M86 Security M86 Web Filter Скачать руководство пользователя | Manualshive

Страница: 22 / 309

background image

C

HAPTER

1: I

NTRODUCTION

F

ILTERING

E

LEMENTS

10

M86 S

ECURITY

U

SER

G

UIDE

LDAP Domain Groups

An LDAP (Lightweight Directory Access Protocol) domain
on a network server is comprised of LDAP groups and their
associated members (users), derived from profiles on the
network’s authentication server.

The LDAP group type is represented in the tree by the

LDAP icon

. This branch will only display if authentica-

tion is enabled. Using the tree menu, the global adminis-

trator adds and maintains LDAP domains

, and assigns

designated group administrators (Sub Admins) access to
specific entities (nodes) within that domain. The group
administrator creates and maintains filtering profiles for
nodes assigned to him/her. For Active Directory or “Other”
server types, these nodes include primary or static

groups

, workstations

, users

, or containers

.

For Open Directory, nodes include groups and users. For
Novell eDirectory, Sun One, Sun IPlanet, or Netscape
Directory server types, these nodes also include dynamic

groups

. If users belong to more than one group, the

global administrator sets the priority for group filtering.

Fig. 1-2 LDAP domain diagram, with sample groups and members

«
...
20
21
22
23
24
...
»

Содержание M86 Web Filter

Страница 1: ...M86 Web Filter USER GUIDE for Authentication Software Version 4 0 10 Document Version 06 08 10...

Страница 2: ...this documentation and disclaims any implied war ranties of merchantability and fitness for a particular purpose M86 Security shall not be liable for any error or for incidental or consequential damag...

Страница 3: ...ering Profile 13 Individual IP Member Filtering Profile 13 Active Filtering Profiles 14 Global Filtering Profile 14 LDAP Filtering Profiles 14 Override Account Profile 15 Time Profile 15 Lock Profile...

Страница 4: ...tication 35 Specify the operation mode 36 Specify the subnet mask IP address es 38 Invisible mode 38 Router or firewall mode 39 Enable authentication specify criteria 40 Net use based authentication 4...

Страница 5: ...76 View Log Results 77 CHAPTER 3 LDAP AUTHENTICATION SETUP 79 Create an LDAP Domain 79 Add the LDAP domain 79 Refresh the LDAP branch 80 View modify enter LDAP domain details 80 LDAP Server Type 81 G...

Страница 6: ...L 124 Filter Options 125 Add an Exception URL to the profile 126 Valid URL entries 127 Add URLs to Block URL or ByPass URL frame 128 Remove URLs from Block URL or ByPass URL frame 130 Apply settings 1...

Страница 7: ...ion for the Global Group 163 Step 1 Exclude filtering critical equipment 163 Step 1A Block Web access logging via Range to Detect 164 Range to Detect Settings 164 Range to Detect Setup Wizard 165 Step...

Страница 8: ...Tier 2 implementation in an environment 191 Tier 2 Script 192 Tier 1 and Tier 2 Script 193 Tier 3 Session based Web Authentication 195 M86 Authenticator 196 Environment requirements 197 Windows minimu...

Страница 9: ...stallation setup 216 Step 3C Run AD Agent configuration wizard 219 Use the Active Directory Agent console 224 Activity tab 224 Sessions tab 227 Session table spreadsheet 229 Session Properties window...

Страница 10: ...mat 264 User profile list format 265 Group profile list format 266 Container profile list format 266 LDAP Quota Format and Rules 267 APPENDIX E OVERRIDE POP UP BLOCKERS 268 Yahoo Toolbar Pop up Blocke...

Страница 11: ...dialog box 275 Use the IE toolbar 276 Temporarily disable pop up blocking 276 Add override account to the white list 277 Use the IE toolbar 277 Use the Information Bar 278 Set up the Information Bar...

Страница 12: ...CONTENTS xii M86 SECURITY USER GUIDE...

Страница 13: ...nstallation Guide or M86 WFR Installation Guide for information on installing the unit on the network This document also provides information on how to access the Web Filter Admin istrator console to...

Страница 14: ...o Use this User Guide Conventions The following icons are used throughout this user guide NOTE The note icon is followed by italicized text providing additional information about the current subject T...

Страница 15: ...dow or screen used for indi cating whether or not you wish to select an option This object allows you to toggle between two choices By clicking in this box a check mark or an X is placed indi cating t...

Страница 16: ...rows and columns of data as a result of various processes This data can be reorganized in the Administrator console by changing the order of the columns list box an area in a dialog box window or scr...

Страница 17: ...contains a down arrow to the right When you click the arrow a menu of items displays from which you make a selection radio button a small circular object in a dialog box window or screen used for sele...

Страница 18: ...pic is selected the window for that sub topic displays in the right panel of the screen or a pop up window or an alert box opens as appro priate text box an area in a dialog box window or screen that...

Страница 19: ...ouble clicking the item a minus sign replaces the plus sign and any entity within that branch of the tree displays An item in the tree is selected by clicking it window a window displays on a screen a...

Страница 20: ...ntication is enabled the global administrator who has all rights and permissions on the Web Filter will see all branches of the tree Global Group IP and LDAP If authentica tion is disabled only the Gl...

Страница 21: ...The global administrator adds master IP groups adds and maintains override accounts at the global level and estab lishes and maintains the minimum filtering level The group administrator of a master I...

Страница 22: ...ains LDAP domains and assigns designated group administrators Sub Admins access to specific entities nodes within that domain The group administrator creates and maintains filtering profiles for nodes...

Страница 23: ...rarchical tree structure used by end users who do not belong to a group IP group Master Group master group filtering profile used by end users who belong to the master group master time profile used b...

Страница 24: ...ide account set up in the master IP group section of the Web Filter Administrator console takes precedence over an override account set up in the global group section of the console lock profile set u...

Страница 25: ...ndividual IP group members and is customized to allow deny users access to URLs or warn users about accessing specified URLs to redirect users to another URL instead of having a block page display and...

Страница 26: ...s that are configured to be blocked A URL can be specified for use instead of the standard block page when users attempt to access material set up to be blocked Various filter options can be enabled L...

Страница 27: ...ustomized filtering profile set up to be effective at a specified time period for designated users Lock Profile This filtering profile blocks the end user from Internet access for a set period of time...

Страница 28: ...vel rules specify which library categories should be blocked left open assigned a warn setting or white listed filter options specify which features will be enabled X Strikes Blocking Google Bing Yaho...

Страница 29: ...Category Groups excluding the Custom Categories group Updates to these categories are provided by M86 on an ongoing basis and administra tors also can add or delete individual URLs within a speci fied...

Страница 30: ...smission HTTPS and Secure Shell SSH Rules A rule is comprised of library categories to block leave open assign a warn setting or include in a white list Access to an open library category can be restr...

Страница 31: ...lock if a category or a service port is given a block setting users will be denied access to the item set up as blocked open if a category or the filter segment detected on the network is given an ope...

Страница 32: ...ilter setting that port will use filter settings created for library categories block or open settings to determine whether users should be denied or allowed access to that port ignore if the filter s...

Страница 33: ...after authenti cating The minimum filtering level combines with the user s profile to guarantee that categories blocked in the minimum filtering level are blocked in the user s profile 3 For master I...

Страница 34: ...user The user can have only one individual profile in each domain c A profile for a workstation takes precedence over a user s individual profile d If the user has a time profile that profile takes p...

Страница 35: ...counts to bypass the minimum filtering level or if the override account was set up in the global group tree NOTE An override account set up in the master IP group section of the Web Filter Administrat...

Страница 36: ...and Options Web Filter authentication tiers The Web Filter authentication architecture for the LDAP authentication protocol is comprised of three tiers When using LDAP authentication with the Web Fil...

Страница 37: ...ication options can be enabled to ensure the end user is authenticated when logging into his her workstation M86 Authenticator Active Directory Agent and Novell eDirectory Agent NOTE See Appendix A Au...

Страница 38: ...ility for a single user KEY N A Not Applicable N R Not Recommended Tier1 net use Tier 2 time based Tier 3 session based M86 Authen ticator eDirec tory Agent Active Directory Agent Tier 1 Yes Yes N R N...

Страница 39: ...o Stalker None Tier 2 or Tier 3 Windows 2000 2003 Server both Mixed and Native modes Tier 1 net use M86 Authenticator for Windows AD Agent Tier 2 or Tier 3 Novell eDirectory M86 Authenticator for Wind...

Страница 40: ...the Web Filter s Virtual IP address and Java applet for Tier 3 authentica tion TCP 139 Used between the Web Filter and workstations requiring Tier 1 or Tier 3 authentication TCP UDP 137 Used between t...

Страница 41: ...m section of the Administrator console in the following windows Operation Mode LAN Settings Enable Disable Authentication Authentication Settings Authentication SSL Certificate if Web based authentica...

Страница 42: ...tion if you will only be using net use based authentication for Active Directory servers Tier 2 Choose this option if you wish to use timed Web based authentication for LDAP domains This option gives...

Страница 43: ...g this option you create either a self signed certifi cate or a Certificate Request CSR for use by the Secure Sockets Layer SSL The certificate should be placed on client machines so that these machin...

Страница 44: ...more than one domain the first one you add should be the domain on which the Web Filter resides 2 Do either of the following as necessary Assign a group administrator to oversee the newly added domai...

Страница 45: ...erating system running Internet Explorer IE 7 0 or 8 0 Firefox 3 5 Macintosh OS X Version 10 5 or 10 6 running Safari 4 0 Firefox 3 5 JavaScript enabled Java Virtual Machine Java Plug in use the versi...

Страница 46: ...Version 10 5 or 10 6 running Safari 4 0 Firefox 3 5 JavaScript enabled Java Runtime Environment if using Tier 3 authentication Pop up blocking software if installed must be disabled Network Requireme...

Страница 47: ...ws Operation Mode LAN Settings Enable Disable Authentica tion Authentication Settings Authentication SSL Certificate if Web based authentication will be used and Block Page Authentication Entries for...

Страница 48: ...The entries made in this window will vary depending on whether you will be using the invisible router or firewall mode 1 In the Mode frame select the mode to be used Invis ible Router or Firewall NOT...

Страница 49: ...find the best possible destination MAC address of a specified host usually the Web Filter gateway Send Block to Specified Host MAC Address using this preferred method the block page will always be se...

Страница 50: ...play the LAN Settings window Fig 2 2 LAN Settings window The entries made in this window will vary depending on whether you are using the invisible mode or the router or firewall mode NOTE If the gate...

Страница 51: ...be placed in different subnets In the Primary IP field of the DNS frame enter the IP address of the first DNS server to be used for resolving the IP address of the authentication server with the mach...

Страница 52: ...thentication window 2 Click Enable to enable authentication 3 Select one of three tiers in the Web based Authentication frame Fig 2 3 Enable Disable Authentication window NOTES See information on the...

Страница 53: ...ntroller or a Novell eDirectory server the M86 Authenticator automatically authenticates the end user when he she logs into his her workstation If down loading the M86 Authenticator for Apple Authenti...

Страница 54: ...umber of minutes entered in the text box 6 Click Apply Net use based authentication Tier 1 Web based Authentication disabled Net Use enabled Choose this option if you will be using net use based authe...

Страница 55: ...eb Filter with an SSL accelerator card installed Please contact M86 for more information Tier 2 Use time based profiles with time out in minutes Choose this option if using LDAP authentica tion and yo...

Страница 56: ...order for the user to have continued access to the Internet NOTE Tier 3 Authentication requires a current version of Java Runtime Environment JRE on end users PCs In some cases a JRE will need to be d...

Страница 57: ...using the most current version of JRE choose the method for distributing the current version to their workstations M86 automatically distributes JRE during user login or the default selection Administ...

Страница 58: ...from the entry made in the Host Name field of the LAN Settings window 2 In the IP Address of WINS Server field if using a WINS server for name resolution enter the IP address of each Windows DNS serve...

Страница 59: ...e same subnet as this Web Filter the net use connection will fail 4 From the NIC Device to Use for Authentication pull down menu if using the invisible mode select LAN2 for sending traffic on the netw...

Страница 60: ...n client machines so that the Web Filter will be recognized as a valid server with which they can communicate Click Authentication and select Authentication SSL Certifi cate from the pop up menu to di...

Страница 61: ...or Intermediate Certificate An inter mediate certificate is a signing certificate for an SSL certificate 4 Click Download View Certificate to open the File Down load dialog box where you indicate whet...

Страница 62: ...uthenticated TIP Click Delete Certificate to remove the certificate from the server Create Upload a Third Party Certificate Create a Third Party Certificate 1 Click the Third Party Certificate tab Fig...

Страница 63: ...s M86 Security 5 Enter an Organizational Unit code set up on your server such as Corp 6 Enter Locality information such as the name of your city or principality 7 Enter the State or Province name in i...

Страница 64: ...Do not click this button until performing the actions in the following steps TIP Click Cancel in the dialog box to cancel the procedure 2 In the Upload Signed SSL Certficate for Web Filter pop up win...

Страница 65: ...upload and to close the dialog box Download a Third Party Certificate 1 In the Third Party Certificate tab choose either SSL Certificate or Intermediate Certificate 2 Click Download View CSR to open...

Страница 66: ...Options field of the Details frame all block page options are selected by default except for Web based Authentication Choose from the following options by clicking your selection Web based Authentica...

Страница 67: ...er portion of the M86 WFR User Guide for information about the Override Account feature 2 If the Re authentication option was selected in the Logon Script Path field PDCSHARE scripts displays by defau...

Страница 68: ...s on the user s screen Fig 2 14 Block page NOTES See Block Page Customization for information on adding free form text and a hyperlink at the top of the block page Appendix B Create a Custom Block Pag...

Страница 69: ...ry category that blocked the user s access to the URL displays If the content the user attempted to access is blocked by an Exception URL Exception displays instead of the library category name Blocke...

Страница 70: ...ntication window Clicking this link takes the user to the Options window described in the Options page sub section that follows To submit this blocked site for review click here This phrase and link i...

Страница 71: ...he block page For further options click here Fig 2 15 Options page The following items previously described for the Block page display in the upper half of the Options page BACK and HELP links User Ma...

Страница 72: ...tication Options field in the Block Page Authentication window The following phrase link displays Click here for secure Web based authentication When the user clicks the link the Authentication Reques...

Страница 73: ...ed Authentication was selected in the Block Page Authentication window If the user believes he she was incorrectly blocked from a specified site or service he she should re start his her machine and l...

Страница 74: ...ternet content blocked at the global or IP sub group level The user should enter his her Username and Password and then click Override to open the Profile Control window This window must be left open...

Страница 75: ...tomization and then select Common Customiza tion from the pop up menu to display the Common Custom ization window Fig 2 18 Common Customization window By default in the Details frame all elements are...

Страница 76: ...bled displays Blocked URL followed by the blocked URL in block pages Copyright Display if enabled displays M86 Web Filter copyright information at the footer of block pages and the authentication requ...

Страница 77: ...The associated email address specified in the Submission Email Address field described below is accessible to the end user by clicking the click here link NOTE If enabling the Submission Review Displa...

Страница 78: ...on Form from the pop up menu Fig 2 19 Authentication Form Customization window NOTE This window is activated only if Authentication is enabled via System Authentication Enable Disable Authentication a...

Страница 79: ...layed beneath the Authentication Request Form header In the Link Text field enter text for the link s URL to be displayed beneath the Description in the Authentica tion Request Form and in the Link UR...

Страница 80: ...n Customization window Fig 2 20 Sample Customized Authentication Request Form By default the following data displays in the frame Username field The username displays Password field The user s IP addr...

Страница 81: ...page that explains why access to the site or service may have been denied M86 Security Clicking this link takes the user to M86 s Web site 2 Click the X in the upper right corner of the window to clo...

Страница 82: ...ustomization window NOTE See Appendix B Create a Custom Block Page from the M86 Web Filter User Guide M86 IR Web Filter User Guide or the Web Filter portion of the M86 WFR User Guide for information o...

Страница 83: ...e to be displayed beneath the block page header In the Link Text field enter text for the link s URL to be displayed beneath the Description in the block page and in the Link URL field enter the corre...

Страница 84: ...Block Page By default the following data displays in the User Machine frame User Machine field The username displays for the LDAP user This field is blank for the IP group user IP field The user s IP...

Страница 85: ...en tication window Clicking this link takes the user to the Options window described in the Options page sub section To submit this blocked site for review click here This phrase and link is included...

Страница 86: ...r accounts are set up in the Administrator window from the System section of the console NOTE IP group administrator accounts are set up in the IP branch of the Policy tree when new IP groups are crea...

Страница 87: ...he same entry again in the Confirm Password field 4 Select Sub Admin from the Type pull down menu 5 Click Add to include the username and account type in the Current User list box Update the group adm...

Страница 88: ...me from the Current User list box 2 Click Delete to remove the account NOTE If a group administrator assigned to an LDAP node is deleted that group administrator must be removed from assign ment to th...

Страница 89: ...options will be addressed For information about all other options see the View Log File window in the M86 Web Filter User Guide M86 IR Web Filter User Guide or the Web Filter portion of the M86 WFR U...

Страница 90: ...irectory Agent Event Log edirEvent log used for viewing the event log if using eDirectory LDAP authentication Authentication Module Log authmodule log used for viewing information about SEVERE error m...

Страница 91: ...me field enter either the IP address or the hostname of the authentication server 3 In the LDAP Server Port field enter the LDAP server port number By default enter 389 4 In the LDAP Domain Label fiel...

Страница 92: ...y tree Select the LDAP domain you added and choose Domain Details from the pop up menu to display the default Type tab of the LDAP Domain Details window Fig 3 2 Domain Details window Type tab The LDAP...

Страница 93: ...ully detected the appro priate LDAP Server Type radio button will be pre selected on the Type tab 1 If making a selection on this tab the following options are available Microsoft Active Directory Mix...

Страница 94: ...ings do not alter anything in these tabs The only action you need to execute on these tabs is to confirm the settings by clicking the Next button at the bottom of the window until you reach the Addres...

Страница 95: ...Use Primary Group checkbox displays on this tab You may wish to check this box to indicate that profiles based on user groups should be assigned to users If using Novell eDirectory or Sun One the Use...

Страница 96: ...Include List and Exclude List are populated with appropriate user objects based on the server type 1 Generally no action needs to be performed on this tab However under special circumstances the follo...

Страница 97: ...2 If any modifications were made on this tab click Save 3 Click Next to go to the Workstation tab Workstation Objects The Workstation tab is used for including or excluding work station objects in th...

Страница 98: ...n clicking the Edit button A workstation object can be removed by selecting the workstation object and then clicking Remove 2 If any modifications were made on this tab click Save 3 Click Next to go t...

Страница 99: ...SL certificate that will be uploaded to the server The Server IP Address that displays by default is the one that was entered in the LDAP Server IP field of the Create LDAP Domain dialog box The DNS D...

Страница 100: ...edited if necessary If this field is not populated enter the LDAP query base 2 If any modifications were made on this tab click Save 3 Click Next to go to the Account tab Account Info The Account Info...

Страница 101: ...inistrator cn Users dc qc2domain dc local or cn admin o logo org Then enter the password in the Password and Confirm Password fields For an Active Directory LDAP server type if you do not know the aut...

Страница 102: ...ly saved on this tab the Distinguished Name Auto Discovery frame will no longer display at the bottom of this tab 2 Click Save to save your entries 3 Click Next to go to the SSL tab SSL Settings SSL s...

Страница 103: ...nd do the following a In the Wait __ seconds for certificate field by default 3 displays Enter the number of seconds to wait before the certificate is automatically uploaded b Click Upload to upload t...

Страница 104: ...o to the Alias List tab Alias List The Alias List will be automatically populated if the Account Name was entered in the Account tab This list includes all alias names for the domain that will be incl...

Страница 105: ...ons If an Organizational Unit OU has been deleted from the LDAP directory but has already been added to the alias list the list can be reloaded by clicking the Reload OU List button When clicking this...

Страница 106: ...Default Rule tab 1 This tab is comprised of the following components that can be modified By default Rule0 is the default rule This rule can be changed by making another selection from the pull down...

Страница 107: ...ns in LDAP Backup Server Configuration NOTE If Novell eDirectory was selected for the LDAP Server Type and the Novell eDirectory Agent option was enabled in the Enable Disable Authentication window in...

Страница 108: ...buttons can be clicked at any time during the wizard setup process Click Close to close the wizard pop up window 2 Enter edit or verify the following criteria Server DNS Name DNS name of the LDAP serv...

Страница 109: ...at will be uploaded to the server NETBIOS Domain Name an entry in this field is optional Server LDAPS Port by default 636 displays in this field Server LDAP Port by default the value that was entered...

Страница 110: ...hed Name in the LDAP Account Name field For example cn Administrator cn Users dc qc2domain dc local or cn admin o logo org b Enter the password in the Password and Confirm Password fields If the LDAP...

Страница 111: ...e bottom of this tab 6 Click Save to save your entries 7 Click Next to go to the SSL tab Fig 3 16 Backup Server Configuration SSL Settings SSL settings should be made if your network requires a secure...

Страница 112: ...load SSL Certificate for LDAPS pop up window see Fig 3 9 Click Browse to open the Choose file window and select the Web Filter s SSL certificate Click Upload File to upload the SSL certificate to the...

Страница 113: ...ITY USER GUIDE 101 Delete a backup server s configuration On the Default Rule tab click Delete to remove the backup server s configuration Delete a domain To delete a domain profile choose Delete from...

Страница 114: ...lly Add Worksta tion Manually Add Member Manually Add Group and Upload Profile Add nodes to the domain tree list Before you can create filtering profiles for groups worksta tions users and or containe...

Страница 115: ...clicking the Workstation User Group or Container radio button 2 If User or Group was selected choose either cn common name or uid user ID from the pull down menu for the attribute type used in the LD...

Страница 116: ...grid click Mark Unmark All To select or deselect all highlighted records in the grid click Mark Unmark Selected This feature works only if records are first selected in the grid by clicking on them M...

Страница 117: ...he tree is refreshed all nodes with rules applied to them appear in the tree Delete a rule To delete a rule from a profile the entity must currently display in the grid and have a rule assigned to the...

Страница 118: ...the one that is positioned highest in the list is applied NOTES Groups automatically populate the Profile Group s list box if these groups have one or more identical users and were added to the tree l...

Страница 119: ...the tree list so that a filtering profile can be defined for that workstation 2 Enter the workstation name in the text box using the entire Distinguished Name For example cn engi neering cn tester dc...

Страница 120: ...profile can be defined for that user 2 Enter the username in the text box TIP LDAP usernames should be input exactly as entered as entered for the LDAP Distinguished Name Examples CN Jane Doe CN User...

Страница 121: ...ually Add Group box This dialog box is used for adding a group name to the tree list so that a filtering profile can be defined for that group 2 Enter the group s name in the text box using the entire...

Страница 122: ...pop up menu to open the Upload User Group Profile window Fig 3 22 Upload User Group Profile window This window is used for uploading a file to the tree with workstation user group or container names a...

Страница 123: ...sed on the type of file format used the file should have the following name ldapwrkstnprofile conf if the file contains LDAP workstation profiles ldapuserprofile conf if the file contains LDAP user pr...

Страница 124: ...ngs will not be effective until the user logs off and back on the server 5 Click Upload File to upload this file to the server The Upload Successful pop up window informs you to click Reload in order...

Страница 125: ...y tree the global administrator assigns Sub Admin group administrators the following entities nodes to manage domain group s workstations members and or containers NOTE See Set up Group Administrator...

Страница 126: ...her assignment 1 Click Assign to at any level of the LDAP Policy tree domain group workstation member or container to open the Assign Access pop up window see Fig 4 1 In the Assign Access to selected...

Страница 127: ...u topics sub topics and tree nodes currently available to that Sub Admin 5 Click the X in the upper right corner of that pop up window to close it TIP If necessary another Sub Admin from the Assign to...

Страница 128: ...orner of the Assign Access pop up window to close it TIP To unassign the Sub Admin from that node click the Unas signed Access checkbox and then click Apply To re assign the node to another Sub Admin...

Страница 129: ...profile creation and maintenance Group Member Details Profile Exception URL Time Profile Remove and Assign to For LDAP containers the Container Details option is avail able for viewing information ab...

Страница 130: ...LDAP group This window is used for viewing profile information about a group and for adding members to a group In the Group Details frame the following details display Group name Full Name Distinguis...

Страница 131: ...oose Container Details from the pop up menu to display the Container Details window Fig 4 5 Container Details window This view only window provides the following information about the container Contai...

Страница 132: ...p up menu to display the default Category tab of the Profile window Fig 4 6 Group Profile window Category tab LDAP group The Profile option is used for viewing creating the filtering profile of the de...

Страница 133: ...ering Level displays in the Available Filter Levels pull down menu and the Minimum Filtering Level box displays Child Pornography and Pornography Adult Content By default Uncategorized Sites are allow...

Страница 134: ...lumn Pass URLs in this category will pass to the end user Allow URLs in this category will be added to the end user s white list Warn URLs in this category will warn the end user that the URL he she r...

Страница 135: ...ota minutes NOTE See the Quota Settings window in Chapter 1 System screen of the M86 Web Filter User Guide M86 IR Web Filter User Guide or the Web Filter portion of the M86 WFR User Guide for more inf...

Страница 136: ...LDAP group Redirect URL is used for specifying the URL to be used for redirecting users who attempt to access a site or service set up to be blocked 1 Specify the type of redirect URL to be used Defa...

Страница 137: ...l be applied to the entity s filtering profile 1 Click the checkbox es corresponding to the option s to be applied to the filtering profile X Strikes Blocking Google Bing Yahoo Youtube Ask AOL Safe Se...

Страница 138: ...indow is used for blocking group members access to specified URLs and or for letting group members access specified URLs blocked at the minimum filtering level NOTE Settings in this window work in con...

Страница 139: ...decimal long format e g http 0x46 0x55 0x96 0xd2 decimal value format e g http 1180014290 escaped hexadecimal format e g http 57 57 57 41 44 44 49 43 54 49 4E 47 47 41 4D 45 53 43 4F 4D query string e...

Страница 140: ...URL found by the query Uncheck any checkbox corresponding to a URL you do not want to include in your list Click the Check uncheck all checkbox at the bottom of this window to toggle between selecting...

Страница 141: ...ckbox for the ignore warnings and add URL field activates the Add Selected button Clicking Add Selected closes the pop up window and moves the selected URLs to the opposite frame in the Exception URL...

Страница 142: ...P address URL to maximize results to be returned by the URL query 2 Click Remove to open the Remove Block URLs Remove ByPass URLs pop up window to view all corre sponding URLs found by the query Fig 4...

Страница 143: ...Apply to apply your settings after adding or removing a URL Create a Time Profile for the node From the domain select the node and choose Time Profile from the pop up menu to display the Time Profile...

Страница 144: ...ime Profile 2 Type in three to 20 alphanumeric characters the under score _ character can be used for the profile name 3 Click OK to close the pop up box and to open the Adding Time Profile pop up win...

Страница 145: ...row in the date drop down menu to open the calendar pop up box In this pop up box you can do the following Click the left or right arrow at the top of this box to navigate to the prior month or the ne...

Страница 146: ...y is chosen select from 1 31 If a non specific day is chosen make selections from the two pull down menus for the following week of the month First Fourth or Last day of the month Sunday Saturday Day...

Страница 147: ...e first Monday in June For example if the current month and year are May 2010 the first Monday in June this year would be the 7th The next time this profile would be used will be in June 2012 6 In the...

Страница 148: ...shows the Name and Description of the time profile that was just added WARNING If there is an error in a time profile the Description for that time profile displays in red text Select that time profi...

Страница 149: ...indow NOTE Only filtering profile lookups for LDAP nodes will be addressed in this sub section Please refer to the M86 Web Filter User Guide M86 IR Web Filter User Guide or the Web Filter portion of t...

Страница 150: ...LDAP profile User login name path of the LDAP profile on the domain For a workstation profile this path includes the workstation name Rule name if this profile uses a non custom rule the rule number d...

Страница 151: ...egory will be blocked Quota If a number displays in this column the corresponding category group library category was set up as passed but with a time limit as defined by the number of minutes in that...

Страница 152: ...ctively in which a quota is specified Blocked Ports optional ports that have been set up to be blocked if established Redirect URL optional the URL that will be used for redirecting the user away from...

Страница 153: ...ntication Settings Before deploying authentication on the network you should test your settings to be sure the Authentication Request Form login page can be accessed If properly set up the Authenticat...

Страница 154: ...hentication SSL Certificate window in Chapter 2 is placed on all workstations of users who will be authenticated This ensures that users will not receive the Security Alert warning message from the se...

Страница 155: ...p test 1 Click the IP branch of the tree 2 Select Add Group from the pop up menu to open the Create New Group dialog box Fig 5 2 Create New Group box 3 Enter test as the Group Name 4 Enter the passwor...

Страница 156: ...up test with a 32 bit net mask 1 Select the IP Group named test from the tree 2 Click Members in the pop up menu to display the Members window Fig 5 4 Group Members window 3 Click the radio button co...

Страница 157: ...sk 1 Select the IP Sub Group workstation from the tree 2 Click Members in the pop up menu to display the Members window Fig 5 5 Sub Group Members window 3 Click the radio button corresponding to Membe...

Страница 158: ...isplay the Sub Group Profile window Fig 5 6 Sub Group Profile window Category tab 3 In the Category Profile page select Block All from the Available Filter Levels pull down menu TIP Blocks of category...

Страница 159: ...e Redirect URL tab to display the Redirect URL page Fig 5 7 Sub Group Profile window Redirect URL tab 2 Select Authentication Request Form NOTE The host name of the Web Filter will be used in the redi...

Страница 160: ...the Filter Options tab to display the Filter options page Fig 5 8 Sub Group Profile window Filter Options tab 2 Uncheck all the checkboxes X Strikes Blocking Google Bing Yahoo Youtube Ask AOL Safe Sea...

Страница 161: ...u must have your own profile set up in order to complete the test process 1 Launch an Internet browser window supported by the Web Filter Fig 5 9 Internet Explorer browser 2 Enter a URL in the Address...

Страница 162: ...the Domain and Alias fields display select the following information Domain you are using Alias name for that domain unless Disabled displays and the field is greyed out 5 Click Log In to authenticate...

Страница 163: ...00 The entry you make should initiate a connection with Tier 1 TIP The virtual IP address should be the same as the one entered in the Virtual IP Address to Use for Authentication field in the Authent...

Страница 164: ...up authentication and Global Group Profile authentication Select the option you wish to use on your network Go to the Activate Web based authentication for an IP Group sub section for instructions on...

Страница 165: ...tication over the Global Group Profile authentication option as it decreases the load on the Web Filter Step 1 Create a new IP Group webauth 1 Click the IP branch of the tree 2 Select Add Group from t...

Страница 166: ...h from the tree 2 Click Members in the pop up menu to display the Members window Fig 5 12 Members window 3 Click the radio button corresponding to Source IP 4 Enter the Source IP address of the workst...

Страница 167: ...ck Add Sub Group in the pop up menu to open the Create Sub Group dialog box Fig 5 13 Create Sub Group box 3 Enter the Group Name of your choice 4 Click OK to add the Sub Group to the IP Group 5 Select...

Страница 168: ...om the tree 2 Click Sub Group Profile in the pop up menu to display the Sub Group Profile window Fig 5 15 Sub Group Profile window Category tab 3 In the Category Profile page select Block All from the...

Страница 169: ...the Authentication Request Form radio button selection uses the host name of the server not the IP address be sure there is a DNS resolution for the host name 3 Click Apply As a result of these entrie...

Страница 170: ...ick the Filter Options tab to display the Filter options page Fig 5 17 Sub Group Profile window Filter Options tab 2 Uncheck all the checkboxes X Strikes Blocking Google Bing Yahoo Youtube Ask AOL Saf...

Страница 171: ...p menu 2 Select Global Group Profile to display the Category tab of the Profile window Fig 5 18 Global Group Profile window Category tab a In the Category Profile page select categories to block pass...

Страница 172: ...dow Port tab a In the Port page enter the Port number to be blocked b Click Add to include the port number in the Block Port s list box c After entering all port numbers to be blocked click Apply 4 Cl...

Страница 173: ...ON THE NETWORK M86 SECURITY USER GUIDE 161 a Select Default Block Page b Click Apply 5 Click the Filter Options tab to display the Filter Options page Fig 5 21 Global Group Profile window Filter Opti...

Страница 174: ...ON ON THE NETWORK 162 M86 SECURITY USER GUIDE As a result of these entries the standard block page will display instead of the Authentication Request Form when any user in this Sub Group is blocked fr...

Страница 175: ...cluded from being served the Authentication Request Form page For this step you must choose one of two options Block Web access only Select this option if you do not want to log traffic for a machine...

Страница 176: ...TE Segments of network traffic should not be defined if using the firewall mode Range to Detect Settings 1 Click Global Group in the tree to open the pop up menu 2 Select Range to Detect to display th...

Страница 177: ...Detect Settings window main window 4 Click Start the Setup Wizard to display Step 1 of the Range to Detect Setup Wizard Range to Detect Setup Wizard Fig 5 25 Range to Detect Setup Wizard Step 1 1 Ent...

Страница 178: ...of the Wizard Fig 5 26 Range to Detect Setup Wizard Step 2 3 An entry for this step of the Wizard is optional If there are destination IP address es to be filtered enter the IP address and specify the...

Страница 179: ...ed enter the IP address and specify the Netmask or enter the Indi vidual IP address 6 Click Next to go to Step 4 of the Wizard Fig 5 28 Range to Detect Setup Wizard Step 4 7 An entry for this step of...

Страница 180: ...An entry for this step of the Wizard is optional If there are ports to be excluded from filtering enter each port number in the Individual Port field and click Add 10 Click Next to go to the final st...

Страница 181: ...VATE AUTHENTICATION ON THE NETWORK M86 SECURITY USER GUIDE 169 As a result of these entries the IP address es specified to be excluded will not be logged or filtered on the network Bypass Step 1B and...

Страница 182: ...from the tree 2 Click Sub Group Profile in the pop up menu to display the Sub Group Profile window Fig 5 31 Sub Group Profile window Category tab 3 In the Category Profile page create a custom profile...

Страница 183: ...USER GUIDE 171 Fig 5 32 Sub Group Profile window Redirect URL tab 6 Select Default Block Page and then click Apply 7 Click the Filter Options tab to display the Filter Options page Fig 5 33 Sub Group...

Страница 184: ...will use the default block page instead Go on to Step 2 to complete this process Step 2 Modify the Global Group Profile 1 Click Global Group in the tree to open the pop up menu 2 Select Global Group P...

Страница 185: ...ITY USER GUIDE 173 3 Click the Port tab to display the Port page Fig 5 35 Global Group Profile window Port tab a Enter the Port number to be blocked and then click Add to include the port number in th...

Страница 186: ...ect URL tab to display the Default Redirect URL page Fig 5 36 Global Group Profile window Redirect URL tab a Select Authentication Request Form NOTE Since the Authentication Request Form radio button...

Страница 187: ...Filter Options tab to display the Filter Options page Fig 5 37 Global Group Profile window Filter Options tab a Select filter options to be enabled b Click Apply As a result of these entries a user w...

Страница 188: ...ailure Step 1 Modify the 3 try login script Place a copy of the 3 try login script in the netlogon folder on your Domain Controller Note that this sample script should be modified to use your own Virt...

Страница 189: ...domain Step 2 Modify the Global Group Profile The last step of the activation process is to adjust the Global Group Profile to set the policy for members of an IP based profile or for users who are n...

Страница 190: ...or be blocked 4 Click Apply 5 Click the Port tab to display the Port page 6 Enter the Port number to be blocked and then click Add to include the port number in the Block Port s list box 7 After enter...

Страница 191: ...curity com support or contact us by phone by e mail or in writing For troubleshooting tips visit http www m86security com software 8e6 ts wf html Hours Regular office hours are from Monday through Fri...

Страница 192: ...TION 180 M86 SECURITY USER GUIDE Contact Information Domestic United States 1 Call 1 888 786 7999 2 Select option 3 International 1 Call 1 714 282 6111 2 Select option 3 E Mail For non emergency assis...

Страница 193: ...orate Headquarters USA 828 West Taft Avenue Orange CA 92865 4232 USA Local 714 282 6111 Fax 714 282 6116 Domestic US 1 888 786 7999 International 1 714 282 6111 M86 Taiwan 7 Fl No 1 Sec 2 Ren Ai Rd Ta...

Страница 194: ...t to resolve the issue directly If your issue needs to be escalated you will be given a ticket number for reference and a senior level technician will contact you to resolve the issue If your issue re...

Страница 195: ...thentication Tier Selections Web Filter authentication is designed to support the following server types for the specified tier s Tier 1 Net use based authentication NOTE Login scripts must be used fo...

Страница 196: ...A 1 Net use based authentication module diagram 1 The user logs on the network from a Windows worksta tion also known as client or machine 2 The authentication server on the network sends the user s...

Страница 197: ...es 7 When the user logs off changes IP addresses loses the network connection or in any way causes the IPC connection to be altered or deactivated the Web Filter senses this change and returns the IP...

Страница 198: ...ecification defines both the communication protocol and the structure or schema to a lesser degree There is an Internet Assigned Network Authority IANA standard set that all LDAP directories should co...

Страница 199: ...tion server domain name usernames and passwords user groups login scripts Login scripts Login or logon scripts are used by the Web Filter for reau thenticating users on the network The following synta...

Страница 200: ...logon c winnt sysvol sysvol domainname suffix scripts c winnt sysvol domainname scripts The login script must be specified either in the user s domain account or in the Active Directory Group Policy...

Страница 201: ...r in charge of the LDAP server should create a user for the Web Filter in order to give that user full read access to the groups and users in the directory Since the LDAP directory is structured as a...

Страница 202: ...agram 1 The user makes a Web request by entering a URL in his her browser window 2 The Web Filter intercepts this request and sends the user the Authentication Request Form requesting the user to log...

Страница 203: ...ot call for the Web Filter to maintain a connection with the client machine so the Web Filter cannot detect when the user logs off of a workstation In order to remove the end user s profile one of two...

Страница 204: ...s end user s profile is completely removed in the event the end user did not log out successfully echo off start cls net use 10 10 10 10 LOGOFF delete try1 NET USE 10 10 10 10 LOGOFF if errorlevel 1 g...

Страница 205: ...h his her assigned profile echo off startremove cls NET USE 10 10 10 10 LOGOFF delete tryremove1 NET USE 10 10 10 10 LOGOFF if errorlevel 1 goto tryremove2 if errorlevel 0 echo code 0 Success goto end...

Страница 206: ...2 NET USE 10 10 10 10 R3000 if errorlevel 1 goto try3 if errorlevel 0 echo code 0 Success goto end try3 NET USE 10 10 10 10 R3000 if errorlevel 1 goto error if errorlevel 0 echo code 0 Success goto en...

Страница 207: ...ntering a URL in his her browser window 2 The Web Filter intercepts this request and sends the user the Authentication Request Form requesting the user to log in with his her login ID and password 3 T...

Страница 208: ...e Authentication window See the Enable authentication specify criteria sub section in Chapter 2 Network Setup On a Macintosh the M86 Authenticator client Authenti cator should be installed on the clie...

Страница 209: ...B available space 2 GB of available unpartitioned disk space outside the DOS partition for volume sys One network board CD drive Recommended system requirements The following Windows server components...

Страница 210: ...display adapter One network board CD drive Workstation requirements The M86 Authenticator client works with the following oper ating systems Windows XP Pro SP1 and 2 Windows 2000 Pro SP4 Windows XP an...

Страница 211: ...ername and domain name using either Windows or Novell APIs and sends this informa tion LOGON event to the Web Filter 5 The Web Filter looks up the groups to which the end user belongs Windows AD PDC o...

Страница 212: ...trieves the username and domain name and sends this information LOGON event to the Web Filter 5 The Web Filter looks up the groups to which the end user belongs and determines the profile assignment 6...

Страница 213: ...optional The default location of the configuration file is the same path name as the authen ticat exe client but with a cfg extension instead of exe The full path name can be specified on the command...

Страница 214: ...rameter Review the comment following Table 1 for more infor mation If the path is not specified the following directo ries are searched in this order a current working directory i e the directory from...

Страница 215: ...a comment A immediately preceding a param eter will cause that parameter and its data to be ignored which is convenient for temporarily reverting a parameter to default values during testing Sample c...

Страница 216: ...update packet PCFG After decryption with protocol headers removed RH 30000 RC 1000 LE 1 You only need to change the options you do not wish to remain as default Often the IP address of the Web Filter...

Страница 217: ...ORT 0 0 0 0 0 0 0 0 RV Web Filter VPN Support Table IP IP IP PORT RP Web Filter Port 1 65535 139 139 RH Web Filter Heart beat Timer MS 1 4 billion milliseconds 30000 30000 30 sec RR Web Filter Recon n...

Страница 218: ...pt will be made to load the default configuration file If the alter nate configuration file is specified and is blank CF the M86 Authenticator will not attempt to load any config uration file this can...

Страница 219: ...ed based on an IP range that matches the client s IP address multiple destination Web Filter addresses may be used in each set and will have the same functionality as multiple destinations specified i...

Страница 220: ...end user logs on or off the network and adds removes his her network IP address thus setting the end user s filtering profile accord ingly Environment requirements Novell eDirectory servers The follo...

Страница 221: ...ows Version 4 91 SP2 Macintosh Prosoft NetWare client Version 2 0 Novell eDirectory setup The eDirectory Agent uses the LDAP eDirectory domain configuration setup in the Web Filter Administrator conso...

Страница 222: ...p server can be specified in the LDAP domain setup wizard in the event of a connection failure to the primary Novell eDirectory server Email alerts are sent to the administrator in such events NOTE Ba...

Страница 223: ...table is forwarded to the Web Filter so the end user is given the appropriate filtering profile The AD Agent can be installed on any Windows 2000 or 2003 server on the domain and does not have to be i...

Страница 224: ...Windows environment 1 AD Agent is installed in either a domain controller or on a separate Windows server that can talk to the domain controller via Windows APIs 2 End users log on off the network and...

Страница 225: ...eb Filter go to System Authentication Enable Disable Authentication window in the Web Filter user interface and specify the following criteria Fig A 3 Enable Disable Authentication window AD Agent fra...

Страница 226: ...howing the Computer Name in all upper case letters and asterisks for the Passphrase NOTES To modify any of the criteria for an existing Computer Name entry select the Computer Name from the list and t...

Страница 227: ...ervices group NOTE Any users in the dcagent_services group have permission to manage the AD Agent 4 Open the Domain Security Policy console and do the following a Expand the Local Policies Audit Polic...

Страница 228: ...main Controller Security Policy console Step 3 AD Agent installation on Windows server The steps in this section provide instructions for setting up and running AD Agent on a simple single domain netw...

Страница 229: ...quire updating other Windows components before installing the AD Agent 2 Click Run to open the End User License Agreement EULA in the M86 AD Agent installation setup wizard Fig A 6 AD Agent EULA 3 Aft...

Страница 230: ...installation setup process Fig A 8 AD Agent installation 5 When the AD Agent installation setup process has successfully finished completion information displays Fig A 9 Installation Complete Click Cl...

Страница 231: ...chine changes from primary to satellite or vice versa TIP To access the configuration wizard after the initial setup process go to Start on the Windows machine and from the M86 AD Agent menu select Qu...

Страница 232: ...er the Password for this account specified during Step 2 b Enter this same password again in the Confirm pass word field NOTE If modifying an existing AD Agent installation and no changes need to be m...

Страница 233: ...imary indicating that this is either the only machine running AD Agent or this is the central machine among a team comprised of one or more Satellite machines running AD Agent If the role of this AD A...

Страница 234: ...mation page see Fig A 14 4 If configuring a primary AD Agent make the following entries in the appropriate fields Fig A 13 Web Filter criteria a Enable transmissions to this appliance Click this check...

Страница 235: ...After configuring the AD Agent in either a primary or satellite role click Next to display the confirmation page indicating whether the AD Agent started up successfully Fig A 14 Confirmation informat...

Страница 236: ...or running or stop ping the AD Agent service and for configuring a primary AD Agent or Agent team TIP To access the Active Directory Agent console after the initial setup process go to Start on the Wi...

Страница 237: ...ity was logged in local military time using the HH MM SS format Application program in AD Agent that produced the record e g Netscan Transmit Monitor Collector Logscan Level severity of the filter use...

Страница 238: ...ning the contents of the activity log View download the activity log in the Excel spreadsheet format Click the View as spreadsheet button to launch a spreadsheet in Microsoft Excel containing the cont...

Страница 239: ...does not display on machines config ured to run AD Agent in the satellite role In this tab the session table displays comprised of rows of end user login logout activity records retrieved by probes s...

Страница 240: ...ick a column header to sort all rows in the table in descending order by that column Click the column header again to resort all rows in the table in ascending order by that column View download the s...

Страница 241: ...iguration window Session table spreadsheet The session table spreadsheet contains the contents of the current session table plus these additional columns of data Record Type Logged in Y or N Login typ...

Страница 242: ...n to open the Session Properties pop up window or Right click the record in the session table and then select Properties from the pop up menu to open the Session Properties pop up window Fig A 17 Sess...

Страница 243: ...be a workstation on demand do one of the following Click the record in the session table and then click the Probe workstation button to open the Workstation Interactive Probe pop up window or Right cl...

Страница 244: ...ing system WMI Probe this probe is disabled by default and can be enabled via the Options page in the Active Directory Agent Configuration window This probe which takes longer to identify an end user...

Страница 245: ...te to primary and the service also can be stopped or started 1 Click Configuration on either the Session tab or Activity tab to open the Active Directory Agent Configuration window Fig A 19 Primary ho...

Страница 246: ...d Cancel buttons at the bottom of this window are deactivated by default and become activated if entries are made in any of the pages For satellite hosts fields in all pages display greyed out The fol...

Страница 247: ...m any of the following actions Start Service This button is activated if the AD Agent service is not running Clicking this button begins running the AD Agent service Stop Service This button is activa...

Страница 248: ...A 21 Primary host Configuration Appliance By default the fields in this page are populated with entries made during the configuration wizard setup process If necessary changes can be made to any of th...

Страница 249: ...s the name of the primary server greyed out on servers functioning as the primary host The AD Agent servers list box includes all AD Agent hosts that have been manually added to the list box on the pr...

Страница 250: ...s a pop up window showing the current workload on the specified machine running the AD Agent Add a satellite On a primary host server 1 Click Add to open the Add New Satellite pop up window Fig A 23 A...

Страница 251: ...IP Address Filters previously entered in this dialog box display indicating the servers and or machines this satellite has been manually assigned to scan If entries are not made here the primary host...

Страница 252: ...dialog box Fig A 25 IP Filter Properties dialog box Netmask 4 In the IP Filter Properties dialog box go to Filter type and specify whether a subnet or IP address range will be used as criteria for de...

Страница 253: ...ion dialog box click OK to close the dialog box Check the status of a satellite To check a specific host s current workload to determine whether or not the workload needs to be redistributed 1 Select...

Страница 254: ...greater than the amount shown in this column may signify a problem in probing some work stations on the network Memory used the amount of memory used by the host during the specified time period CPU...

Страница 255: ...r of hours of activity for scanning all domain controllers and including this infor mation in the newly built activity log The entry in this field applies only to scenarios in which the AD Agent conso...

Страница 256: ...t this checkbox is checked indicating that any worksta tion a probe fails to find will be automatically logged off in the activity log Other servers By default this field is blank If there are servers...

Страница 257: ...address to be used in the event of a crit ical system error Enable e mail notifications Click this checkbox to activate the fields in this page Recipient email address Enter the email address of the...

Страница 258: ...age to test the email setup connec tion Make any necessary modifications to your entries if the sending mail connection fails NOTE The primary AD Agent sends an alert email message each day to the adm...

Страница 259: ...gnize LDAP server as a trusted source This appendix provides steps on exporting an SSL certifi cate from a Microsoft Active Directory or Novell server the most common types of LDAP servers Also includ...

Страница 260: ...is server and is up and running indicated by a green check mark on the server icon see circled item in Fig B 1 Locate Certificates folder 1 Go to Start Run to open the Run dialog box In the Open field...

Страница 261: ...the toolbar click Console to open the pop up menu Select Add Remove Snap in to open the Add Remove Snap in dialog box Fig B 4 Add Remove Snap in 4 Click Add to open the Add Standalone Snap in dialog...

Страница 262: ...og box 6 Choose Computer account and click Next to go to the Select Computer wizard page Fig B 7 Select Computer dialog box 7 Choose Local computer the computer this console is running on and click Fi...

Страница 263: ...n added to the Console Root folder Fig B 8 Console Root with snap in Export the master certificate for the domain 1 Go to the right panel of the Console and select the master certificate for the domai...

Страница 264: ...ITY USER GUIDE This action launches the Certificate Export Wizard Fig B 10 Certificate Export Wizard 3 Click Next to go to the Export Private Key page of the wizard Fig B 11 Export Private Key 4 Selec...

Страница 265: ...ITY USER GUIDE 253 Fig B 12 Export File Format 5 Select Base 64 encoded X 509 CER and click Next to go to the File to Export page of the wizard Fig B 13 File to Export 6 Enter the File name of the fil...

Страница 266: ...RITY USER GUIDE Fig B 14 Settings 7 Notice that the specified settings display in the list box indicating the certificate has been successfully copied from the console to your disk Click Finish to clo...

Страница 267: ...From the console of the LDAP server go to the tree in the left panel and open the Security folder to display the contents in the Console View right panel Fig B 15 Novell Console window 2 Find the tree...

Страница 268: ...he Export A Certificate pop up window Fig B 17 Export A Certificate pop up window 5 Select File in binary DER format for the Output format The path of the certificate displays in the Filename field 6...

Страница 269: ...ting an SSL certificate once it has been imported to the LDAP server Therefore a copy of the root certificate in the cer or der format that was used to sign the LDAP server s certificate must be uploa...

Страница 270: ...support for assistance in imple menting any of the changes described in this appendix OpenLDAP Server Scenario Not all users returned in LDAP Browser window In this scenario a query is performed in t...

Страница 271: ...r or quota Each non quota filtering profile in the file must contain the following items 1 The workstation name username group name or container name 2 Filtering profile criteria Rule number Rule0 Rul...

Страница 272: ...from the following lists of codes that are used in profile strings Port command codes A Filter all ports B Filter the defined port number s I Open all ports J Open the defined port number s M Set the...

Страница 273: ...of a profile string indicating that all other categories should pass PASSED When positioned at the end of a string of categories or after a category command code this code indicates that unidentified...

Страница 274: ...0x1 at the end of the profile string Quota format A separate file apart from the LDAP profile file must be used in order to include quotas in the LDAP group user profile In this file each quota profi...

Страница 275: ...Each profile must be entered on a separate line in the file Category Codes must be entered in capital letters Port and category command codes must be entered in capital letters A redirect URL cannot...

Страница 276: ...ile string following the semicolon for the DN should be separated by commas 0x1 should be placed at the end of a profile string without any filter options enabled Workstation profile list format Here...

Страница 277: ...N Jane Doe CN Users DC qc DC local R 21 A J R KDPORN GPORN M PASSED I 1 0x1 CN Public Joe Q OU Users OU Sales DC qc DC local Rule0 0x1306 NOTE The DN format must contain the username and user group CN...

Страница 278: ...n name attribute type and the domain and DNS suffix DC domain component attribute type The OU organizational unit attribute type also can be included Each attribute type should be followed by an equal...

Страница 279: ...ain the group name and if applicable user group CN common name attribute type and the domain and DNS suffix DC domain component attribute type The OU organizational unit attribute type also can be inc...

Страница 280: ...ed on his her workstation will need to temporarily disable pop up blocking in order to authenticate him herself via the Options page Fig E 1 Options page This appendix provides instructions on how to...

Страница 281: ...erride button this action opens the override account pop up window Add override account to the white list If the override account window was previously blocked by the Yahoo Toolbar it can moved from t...

Страница 282: ...g E 3 Allow pop ups from source 3 Select the source from the Sources of Recently Blocked Pop Ups list box to activate the Allow button 4 Click Allow to move the selected source to the Always Allow Pop...

Страница 283: ...imultaneously clicking the Override button this action opens the override account pop up window Add override account to the white list To add the override account window to the white list so that it w...

Страница 284: ...archSafe toolbar lets you toggle between enabling pop up blocking popups blocked and disabling pop up blocking Popup protection off by clicking the pop up icon 1 In the IE browser go to the SearchSafe...

Страница 285: ...ite list 1 From the Firefox browser go to the toolbar and select Tools Options to open the Options dialog box 2 Click the Content tab at the top of this box to open the Content section Fig E 6 Mozilla...

Страница 286: ...R GUIDE Fig E 7 Mozilla Firefox Pop up Window Exceptions 4 Enter the Address of the web site to let the override account window pass 5 Click Allow to add the URL to the list box section below 6 Click...

Страница 287: ...able the pop up blocking feature in the IE browser Use the Internet Options dialog box 1 From the IE browser go to the toolbar and select Tools Internet Options to open the Internet Options dialog box...

Страница 288: ...p Blocker this menu selec tion changes to Turn Off Pop up Blocker and activates the Pop up Blocker Settings menu item You can toggle between the On and Off settings to enable or disable pop up blockin...

Страница 289: ...d go to the toolbar and select Tools Pop up Blocker Pop up Blocker Settings to open the Pop up Blocker Settings dialog box Fig E 10 Pop up Blocker Settings 2 Enter the Address of Web site to allow and...

Страница 290: ...ker Pop up Blocker Settings to open the Pop up Blocker Settings dialog box see Fig E 10 2 In the Notifications and Filter Level frame click the checkbox for Show Information Bar when a pop up is block...

Страница 291: ...This Site this action opens the Allow pop ups from this site dialog box Fig E 13 Allow pop ups dialog box 5 Click Yes to add the override account to your white list and to close the dialog box NOTE T...

Страница 292: ...way to validate users on a network LDAP is the method used by the Web Filter authentication server The domain controller on a domain This server is used for authenticating users on the network block s...

Страница 293: ...y for making translations between domain names and IP addresses domain An entity on a network comprised of servers workstations and peripherals domain component dc An attribute type entered for a doma...

Страница 294: ...rator configures the Web Filter sets up master IP groups and LDAP domains and performs routine maintenance on the server group administrator An authorized administrator of the network who maintains a...

Страница 295: ...mum filtering level is set up to block a library category this setting will override an always allowed setting for that category in a user s profile Minimum filtering level settings can be overridden...

Страница 296: ...n autho rized user the ability to access Internet content blocked at the global level or the group level An override account will bypass settings made in the minimum filtering level PDC A Primary Doma...

Страница 297: ...s theme Rules are used when creating filtering profiles for entities on the network search engine A program that searches Web pages for specified keywords and returns a list of the pages or services w...

Страница 298: ...ttp The second part specifies the IP address or the domain name where the resource is located such as 203 15 47 23 or M86 com virtual IP address The IP address used for communi cating with all users w...

Страница 299: ...finition 280 authentication activate on network 152 activate Web based for Global Group 163 activated Web based for IP group 153 configuration procedures 29 net use based module diagram 184 net use ba...

Страница 300: ...5 Backup Server Configuration wizard 96 Block page 56 block page 13 14 Block Page Authentication 54 Block Page Customization 70 block setting 19 definition 280 button terminology 3 C category custom c...

Страница 301: ...nent dc definition 281 domain controller definition 281 Domain Name Service DNS 281 dynamic group 10 dynamic group definition 281 E edirAgent log 78 eDirectory 199 208 edirEvent log 78 Enable Disable...

Страница 302: ...s 38 global administrator definition 282 global filtering profile 14 global group 8 grid terminology 4 group global 8 IP 9 LDAP 10 types of 8 group administrator definition 282 group name definition 2...

Страница 303: ...24 definition 282 domain diagram 10 domain groups 10 name resolution method 186 server customizations 258 server setup 189 LDAP Browser window 102 LDAP domain add 79 add groups users 102 LDAP domain...

Страница 304: ...og box LDAP 108 Manually Add Workstation dialog box LDAP 107 master IP group 9 filtering profile 13 methods name resolution 186 Microsoft Active Directory Mixed Mode 81 183 Native Mode 81 183 minimum...

Страница 305: ...DAP 24 103 server customizations 258 Operation Mode window 36 Options page 59 organizational unit ou definition 284 override account AdwareSafe popup blocking 272 block page authentication 55 definiti...

Страница 306: ...logy 5 Radius profile 12 re authentication block page authentication 54 net use based process 185 Redirect URL tab domain 124 requirements environment 33 router mode 36 38 definition 285 rule 18 crite...

Страница 307: ...gs 90 SSL tab 90 SSO 208 static filtering profiles 13 static group 10 static group definition 285 Sub Admin 285 sub group definition 285 sub topic terminology 6 Sun IPlanet 81 Sun One 24 81 system req...

Страница 308: ...ic terminology 6 tree terminology 7 troubleshooting tips 179 Type tab 80 U Upload User Group Profile window LDAP domain 110 URL definition 286 Usage Graphs 142 usage logs 77 user objects 84 User tab 8...

Страница 309: ...INDEX M86 SECURITY USER GUIDE 297 white list definition 286 window terminology 7 WINS Server 46 workstation objects 85 workstation requirements 33 Workstation tab 85...

Отзывы:

Нет отзывов

Похожие инструкции для M86 Web Filter

Бренд: Eaton Страницы: 10

Бренд: Paradyne Страницы: 45

Бренд: UHP Страницы: 15

Бренд: Ubiquiti Страницы: 21

Бренд: Cervoz Страницы: 22

Quadro M6000 Sync

Бренд: Nvidia Страницы: 8

SiliconDrive SSD-P16G(I)-3100

Бренд: Silicon Systems Страницы: 108

Бренд: Pressalit Care Страницы: 31

Бренд: ZoneVu Страницы: 15

Бренд: FUNcube Страницы: 23

Бренд: Idis Страницы: 16

Бренд: ZIMO Страницы: 13

Бренд: Ista Страницы: 16

Бренд: Sierra Wireless Страницы: 2

Бренд: Keysight Technologies Страницы: 106

JetStream T2600G-28TS

Бренд: TP-Link Страницы: 1136

Бренд: Renesas Страницы: 6

Бренд: ST Страницы: 37

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды