECURITY USER GUIDE Fig 1 1 7 Sample filtering hierarchy diagram...

Page 53: ...he Web Filter has options for blocking and or logging the use of Instant Messaging and Peer to Peer services and makes use of Intelligent Footprint Technology IFT for greatly increasing management and...

Page 54: ...e versions of the AOL client create a network interface that send a network connection through a UDP proxy server which prevents blocking IM P2P Blocking Peer to Peer P2P involves communication betwee...

Page 55: ...the Manual Update to M86 Supplied Categories window accessible via Library Updates Manual Update IM pattern files can be updated on demand Using IM and P2P To solely log IM and or P2P user activity t...

Page 56: ...ies such as IMGEN IMGCHAT IMGTALK ICQAIM IMMSN IMMYSP and or IMYAHOO set up to be blocked the minimum filtering level profile must have both CHAT and specified individual Instant Messaging library cat...

Page 57: ...with the Range to Detect feature is desired the minimum filtering level profile should not have IM blocked unless blocking all IM traffic with the Range to Detect feature is desired Block P2P for a S...

Page 58: ...ses on the network that user s Internet usage is appropriately filtered and blocked The act of configuring multiple Web Filters to share the same user profile informa tion is known as synchronization...

Page 59: ...been iden tified by the source unit via the Synchronization Setup window of the Web Filter console This means that all filtering configuration should be made on the source Web Filter This also means t...

Page 60: ...standalone Web Filter to an M86 WFR server please consult the chart at http www m86security com software 8e6 hlp r3000help files 1system_sync_versions html for software version compatibility between t...

Page 61: ...ion or user profile update the change is applied locally Once locally applied on the source server this update is sent to all target Web Filters Each target server will then immediately apply this fil...

Page 62: ...er this update will be placed in a queue for submission to target Web Filter servers The source server will then send the information in the queue to all target servers Each target server will receive...

Page 63: ...n activating a library change can take a little longer than in activating a filtering profile change This is due to the fact that the library on the Web Filter is loaded into the physical memory When...

Page 64: ...source Web Filter For purpose of differentiation these items will be referred to as functionally synchronized for purposes of this user guide These functionally synchronized items will be available f...

Page 65: ...tions Functionally Synchronized Items Common Customization Block Page Authentication settings Authentication Form Customization Lock Page Customization Warn Page Customization Profile Control settings...

Page 66: ...d Items Filter control settings Virtual IP and Authentication IP addresses IP addresses Default routes Patch application Synchronization settings Filter Mode Backup Restore Radius Authentication Setti...

Page 67: ...ord additions deletions Keywords in URL additions deletions Functionally Synchronized Items Category Weight System additions deletions Non synchronized Items Common Customization Block Page Authentica...

Page 68: ...nges profile activation deactivation Filter control settings Virtual IP and Authentication IP addresses IP addresses Default routes Software Update application Synchronization settings Filter Mode Bac...

Page 69: ...will need to be replaced due to hardware failure In cases in which the source Web Filter server is out of commission for an extended period of time this server should be replaced as soon as possible...

Page 70: ...a safe storage place until it is needed 4 In the LAN Settings window accessible via System Network set up IP addresses to be the same as on the source server that is being replaced 5 Go to the Reboot...

Page 71: ...ain and should operate normally Set up a New Source Server from Scratch In the event that you do not have a reliable backup file that can be used for establishing a new source server you must recreate...

Page 72: ...your network and the SSL certificate for the unit generated to ensure a secure network connection NOTE If you do not have the M86 IR Installation Guide contact M86 Security immediately to have a copy...

Page 73: ...IP address is 210 10 131 34 type in https 210 10 131 34 1443 Using a host name example if the host name is logo com type in https logo com 1443 3 Click the WF icon in the IR Welcome window Fig 1 4 1 W...

Page 74: ...ficate follow the instruc tions at http www m86security com software 8e6 docs ig misc sec cert wf pdf 3 After accepting the security certificate click Go to open the Web Filter login window Fig 1 4 2...

Page 75: ...Version number Last Library Update message If it has been more than seven days since the Web Filter last received updates to library categories upon logging into the Administrator console a pop up dia...

Page 76: ...No clicking this button closes the dialog box and displays the welcome screen with the Last Library Update and the following message below in purple colored text Libraries were last updated 7 days ago...

Page 77: ...ains groups and individual users and their filtering profiles Library clicking this link displays the main screen for the Library section Library section windows are used for adding and maintaining li...

Page 78: ...been terminated the login window re displays Note that on each screen in the right side of the banner the following displays X Strikes Blocking icon If the X Strikes Blocking feature is enabled this i...

Page 79: ...ips Access Help Topics Each of the main section screens contains a link beneath the banner When that link is clicked a separate browser window opens with Help Topics for that section Fig 1 4 6 Help To...

Page 80: ...beneath the banner additional information about that window can be obtained by hovering over that icon with your mouse or by pressing the F1 key on your keyboard Hover Display The yellow tooltip box d...

Page 81: ...ORY SECTION CHAPTER 4 GETTING STARTED M86 SECURITY USER GUIDE 59 Help pop up box The Help pop up box opens when you press the F1 key on your keyboard Fig 1 4 8 Help pop up box Click OK to close the po...

Page 82: ...rator console screens and windows use different navigation formats based on the contents of a given screen or window Screens can contain topic links and sub topic menus and or tree lists with topics a...

Page 83: ...pics Some topics in Library and System screens consist of more than one window For these topics clicking a topic link opens a menu of sub topics Fig 1 4 10 Sub topics menu When a sub topic from this m...

Page 84: ...screens Fig 1 4 11 Tree menu A tree is comprised of a hierarchical list of items An entity associated with a branch of the tree is preceded by a plus sign when that branch of the tree is collapsed By...

Page 85: ...pics Topics in the tree list display by default when the tree is opened Examples of tree list topics are circled in Fig 1 4 11 When a tree list topic is selected and clicked a menu of sub topics opens...

Page 86: ...are windows with tabs When selecting a window with tabs from the navigation panel the main tab for that window displays Entries made in a tab must be saved on that tab if the tab includes the Apply bu...

Page 87: ...n Path The navigation path displays at the top of each window Fig 1 4 14 Navigation path This path reminds you of your location in the console The entire path shows the screen name followed by the top...

Page 88: ...items is selected click the appropriate button to perform the action on the items Copy and Paste Text To save time when making duplicate data entries text previ ously keyed into the GUI can be copied...

Page 89: ...the IP Calculator pop up window If the IP address field in the window on the console is already populated note the IP Calculator pop up window displays the IP address default Netmask in both the Dott...

Page 90: ...interface left clicking and then dragging the cursor to the left or right or inward or outward Log Off To log off the Administrator console 1 Click the Logout button in the navigation toolbar at the...

Page 91: ...ation if pertinent To attain this objective the global administrator performs the following tasks provides a suitable environment for the server including Hypertext Transfer Protocol over Secure Socke...

Page 92: ...cs displays in the navigation panel at the left of the screen Main topics in this section include the following Control settings Network settings Administrator account information Secure Logon Diagnos...

Page 93: ...cannot be edited and the following topics and any asso ciated sub topics are not available Block Page Authentication Authentication Radius Authentication Settings X Strikes Blocking and Warn Option S...

Page 94: ...etwork filtering preferences on this server Fig 2 1 2 Filter window Local Filtering is used for specifying whether this server being configured will filter traffic on the network If enabling the HTTP...

Page 95: ...set up in the Target mode NOTE This window displays greyed out if the synchronization feature is used and this server being configured is set up in the Target mode to synchronize both profile and lib...

Page 96: ...packet Enable HTTP Packet Splitting Detection By default the feature that automatically detects a split HTTP packet is disabled 1 Click On to enable HTTP Packet Splitting Detection this action display...

Page 97: ...the Web Filter to communicate with HTTPS servers to obtain the certificate with a very strict validation of the return URL If High is selected by default the option is enabled for a library lookup to...

Page 98: ...PROXY library category Web based Proxies Anonymizers must be applied to the group or user s filtering profile Or to block all users from accessing these proxy patterns the global filtering profile and...

Page 99: ...if the Web Filter currently being configured is set up in the Source mode for synchronization The default setting has All Target s Filtering On Disable Filtering on Target Servers To disable All Targ...

Page 100: ...age that displays when an end user attempts to access a site or service that is set up to be blocked Fig 2 1 3 Block Page Authentication window NOTE This feature is not available if the synchronizatio...

Page 101: ...on option The user can restore his her profile and NET USE connection by clicking an icon in a window to run a NET USE script Override Account select this option if any user has an Override Account al...

Page 102: ...ating users on the network in the event that a user s machine loses its connection with the server or if the server is rebooted This format requires the entry of two backslashes the authentication ser...

Page 103: ...block page HELP Clicking this link takes the user to M86 s Tech nical Support page that explains why access to the site or service may have been denied M86 Security Clicking this link takes the user...

Page 104: ...ge is submitted to the global administrator Options page The Options page displays when the user clicks the following link in the block page For further options click here Fig 2 1 5 Options page The f...

Page 105: ...entication Options field Re start your system and re login This phrase displays for Option 2 whether or not either of the other Re authentication Options Re authentication or Web based Authentication...

Page 106: ...account allows the user to access Internet content blocked at the global or IP group level The user should enter his her Username and Password and then click Override to open the Profile Control pop...

Page 107: ...ShutDown window displays when ShutDown is selected from the Control menu This window is used for powering off the server Fig 2 1 8 ShutDown window Shut Down the Server In the ShutDown frame click Shu...

Page 108: ...ot frame click Reboot to open the Reboot Web Filter dialog box 2 Click Yes to close the dialog box and to launch the Server Status message box informing you that the server is now disconnected When th...

Page 109: ...d and that you must restart the server 3 Click OK to close the Web Filter ready alert box 4 Click OK to close the Server connected alert box 5 You must now re access the Web Filter Administrator conso...

Page 110: ...e network Click the Network link to view a menu of sub topics LAN Settings NTP Servers Regional Setting and Block Page Route Table LAN Settings window The LAN Settings window displays when LAN Setting...

Page 111: ...the network TIP Be sure to place the LAN1 and LAN2 IP addresses in different subnets In the Primary IP field of the DNS frame the default IP address is 4 2 2 1 Enter the IP address of the first DNS se...

Page 112: ...ying IP addresses of servers running Network Time Protocol NTP software NTP is a time synchronization system for computer clocks throughout the Internet The Web Filter will use the actual time from a...

Page 113: ...e primary time NTP server specified IP addresses are used in the order in which they display in the list box Add an NTP Server To add an NTP server 1 Enter the IP address in the NTP Server field 2 Cli...

Page 114: ...1 12 Regional Setting window Specify the Time Zone Language Set In the Details frame the Region US and the Location Pacific display by default To change these settings 1 At the Region pull down menu s...

Page 115: ...Table window The Block Page Route Table window displays when Block Page Route Table is selected from the Network menu This window is used for building and maintaining a list of destina tion based rout...

Page 116: ...l to which packets will be transferred to and from the Internet TIP Click Calculator to open the IP Calculator pop up window Use this calculator to calculate IP ranges without any overlaps 4 Click Add...

Page 117: ...es A Help Desk administrator can verify a user s current filtering profile status and can perform URL and search engine keyword lookups in library categories NOTE See the Group Details window in Chapt...

Page 118: ...x includes the Account Name and corresponding account Type Admin Sub Admin or Help Desk for each active global administrator LDAP group administrator or help desk administrator previously set up in th...

Page 119: ...one special character The password is case sensitive 3 Enter the same new password again in the Confirm Password field If the administrator s account type needs to be changed select the appropriate ac...

Page 120: ...and Logon Management Logon Settings window The Logon Settings window displays when Logon Settings is selected from the Secure Logon menu This window is used for enabling the password expiration featu...

Page 121: ...owing select from available choices 1 30 90 365 Never Expired make an entry for the number of days until passwords expire NOTE If a user s password has expired when he she enters his her username and...

Page 122: ...correct password At the Lockout by IP address field click the radio button corresponding to either of the following options On Choose this option to lock out the user by IP address if the incorrect pa...

Page 123: ...enters an incorrect password for that same username within the 10 minute timespan a lockout would be made for that username on the third unsuccessful attempt However if the third failed login attempt...

Page 124: ...cking usernames and IPs currently locked out of the Web Filter If the user account is a global Admin LDAP group administrator Sub Admin or help desk administrator Help Desk account the areas of user i...

Page 125: ...Administrator window Help Desk help desk administrator account set up in the Administrator window Group IP group administrator account set up in the IP branch of the Policy tree Probe Real Time Probe...

Page 126: ...and to remove the locked symbol from the Locked column for the row corre sponding to the username View Locked IP Address Unlock IP Address View Locked IPs The Current Locked IP Addresses frame display...

Page 127: ...Admin Sub Admin or Help Desk username from the list 2 Click View Access to open the Assign Access View pop up window Fig 2 1 18 Assign Access View 3 The View Preview assign access frame displays the...

Page 128: ...pics System Command View Log File Troubleshooting Mode Active Profile Lookup and Admin Audit Trail System Command window The System Command window displays when System Command is selected from the Dia...

Page 129: ...free current memory usage iostat CPU usage sar system performance recent logins uptime system uptime df disk usage and dmesg print kernel ring buffer NOTE See Command Selections for a list of command...

Page 130: ...network configuration This diagnostic tool records each hop the data packet made identifying the IP addresses of gateway computers where the packet stopped en route to its final destination and the le...

Page 131: ...nfiguration is used for verifying the server s network interface configuration at bootup When Execute is clicked information about the NIC mode and RX packets and TX packets displays in the pop up win...

Page 132: ...shows information on resources being used When Execute is clicked the pop up window shows averages on various statistics These results can be stored in a compact binary format and then viewed at later...

Page 133: ...disk usage information by file system When Execute is clicked rows of disk information display in the Result pop up window including the following information for each disk Filesystem name 1K blocks...

Page 134: ...le window View Log Results In the Log File Details frame 1 Select the type of Log File to view Realtime Traffic Log shadow log used for viewing the Internet activity of all users on the network User N...

Page 135: ...nformation on entries made by the admin istrator in the Web Filter console NOTE For information about the Authentication Log Authenti cationServer log eDirectory Agent Debug Log edirAgent log eDirecto...

Page 136: ...Troubleshooting Mode window WARNING This tool utilizes system resources impacting the Web Filter s performance When you click Enable the Web Filter will stop filtering the network After you finish mak...

Page 137: ...Mode field the default choice on or off displays based on the operation mode that was selected The promiscuous mode is a mode of operation in which each data packet that is sent will be received and...

Page 138: ...This window is used for verifying whether an entity has an active filtering profile This window also is used for troubleshooting synchronization on target Web Filters to verify whether settings for us...

Page 139: ...ns containing the Result frame that displays profile settings applied to the profile Fig 2 1 25 Active Profile Lookup results The default Login Summary tab displays the following information Domain na...

Page 140: ...splays group and library categories with filter settings that determine whether or not the end user can access URLs set up for that category group library category TIP In the Category Groups tree doub...

Page 141: ...thin that group has a filter setting in a column other than the filter setting designated for all collective library categories within that group For example if in the Adult Content category group som...

Page 142: ...word Filter Control option selected 4 Click the X in the upper right corner of the pop up box to close it Admin Audit Trail window The Admin Audit Trail window displays when Admin Audit Trail is selec...

Page 143: ...cted by default indicating that transfers will be made via unre stricted outgoing network connections Click Active if transfers will be initiated by the server 4 Type in the Username to be used 5 Type...

Page 144: ...the View tab Fig 2 1 27 Admin Audit Trail window View tab Click View Log to display data on recent activity For each change made on the server the log will contain the date and time the change was mad...

Page 145: ...om the Alert menu This window is used for setting up and maintaining email addresses of contacts who will receive automated notifications if problems on the network are detected during the Web Filter...

Page 146: ...t the hard drive from reaching 100 percent utilization Log File Transmission If the Web Filter is unable to send log files as scheduled to the ER the log files are placed in a queue so they can be sen...

Page 147: ...il messages to designated administrators enter the email address of the Web Filter in the From Email Address field 5 Click Apply to apply your settings Modify Alert Settings 1 Make any of the followin...

Page 148: ...used for sending email alert messages to specified administrators Fig 2 1 29 SMTP Server Settings window Enter Edit SMTP Server Settings 1 Enter the SMTP Server name for example mail logo com 2 By de...

Page 149: ...name b Enter the Password and make the same entry in the Confirm Password field 5 Click Apply to apply your settings Verify SMTP Settings To verify that email messages can be sent to a specified addre...

Page 150: ...pdate window displays when Local Software Update is selected from the Software Update menu This window is used for viewing information about software updates previously applied to the current server b...

Page 151: ...opsis are included for each software update To read information about a software update 1 Select a software update from the list 2 Click the README button to open the README pop up box that contains i...

Page 152: ...e installation dialog box 3 Click Yes to open the EULA dialog box Fig 2 1 34 EULA dialog box 4 After reading the contents of the End User License Agreement click Yes if you agree to its terms This act...

Page 153: ...o proceed This action opens the connection failure alert box indicating that the connection to the Web Filter server has been lost due to the software update application Fig 2 1 36 Connection failure...

Page 154: ...ied To unapply a software update 1 Go to the History of Software Updates frame and select the software update to be unapplied 2 Click Undo Software Update Log window The Software Update Log window dis...

Page 155: ...saved to your machine Click OK in this box after the download is completed In the file download dialog box select the save option this action opens the window on your worksta tion where you specify t...

Page 156: ...as been downloaded to your workstation you can view its contents 1 Find the log file in the folder and right click on it to open the pop up menu Fig 2 1 38 Folder containing downloaded file 2 Choose O...

Page 157: ...n the window containing the zip file Fig 2 1 40 WinZip window 4 Right click the zip file to open the pop up menu and choose View to open the View dialog box Fig 2 1 41 View dialog box 5 Select Interna...

Page 158: ...to save or print the contents of this file 1 Click Clipboard Copy wait for the dialog box to open and confirm that the text has been copied to the clip board and then click OK to close the dialog box...

Page 159: ...lter is set up to either send or receive profile library setting changes in the aforementioned manner the menu option for Status also becomes available in the pop up menu If the Web Filter is set up t...

Page 160: ...ially if there is more than one Web Filter on the network When there are multiple Web Filters it is important to set up one as a source server and others as targets so that user profiles and or librar...

Page 161: ...brary setting changes so that no matter which Web Filter the user s client PC accesses the user s Internet session will be appropriately filtered and blocked Set up a Web Filter to be a Source Server...

Page 162: ...up to detect any failed Web Filter node and filter that target server Using this option the source server will function as the upstream Web Filter and all target servers will function as downstream We...

Page 163: ...ngs window on this server 5 In the Target IPs frame enter the Target IP address of the Web Filter that will receive profile library setting changes from this server being configured NOTE If a target s...

Page 164: ...ould only be performed if all target servers need to have the same user filtering profile library settings as the source server Two scenarios in which this feature might be used involve restoring back...

Page 165: ...between the target and source server be sure that ports 26262 and 26268 are open on the target server This setup is required so that the target server can communicate with the source server For the T...

Page 166: ...he IP address you entered 4 Click OK to close the alert box and make any adjust ments if necessary 5 After validating the source IP address click Change Source to display this IP address in the Curren...

Page 167: ...this server currently being configured is either set up in the Source mode or Target mode If set up in the Source mode this window is used for veri fying that profile updates are being sent to the ta...

Page 168: ...tion last occurred for the target server TIPS The order in which columns display in the grid can be changed by clicking the column header and sliding the column to another position in the grid To chan...

Page 169: ...y synced to a specified target server 1 In the History column for that server click Details to open the History of Target pop up window 2 Select the maximum Last Number of Lines from the pull down men...

Page 170: ...e Web Filter System Time displays above the Target Sync Status frame This is the current date and time from the Web Filter using the YYYY MM DD and HH MM SS format and includes the UTC code for the ti...

Page 171: ...and time of the last successful synchronization displays using the YYYY MM DD and HH MM SS format History Log Click the Details button to open the History of Target pop up window See View Items Previ...

Page 172: ...use to filter the network and the settings the Web Filter will use for listening to traffic and sending traffic This window is also used for configuring the Web Filter to perform other opera tional ca...

Page 173: ...ocedures Specify the Listening Device In the Listening Device frame select the default listening Device for the selected mode LAN1 or LAN2 If using the invisible mode LAN1 displays by default If using...

Page 174: ...uses the Address Resolution Protocol method to find the best possible destination MAC address of a specified host usually the Web Filter gateway Send Block to Specified Host MAC Address using this pre...

Page 175: ...ely work with ICAP requests from an ICAP client proxy server When an end user makes a request for Internet content this request is routed to the proxy server which then submits the request to the ICAP...

Page 176: ...fault 30 displays 4 In the Options TTL in Sections 0 86400 field enter the time in seconds in which the options response is valid By default 3600 displays 5 In the Preview Bytes 0 4096 field enter the...

Page 177: ...y located outside of the organization NOTE See Appendix D Mobile Client for information on setting up and using the Mobile Client Apply Operation Mode Settings Click Apply to apply your settings in th...

Page 178: ...specify that a local proxy server is used in the environment 1 Click the On radio button This selection indicates that the Web Filter will perform a reverse lookup on packets to detect the source addr...

Page 179: ...n link to view a menu of sub topics Enable Disable Authentication Authentication Settings and Authentication SSL Certificate NOTES Information about these sub topics can be found in the M86 Web Filter...

Page 180: ...ings modifications later if necessary Fig 2 1 52 Backup Restore window Backup tab WARNING A backup should be created and downloaded off the Web Filter server whenever a change is made to filtering set...

Page 181: ...lumn Backup Procedures M86 recommends performing backup procedures whenever changes are made to system configurations or to library configurations By creating backup files and saving these files off t...

Page 182: ...se the dialog box and to open the Backup Restore alert box that informs you it may take some time to back up configurations based on the amount of data to be saved 5 Click OK to close the Backup Resto...

Page 183: ...is used for transferring backup files to the server via FTP 4 In the Password and Confirm Password fields type in the password for the username specified in the FTP Directory field 5 Click Apply to o...

Page 184: ...nge criteria a Select from a list of time slots incremented by 15 minutes 12 00 to 11 45 By default the Start field displays the closest 15 minute future time and the End field displays a time that is...

Page 185: ...is made enter the interval for the number of days this time profile will be used By default 1 displays indicating this profile will be used each day during the specified time period If 5 is entered th...

Page 186: ...and the Third Weekday are selected this profile will be used every three months on the third week day of the month If the month begins on a Thursday for example May 1st the third week day would be th...

Page 187: ...time profile will be effective up to a given date No end date If this selection is made the time profile will be effective indefinitely End by If this selection is made by default today s date display...

Page 188: ...x containing a message on how to download the log file to your worksta tion if using Windows XP 3 Click OK to close the alert box and to open the file down load dialog box 4 Select the save option thi...

Page 189: ...ations grid you must upload it to the server WARNING Be sure the file you are restoring uses the same version of the software currently used by the Web Filter Adminis trator console Refer to the Local...

Page 190: ...to upload this file to the server If the file is successfully uploaded the pop up window s banner name says Upload Successful After a few seconds the pop up window closes 7 Click Refresh to display a...

Page 191: ...n the Backup Restore Log pop up box Fig 2 1 57 Backup Restore pop up box The pop up box includes rows of data about backup and restore processes performed via the Backup Restore window The following i...

Page 192: ...CREEN 170 M86 SECURITY USER GUIDE Reset Reset window The Reset window displays when Reset is selected from the navigation panel This function used for resetting the server to factory default settings...

Page 193: ...Settings window NOTE The Radius Authentication Settings topic does not display if the synchronization feature is used and this server being configured is set up in the Target mode to synchronize both...

Page 194: ...er only if the Radius accounting server uses a different port number 3 In the Byte Order Mode field specify the format in which bytes will be transferred Click the radio button corresponding to Networ...

Page 195: ...o button A reply and accounting response packet will be submitted to the sender NAS or Radius server Enter an Authenticated Phrase to be shared by the Radius server and NAS At the Copy Proxy State fie...

Page 196: ...ng status of the Web Filter s filtering on a network Fig 2 1 60 SNMP window The following aspects of the Web Filter are monitored by SNMP data traffic sent received by a NIC CPU load average at a give...

Page 197: ...ccess Control List 1 In the Enter new IP to add field enter the IP address of an interface from to which the SNMP should receive send data 2 Click Add to include the entry in the Access control list b...

Page 198: ...SER GUIDE Hardware Failure Detection Hardware Failure Detection window The Hardware Failure Detection window displays when Hardware Failure Detection is selected from the navigation panel This option...

Page 199: ...mpts to such sites Unacceptable Internet sites pertain to sites included in categories that are blocked in a user s profile Fig 2 1 62 X Strikes Blocking window Configuration tab NOTES The X Strikes B...

Page 200: ...he strike that will lock out that user from his her Internet access The default setting is 5 and the maximum limit is 1440 minutes 24 hours 4 Enter the number of seconds for the Flood Tolerance Delay...

Page 201: ...workstations Click Reset All Strikes to remove all strikes from all workstations and to unlock all locked workstations Click Unlock All Locks to remove locks on all locked workstations Lock Page A use...

Page 202: ...d Life Time field passes or unless an authorized staff member manually unlocks that user s workstation see Go to X Strikes Unlock Workstation GUI in this section Overblocking or Underblocking NOTES In...

Page 203: ...scenario the first strike would be delivered at 0 seconds the second at 4 seconds the third at 8 seconds the fourth at 12 seconds and the fifth at 16 seconds If the configuration settings for this exa...

Page 204: ...e specified recipient s 2 In the Interval Minutes to Wait Before Sending Alerts 24 hours field enter the number of minutes within the 24 hour period that should elapse between email alerts For example...

Page 205: ...individual who will receive locked workstation email alerts 2 Click Add to include the email address in the Current Email Alerts list box NOTE The maximum number of email alert recipients is 50 If mor...

Page 206: ...to unlock workstations 2 Enter the user s password in the Password and Confirm Password fields using eight to 20 characters and at least one alpha character one numeric character and one special char...

Page 207: ...me to the Current Un Accessible Users list box Delete a Logon Account To delete a user s account 1 Select the username from the Current Accessible Users list box 2 Click Delete WARNING By deleting a l...

Page 208: ...ect library categories from the No Strike Categories list box 2 Click the right arrow to move the selected library cate gories to the Strike Categories list box TIP Use the left arrow to move selected...

Page 209: ...ng icon or Go to X Strikes Unlock Workstation GUI either the Re login window or the X Strikes Unlock Workstation pop up window opens Re login window The Re login window opens if the user s session nee...

Page 210: ...following information displays in the X Strikes Unlock Workstation pop up window IP Address User Name and Expire Date Time of currently locked workstations Fig 2 1 69 X Strikes Unlock Workstation win...

Page 211: ...s of the Web Filter to view locked workstation criteria When using the aforementioned URL the following occurs The Login window opens Fig 2 1 70 Login window Enter the Username and Password and click...

Page 212: ...address in the Email Address to be Subscribed Unsubscribed text box 2 Click Subscribe Remove an Email Address from the Alert List To remove an administrator s email address from the notifi cation list...

Page 213: ...specify the number of minutes for the interval of time in which a warning page will redisplay for the end user who accesses a URL in a library category with a Warn setting for his her profile If the e...

Page 214: ...tes 1 480 to be used in the interval for re displaying the warning page for the end user 2 Click Apply to enable your setting Customization Customization includes options to customize settings for HTM...

Page 215: ...to be included in block lock profile and warning pages and or the authentication request form the end user will see Fig 2 1 73 Common Customization window By default in the Details frame all elements...

Page 216: ...lays Blocked URL followed by the blocked URL in block pages Copyright Display if enabled displays M86 Web Filter copyright information at the footer of block and lock pages and the authentication requ...

Page 217: ...email address specified in the Submission Email Address field described below is accessible to the end user by clicking the click here link NOTE If enabling the Submission Review Display feature an em...

Page 218: ...will see when attempting to access Internet content blocked for their profiles and their workstations are currently locked Entries saved in this window display in the customized lock page if these fea...

Page 219: ...e displayed beneath the lock page header Any entries made in these fields will display centered in the customized lock page using the Arial font type 2 At the Explanation Display field by default On i...

Page 220: ...on window Fig 2 1 75 Sample Customized Lock Page By default the following data displays in the User Machine frame User Machine field The username displays for the LDAP user This field is blank for the...

Page 221: ...mization window The Block Page Customization window displays when Block Page Customization is selected from the Customization menu This feature is used if you want to display customized text and inclu...

Page 222: ...a static header to be displayed at the top of the block page In the Description field enter a static text message to be displayed beneath the block page header In the Link Text field enter text for t...

Page 223: ...ock Page By default the following data displays in the User Machine frame User Machine field The username displays for the LDAP user This field is blank for the IP group user IP field The user s IP ad...

Page 224: ...to the Options window NOTE See the Options page in the Block Page Authentication window sub section for information on options that display in the Options window To submit this blocked site for review...

Page 225: ...w end users will see if attempting to access a URL in a library category set up with a Warn setting for his her profile Entries saved in this window display in the warning page if these features are a...

Page 226: ...enter a static text message to be displayed beneath the warning page header In the Link Text field enter text for the link s URL and in the Link URL field enter the corresponding hyper link in plain...

Page 227: ...n the Common Customization window Fig 2 1 79 Sample Customized Warning Page By default the following data displays in the User Machine frame User Machine field The username displays for the LDAP user...

Page 228: ...warning page will redisplay and the user must click this button once more in order to continue accessing the URL NOTE If using the Real Time Probe feature in the Real Time Information box the Filter...

Page 229: ...cted from the Customization menu This window is used with the Override Account feature and lets you customize text in the pop up window end users with override accounts will see when logging into thei...

Page 230: ...a static header to be displayed at the top of the profile control pop up window In the Warning Text field enter a static text message to be displayed at the bottom of the pop up window 2 Click Apply...

Page 231: ...a quota time limit set for a passed category in his her profile and has attained or exceeded that limit Fig 2 1 81 Quota Block Page Customization window TIP An entry in any of the fields in this windo...

Page 232: ...ial font type 2 Click Apply TIP Click Restore Default and then click Apply to revert to the default settings in this window Preview Sample Quota Block Page 1 Click Preview to launch a separate browser...

Page 233: ...e included in the quota block page HELP Clicking this link takes the user to M86 s Tech nical Support page that explains why access to the site or service may have been denied M86 Security Clicking th...

Page 234: ...ime limit set for a passed category in his her profile and has used 75 percent of the allotted time in that category Fig 2 1 83 Quota Notice Page Customization window TIP An entry in any of the fields...

Page 235: ...the Quota Percentage Display is enabled indicating the percentage of quota used by the individual will display in the quota notice page Click Off to not display this information in the quota notice pa...

Page 236: ...ng standard links are included in the quota notice page HELP Clicking this link takes the user to M86 s Tech nical Support page that explains why access to the site or service may have been denied M86...

Page 237: ...e server and its target server s and managing soft ware updates on these servers Software Update Management window The Software Update Management window displays when Software Update Management is sel...

Page 238: ...ersion name and number of the next software update to be applied or N A if there is none available Latest Software Update Version name and number of the latest software update or N A if there is none...

Page 239: ...Local Software Updates window for information about the EULA and applying software updates Only a software update number that is lesser to or equal to the source server s software update number can b...

Page 240: ...Filtering Status Information The Status frame displays the following columns of informa tion Hostname Location criteria entered in the LAN Settings window for the source server s hostname or the info...

Page 241: ...format if this information is available TIPS The order in which columns display in the grid can be changed by clicking the column header and sliding the column to another position in the grid Columns...

Page 242: ...gure URL hits that along with quotas specified in filtering profiles determine when a user will be blocked from further accessing URLs in a library group category This window is also used for resettin...

Page 243: ...ging from one second to 3600 seconds one hour As an example of how a quota works in conjunction with hits if a quota is set to 10 minutes and the number of seconds per hit is set to 10 seconds then th...

Page 244: ...able to access URLs in any library group category with a quota Set up a Schedule to Automatically Reset Quotas A schedule can be set up to reset all quotas at the appointed hour s minute s each day 1...

Page 245: ...move the quota reset time from the list box TIP After making all configuration settings in this window during this session click Apply Quota Notice page When the end user has spent 75 percent of time...

Page 246: ...ld is blank for the IP group user By default the following standard links are included in the quota notice page HELP Clicking this link takes the user to M86 s Tech nical Support page that explains wh...

Page 247: ...g a quota block page the end user will not be able to access content in that library group category until the quota is reset By default the following fields display Category field The name of the libr...

Page 248: ...explains why access to the site or service may have been denied M86 Security Clicking this link takes the user to M86 s Web site SSL Certificate SSL Certificate window The SSL Certificate window displ...

Page 249: ...that asks if you wish to continue which would restart your server TIP Click No to close the pop up window and to return to SSL Certificate window 2 Click Yes to generate the SSL certificate and restar...

Page 250: ...gnated group administrator creates sub groups and individual IP members and adds and maintains their filtering profiles For the LDAP domain branch the global administrator must first set up authentica...

Page 251: ...w a menu of topics or actions that can be performed for that entity NOTES Information on LDAP groups can be found in the M86 Web Filter Authentication User Guide Information on creating filtering prof...

Page 252: ...t up in the Target mode to synchronize both profile and library setting changes the only sub topic that displays is Range to Detect Range to Detect window The Range to Detect window displays when Rang...

Page 253: ...ples of settings that can be made NOTE If this Web Filter is using the Source mode and the Upstream Failover Detect feature is enabled if a downstream target server fails as detected by the Appliance...

Page 254: ...Wizard clicking this button takes you to the Range to Detect Setup Wizard Follow the instructions in the Range to Detect Setup Wizard sub section to complete the addition of the segment on the network...

Page 255: ...ettings made using the Wizard are saved in Step 6 Step 1 In this step you define the source IP address es to be filtered Fig 2 2 5 Range to Detect Setup Wizard Step 1 Since the first four pages of the...

Page 256: ...e next page of the Wizard NOTE Click Cancel to be given the option to return to the main Range to Detect Settings window Step 2 Optional In this step you define the destination IP address es to be fil...

Page 257: ...ndow Step 3 Step 4 Optional In this step you define the destination IP address es to be excluded from filtering Any entries from the list box in Step 1 automatically display in the list box above NOTE...

Page 258: ...OLICY SCREEN 236 M86 SECURITY USER GUIDE Fig 2 2 8 Range to Detect Setup Wizard window Step 4 Step 5 Optional In this step you enter destination port numbers to be excluded from filtering Fig 2 2 9 Ra...

Page 259: ...k Remove 3 Click Next to go to the last page of the Wizard Step 6 In this final step of the Wizard you review your entries and make modifications if necessary Fig 2 2 10 Range to Detect Setup Wizard w...

Page 260: ...s window Fig 2 2 11 Range to Detect Advanced Settings window 1 Enter the settings in the list box using the correct syntax Refer to the examples above TIP Use the Calculator to calculate IP ranges wit...

Page 261: ...segment Start the Setup Wizard clicking this button takes you to Step 6 of the Range to Detect Setup Wizard see Fig 2 2 10 Follow the instructions in the Range to Detect Setup Wizard sub section for...

Page 262: ...Rule2 BLOCK Porn Rule3 Block IM and Porn Rule4 M86 CIPA Compliance which pertains to the Chil dren s Internet Protection Act and the Block All rule By default Rule1 displays in the Rule field BYPASS...

Page 263: ...green circle in the Pass column TIP In the Category Groups tree double click the group enve lope to open that segment of the tree and to view library catego ries belonging to that group To change the...

Page 264: ...then pressing the Shift key on your keyboard while clicking the last category and then double clicking in the appropriate column 4 Make a selection from the Uncategorized Sites pull down menu to spec...

Page 265: ...include your rule to the list that displays in the pull down menu Modify a Rule After a rule is added it can later be modified To make changes to a rule 1 Select the rule from the Current Rules pull...

Page 266: ...lays when Global Group Profile is selected from the Global Group menu This window is used for viewing creating the global default filtering profile that will be used by all users on the network unless...

Page 267: ...d Pornography Adult Content indicating that the end user can access URLs in all other library categories This filter setting is designated by the check mark inside a green circle in the Pass column fo...

Page 268: ...opriate column Blocks of categories can be assigned the same filter setting by clicking the first category and then pressing the Shift key on your keyboard while clicking the last category and then do...

Page 269: ...urned Off If turned On enter the number of minutes in the Min field to indicate when the end user s access to passed library groups categories with quotas will be blocked If the end user spends this a...

Page 270: ...Port s list box 3 Click Apply to apply your settings at the global level To remove a port number from the list box 1 Select the port number 2 Click Remove 3 Click Apply to apply your settings at the g...

Page 271: ...RL instead of the block page 2 Click Apply to apply your settings Filter Options Filter Options displays when the Filter Options tab is clicked This tab is used for specifying which filter option s wi...

Page 272: ...ion enabled Google Bing com Yahoo YouTube Ask com and AOL s strict SafeSearch Filtering option will be used whenever end users perform a Google Bing com Yahoo YouTube Ask com or AOL Web search or Imag...

Page 273: ...tegories NOTES Search engine keyword filtering relies on an exact keyword match For example if the word sex is set up to be blocked but sexes is not set up to be blocked a search will be allowed on se...

Page 274: ...character in a URL NOTE To set up URL keywords in a URL Keywords window see the following sections of this user guide for the specified library type M86 Supplied Categories see Chapter 3 Library scree...

Page 275: ...blocked at the minimum filtering level Fig 2 2 17 Override Account window NOTES A user can have only one override account If an over ride account was previously created for a user in a master IP group...

Page 276: ...list box of the Current Accounts frame and to open the pop up window containing the Current Accounts name as well as tabs to be used for specifying the components of the override account profile 5 Cli...

Page 277: ...rn and or Block columns in the Rule Details frame with filter settings for each category group library category in the Category Groups tree TIP In the Category Groups tree double click the group enve...

Page 278: ...the end user that the URL he she requested can be accessed but may be against the organization s policies The end user can view the URL after seeing a warning message and agreeing to its terms Block...

Page 279: ...window in Chapter 1 System screen for more information on configuring quota settings and resetting quotas for end users currently blocked by quotas The Overall Quota field becomes enabled if a quota...

Page 280: ...ify the type of redirect URL to be used Default Block Page Authentication Request Form or Custom URL If Custom URL is selected enter the redirect URL in the corresponding text box The user will be red...

Page 281: ...lick the checkbox es corresponding to the option s to be applied to the override account filtering profile X Strikes Blocking With the X Strikes Blocking option enabled if the user attempts to access...

Page 282: ...com or AOL images returned by the query to load on the page The user will receive only one strike if all inappropriate images load within the tolerance time range of a given strike Search Engine Keyw...

Page 283: ...d search will be extended after the character in a URL NOTE To set up URL keywords in a URL Keywords window see the following sections of this user guide for the specified library type M86 Supplied Ca...

Page 284: ...an override account 1 In the Current Accounts frame select the username from the list box 2 Click View Modify to open the pop up window 3 Click the tab in which to make modifications Rule Redi rect F...

Page 285: ...ltering profile other than the global default filtering profile The minimum filtering level is created by making selections from the list of library categories and service ports These settings can be...

Page 286: ...each of these selected categories will be opened or blocked at the minimum filtering level Fig 2 2 21 Minimum Filtering Level window Min Filtering Categories By default Child Pornography and Pornograp...

Page 287: ...egory will pass to the end user Block URLs in this category will be blocked TIPS Multiple categories can be assigned the same filter setting by clicking each category while pressing the Ctrl key on yo...

Page 288: ...g Level window Port tab Create Edit a List of Service Ports All service ports are filtered by default To block a service port from being accessed at the minimum filtering level 1 Enter the port number...

Page 289: ...tab is clicked This tab is used for specifying whether users in a master IP group will be allowed to bypass the minimum filtering level with an override account or an exception URL Fig 2 2 23 Minimum...

Page 290: ...L frame click the On checkbox Users will be able to bypass settings at the minimum filtering level if URLs blocked at the minimum filtering level are set up to be accessed by users 2 Click Save to app...

Page 291: ...e Group Name NOTES The name of the master IP group must be less than 20 characters cannot be IP or LDAP and cannot contain spaces The first character cannot be a digit The following characters cannot...

Page 292: ...er one numeric character and one special character The password is case sensitive 4 Click OK to add the group to the tree NOTE Information on defining the group and its members and establishing their...

Page 293: ...at the left of the screen Updates Library Lookup Customer Feed back Module Category Weight System NNTP Newsgroup Pattern Detection Whitelist and Category Groups NOTE If the synchronization feature is...

Page 294: ...ied library categories for that group Click a library category topic to view a menu of sub topics for that library category item Library Details URLs URL Keywords and Search Engine Keywords To add a c...

Page 295: ...og Configuration window The Configuration window displays when Configuration is selected from the Updates menu This window is used for making settings to allow the Web Filter to receive M86 supplied l...

Page 296: ...erver Enter the host name for the proxy server in this field 3 By default userid displays in the Username field Enter the username for the FTP account 4 Enter the same password in the Password and Con...

Page 297: ...aily updates due to an occurrence such as a power outage Fig 2 3 3 Manual Update window NOTE The Configuration window should be used for scheduling the Web Filter to automatically download libraries o...

Page 298: ...vailable Any software updates that are downloaded can be found in the System section of the console in the Local Soft ware Update window Using that window a software update can be selected and applied...

Page 299: ...Languages 1 Make a selection from the Unselected Languages list box and click the right arrow to move that selection to the Selected Languages list box 2 Once the Selected Languages list box is popul...

Page 300: ...e Log is selected from the Updates menu This window is used for viewing transfer activity of library updates from the update server to your Web Filter and for downloading the activity log Fig 2 3 5 Li...

Page 301: ...ow on your worksta tion where you specify the filename for the file and where to save the file 3 Select the folder in which to save the file and then enter the File name retaining the zip file extensi...

Page 302: ...UIDE Fig 2 3 6 Folder containing downloaded file 2 Choose Open With and then select a zip file executable program such as WinZip Executable to launch that application Fig 2 3 7 WinZip Executable progr...

Page 303: ...Fig 2 3 8 WinZip window 4 Right click the zip file to open the pop up menu and choose View to open the View dialog box Fig 2 2 9 View dialog box 5 Select Internal ASCII text viewer and then click Vie...

Page 304: ...r print the contents of this file 1 Click Clipboard Copy wait for the dialog box to open and confirm that the text has been copied to the clip board and then click OK to close the dialog box 2 Open No...

Page 305: ...cted from the Updates menu This window is used for viewing transfer activity of emergency software updates from the update server to your Web Filter and for downloading the activity log Fig 2 3 12 Eme...

Page 306: ...ck OK in this box after the download is completed In the file download dialog box select the save option this action opens the window on your worksta tion where you specify the filename for the file a...

Page 307: ...er a URL or search engine keyword or keyword phrase exists in a library category and to remove it if necessary Fig 2 3 13 Library Lookup window URL Lookup Removal Perform a URL Check To see if a URL h...

Page 308: ...4 7 47 41 4D 45 53 43 4F 4D query string e g http www youtube com watch v 3_Wfnj1llMU NOTES The pound sign character is not allowed in this entry The minimum number of wildcard levels that can be ent...

Page 309: ...l Perform a Search Engine Keyword Check To see if a search engine keyword or keyword phrase has been included in any library category 1 In the Search Engine Keyword Lookup frame enter the Search Engin...

Page 310: ...y windows have been made Customer Feedback Module Customer Feedback Module window The Customer Feedback Module window displays when Customer Feedback Module is selected from the navigation panel This...

Page 311: ...t an M86 technical suppport representative can use to contact you for assistance See Alert Settings window in Chapter 1 System screen for information about enabling this feature Disable Customer Feedb...

Page 312: ...n the URLs collected by the Customer Feedback Module and sent to M86 Security At no time will any personal information collected be released publicly nor will the Web request data be used for any purp...

Page 313: ...o M86 Security once you click the Accept button 4 After reading this text if you agree with the terms click in the checkbox to activate the Accept button 5 Click Accept to close the Disclaimer box and...

Page 314: ...t System window displays when Cate gory Weight System is selected from the navigation panel This feature lets you choose which category will be logged and reported for a URL request that exists in mul...

Page 315: ...ategories the highest operational prece dence would be logged If a URL exists in a category that is Always Allowed as well as a category set to be Blocked for that user Always Allowed would be logged...

Page 316: ...ght Categories list box Once the Weight Categories list box is populated with categories you wish to include select a category and use the arrow keys to weight it against other categories TIP There ar...

Page 317: ...s group is selected from the navigation panel This window is used for adding or removing a newsgroup from the libraries Fig 2 3 18 NNTP Newsgroup window Add a Newsgroup to the Library To add a newsgro...

Page 318: ...ing the library utilizes system resources that impact the performance of the Web Filter M86 recommends clicking Reload Library only after modifications to all library windows have been made Pattern De...

Page 319: ...ring 2 Click Add to include the IP address in the IPs list box TIP To remove an IP address from the list select the IP address from the IPs list box and then click Remove Multiple IP addresses can be...

Page 320: ...so contains the Custom Categories category group Customized category groups and library categories must be set up and maintained by global or group administrators Fig 2 3 20 Library screen Category Gr...

Page 321: ...y Details URLs URL Keywords and Search Engine Keywords Menus for Instant Messaging library categories only include the sub topics Library Details and URLs Library Details window The Library Details wi...

Page 322: ...is used in a filtering profile for blocking a user s access to a specified site or service A URL can contain a domain name such as playboy in http www playboy com or an IP address such as 209 247 228...

Page 323: ...ry To view a list of all URLs that either have been added or deleted 1 Click the View tab 2 Make a selection from the pull down menu for Addition List Deletion List Wildcard Addition List or Wild card...

Page 324: ...types of URL formats also can be entered in this field IP address e g 209 247 228 221 in http 209 247 228 221 octal format e g http 0106 0125 0226 0322 hexadecimal short format e g http 0x465596d2 he...

Page 325: ...ick Add to display the associated wildcard URL s in the list box below 3 Select the wildcard URL s that you wish to add to the category 4 Click Apply Action NOTE Wildcard URL query results include all...

Page 326: ...e as pertinent 3 Click Remove to display the associated URLs in the list box below 4 Select the URL s that you wish to remove from the cate gory 5 Click Apply Action Reload the Library After all chang...

Page 327: ...ture for URL keyword filtering is not enabled in a filtering profile URL keywords can be added in this window but URL keyword filtering will not be in effect for the user s See the Filter Options tab...

Page 328: ...e pull down menu for Addition List or Deletion List 2 Click View List to display the specified items in the Select List list box Add or Remove URL Keywords Add a URL Keyword to the Library Category To...

Page 329: ...er by clicking the Append or Overwrite radio button Upload a List of URL Keyword Additions To upload a text file with URL keyword additions 1 Click Upload To Addition File to open the Upload Library K...

Page 330: ...ndow see Fig 2 3 25 2 Click Browse to open the Choose file window 3 Select the file to be uploaded 4 Click Upload File to upload this file to the server Reload the Library After all changes have been...

Page 331: ...ning keywords included in its list Fig 2 3 26 Search Engine Keywords window NOTES Master lists cannot be uploaded to any M86 supplied library category See the Custom Categories sub section of the Grou...

Page 332: ...up to be blocked a search will be allowed on sexes but not sex since a search engine keyword must exactly match a word set up to be blocked View a List of Search Engine Keywords To view a list of all...

Page 333: ...d frame specify whether the contents of this file will add to the current file or overwrite the current file on the server by clicking the Append or Overwrite radio button Upload a List of Search Engi...

Page 334: ...rd pop up window see Fig 2 3 25 2 Click Browse to open the Choose file window Select the file to be uploaded 3 Click Upload File to upload this file to the server Reload the Library After all changes...

Page 335: ...ed if the Web Filter s log files will be transferred to a reporting application Click Real Time Probe to display windows for configuring and maintaining real time probes This tool is used for monitori...

Page 336: ...eport Configuration window displays when Report Configuration is selected from the navigation panel This window is used for initiating an on demand log transfer to the ER Administration module Fig 2 4...

Page 337: ...he navigation panel This feature lets the probe administrator monitor a user s Internet usage in real time to see if that user is using the Internet appropri ately Fig 2 4 3 Real Time Probe window Con...

Page 338: ...in Minutes the probe will search for URLs up to 1440 minutes 24 hours The default setting is 1000 minutes 4 Enter the Maximum Report Lifetime in Days to keep a saved report before deleting it The def...

Page 339: ...esponding the to the Email Format to be used for the file Plain Text or HTML By default HTML is selected 2 Select the Maximum File Size of an Email Report MB that can be sent from 1MB increments up to...

Page 340: ...rts to be Emailed list box 2 Click Delete to remove the email address es from list Logon Accounts Click the Logon Accounts tab to display Logon Accounts Fig 2 4 5 Real Time Probe window Logon Accounts...

Page 341: ...activate an authorized user s account 1 Select the username from the Current Accessible Users list box 2 Click Disable to move the username to the Current Un Accessible Users list box Delete a Logon A...

Page 342: ...Probe icon or Go to Real Time Probe Reports GUI either the Re login window or the Real Time Probe Reports pop up window opens Re login window The Re login window opens if the user s session needs to b...

Page 343: ...ff member can click a link in an email alert or type in http x x x x 88 RtProbe jsp in the address field of a browser window in which x x x x is the IP address of the Web Filter to only see probes he...

Page 344: ...USER GUIDE Fig 2 4 8 Real Time Probes introductory window This window must be left open during the entire session Create a Real Time Probe Click the Create tab to enter and specify criteria for the r...

Page 345: ...ers to be included in the User Name s to be probed The entry in this field is case sensitive This selection generates a report with data for all usernames containing the consecutive characters you spe...

Page 346: ...a specified email address enter the Email Address to Mail the Completed Report 5 Specify the Start Date Time by clicking the appropriate radio button Now click this radio button to run the probe now...

Page 347: ...b The Start Date Time displays in the YYYY MM DD HH MM SS format Daily displays in the Recurrence column if the probe is scheduled to run on a daily basis The Status of the probe displays Completed In...

Page 348: ...Name library Category Filter Action set up in the profile Pass Block reserved for ER Warn Warned X Strike Quota By Method the method used in creating the entry SE Keyword URL Keyword URL Wild card St...

Page 349: ...address to send the completed report see Email option Click Close to close the Real Time Information box Properties option Clicking Properties opens the Probe Properties box Fig 2 4 12 Probe Properti...

Page 350: ...ox via the Stop button Clicking Delete opens the following dialog box asking if you want to delete the probe Fig 2 4 13 Probe Properties deletion box Click Yes to delete the probe and remove it from t...

Page 351: ...on panel This window is used for viewing and analyzing Internet usage data for a specified time period within the past 14 days The following data can be analyzed for the given time period number of UR...

Page 352: ...either Recent Trend or one of the Daily Peaks dates 2 Click View to open a separate browser window containing the specified graph Recent Trend The Recent Trend graph includes the following informatio...

Page 353: ...RITY USER GUIDE 331 Daily Peaks The Daily Peaks graph includes the following information date and Number of Hits per Second at Peak Time for a given Time using the HH MM format Fig 2 4 17 Daily Peaks...

Page 354: ...tion panel This window is used for specifying the log format the Web Filter will use for sending logs to the ER Fig 2 4 18 Shadow Log Format window Specify the Shadow Log Format The window is comprise...

Page 355: ...not connected to the Web Filter Log Format Post 1 9 log format displays by default if the ER is using software version 3 75 or later up until 4 1 or if an ER is not connected to the Web Filter Post 2...

Page 356: ...1 9 log format option If this Web Filter currently has the 1 9 or higher software update applied the Post 1 9 log option should be selected since the ER 3 75 or higher software update uses the new lo...

Page 357: ...ers Chapter 2 includes information on creating and maintaining Custom Categories for libraries The group administrator performs the following tasks defines members of a master IP group adds sub group...

Page 358: ...e Fig 3 1 1 Policy screen The navigation panel at the left of the screen contains the IP branch of the Policy tree NOTE If the synchronization feature is used a server set up in the Target mode to syn...

Page 359: ...CHAPTER 1 POLICY SCREEN M86 SECURITY USER GUIDE 337 IP Refresh Refresh the Master IP Group Member Click Refresh whenever a change has been made to the master IP group or member level of the tree Fig...

Page 360: ...view a menu of sub topics Group Details Members Override Account Group Profile Exception URL Time Profile Upload Download IP Profile Add Sub Group Add Individual IP Delete Group and Paste Sub Group Gr...

Page 361: ...k Apply to apply your settings Members window The Members window displays when Members is selected from the menu This window is used for adding and managing members of a master IP group For the invisi...

Page 362: ...he Source IP fields If Source IP Start End was selected enter the Start and End of the IP address range 2 Click Add to include the IP address entry in the Current Members list box TIP Click Calculator...

Page 363: ...the option to bypass the minimum filtering level is activated Fig 3 1 5 Override Account window NOTES Override accounts can be created for any authorized user In order for a user with an override acco...

Page 364: ...word field 4 Click Add to include the username in the list box of the Current Accounts frame and to open the pop up window containing the Current Accounts name as well as tabs to be used for specifyin...

Page 365: ...n and or Block columns in the Rule Details frame with filter settings for each category group library category in the Category Groups tree TIP In the Category Groups tree double click the group enve l...

Page 366: ...the end user that the URL he she requested can be accessed but may be against the organization s policies The end user can view the URL after seeing a warning message and agreeing to its terms Block...

Page 367: ...window in Chapter 1 System screen for more information on configuring quota settings and resetting quotas for end users currently blocked by quotas The Overall Quota field becomes enabled if a quota i...

Page 368: ...attempts to access a site or service set up to be blocked Fig 3 1 7 Override Account pop up window Redirect tab Specify the type of redirect URL to be used Default Block Page Authentication Request F...

Page 369: ...X Strikes Blocking With the X Strikes Blocking option enabled if the user attempts to access inappropriate sites on the Internet he she will be locked out from his her workstation after a specified n...

Page 370: ...ter Control With the Search Engine Keyword Filter Control option enabled search engine keywords can be set up to be blocked When the user enters a keyword in the search engine if that keyword has been...

Page 371: ...ame in the Name field 3 Enter the new Password 4 Make the same entry again in the Confirm Password field 5 Click View Modify to open the pop up window 6 Click Apply 7 Click Close to close the pop up w...

Page 372: ...Click the following tabs in this window Category Redirect URL and Filter Options Entries in these tabs comprise the profile string for the group NOTE The Group Profile window is similar to the Sub Gro...

Page 373: ...Content By default Uncategorized Sites are allowed to Pass NOTE By default the Available Filter Levels pull down menu also includes these five rule choices Rule1 BYPASS Rule2 BLOCK Porn Rule3 Block I...

Page 374: ...column Pass Allow Warn Block in the row corresponding to that category group library category to move the check mark to that column Pass URLs in this category will pass to the end user Allow URLs in...

Page 375: ...ined in the Quota Settings window to determine when the end user will be blocked from further access to URLs in that library group category TIP If a quota entry is made for a category group all librar...

Page 376: ...a site or service set up to be blocked at the group level Fig 3 1 10 Group Profile window Redirect URL tab Create Edit the Redirect URL 1 Specify the type of redirect URL to be used Default Block Pag...

Page 377: ...Filter Options 1 Click the checkbox es corresponding to the option s to be applied to the sub group filtering profile X Strikes Blocking Google Yahoo Youtube Ask AOL Safe Search Enforcement Search Eng...

Page 378: ...s library or is blocked by Google Bing com Yahoo YouTube Ask com or AOL If this option is used in conjunction with the X Strikes Blocking feature and a user is performing an inappropriate Google Bing...

Page 379: ...line of a browser window if that keyword has been set up to be blocked the user will be denied access to that site or service URL keywords are entered in the URL Keywords window of custom library cat...

Page 380: ...Individual IP sections of the Policy tree Fig 3 1 12 Exception URL window NOTE Settings in this window work in conjunction with those made in the Override Account window and in the Minimum Filtering...

Page 381: ...al long format e g http 0x46 0x55 0x96 0xd2 decimal value format e g http 1180014290 escaped hexadecimal format e g http 57 57 57 41 44 44 49 43 54 49 4E 47 47 41 4D 45 53 43 4F 4D query string e g ht...

Page 382: ...found by the query Uncheck any checkbox corresponding to a URL you do not want to include in your list Click the Check uncheck all checkbox at the bottom of this window to toggle between selecting or...

Page 383: ...for the ignore warnings and add URL field activates the Add Selected button Clicking Add Selected closes the pop up window and moves the selected URLs to the opposite frame in the Exception URL windo...

Page 384: ...rned by the URL query 2 Click Remove to open the Remove Block URLs Remove ByPass URLs pop up window to view all corre sponding URLs found by the query Fig 3 1 15 Remove Block URLs pop up window This w...

Page 385: ...RLs Time Profile window The Time Profile window displays when Time Profile is selected from the group menu This window is used for setting up or modifying a filtering profile to be activated at a spec...

Page 386: ...rofile 2 Type in three to 20 alphanumeric characters the under score _ character can be used for the profile name 3 Click OK to close the pop up box and to open the Adding Time Profile pop up window t...

Page 387: ...To choose another date click the arrow in the date drop down menu to open the calendar pop up box In this pop up box you can do the following Click the left or right arrow at the top of this box to na...

Page 388: ...for the months this time profile will be used and next specify which day of the month If Day is chosen select from 1 31 If a non specific day is chosen make selections from the two pull down menus fo...

Page 389: ...is entered and the First Monday of June are selected this profile will be used every two years on the first Monday in June For example if the current month and year are May 2010 the first Monday in Ju...

Page 390: ...Options and Excep tion tabs 8 Click Apply to activate the time profile for the IP group at the specified time 9 Click Close to close the Adding Time Profile pop up window and to return to the Time Pr...

Page 391: ...The Rule tab is used for creating the categories portion of the time profile Fig 3 1 19 Time Profile pop up window Rule tab NOTE See the Override Account window Category Profile sub section in this ch...

Page 392: ...ing the URL to be used for redirecting users who attempt to access a site or service set up to be blocked Fig 3 1 20 Time Profile pop up window Redirect URL tab NOTE See the Override Account window Re...

Page 393: ...tab is used for specifying which filter option s will be applied to the time profile Fig 3 1 21 Time Profile pop up window Filter Options tab NOTE See the Override Account window Filter Options sub s...

Page 394: ...that can be made for this component of the filtering profile Settings in this window work in conjunction with those made in the Override Account window and in the Minimum Filtering Level window mainta...

Page 395: ...p up window 3 Make modifications in the default Recurrence tab and or click the tab in which to make modifications Rule Redi rect Filter Options Exception 4 Make edits in this tab and in any other tab...

Page 396: ...Profile is selected from the group menu This window is used for uploading or downloading a text file containing filtering profiles of multiple users or sub groups Fig 3 1 23 IP Profile Management wind...

Page 397: ...les of entries to include in a profile file go to http www m86security com software 8e6 hlp r3000 files 2group_ipprofiles html Once the file is selected the path displays in File field WARNING Any exi...

Page 398: ...f profiles have been created and or uploaded to the server 1 Click Download Profile to open a browser window containing the profiles Fig 3 1 26 Download IP Profiles window The contents of this window...

Page 399: ...int question mark ampersand asterisk quotation mark apostrophe grave accent mark tilde caret _ underscore pipe slash backslash double backslashes left parenthesis right paren thesis left brace right b...

Page 400: ...n exclamation point question mark ampersand asterisk quotation mark apostrophe grave accent mark tilde caret _ underscore pipe slash backslash double backslashes left parenthesis right paren thesis le...

Page 401: ...ess of creating sub groups if the sub group to be added has the same configuration settings as one that already exists A sub group can be pasted or copied to a group if the Copy Sub Group function was...

Page 402: ...eption URL Time Profile Delete Sub Group and Copy Sub Group Sub Group IP Group window The Sub Group IP Group window displays when Sub Group Details is selected from the menu This window is used for vi...

Page 403: ...ds in the IP Address frame and the Apply button remain activated Fig 3 1 31 Sub Group IP Group window fields activated 1 In the IP Address frame click the appropriate radio button corresponding to the...

Page 404: ...ig 3 1 30 Members window The Members window displays when Members is selected from the menu This window is used for modifying the sub group s Member IP address if using the invisible or router mode If...

Page 405: ...and End of the IP address range TIP Click Calculator to open the IP Calculator and calculate IP ranges without any overlaps 2 Click Modify to apply your settings Sub Group Profile window The Sub Grou...

Page 406: ...ation on entries that can be made in this window Time Profile window The Time Profile window displays when Time Profile is selected from the sub group menu This window is used for setting up or modify...

Page 407: ...b group to be added has the same configuration settings as one that already exists Copy an IP Sub Group To copy configurations made for a specified sub group 1 Choose Copy Sub Group from the sub group...

Page 408: ...ndividual IP Profile Exception URL Time Profile Delete Individual IP Member window The member window displays when Members is selected from the menu This window is used for modifying the indi vidual I...

Page 409: ...Profile window in this chapter for informa tion about entries that can be made for the following components of the filtering profile Category Profile Redirect URL Filter Options Exception URL window...

Page 410: ...er for information on entries that can be made for the following components of the filtering profile Category Profile Redirect URL Filter Options Exception URL Delete Individual IP Delete an Individua...

Page 411: ...Library categories are used when creating or modifying filtering profiles Fig 3 2 1 Library screen A list of main topics displays in the navigation panel at the left of the screen Main topics in this...

Page 412: ...the navigation panel This window is used for verifying whether or not a URL or search engine keyword or keyword phrase exists in a library category Fig 3 2 2 Library Lookup window NOTE This window is...

Page 413: ...d2 hexadecimal long format e g http 0x46 0x55 0x96 0xd2 decimal value format e g http 1180014290 escaped hexadecimal format e g http 57 57 57 41 44 44 49 43 54 49 4E 4 7 47 41 4D 45 53 43 4F 4D query...

Page 414: ...ord or keyword phrase has been included in any library category 1 In the Search Engine Keyword Lookup frame enter the Search Engine Keyword or keyword phrase up to 75 alphanumeric characters 2 Click L...

Page 415: ...m Categories link to view a menu of topics Add Cate gory and Refresh Fig 3 2 3 Custom Categories menu NOTE Since custom categories are not created by M86 updates cannot be provided Maintaining the lis...

Page 416: ...d displays Custom Categories greyed out 2 In the Description field enter from three to 20 charac ters for the long name of the new category 3 In the Short Name field enter up to seven characters witho...

Page 417: ...EN M86 SECURITY USER GUIDE 395 NOTE The category must have URLs URL keywords and or search keywords added to its profile in order for it to be effective Refresh Refresh the Library Click Refresh after...

Page 418: ...es tree list Click the custom library category link to view a menu of sub topics Library Details URLs URL Keywords Search Engine Keywords and Delete Category Fig 3 2 5 Library screen custom library ca...

Page 419: ...ndow is used for editing the long name of the custom library category and for viewing name criteria previously entered Fig 3 2 6 Library Details window View Edit Library Details The following display...

Page 420: ...ter wildcard URL list A URL is used in a filtering profile for blocking a user s access to a specified site or service A URL can contain a domain name such as playboy in http www playboy com or an IP...

Page 421: ...view a list of all URLs that either have been added or deleted from the master URL list or master wildcard URL list 1 Click the View tab 2 Make a selection from the pull down menu for Master List or W...

Page 422: ...oors com or coors com The following types of URL formats also can be entered in this field IP address e g 209 247 228 221 in http 209 247 228 221 octal format e g http 0106 0125 0226 0322 hexadecimal...

Page 423: ...ick Add to display the associated wildcard URL s in the list box below 3 Select the wildcard URL s that you wish to add to the category 4 Click Apply Action NOTE Wildcard URL query results include all...

Page 424: ...To remove a URL or wildcard URL from the library category 1 Click the Action tab 2 Enter the URL in the Edit URL List frame or Edit Wild Card URL List frame as pertinent 3 Click Remove to display the...

Page 425: ...Upload Master to open the Upload Custom Library URL pop up window Fig 3 2 9 Upload Custom Library URL window 2 Click Browse to open the Choose file pop up window 3 Select the file to be uploaded TIP A...

Page 426: ...Invalid URL 5 If the file contains invalid URLs click Back to return to the Upload URL window Another attempt to validate the file can be made after corrections have been made to the file If the file...

Page 427: ...categories must be reloaded Upload a Master List of Wildcard URLs To upload a master file with wildcard URL additions 1 Click Upload Wildcard Master to open the Upload Custom Library WildCard URL pop...

Page 428: ...s contained in the file are listed under the column for either Valid URL or Invalid URL 5 If the file contains invalid wildcard URLs click Back to return to the Upload WildCard URL window Another atte...

Page 429: ...rary category s menu of sub topics This window is used for adding or removing a URL keyword from a custom library category s master list A library category uses URL keywords to block a user s access t...

Page 430: ...raphic site such as http www essex com View a List of URL Keywords To view a list of all URL keywords that either have been added or deleted 1 In the View Keyword Addition Deletion List frame make a s...

Page 431: ...ose file window 3 Select the file to be uploaded 4 Click Upload File to upload this file to the server NOTE A URL keywords text file must contain one URL keyword per line WARNING The text file uploade...

Page 432: ...Keywords window NOTE If the feature for search engine keyword filtering is not enabled in a filtering profile search engine keywords can be added in this window but search engine keyword filtering wil...

Page 433: ...rd Addition Deletion List frame make a selection from the pull down menu for Master List 2 Click View List to display the specified items in the Select List list box Add or Remove Search Engine Keywor...

Page 434: ...rd phrase per line WARNING The text file uploaded to the server will overwrite the current file 4 Click Upload File to upload this file to the server Reload the Library After all changes have been mad...

Page 435: ...email or in writing For troubleshooting tips visit http www m86security com software 8e6 ts wf html Hours Regular office hours are from Monday through Friday 8 a m to 5 p m PST After hours support is...

Page 436: ...ce Locations and Phone Numbers M86 Corporate Headquarters USA 828 West Taft Avenue Orange CA 92865 4232 USA Local 714 282 6111 Fax 714 282 6116 Domestic US 1 888 786 7999 International 1 714 282 6111...

Page 437: ...tempt to resolve the issue directly If your issue needs to be escalated you will be given a ticket number for reference and a senior level technician will contact you to resolve the issue If your issu...

Page 438: ...curity warrants that the M86 product s do es not infringe on any third party copyrights or patents This warranty shall not apply to the extent that infringement is based on any misuse or modification...

Page 439: ...voice line Technical support information Online http www m86security com support Toll Free 888 786 7999 press 3 Telephone 1 714 282 6111 press 3 E mail support m86security com Have the following info...

Page 440: ...rnished as necessary to maintain the proper operational condition of the product s If parts are discontinued from production during the Warranty Period immediate replacement product s or hardware part...

Page 441: ...e or group name 2 IP address or MAC address 3 Filtering profile criteria Rule number Rule0 Rule1 etc or rule criteria a Ports to Block or Filter b Categories to Block or Open c Filter Mode 4 Redirect...

Page 442: ...er the defined port number s I Open all ports J Open the defined port number s M Set the defined port number s to trigger a warn message Q Block all ports R Block the defined port number s Port Number...

Page 443: ...le string indicating that all other categories should pass PASSED When positioned at the end of a string of categories or after a category command code this code indicates that unidentified categories...

Page 444: ...entered at the end of the profile string unless the quota option is used in which case the quota should be entered at the end of the profile string To disable all filter codes for an IP profile enter...

Page 445: ...one of the redirect URL tabs Go to Policy IP Group Name Sub Group Name Sub Group Profile Redirect URL Go to Policy Global Group Global Group Profile Default Redirect URL 2 Set the redirect URL to htt...

Page 446: ...tion IP Exclude IP Without excluding this IP address the Web Filter may capture filter block the following redirect link http server for block_page port for block page blockpage URL blocked url IP cli...

Page 447: ...and post the required hidden form data shown in the table below Name Description Value URL Blocked URL From the query string of the block page URL IP IP that accessed the blocked URL see URL CAT Categ...

Page 448: ...he custom ized block page Examples include 1 HTML using Java Script to parse post form data 2 CGI written in Perl 3 CGI written in C See the Reference portion of this appendix for coding details NOTE...

Page 449: ...t i str indexOf start if i 0 len str length substr str substr i start length len start length j substr indexOf end if j 0 result substr substring 0 j else if j 0 len substr length result substr substr...

Page 450: ...k action http Web Filter IP 81 cgi block cgi document block submit script head body form method post name block input type hidden name SITE value _BLOCK_SITE_ input type hidden name URL value input ty...

Page 451: ...b Filter customized block page Replace the Web Filter IP with the real IP before using This script provide data to the options CGI through query string Revision 1 Date 03 08 2004 method ENV REQUEST_ME...

Page 452: ...e Web Filter IP with the real IP before using This script uses Java Script to post form data to options CGI Revision 1 Date 03 08 2004 method ENV REQUEST_METHOD if method post i string STDIN else stri...

Page 453: ...e url n print input type hidden name CAT value cat n print input type hidden name USER value user n print input type hidden name STEP value STEP2 n print br Web Filter Customized Block Page CGI writte...

Page 454: ...types void printhtml void unescape_url char url char x2c char what char makeword char line char stop void plustospace char str char fmakeword FILE f char stop int cl int to_upper char string void getq...

Page 455: ...ty of global variables to be used by other areas of the program data_size atoi getenv CONTENT_LENGTH for index 0 data_size feof stdin index entries index val char fmakeword stdin data_size plustospace...

Page 456: ...nput type hidden name URL value s n szURL printf input type hidden name CAT value s n szCategory printf input type hidden name USER value s n szUserName printf input type hidden name STEP value STEP2...

Page 457: ...t 16 digit what 1 A what 1 0xdf A 10 what 1 0 return digit char makeword char line char stop int x 0 y char word char malloc sizeof char strlen line 1 for x 0 line x line x stop x word x line x word x...

Page 458: ...word ll 1 0 wsize 102400 word char realloc word sizeof char wsize 1 cl if word ll stop feof f cl if word ll stop ll word ll 0 return word ll to_upper Change the string to upper case int to_upper char...

Page 459: ...NDICES SECTION APPENDIX B M86 SECURITY USER GUIDE 437 void getquery char paramd char paramv if paramd NULL paramv NULL else paramv char strtok paramd void getnextquery char paramv paramv char strtok N...

Page 460: ...station will need to temporarily disable pop up blocking in order to authenticate him herself via the Options page Fig C 1 Options page This appendix provides instructions on how to use an over ride a...

Page 461: ...action opens the override account pop up window Add Override Account to the White List If the override account window was previously blocked by the Yahoo Toolbar it can be moved from the black list an...

Page 462: ...s from source 3 Select the source from the Sources of Recently Blocked Pop Ups list box to activate the Allow button 4 Click Allow to move the selected source to the Always Allow Pop Ups From These So...

Page 463: ...king the Override button this action opens the override account pop up window Add Override Account to the White List To add the override account window to the white list so that it will always be allo...

Page 464: ...lets you toggle between enabling pop up blocking popups blocked and disabling pop up blocking Popup protection off by clicking the pop up icon 1 In the IE browser go to the SearchSafe toolbar and cli...

Page 465: ...e Firefox browser go to the toolbar and select Tools Options to open the Options dialog box 2 Click the Content tab at the top of this box to open the Content section Fig C 6 Mozilla Firefox Pop up Wi...

Page 466: ...illa Firefox Pop up Window Exceptions 4 Enter the Address of the web site to let the override account window pass 5 Click Allow to add the URL to the list box section below 6 Click Close to close the...

Page 467: ...ocking feature in the IE browser Use the Internet Options dialog box 1 From the IE browser go to the toolbar and select Tools Internet Options to open the Internet Options dialog box 2 Click the Priva...

Page 468: ...u selec tion changes to Turn Off Pop up Blocker and activates the Pop up Blocker Settings menu item You can toggle between the On and Off settings to enable or disable pop up blocking Temporarily Disa...

Page 469: ...r and select Tools Pop up Blocker Pop up Blocker Settings to open the Pop up Blocker Settings dialog box Fig C 10 Pop up Blocker Settings 2 Enter the Address of Web site to allow and click Add to incl...

Page 470: ...Settings to open the Pop up Blocker Settings dialog box see Fig C 10 2 In the Notifications and Filter Level frame click the checkbox for Show Information Bar when a pop up is blocked 3 Click Close t...

Page 471: ...tion opens the Allow pop ups from this site dialog box Fig C 13 Allow pop ups dialog box 5 Click Yes to add the override account to your white list and to close the dialog box NOTE To view your white...

Page 472: ...red to use the mobile mode and Mobile Client software installed on end users workstations Mobile Client ensures Internet activity of all end users located outside the organization will be tracked and...

Page 473: ...cking software if installed must be disabled JavaScript enabled Java Virtual Machine Java Plug in use the version specified for the Web Filter software version System requirements for the end user inc...

Page 474: ...vity the Mobile Client application is used on the remote PC for filtering the end user s Internet activity When these two components are installed the following scenario occurs on the network 1 The en...

Page 475: ...RL is found and the site is disallowed the Mobile Client software blocks the connection to the Web server NOTE If using Mobile Client software version 2 0 or higher in a Macintosh environment and the...

Page 476: ...Filter s hard ware and software to be used with the Mobile Client Initial Setup The basic requirements for initial network setup are as follows Port 81 must be open on the network for block page requ...

Page 477: ...mode 2 In the Client Resynchronization Time field specify the interval of minutes for the Web Filter to resynchronize the profile on the end user s workstation with the profile set up for him her on...

Page 478: ...tains catego ries with Warn or Quota settings the Global Group Profile will be assigned instead 3 Click Apply to apply your settings Add MAC Addresses to the Master IP Group In the mobile mode the mas...

Page 479: ...roup Fig D 3 Members window sub group with MAC addresses The Modify Sub Group Member frame is comprised of the IP Address and MAC Address frames 1 In the MAC Address frame Source MAC addresses previou...

Page 480: ...key pointing to that list box Blocks of MAC addresses can be moved to a list box by clicking the first MAC address and then pressing the Shift key on your keyboard while clicking the last MAC address...

Page 481: ...this window Add a MAC Address to an Individual Member When using the mobile mode the Individual IP s Member window is used for selecting the member s MAC address for inclusion in the sub group Fig D...

Page 482: ...d user has both an IP address and a MAC address each profile should be entered on a separate line in the file For example if end user tlind has the IP address 150 100 30 2 and MAC address 00 04 21 AF...

Page 483: ...is her MAC address This window also is used for troubleshooting synchronization on target Web Filters to verify whether settings for user profiles match the ones synced over from the source Web Filter...

Page 484: ...nd 8e6clientInstaller mpkg tar for Macintosh OS X NOTE The unconfigured 8e6clientInstaller mpkg tar package in this kit contains Mobile Client software for Macintosh OS X and should be used in a Macin...

Page 485: ...chnical support WARNING If a prior version of the Mobile Client is installed on your workstation i e software version 1 x or 2 x you must unin stall that software before installing software version 3...

Page 486: ...proceed with the option you selected for installing the application If you chose the Custom option you will need to specify where or how the main execut able and support files will be installed on you...

Page 487: ...IDE 465 Fig D 11 Installation process ready to begin 7 Click Install to begin the installation process The following page displays when the installation process is complete Fig D 12 Installation compl...

Page 488: ...Client Deployment Tool for instructions on using these windows The Mobile Client Deployment Tool window is accessible via Start All Programs M86 Security Mobile Client Deployment Kit Package Editor Fi...

Page 489: ...go to File New Package to open the Choose Product Version dialog box Fig D 14 Choose Product Version dialog box 2 Select the Mobile Client software version from the avail able choices and then click O...

Page 490: ...figuration are saved When deploying the Mobile Client to end user workstations the installer uses this revision number to determine whether a newer configuration is already installed on the workstatio...

Page 491: ...emove Mobile Filter Host s dialog box Fig D 16 Add Remove Mobile Filter Host s 2 In the IP or Host Name field enter the public IP address or hostname of your mobile filter host server 3 By default 443...

Page 492: ...D 17 Add Remove Internal Filter Host s 2 In the IP or Host Name field enter the public IP address or hostname of your internal filter host server 3 By default 81 displays in the Port field and should...

Page 493: ...ssword fields b Enter the proxy server Username c Enter the proxy server Password twice Optional Block all URLs if Mobile Server cannot be found The Block all URLs if Mobile Server cannot be found che...

Page 494: ...ould impact the performance of the server For more information about using a host server for the Mobile Client Updater see MCU file preparations Choose a deployment host for updates 1 In the Automatic...

Page 495: ...k Both Windows and Macintosh OS X share a single set of Applications Options Settings This is not a problem as long as you qualify the application s sufficiently to avoid any chance of ambiguity e g w...

Page 496: ...sh to add any options you must first type in Mode 0 on the first line For example Mode 0 option 1 option 2 Step 2 Identify the name and path of the application Determine the name and path of the execu...

Page 497: ...lore exe xt 0 xl 0 Here s an example of the entire set of entries to enable verbose logging for all applications block Firefox for Windows and grant unfiltered access to Myapp exe Mode0 logall c xl 0...

Page 498: ...users NOTE Contact M86 Technical Support for advanced information about Applications Options Settings To encrypt or decrypt commands to be included in the Appli cation Options Settings frame of the Pa...

Page 499: ...File menu for saving the package configuration Save Saves the current package Save as Launches the Save Package window in which you specify the Package Name click OK and then Yes in a dialog box to c...

Page 500: ...APPENDICES SECTION APPENDIX D 478 M86 SECURITY USER GUIDE Fig D 20 Mobile Client Package Contents page...

Page 501: ...tations Mac OS X Client Installer Direct or Remote Desktop Setup links for accessing the following components 8e6clientInstaller mpkg tar download the compressed Mobile Client application installer pa...

Page 502: ...ilter is not found true or false and Update URL if using the Mobile Client Updater and a Web server was specified AppOptions Application Options Settings entries if any were made and saved When you ar...

Page 503: ...ut the package The Mobile Client Windows and Macintosh version numbers and MCU version numbers also display TIP Click Explore Packages to open the Mobile Client Deploy ment Kit s Packages folder and c...

Page 504: ...Configuration window for default settings This window is similiar in appearance to the Package Configuration window used for adding a new package or editing an existing package except the Package Info...

Page 505: ...in Configure a New Package Set for information about these Save options View Package Configuration contents 1 From the Mobile Client Deployment Tool select File Explore Packages to open the Packages...

Page 506: ...er workstations Step 1 Install MCU on end user workstations 1 Access the appropriate MCU installer 8e6winmcu msi for Windows and 8e6osxmcu pkg tar for Macintosh OS X and copy it to respective user wor...

Page 507: ...ents know where to get current updates Thereafter any newer packages should be uploaded to the new server The MIME types map may need to be modified in order to support custom file extensions for mcxm...

Page 508: ...statistical distribution Nevertheless it is conceivable that if you have 4 000 client workstations they might all attempt to download the update within the first hour after it is posted although the...

Page 509: ...server If you are using your own Web server as an update host extract the tgz file into the host directory associated with the Update URL Base field entry made in the Package Configu ration window fo...

Page 510: ...default location is http mobile_server_address 81 mobile_client_updates To verify that your update files have been posted go to the file latest manifest mcxml in this directory Clients read this file...

Page 511: ...i 2 Create a new Group Policy Object GPO a in the GPMC select Group Policy Management Forest Domains domain name Group Policy Objects b Right click and choose New then create a name for the policy sug...

Page 512: ...t servers There are two types of filters Security filters and WMI filters To create a Security filter a Select the new policy link Note the Security Filtering section in the Scope panel to the right b...

Page 513: ...by running gpup date exe NOTE By default Windows periodically refreshes the group policy automatically Using gpupdate allows you to force an immediate refresh for test purposes this is not something a...

Page 514: ...been installed a dialog box opens asking if you wish to complete the installation process now or later Fig D 26 Finish installation process 2 To complete the installation process now save any appli ca...

Page 515: ...ion the Mobile Client will be uninstalled from end users machines NOTE The Remover does not require configuration prior to distri bution You will probably want to change the name of the policy e g Rem...

Page 516: ...3 Copy the eight digit number displayed in the Machine ID field In this example 20686190 4 Access the Mobile Client Deployment Tool window and go to Tools Create uninstall key to open the Create Unins...

Page 517: ...he M86 Mobile Client Uninstall dialog box again and enter the generated password key in the Key field In this example f0d34d Fig D 30 Uninstall the Mobile Client 7 Click OK to begin the uninstallation...

Page 518: ...ering profile or the minimum filtering level If an item is given a block setting users will be denied access to it custom category A unique library category that is created by an administrator and can...

Page 519: ...orkstations either locally or across the Internet Using this feature of the Web Filter groups and or individual client machines can be set up to block the use of IM services specified in the library c...

Page 520: ...global filtering profile is used and the minimum filtering level does not apply to that user If the minimum filtering level is set up to block a library category this setting will override an always...

Page 521: ...l If an item is given an open pass setting users will have access to it override account An account created by the global group administrator or the group administrator to give an autho rized user the...

Page 522: ...Time Probe On the Web Filter this tool is used for monitoring the Internet activity of specified users in real time The report generated by the probe lets the adminis trator know whether end users ar...

Page 523: ...in parallel to each other User filtering profiles and library configurations can be set up to be synchronized between multiple Web Filters The clock on the Web Filter can be set up to be synchronized...

Page 524: ...ary category or uncategorized URLs when creating a rule or when setting up a filtering profile This designation indicates URLs in the library category or uncategorized URLs may potentially be in oppos...

Page 525: ...95 alert box terminology 4 Alert menu 123 Alert Settings window 123 always allowed 27 definition 496 Appliance Watchdog 140 231 authentication 157 Authentication menu 157 B backup procedures 159 Back...

Page 526: ...Management Console 37 137 checkbox terminology 4 CMC Management 137 142 CMC Management menu 215 Common Customization window 193 Configuration window 273 contact e mail addresses 123 Control menu 72 CP...

Page 527: ...field terminology 4 filter option codes 422 filter options global group 249 filter setting 28 definition 496 Filter window 72 filtering 421 category codes 421 hierarchy diagram 30 profile components...

Page 528: ...Google Web Accelerator 76 Google Bing Yahoo Youtube Ask AOL Safe Search Enforcement global group filter option 250 grid terminology 5 group create IP group 269 delete profile 379 global 18 IP 19 269...

Page 529: ...p Quotas 220 set up Real Time Probes 315 set up Search Engine Keywords Custom Categories 410 M86 Supplied Categories 309 set up URL Keywords Custom Categories 407 M86 Supplied Categories 305 set up UR...

Page 530: ...diagram 13 diagram with port monitoring 14 IP group 19 269 337 category profile 350 create 269 diagram 19 IP Profile Management window 374 J Java Plug in 10 451 Java Virtual Machine 10 451 JavaScript...

Page 531: ...codes list 421 custom 393 definition 497 M86 supplied 298 Library Details window 299 397 Library Lookup menu 285 390 Library Lookup window 285 390 Library screen 55 Library Update Log window 278 list...

Page 532: ...ng profile 22 maintenance 338 setup 269 master list 309 definition 498 Member window Individual IP MAC address 459 Member window Individual IP 386 Members window 339 382 mobile mode 456 457 Minimum Fi...

Page 533: ...stic tool 109 NNTP Newsgroup menu 295 NNTP Newsgroup window 295 NTP Servers window 90 O open setting 27 definition 499 Operation Mode window 150 mobile mode 455 Options page 82 override account 341 Ad...

Page 534: ...ow terminology 6 port profile global 247 266 minimum filtering level 266 Print Kernel Ring Buffer diagnostic tool 111 Process list diagnostic tool 108 Product Warranties section 416 profile global gro...

Page 535: ...e to Detect window 230 Real Time Probe 500 Real Time Probe window 315 realtime traffic logs 112 re authentication block page authentication 79 Reboot window 86 Recent Logins diagnostic tool 110 Recent...

Page 536: ...engine keyword filtering 251 Search Engine Keywords window 309 custom category 410 Secure Logon menu 98 self monitoring process 123 service port 26 definition 501 Setup window 138 Shadow Log Format w...

Page 537: ...to master IP group 377 copy 385 definition 501 delete 384 paste 379 sub topic 61 terminology 7 synchronization 137 backup procedures 47 definition 501 delays 41 overview 36 server maintenance 47 Setup...

Page 538: ...08 Traveler 298 definition 501 tree 62 63 terminology 8 Troubleshooting Mode window 114 troubleshooting tips 413 U update add software update to server 128 emergency software updates 283 library categ...

Page 539: ...501 VLAN 502 W Warn Option Setting window 191 Warn Page Customization window 203 warn setting 27 definition 502 Web access logging 31 Web Filter 1 Web based authentication block page authentication 7...

Page 540: ...INDEX 518 M86 SECURITY USER GUIDE...

Search results

Summary of Contents for IR Web Filter

Reviews:

Related manuals for IR Web Filter

Brands by name

Popular brands

M86 Security IR Web Filter, User Manual

Search results

Summary of Contents for IR Web Filter

Reviews:

Related manuals for IR Web Filter

Brands by name

Popular brands