Trustwave M86 User Manual

Web filtering and reporting suite
Hide thumbs Also See for M86:
Table of Contents

Advertisement

Quick Links

M86 Web Filtering and Reporting Suite

USER GUIDE

Software Version: 3.0.00
Document Version: 02.28.11

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the M86 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Summary of Contents for Trustwave M86

  • Page 1: User Guide

    M86 Web Filtering and Reporting Suite USER GUIDE Software Version: 3.0.00 Document Version: 02.28.11...
  • Page 2 M86 Security shall not be liable for any error or for incidental or consequential damages in connection with the furnishing, performance, or use of this manual or the examples herein.
  • Page 3: Table Of Contents

    About this Portion of the User Guide ........11 Terminology ..................13 Overview ..................18 Chapter 1: Filtering Operations ..........19 Operational Modes ................19 Invisible Mode ................20 Router Mode ................22 Firewall Mode ................23 Group Types ................... 25 M86 S ECURITY UIDE...
  • Page 4 Override Account Profile ............. 30 Time Profile ................. 30 Lock Profile ................. 30 Filtering Profile Components ............31 Library Categories ..............32 M86 Supplied Categories............ 32 Custom Categories ............. 32 Service Ports ................33 Rules ..................33 Minimum Filtering Level ............33 Filter Settings ................
  • Page 5 Help Features ..............64 Access Help Topics ............64 Tooltips ................. 65 Screen and Window Navigation ......... 67 Topic Links..............67 Select Sub-topics............68 Navigate a Tree List............69 Tree List Topics and Sub-topics ........70 M86 S ECURITY UIDE...
  • Page 6 Block page ................88 Options page............... 90 Option 2 ................ 91 Option 3 ................ 92 ShutDown window ..............93 Shut Down the Server ............93 Reboot window ................. 94 Reboot the Server ............... 94 Network ................... 96 M86 S ECURITY UIDE...
  • Page 7 Perform a Diagnostic Test, View Data ......115 Command Selections ............116 Ping................116 Trace Route ..............116 Process list ..............116 TOP CPU processes ..........117 NIC configuration ............117 Active connections............117 Routing table............... 117 Current memory usage ..........118 M86 S ECURITY UIDE...
  • Page 8 Save, Print the Log File Contents ....... 144 Synchronization ................145 Setup window ................. 146 Using Only One Web Filter on the Network ..... 147 Using More than One Web Filter on the Network ..... 147 viii M86 S ECURITY UIDE...
  • Page 9 Restore Configurations to the Server ......176 Remove a Backup File ............176 View Backup and Restoration Details ......177 Reset ..................... 178 Reset window ................. 178 Radius Authentication Settings ............. 179 Radius Authentication Settings window ........179 M86 S ECURITY UIDE...
  • Page 10 Remove an Email Address from the Alert List .... 199 Close the Pop-up Window .......... 199 Warn Option Setting ..............200 Warn Option Setting window ..........200 Specify Interval for Re-displaying the Warn page ..... 201 M86 S ECURITY UIDE...
  • Page 11 Delete a Quota Reset Time from the Schedule ..233 Quota Notice page ............233 Quota Block page ............. 235 SSL Certificate ................236 SSL Certificate window ............236 Chapter 2: Policy screen ............237 Global Group ................. 239 Range to Detect window ............239 M86 S ECURITY UIDE...
  • Page 12 Minimum Filtering Level window ..........275 Minimum Filtering Categories .......... 276 Create, Edit Minimum Filtering Categories ....277 Port ................... 278 Create, Edit a List of Service Ports......278 Minimum Filtering Bypass Options........279 Specify Minimum Filtering Bypass Options ....280 M86 S ECURITY UIDE...
  • Page 13 Perform a Search Engine Keyword Check ....299 Remove a Search Engine Keyword......299 Reload the Library ............300 Customer Feedback Module ............301 Customer Feedback Module window ........301 Disable Customer Feedback Module ........ 302 Enable Customer Feedback Module......... 302 xiii M86 S ECURITY UIDE...
  • Page 14 Remove a Search Engine Keyword from the Library.. 325 Upload a List of Search Engine Keywords......325 Upload a List of Search Engine Keyword Additions ... 325 Upload a List of Search Engine Keyword Deletions ... 326 Reload the Library............. 326 M86 S ECURITY UIDE...
  • Page 15 Specify the Shadow Log Format ........347 Auto-detect option............348 Post 2.0.10 log format option........348 Apply Setting ..............348 WF G ......349 ROUP DMINISTRATOR ECTION Introduction ................349 Chapter 1: Policy screen ............350 M86 S ECURITY UIDE...
  • Page 16 Redirect URL .............. 384 Filter Options .............. 385 Exception URL............386 Approved Content............387 Modify a Time Profile ............388 Delete a Time Profile............388 Approved Content Settings window ........389 Approved Content setup and configuration....... 389 M86 S ECURITY UIDE...
  • Page 17 Approved Content Settings window ........406 Delete Individual IP ..............406 Delete an Individual IP Member ........406 Chapter 2: Library screen ............407 Library Lookup ................408 Library Lookup window ............408 Look up a URL ..............409 xvii M86 S ECURITY UIDE...
  • Page 18 Upload a Master List of Search Engine Keywords ... 428 Reload the Library............. 428 Delete Category ..............428 Delete a Custom Category..........428 ....... 429 ILTER PPENDICES ECTION Appendix A ................429 Filtering Profile Format and Rules ..........429 Rule Criteria ................430 xviii M86 S ECURITY UIDE...
  • Page 19 Part II: Customize the Block Page .......... 434 1. Set up a Web server ............. 434 2. Create a customized block page........434 Show M86’s information in the block page (optional) . 435 Implement the “further option” (optional) ....435 Customized block page examples ......436 Part III: Restart the Web Filter ..........
  • Page 20 Step 2: Choose a deployment host for updates..493 Step 3: Post the latest files for MCU......495 MC Deployment to Windows Computers ......497 Deployment to a group ..........497 Installation on a single computer ........ 500 M86 S ECURITY UIDE...
  • Page 21 YSTEM ONFIGURATION ECTION Introduction ................529 Chapter 1: Access System Configuration ......530 Chapter 2: Configuring the Server ........531 Network Menu ................531 Box Mode screen ..............532 Live Mode................532 Archive Mode ..............533 M86 S ECURITY UIDE...
  • Page 22 Page Definition screen ............557 View the Current Page Types ........... 557 Remove a Page Type ............558 Add a Page Type .............. 558 Tools screen ................559 View Diagnostic Reports ..........560 xxii M86 S ECURITY UIDE...
  • Page 23 Edit a User Group ..............590 Rebuild the User Group ............591 Delete a User Group ............... 591 Admin Groups panel ..............592 Add a Group ................593 View, Edit an Admin Group’s Permissions ......595 xxiii M86 S ECURITY UIDE...
  • Page 24 View Other Device Criteria ............. 622 View SMTP device criteria ..........622 View Patch Server device criteria ........623 View Proxy Server device criteria ........623 View NTP Server device criteria ........624 Sync All Devices ..............624 xxiv M86 S ECURITY UIDE...
  • Page 25 Introduction ................649 Chapter 1: A High Level Overview ......... 650 Dashboard ..................650 Summary Reports ................. 652 Summary Report types ............653 Modify the Summary Report view ........... 655 Download, Export a Summary Report ........656 M86 S ECURITY UIDE...
  • Page 26 Customization Buttons ............676 Modify button..............676 Limit Detail Result button ..........677 Export button ..............678 Save button ..............680 Report View Components ............. 683 Report Fields and Usage ............683 Type field................683 xxvi M86 S ECURITY UIDE...
  • Page 27 Step C: Specify Filters ............703 Step D: Specify Other Report Components ......705 Step E: Specify when to Generate the Report ......706 Step F: Save Report panel ............. 707 Saved Reports ................712 Edit a Report ................713 xxvii M86 S ECURITY UIDE...
  • Page 28 How to Read a Gauge ..............745 Bandwidth Gauge Components ............ 746 Gauge Usage Shortcuts ..............748 Chapter 2: Custom Gauge Setup, Usage ......750 Add a Gauge ................. 752 Specify Gauge Information ............. 753 Define Gauge Components ............ 754 xxviii M86 S ECURITY UIDE...
  • Page 29 Delete an alert ................ 783 View the Alert Log ................. 784 Manage the Lockout List ............... 786 View a specified time period of lockouts ......... 787 Unlock workstations ..............788 Access User Summary details ..........788 xxix M86 S ECURITY UIDE...
  • Page 30 Schedule a Security Report to Run ........816 Export a Security Report ............... 818 Security Report Format ..............820 Chapter 2: Security Report Wizard ........822 Create a Custom Security Report ..........822 Specify Report Details ............822 M86 S ECURITY UIDE...
  • Page 31 AdwareSafe Pop-up Blocker ............848 Disable Pop-up Blocking ............848 Mozilla Firefox Pop-up Blocker ............. 849 Add the Client to the White List ..........849 Windows XP SP2 Pop-up Blocker ..........851 Set up Pop-up Blocking ............851 xxxi M86 S ECURITY UIDE...
  • Page 32 Step 5: Contact Technical Support ......861 Power supply failure............861 Step 1: Verify the power supply has failed....861 Step 2: Contact Technical Support ......861 Fan failure ................ 862 Identify a fan failure ............ 862 ................863 NDEX xxxii M86 S ECURITY UIDE...
  • Page 33: Wfr Suite Overview

    NOTE: The SR application can be configured to accept logs from a M86 Secure Web Gateway (SWG) and generate security reports. See the M86 Secure Web Gateway User Guide at http:// www.m86security.com/support/Secure-Web-Gateway/Docu- mentation.asp for information on the SWG.
  • Page 34: How To Use This User Guide

    WFR console and this user guide, and provides information on how to contact M86 Security technical support. • Web Filter (WF) - Refer to this portion for information on configuring and maintaining the Web Filter application.
  • Page 35: Conventions

    IMPORTANT: The "important" icon is followed by italicized text informing you about important information or procedures to follow to ensure maximum uptime on the WFR Server. M86 S ECURITY UIDE...
  • Page 36: Components And Environment

    • Optional: One or more attached “NAS” storage devices (e.g. Ethernet connected, SCSI/Fibre Channel connected “SAN”) Software • Linux OS • Administrator User Interface (UI) console utilized by an authorized administrator to configure and maintain the WFR server • MySQL database M86 S ECURITY UIDE...
  • Page 37: Environment

    Network Requirements • Power connection protected by an Uninterruptible Power Supply (UPS) • HTTPS connection to M86 Security’s software update server • SR must be be fully configured, and the Structured Query Language (SQL) server must be installed on the network and connected to the Web access logging device(s) (e.g.
  • Page 38: End User Workstation Requirements

    • Internet Explorer (IE) 7.0 or 8.0 • Firefox 3.6 • Macintosh OS X Version 10.5 or 10.6 running: • Safari 4.0 • Firefox 3.6 • JavaScript enabled • Pop-up blocking software, if installed, must be disabled M86 S ECURITY UIDE...
  • Page 39: How To Use The Wfr On The Web

    ON THE How to Use the WFR on the Web Initial Setup To initially set up your M86 Web Filter and Reporter (WFR) server, the administrator installing the unit should follow the instructions in the M86 WFR Installation Guide, the booklet packaged with your WFR unit.
  • Page 40 Web Filter, SR Report Manager and SR System Configuration administrator console on the WFR server, without needing to use this WFR Welcome portal to individually log into the two main applications. M86 S ECURITY UIDE...
  • Page 41: Single Sign-On Access

    2. Go to the navigation links at the top of the Report Manager panel and select: • Administration > System Configuration to access the SR administrator console • Administration > Web Filter > (IP address) to access the Web Filter user interface M86 S ECURITY UIDE...
  • Page 42: Default Usernames And Passwords

    Security Reporter are identical (admin), but the pass- words are dissimilar, the SSO feature will not function. Thus, in order to use SSO, M86 recommends setting up an administrator account in the Web Filter that matches the global administrator account set up in the SR (Administra- tion >...
  • Page 43: Eb Ilter Ntroductory Ection

    NTRODUCTORY ECTION Web Filter M86 Security’s Web Filter tracks each user’s online activity, and can be configured to block specific Web sites, service ports, and pattern and file types, and lock out an end user from Internet access, thereby protecting your organization...
  • Page 44 Appendix D explains how to install, configure, and use the Mobile Client. Appendix E features a glos- sary of technical terminology used in this portion of the user guide. M86 S ECURITY UIDE...
  • Page 45: Terminology

    • field - an area in a dialog box, window, or screen that either accommodates your data entry, or displays pertinent information. A text box is a type of field. M86 S ECURITY UIDE...
  • Page 46 One or more tree lists also can display in this panel. When an item in the tree list is clicked, the tree list opens to reveal items that can be selected. M86 S ECURITY UIDE...
  • Page 47 When the circle is empty, the option is not selected. • screen - a main object of an appli- cation that displays across your monitor. A screen can contain panels, windows, frames, fields, tables, text boxes, list boxes, icons, buttons, and radio buttons. M86 S ECURITY UIDE...
  • Page 48 By clicking the link for a topic, the window for that topic displays in the right panel of the screen, or a menu of sub-topics opens. M86 S ECURITY UIDE...
  • Page 49 A window for a topic or sub-topic displays in the right panel of the screen. Other types of windows include pop-up windows, login windows, or ones from the system such as the Save As or Choose file windows. M86 S ECURITY UIDE...
  • Page 50: Overview

    • block instant messaging and peer-to-peer services • authenticate users via the existing authentication system on the network NOTE: See the M86 Web Filter Authentication User Guide at http://www.m86security.com/support/wf/documentation.asp for information on setting up and using authentication. • synchronize multiple Web Filter units so that all servers...
  • Page 51: Chapter 1: Filtering Operations

    Chapter 1: Filtering Operations Operational Modes Based on the setup of your network, the Web Filter can be configured to use one of these operational modes for filtering the network: • invisible mode • router mode • firewall mode M86 S ECURITY UIDE...
  • Page 52: Invisible Mode

    Figure 1:1-1 depicts the invisible mode that removes the Web Filter from any inclusion in the network connection path. Fig. 1:1-1 Pass-by filtering diagram M86 S ECURITY UIDE...
  • Page 53 Web Filter’s port mirrors the port connected to the router. Fig. 1:1-2 Invisible mode diagram, with port monitoring In the invisible mode, the Web Filter performs as a standa- lone server that can be connected to any network environ- ment. M86 S ECURITY UIDE...
  • Page 54: Router Mode

    Fig. 1:1-3 Router mode diagram As previously mentioned, a Web Filter set up in the router mode can also work in the invisible mode. The router mode setup also will work in the firewall mode. M86 S ECURITY UIDE...
  • Page 55: Firewall Mode

    NTRODUCTORY ECTION HAPTER ILTERING PERATIONS WARNING: M86 recommends contacting one of our solutions engineers if you need assistance with router mode setup proce- dures. Firewall Mode The firewall mode is a modification of the router mode. With the Web Filter set up in this mode, the unit will filter all requests.
  • Page 56 Web Filter. WARNING: Contact a solutions engineer at M86 Security for setup procedures if you wish to use the firewall mode. Fig. 1:1-5 Firewall mode diagram, with filtering and cache setup...
  • Page 57: Group Types

    The filtering profile created for the global group represents the default profile to be used by all groups that do not have a filtering profile, and all users who do not belong to a group. M86 S ECURITY UIDE...
  • Page 58: Ip Groups

    IP members, override account, time profiles and exception URLs, and maintains filtering profiles of all members in the master IP group. Fig. 1:1-6 IP diagram with a sample master IP group and its members M86 S ECURITY UIDE...
  • Page 59: Filtering Profile Types

    Other filtering profiles • authentication profile - used by LDAP group members. This type of profile includes the workstation profile. NOTE: For information about authentication filtering profiles, see the M86 Web Filter Authentication User Guide. M86 S ECURITY UIDE...
  • Page 60 Web Filter and the Radius authentication feature enabled. • TAR profile - used by the Threat Analysis Reporter (TAR) module if an end user is locked out by TAR when attempting to access blocked content in a library cate- gory. M86 S ECURITY UIDE...
  • Page 61: Static Filtering Profiles

    IP sub-group and is customized for sub-group members. Individual IP Member Filtering Profile An individual IP member filtering profile is created by the group administrator.This filtering profile applies to a speci- fied end user in a master IP group. M86 S ECURITY UIDE...
  • Page 62: Active Filtering Profiles

    Active filtering profiles include the Global Group Profile, Override Account profile, Time Profile, and Lock profile. NOTE: For information about authentication filtering profiles, see the M86 Web Filter Authentication User Guide. Global Filtering Profile The global filtering profile is created by the global adminis- trator.
  • Page 63: Filtering Profile Components

    (default) filtering profile • filter settings - used by service ports, filtering profiles, rules, and the minimum filtering level to indicate whether users should be granted or denied access to specified Internet content M86 S ECURITY UIDE...
  • Page 64: Library Categories

    M86 furnishes a collection of library categories, grouped under the heading “Category Groups” (excluding the “Custom Categories” group). Updates to these categories are provided by M86 on an ongoing basis, and administra- tors also can add or delete individual URLs within a speci- fied library category.
  • Page 65: Service Ports

    The minimum filtering level does not apply to any user who does not belong to a group, and to groups that do not have a filtering profile established. M86 S ECURITY UIDE...
  • Page 66: Filter Settings

    • warn - If a category is given a warn setting, a warning page displays for the end user to warn him/her that accessing the intended URL may be against established policies and to proceed at his/her own risk M86 S ECURITY UIDE...
  • Page 67: Filtering Rules

    IP group’s time profile. b. An IP sub-group time profile takes precedence over the IP sub-group profile. 5. For individual IP members: a. An individual IP member filtering profile takes prece- dence over the IP sub-group’s time profile. M86 S ECURITY UIDE...
  • Page 68 Global Group section of the console. 9. An X Strikes lockout profile takes precedence over all filtering profiles. This profile is set up under Filter Options, by enabling the X Strikes Blocking feature. M86 S ECURITY UIDE...
  • Page 69 1: F ILTER NTRODUCTORY ECTION HAPTER ILTERING PERATIONS Fig. 1:1-7 Sample filtering hierarchy diagram M86 S ECURITY UIDE...
  • Page 70: Chapter 2: Logging And Blocking

    When the IM module is loaded on the server, the Web Filter compares packets on the network with IM libraries stored on the Web Filter. If a match is found, the Web Filter checks the user’s profile to see whether the user’s connection to the IM M86 S ECURITY UIDE...
  • Page 71: P2P Blocking

    Web Filter. If a match is found, the Web Filter checks the user’s profile to see whether the user’s connec- tion to the P2P service should be blocked, and then performs the appropriate action. M86 S ECURITY UIDE...
  • Page 72: Setting Up Im And P2P

    IM and/or P2P, settings need to be made in the Policy section of the Administrator console. If applying M86’s supplied IM and/or P2P library category to an entity’s profile, all IM and/or P2P services included in that category will be blocked.
  • Page 73: Block Im, P2P For All Users

    • the Pattern Blocking option in the Filter window must be activated • the global filtering profile must have the PR2PR library category set up to be blocked • the minimum filtering level profile must have the PR2PR library category set up to be blocked. M86 S ECURITY UIDE...
  • Page 74: Block Specified Entities From Using Im, P2P

    P2P traffic with the Range to Detect feature is desired • the minimum filtering level profile should not have P2P blocked, unless blocking all P2P traffic with the Range to Detect feature is desired. M86 S ECURITY UIDE...
  • Page 75: Chapter 3: Synchronizing Multiple Units

    All other Web Filters on the network are configured as target servers to the source Web Filter unit, receiving updates from the source server. M86 S ECURITY UIDE...
  • Page 76 In this mode, filtering information from the source server will be uploaded to the target server. The only synchronization setup that needs to be made on the target server is to ensure that network interfaces are configured for network communication. M86 S ECURITY UIDE...
  • Page 77: Synchronization Setup

    Additionally, this IP address is used by the target server to identify the source server from which it M86 S ECURITY UIDE...
  • Page 78: Types Of Synchronization Processes

    When the target server resumes communication with the source server, it will actively download and apply the latest running configuration from the source server. M86 S ECURITY UIDE...
  • Page 79: Library Synchronization Process

    The use of queues ensures that if a target server is taken offline for a period of time, when it is brought back online, it will be updated with the latest changes from the source server. M86 S ECURITY UIDE...
  • Page 80: Delays In Synchronization

    The total time of this process will vary depending upon custom library entries, but the entire procedure should take approximately one minute. M86 S ECURITY UIDE...
  • Page 81: Synchronized, Non-Synchronized Items

    As you will see by the lists on the following pages, static configuration options—such as library changes—will be synchronized. All active options—such as profile changes— will be functionally synchronized. One time configuration options on the Web Filter—such as reporting configurations, or IP addresses—will not be synchronized. M86 S ECURITY UIDE...
  • Page 82: Synchronize All Items

    Synchronize All Items The following lists show which items will be synchronized when the option to synchronize all items is selected. Synchronized Items (All) • M86 Library additions/deletions • Custom library creations • Custom library additions/deletions • Search Engine keyword additions/deletions •...
  • Page 83: Non-Synchronized Items

    • Virtual IP and Authentication IP addresses • IP addresses • Default routes • Software Update application • Synchronization settings • Filter Mode • Backup/Restore • SNMP configuration • Warn Option Setting • Reporter configuration • CMC Management M86 S ECURITY UIDE...
  • Page 84: Synchronize Only Library Items

    The following lists show which items will be synchronized when the option to synchronize only library items is selected. Synchronized Items (Library Only) • M86 Library additions/deletions • Custom library creations • Custom library additions/deletions • Search Engine keyword additions/deletions •...
  • Page 85 • Default routes • Software Update application • Synchronization settings • Filter Mode • Backup/Restore • Radius Authentication Settings • SNMP configuration • X Strikes Blocking settings • Warn Option Setting • Reporter configuration • CMC Management M86 S ECURITY UIDE...
  • Page 86: Server Maintenance Procedures

    Web Filter servers should be designated as the new source server. Establish Backup Procedures To prevent down time during a source server failure, M86 recommends establishing backup and restore procedures. It is important that regular backups of the source Web Filter server are saved using the Backup/Restore window in the System section of the Web Filter console.
  • Page 87: Use A Backup File To Set Up A Source Server

    8. After the restoration of configuration settings is applied and a quick reload takes place, this Web Filter will now function as the source server in the Web Filter cluster. M86 S ECURITY UIDE...
  • Page 88: Set Up A Replacement Target Server

    4. Apply all software updates that were applied on the failed source server. 5. In the Policy section of the console, enter all groups and filtering profiles. 6. Make all necessary settings in all sections and windows of the console. M86 S ECURITY UIDE...
  • Page 89: Chapter 4: Getting Started

    Click the WF icon in the WFR Welcome window: Fig. 1:4-1 Web Filter icon in WFR Welcome window Clicking the WF icon opens a separate browser window/tab containing the Web Filter Login window (see Fig. 1:4-2). M86 S ECURITY UIDE...
  • Page 90: Enter Web Filter's Url In The Address Field

    In order to accept the security certificate, follow the instruc- tions at: http://www.m86security.com/software/8e6/ docs/ig/misc/sec-cert-wf4.1.pdf 3. After accepting the security certificate, click Go to open the Web Filter login window (see Fig. 1:4-2). M86 S ECURITY UIDE...
  • Page 91: Log In

    NOTE: See Chapter 1: System screen in the WF Global Adminis- trator Section for information on logging into the Web Filter user interface if your password has expired. 2. Click LOGIN to access the Welcome screen of the Web Filter Administrator console: M86 S ECURITY UIDE...
  • Page 92: Last Library Update Message

    • Yes - clicking this button closes the dialog box and opens an alert box indicating that it will take a few minutes to perform the library update. Click OK to close the alert box and to execute the command to update the libraries. M86 S ECURITY UIDE...
  • Page 93 After the libraries are updated, today’s date will appear as the Last Library Update on the welcome screen. NOTE: Refer to the Library screen’s Manual Update to M86 Supplied Categories window—in the Web Filter Global Group Section—for information about updating library categories on demand.
  • Page 94: Navigation Tips

    System section. This section is comprised of windows used by the global administrator for configuring and maintaining the server to authenticate users, and to filter or block specified Internet content for each user based on the applied filtering profile. M86 S ECURITY UIDE...
  • Page 95 Real Time Probe icon - If the Real Time Probe feature is enabled, this icon can be clicked by authorized users to access the Real Time Probe reporting tool. • system time - The system time displays using the YYYY/MM/DD HH:MM:SS date and time format M86 S ECURITY UIDE...
  • Page 96: Help Features

    1. Click a link to go to a specified topic. 2. To view Help Topics for another section, click the tab for that section: Policy, Library, Reporting, System, or Help. 3. Click Close Window to close the Help Topics window. M86 S ECURITY UIDE...
  • Page 97: Tooltips

    F1 key on your keyboard. • Hover Display The yellow tooltip box displays when you hover over the icon with your mouse: Fig. 1:4-7 Tooltip mouseover effect To close the tooltip box, move the mouse away from the icon. M86 S ECURITY UIDE...
  • Page 98 ILTER NTRODUCTORY ECTION HAPTER ETTING TARTED • Help pop-up box The Help pop-up box opens when you press the F1 key on your keyboard: Fig. 1:4-8 Help pop-up box Click OK to close the pop-up box. M86 S ECURITY UIDE...
  • Page 99: Screen And Window Navigation

    Topic Links In Library, Reporting, and System screens, the navigation panel contains topic links. By clicking a topic link, the window for that topic displays in the right panel: Fig. 1:4-9 Selected topic and its corresponding window M86 S ECURITY UIDE...
  • Page 100: Select Sub-Topics

    For these topics, clicking a topic link opens a menu of sub-topics: Fig. 1:4-10 Sub-topics menu When a sub-topic from this menu is selected, the window for that sub-topic displays in the right panel of the screen. M86 S ECURITY UIDE...
  • Page 101: Navigate A Tree List

    (+) sign, when that branch of the tree is collapsed. By double-clicking the entity, a minus (-) sign replaces the plus sign, and all branches within that branch of the tree display. An item in the tree is selected by clicking it. M86 S ECURITY UIDE...
  • Page 102: Tree List Topics And Sub-Topics

    When a tree list topic is selected and clicked, a menu of sub- topics opens: Fig. 1:4-12 Tree list topics and sub-topics Clicking a sub-topic displays the corresponding window in the right panel, or opens a pop-up window or alert box, as appropriate. M86 S ECURITY UIDE...
  • Page 103: Navigate A Window With Tabs

    Apply button. NOTE: In the Time Profile and Override Account pop-up windows, entries are saved at the bottom of the window. Fig. 1:4-13 Window with tabs M86 S ECURITY UIDE...
  • Page 104: Console Tips And Shortcuts

    Refresh the Console Press F5 on your keyboard to refresh the Administrator console. This feature is useful in the event that more than one browser window is open simultaneously for the same Web Filter. M86 S ECURITY UIDE...
  • Page 105: Select Multiple Items

    • To paste text into an empty field, place the cursor in the field and then press the Ctrl and V keys. • To copy over existing text, highlight text currently in the field and then press the Ctrl and V keys. M86 S ECURITY UIDE...
  • Page 106: Calculate Ip Ranges Without Overlaps

    Calculate to display the Min Host and Max Host IP addresses. TIP: If necessary, make a different IP address entry and Netmask selection, and then click Calculate to display different Min Host and Max Host results. M86 S ECURITY UIDE...
  • Page 107: Re-Size The User Interface

    For greater ease in viewing content in any screen, re-size the browser window by placing your cursor at any edge or corner of the user interface, left clicking, and then dragging the cursor to the left or right, or inward or outward. M86 S ECURITY UIDE...
  • Page 108: Log Out

    3. Click the “X” in the upper right corner of the screen for the Login window to close it. WARNING: If you need to turn off the server, see the ShutDown window of the System screen in the WF Global Administrator Section. M86 S ECURITY UIDE...
  • Page 109: Wf Global Administrator Section

    • adds group administrators • sets up administrators for receiving automatic alerts • updates the WFR server with software supplied by M86 • analyzes server statistics • utilizes diagnostics for monitoring the server status to ensure optimum functioning of the server •...
  • Page 110: Chapter 1: System Screen

    Control settings, Network settings, Administrator account information, Secure Logon, Diagnostics, Alert contacts, Software Update, Synchronization, operation Mode, Authentication settings (see the M86 Web Filter Authentication User Guide for information about this topic), Backup/Restore operations, Reset settings, Radius Authen- tication Settings, SNMP, Hardware Failure Detection, X Strikes Blocking, Warn Option Setting, Customization, Quota Setting, and SSL Certificate.
  • Page 111 Click your selection to choose a main topic from this list, or to view a menu of sub-topics, if applicable. When a topic or sub-topic is selected, the designated window for that topic or sub-topic displays in the right panel. M86 S ECURITY UIDE...
  • Page 112: Control

    HTTPS sites on Web Filters set up in the Stand Alone or Source mode. In the Service Control frame, enabling Pattern Blocking will log IM and P2P end user activity, and block end users from using M86 S ECURITY UIDE...
  • Page 113: Local Filtering

    This frees up resources on the server. To disable Local Filtering and/or VLAN Detection, click the “Off” radio button(s). M86 S ECURITY UIDE...
  • Page 114: Enable Local Filtering Options

    HTTP header inspection. Disable HTTP Packet Splitting Detection To disable automatic detection of a split HTTP packet, click “Off.” This action removes the field below the radio buttons. NOTE: After making all entries in this window, click Apply. M86 S ECURITY UIDE...
  • Page 115: Https Filtering

    Group Administrator Section for information on setting up a custom library category. See Global Group Profile window and Minimum Filtering Level window in Chapter 2: Policy screen for information on allowing a library category to pass.) M86 S ECURITY UIDE...
  • Page 116: Service Control

    IM and P2P activity of end users once IM and P2P pattern files are downloaded on demand via the Manual Update to M86 Supplied Categories window. NOTE: See http://www.m86security.com/software/8e6/hlp/ifr/ files/1system_proxy_block.html for a list of proxy pattern types that are set up to be blocked.
  • Page 117: Disable Pattern Blocking

    To enable All Target(s) Filtering, click the “On” radio button. Each target server on the network will filter the Range to Detect specified on that server. NOTE: After making all entries in this window, click Apply. M86 S ECURITY UIDE...
  • Page 118: Block Page Authentication Window

    See the Block Page Customization window and Common Customization window in this chapter for information on custom- izing the M86 block page. See Appendix B: Create a Custom Block Page for information on creating a customized block page using your own design.
  • Page 119: Enter, Edit Block Page Options

    IP group level. NOTE: Details about the Web-based Authentication option can be found in the M86 Web Filter Authentication User Guide. TIP: Multiple options can be selected by clicking each option while pressing the Ctrl key on your keyboard.
  • Page 120: Block Page

    3. Click Apply to apply your settings. Block page When a user attempts to access Internet content set up to be blocked, the block page displays on the user’s screen: Fig. 2:1-4 Sample Block Page M86 S ECURITY UIDE...
  • Page 121 By default, the following standard links are included in the block page: • HELP - Clicking this link takes the user to M86’s Tech- nical Support page that explains why access to the site or service may have been denied.
  • Page 122: Options Page

    For further options, click here. Fig. 2:1-5 Options page The following items previously described for the Block page display in the upper half of the Options page: • HELP link • User/Machine frame contents M86 S ECURITY UIDE...
  • Page 123: Option 2

    The frame beneath the User/Machine frame includes infor- mation for options (1, 2, and/or 3) based on settings made in this window and the Common Customization window. NOTE: Information about Option 1 is included in the M86 Web Filter Authentication User Guide. Option 2...
  • Page 124: Option 3

    Profile Control pop-up window. See Appendix C: Override Pop-up Blockers for information on how a user with an override account can authenticate if a pop-up blocker is installed on his/her workstation. M86 S ECURITY UIDE...
  • Page 125: Shutdown Window

    Fig. 2:1-8 ShutDown window Shut Down the Server In the ShutDown frame, click ShutDown to power off the server. NOTE: See the WFR Overview for information about accessing the WFR user interface and logging back into the server. M86 S ECURITY UIDE...
  • Page 126: Reboot Window

    After the server is rebooted, the Web Filter status message box closes, and the Web Filter ready alert box opens. M86 S ECURITY UIDE...
  • Page 127 NOTE: See the WFR Suite Overview and Chapter 4: Getting Started from the Introductory Section of the Web Filter portion of this user guide for information about accessing the WFR user interface and logging back into the server. M86 S ECURITY UIDE...
  • Page 128: Network

    Block Page Route Table. LAN Settings window The LAN Settings window displays when LAN Settings is selected from the Network menu. This window is used for configuring network connection settings for the WFR. Fig. 2:1-10 LAN Settings window M86 S ECURITY UIDE...
  • Page 129: Specify Lan Settings

    3. Click Apply to apply your settings. NOTE: Whenever modifications are made in this window, the server must be restarted in order for the changes to take effect. M86 S ECURITY UIDE...
  • Page 130: Ntp Servers Window

    Web Filter will use the actual time from a clock at a specified IP address. NOTE: The System Time displays beneath the Details frame, using the YYYY/MM/DD HH:MM:SS Coordinated Universal Time (UTC) format for the current time zone. Fig. 2:1-11 NTP Servers window M86 S ECURITY UIDE...
  • Page 131: Specify Network Time Protocol Servers

    3. Click Apply to apply your settings. Remove an NTP Server To remove an NTP server: 1. Select the IP address from the Servers list box. 2. Click Delete. 3. Click Apply to apply your settings. M86 S ECURITY UIDE...
  • Page 132: Regional Setting Window

    If necessary, select a language set from the Language pull-down menu to specify that you wish to display that text in the console. 3. Click Apply to apply your settings, and to reboot the Web Filter. M86 S ECURITY UIDE...
  • Page 133: Block Page Route Table Window

    Fig. 2:1-13 Block Page Route Table window NOTE: See the Block Page Authentication window for information on setting up block pages. M86 S ECURITY UIDE...
  • Page 134: Add A Router

    NOTE: Follow steps 1-4 for each router you wish to include in the routing table. Remove a Router To remove one or more routers from the IP/Mask list box: 1. Select the router(s) from the list box. 2. Click Delete. M86 S ECURITY UIDE...
  • Page 135: Administrator

    WF Group Administrator Section for information on setting up and maintaining accounts for IP group administrators. See the M86 Web Filter Authentication User Guide for more information on setting up and maintaining LDAP Sub Admin group adminis- trator accounts. A help desk administrator will only see his/her account information and can only modify his/her password.
  • Page 136: View Administrator Accounts

    YSTEM SCREEN TIP: The default Username is admin and the Password is user3. M86 recommends that you retain this default account and pass- word in the event that the Web Filter unit cannot be accessed. An authorized M86 Security technical representative may need to use this username and password when troubleshooting the unit.
  • Page 137: Edit An Administrator Account

    NOTE: A username cannot be modified, but can be deleted and added again. Delete an Administrator Account To delete an administrator account: 1. Select the username from the Current User list box. 2. Click Delete to remove the account. M86 S ECURITY UIDE...
  • Page 138: Secure Logon

    IP address if an incorrect password is entered for a specified number of times within a defined timespan. NOTE: This window displays only on servers set up in the Stand- alone or Source mode. Fig. 2:1-15 Logon Settings window M86 S ECURITY UIDE...
  • Page 139: Enable, Disable Password Expiration

    LOGIN, a login dialog box opens: Fig. 2:1-16 New password entry This dialog box displays his/her Username and prompts him/her to enter a new password in the Password and Confirm Password fields. Upon clicking OK, the Web Filter user interface opens. M86 S ECURITY UIDE...
  • Page 140: Enable, Disable Account Lockout

    Lockout by IP address option(s) enabled— enter the number of times a user can enter an incorrect password during the interval defined in the Failed Password Attempts Timespan (in minutes) [1-1440] field before being locked out of the Web Filter. M86 S ECURITY UIDE...
  • Page 141 IP address on the third unsuccessful login attempt. But there would be no lockout for that IP address if the third failed attempt was made outside of the 10- minute timespan. 2. Click Apply to apply your settings. M86 S ECURITY UIDE...
  • Page 142: Logon Management

    Username/IP address feature is enabled in the Logon Settings window, and a user is unable to log into the Administrator console due to a password expiration, or having met the specified number of failed password attempts within the designated timespan. M86 S ECURITY UIDE...
  • Page 143: View User Account Status, Unlock Username

    YYYY-MM-DD format, based on the configuration in the Logon Settings window at the time the password was saved in that window) • lock symbol if the account is currently locked. TIP: This list can be resorted by clicking a specified column header. M86 S ECURITY UIDE...
  • Page 144: Unlock A Username

    TIP: Click No to close the dialog box. 3. Click Yes to display the alert box indicating the IP address was unlocked. 4. Click OK to close the alert box, and to remove the IP address from the list. M86 S ECURITY UIDE...
  • Page 145: View Admin, Sub Admin User Interface Access

    Click any of the available tabs (System, Policy, Library, Report, Help) to view menu topics, sub-topics, and branches of trees available to that administrator. 4. Click the “X” in the upper right corner of the window to close it. M86 S ECURITY UIDE...
  • Page 146: Diagnostics

    Command is selected from the Diagnostics menu. This window is used for viewing server statistics and for performing diagnostic tests on the server. Fig. 2:1-19 System Command window WARNING: Diagnostics tools utilize system resources, impacting the WFR’s performance. M86 S ECURITY UIDE...
  • Page 147: Perform A Diagnostic Test, View Data

    2. Click Execute to open a pop-up window containing the query results: Fig. 2:1-20 System Command, Results window 3. Click the “X” in the upper right corner of the pop-up window to close it. M86 S ECURITY UIDE...
  • Page 148: Command Selections

    When Execute is clicked, rows of processes display in the pop-up window, including the following information for each process: Process Identification Number, full device number of the controlling terminal, status code, amount of time it took to run the process, and command line. M86 S ECURITY UIDE...
  • Page 149: Top Cpu Processes

    When Routing Table is selected and Execute is clicked, information about available routes and their statuses displays in the pop-up window. Each route consists of a destination host or network and a gateway to use in forwarding packets. M86 S ECURITY UIDE...
  • Page 150: Current Memory Usage

    The Recent Logins diagnostic tool is used for showing infor- mation on administrator login activity. When Execute is clicked, the pop-up window displays a row of data for each time an administrator logged on the WFR. M86 S ECURITY UIDE...
  • Page 151: System Uptime

    When Execute is clicked, messages from the kernel ring buffer display in the Result pop-up window. These messages from system boot-up provide information about hardware and module initialization, useful for diagnosing system problems. M86 S ECURITY UIDE...
  • Page 152: View Log File Window

    • “Software Update Log (patch.log)” - used for viewing the results of a software update application, such as which files were copied to the server, and whether the software update was successfully applied. M86 S ECURITY UIDE...
  • Page 153 “eDirectory Agent Debug Log (edirAgent.log)”, “eDirectory Agent Event Log (edirEvent.log)” and “Authentication Module Log (authmodule.log)” options, see the View log results section in the M86 Web Filter Authentication User Guide. 2. Choose the Last Number of Lines to view (100-500) from that file.
  • Page 154: Troubleshooting Mode Window

    Disable to terminate your Troubleshooting Mode session. Once Disable is clicked, the Web Filter will resume filtering the network. NOTE: See the Operation Mode window for information about invisible, router, and firewall modes, and listening devices. M86 S ECURITY UIDE...
  • Page 155: Use The Troubleshooting Mode

    Web Filter; packets sent to or from port 20 or 21; packets sent to the Virtual IP address’s port 137 or 139, or Address Resolution Protocol (ARP). 7. Click Execute to display results in the Result list box. M86 S ECURITY UIDE...
  • Page 156: Active Profile Lookup Window

    NOTE: In order to use this diagnostic tool, IP groups and/or members must be set up in the Policy section of the Web Filter, and each IP group and/or member must have a filtering profile. MAC addresses are used in the mobile mode only. M86 S ECURITY UIDE...
  • Page 157: Verify Whether A Profile Is Active

    • Rule name - if this profile uses a non-custom rule, the rule number displays • Profile Type - type of profile, greyed-out: • Regular profiles - IP group, sub-group, individual, or MAC profile M86 S ECURITY UIDE...
  • Page 158 • TAR profile - Threat Analysis Reporter lock out profile • Radius profile - Radius accounting server profile NOTE: See the M86 Web Filter Authentication User Guide for information that displays in these fields if the domain is an LDAP domain.
  • Page 159 • Blocked Ports (optional) - ports that have been set up to be blocked, if established. • Redirect URL (optional) - the URL that will be used for redirecting the user away from a page that is blocked, if established. M86 S ECURITY UIDE...
  • Page 160: Admin Audit Trail Window

    FTP server. The log of changes made on the server can be viewed in this window. Admin Audit Trail The Admin Audit Trail tab displays by default: Fig. 2:1-26 Admin Audit Trail window M86 S ECURITY UIDE...
  • Page 161: Specify Ftp Criteria

    6. Specify whether or not to Send Daily Log to FTP Server by clicking either the “on” or “off” radio button. 7. Click Apply to apply your settings. FTP the Log on Demand Click FTP Now to transfer the log on demand. M86 S ECURITY UIDE...
  • Page 162: View

    (Time), IP address of the machine used by the administrator, administrator's User- name, and a brief description of the Action performed on the server. M86 S ECURITY UIDE...
  • Page 163: Alert

    WFR alerts the administrator about the failed process, and that an attempt will be made to reload the necessary process. The last few lines of any pertinent logs are included in the message to assist the administrator in M86 S ECURITY UIDE...
  • Page 164 80 percent, an alert is sent to the administrator. This problem usually occurs if the Web Filter is unable to transfer log files to the M86 Security Reporter. Action should be taken to prevent the hard drive from reaching 100 percent utilization.
  • Page 165: Enable The Alert Feature

    Delete key on your keyboard 2. After all edits have been made, click Apply to apply your settings. Disable the Alert Feature 1. Click the “Disable” radio button. 2. Click Apply to apply your settings. M86 S ECURITY UIDE...
  • Page 166: Smtp Server Settings Window

    3. By default, the Email queue size is 50. This can be changed to specify the maximum number of requests that can be placed into the queue awaiting an available outbound connection. M86 S ECURITY UIDE...
  • Page 167: Verify Smtp Settings

    2. Enter the email address in the pop-up box. 3. Click OK to close the pop-up box and to process your request. If all SMTP Server Settings are accepted, the test email should be received at the specified address. M86 S ECURITY UIDE...
  • Page 168: Software Update

    Fig. 2:1-31 Local Software Update window NOTE: Available software updates come from downloads made to the server via Traveler, M86’s executable program that can run on demand, or be set to run at a scheduled time. M86 S...
  • Page 169: Read Information About A Software Update

    HAPTER YSTEM SCREEN TIP: Click the link (“here”) at the bottom of the window to go to the Web page at M86 Security’s public site (http:// www.m86security.com/support/wfr/upgrade.asp) where release notes about software updates can be obtained. Read Information about a Software Update...
  • Page 170 4. After reading the contents of the End User License Agreement, click Yes if you agree to its terms. This action closes the EULA dialog box and opens the alert box verifying the software update application process: M86 S ECURITY UIDE...
  • Page 171 8. Wait a few minutes, and then log back into the Web Filter console again. NOTE: M86 recommends performing a backup of configuration files after applying a software update. (See the Backup/Restore window in this chapter for information on performing a backup.)
  • Page 172: Undo An Applied Software Update

    This window is used for viewing the software update log that provides the status on the WFR’s software update activity, including checks for new software updates, and down- loaded and applied software updates. Fig. 2:1-37 Software Update Log window M86 S ECURITY UIDE...
  • Page 173: View Log Contents

    4. After the file has successfully downloaded to your work- station, click OK to close the alert box asking you to verify that the software update log file was successfully saved. M86 S ECURITY UIDE...
  • Page 174: View The Contents Of The Log

    1. Find the log file in the folder, and right-click on it to open the pop-up menu: Fig. 2:1-38 Folder containing downloaded file 2. Choose “Open With” and then select a zip file executable program such as “WinZip Executable” to launch that application: Fig. 2:1-39 WinZip Executable program M86 S ECURITY UIDE...
  • Page 175 “View” to open the View dialog box: Fig. 2:1-41 View dialog box 5. Select “Internal ASCII text viewer”, and then click View to open the View window containing the log file contents: Fig. 2:1-42 View window M86 S ECURITY UIDE...
  • Page 176: Save, Print The Log File Contents

    OK to close the dialog box. 2. Open Notepad—in Windows XP: Start > All Programs > Accessories > Notepad 3. Paste the contents from the clipboard into the Notepad file. The correctly formatted Notepad file can now be saved and/or printed. M86 S ECURITY UIDE...
  • Page 177: Synchronization

    NOTE: For an overview on synchronization, see Chapter 3: Synchronizing Multiple Units, from the Web Filter Introductory Section. WARNING: This version of synchronization only supports the use of unique IP addresses throughout a network. M86 S ECURITY UIDE...
  • Page 178: Setup Window

    This process ensures that all servers run in parallel on the network, thereby eliminating the need to manually configure profile and library settings on each server. Fig. 2:1-43 Setup window, Stand Alone mode M86 S ECURITY UIDE...
  • Page 179: Using Only One Web Filter On The Network

    This setup is required so that the source server can communicate with the target server(s). For the Source mode setting: 1. In the Mode frame, click “Source” to display the Source mode view: M86 S ECURITY UIDE...
  • Page 180 • Local Filtering on this source server must be enabled • Troubleshooting on this source server must be disabled • The Operation Mode on this source server and all target servers must be set to use the same mode M86 S ECURITY UIDE...
  • Page 181 • Click Test Target(s) to open an alert box that provides the server mode status for each IP address you entered. Click OK to close the alert box, and make any adjustments, if necessary. M86 S ECURITY UIDE...
  • Page 182: Sync All Target Servers With The Same Settings

    Once this data is restored to the new source server, each target server should be sent these same library configu- rations using the Sync All button. M86 S ECURITY UIDE...
  • Page 183: Set Up A Web Filter To Be A Target Server

    LAN Settings window on this server display in the IP to Send pull-down menu. 2. In the Source IP frame, enter the Source IP address to use for sending profile/library setting changes to this server being configured. M86 S ECURITY UIDE...
  • Page 184 NOTE: This test only verifies whether this server can contact the source server. In order for synchronization to be operable on the network, the source server must also be able to contact this target server being configured. M86 S ECURITY UIDE...
  • Page 185: Status Window

    Fig. 2:1-46 Status window, Source mode If set up in the Target mode, this window is used for verifying that profile/library setting updates are being received from the source server. M86 S ECURITY UIDE...
  • Page 186: View The Sync Status Of Targets From The Source

    To view items in the queue for a specified target server: 1. In the Current Queue column for that server, click Details to open the Queue of Target pop-up window: M86 S ECURITY UIDE...
  • Page 187: View Items Previously Synced To The Server

    (100, 200, 300, 400, 500) for the most recent synchronization history that you wish to view. 3. Click View to display lines of items in the History Log: Fig. 2:1-48 History of Target pop-up window 4. Click Close to close the pop-up window. M86 S ECURITY UIDE...
  • Page 188: Place Items In Queue For Syncing

    The Target Sync Status frame includes the following infor- mation: • Source IP - The IP address of the source server displays. • Connection Status - “OK” or “FAULT” displays, indi- cating whether or not there is a connection to the source server. M86 S ECURITY UIDE...
  • Page 189 • History Log - Click the Details button to open the History of Target pop-up window. See View Items Previ- ously Synced to the Server in this section for information on accessing and viewing the contents of this window. M86 S ECURITY UIDE...
  • Page 190: Mode

    Web Filter will solely filter workstations outside of the server location. In the ICAP mode, the Web Filter off- loads specific content normally handled by a Web Filter, such as filtering. Fig. 2:1-50 Operation Mode window M86 S ECURITY UIDE...
  • Page 191: Set The Operation Mode

    Web Filter, click the “Mobile” checkbox to use the mobile mode in conjunction with the selected filtering mode. WARNING: If using the router or firewall mode, M86 recom- mends contacting one of our solutions engineers if you need any assistance with setup procedures.
  • Page 192: Invisible Option: Specify The Block Page Delivery

    “Default Gateway” displays by default as the Block Page Route To selection. • “Alternate IP Address” - this option should be used if block pages are not being served. Enter the IP address of the router or device that will serve block pages. M86 S ECURITY UIDE...
  • Page 193: Icap Option: Specify Icap Server Settings

    This tag provides a way for ICAP servers to send a service- specific “cookie” to ICAP clients so that the ICAP server can communicate with the ICAP client. For example: "835nb0-20a5-3e52671" M86 S ECURITY UIDE...
  • Page 194 ICAP server. By default, this port number is 1344. NOTE: The port number must be the same one entered for the URI. WARNING: Go to http://www.m86security.com/software/8e6/ hlp/ifr/files/1system_opmode_icap.html to review a list of items to be considered when using the ICAP mode. M86 S ECURITY UIDE...
  • Page 195: Mobile Option: Specify The Mobile Client Control

    NOTE: See Appendix D: Mobile Client for information on setting up and using the Mobile Client. Apply Operation Mode Settings Click Apply to apply your settings in the Mode frame. M86 S ECURITY UIDE...
  • Page 196: Proxy Environment Settings Window

    1. Click the “On” radio button. This selection indicates that the Web Filter will perform a reverse lookup on packets to detect the source address and origin of packets. 2. Click Apply to apply your setting. M86 S ECURITY UIDE...
  • Page 197: Use Proxy Port 80

    Settings, and Authentication SSL Certificate. NOTES: Information about these sub-topics can be found in the M86 Web Filter Authentication User Guide. The Authentication topic and sub-topics do not display if the synchronization feature is used, and this server being configured is set up in the Target mode to synchronize both profile and library setting changes.
  • Page 198: Backup/Restore

    Backup Configurations grid in the Restore tab. The newly added row includes the following information: Date the backup was executed, Filename of the backup file, general information about the Content of the file, and a Comment about the file. M86 S ECURITY UIDE...
  • Page 199: Backup Procedures

    Backup Procedures M86 recommends performing backup procedures whenever changes are made to system configurations or to library configurations. By creating backup files and saving these files off the WFR server, prior server settings can later be...
  • Page 200: Perform A Backup On Demand

    6. Click OK to close the Message alert box, and to add a new row for that file to the Backup Configurations grid in the Restore tab. NOTE: Once the file is added to the grid, it can be downloaded and saved on another machine, if necessary. M86 S ECURITY UIDE...
  • Page 201: Schedule A Backup

    7. Click OK to close the alert box. You can now set up a schedule for a backup in the Recur- rence Schedule section of the Scheduled Backup frame. M86 S ECURITY UIDE...
  • Page 202: Create A Backup Schedule

    Indicate whether this time slot is “AM” or “PM”. c. Today’s date displays using the MM/DD/YY format. To choose another date, click the arrow in the date drop- down menu to open the calendar pop-up box: M86 S ECURITY UIDE...
  • Page 203 Tuesday, these settings indicate this profile will be used each Tuesday during the specified time period. If 2 is entered and “Wednesday” and “Friday” are selected, this profile will be used every two weeks on Wednesday and Friday. M86 S ECURITY UIDE...
  • Page 204 • The second option lets you make selections from the three pull-down menus for the following: - week of the month: “First” - “Fourth”, or “Last” - day of the month: “Sunday” - “Saturday”, “Day”, M86 S ECURITY UIDE...
  • Page 205: Remove A Backup Schedule

    Restore window now shows the schedule in the Recur- rence Schedule section of the Scheduled Backup frame. Remove a Backup Schedule Click Remove to remove the schedule from the Recurrence Schedule section of the Scheduled Backup frame. M86 S ECURITY UIDE...
  • Page 206: Download A File

    5. Select the folder in which to save the file, and then enter the File name, retaining the “.gz” file extension. Click Save to begin downloading the .gz file to your worksta- tion. M86 S ECURITY UIDE...
  • Page 207: Perform A Restoration

    Software Update window for more information about software updates.) Upload a File to the Server To upload a .gzip file to the server: 1. Click Upload to open the Upload Backup GZIP File pop- up window: Fig. 2:1-56 Upload GZIP File pop-up window M86 S ECURITY UIDE...
  • Page 208: Restore Configurations To The Server

    1. Select the file from the Backup Configurations grid. 2. Click Restore to overwrite the current settings. Remove a Backup File To remove a file from the Backup Configurations grid: 1. Select the file. 2. Click Delete. M86 S ECURITY UIDE...
  • Page 209: View Backup And Restoration Details

    The following information displays for each row: the date and time a process was attempted to be executed, and a Message indicating whether that process succeeded or failed. 2. Click OK to close the pop-up box. M86 S ECURITY UIDE...
  • Page 210: Reset

    YSTEM SCREEN Reset Reset window The Reset window displays when Reset is selected from the navigation panel. This function, used for resetting the server to factory default settings, is not available in WFR. Fig. 2:1-58 Reset window M86 S ECURITY UIDE...
  • Page 211: Radius Authentication Settings

    Depending on your network setup, there may be more than one accounting server. Also there may be a client (Network Access Server or proxy server) that sends accounting request packets to the external Radius accounting server. M86 S ECURITY UIDE...
  • Page 212: Enable Radius

    • Check the box for Use Web Filter IP as Source IP, if the IP address of the Web Filter (LAN1 or LAN2) should be used when forwarding packets instead of the IP address of the NAS. M86 S ECURITY UIDE...
  • Page 213: Apply Settings

    Apply Settings Click Apply to save your settings. Disable Radius To disable the Radius feature: 1. At the Radius Mode field, click the “Off” radio button. 2. Click Apply. M86 S ECURITY UIDE...
  • Page 214: Snmp

    Enable SNMP The Monitoring mode is “Off” by default. To enable SNMP, click Enable in the Monitoring Mode frame. As a result, all elements in this window become activated. M86 S ECURITY UIDE...
  • Page 215: Specify Monitoring Settings

    Maintain the Access Control List 1. To remove one or more IP addresses from the list, select each IP address from the Access control list, using the Ctrl key for multiple selections. 2. Click Delete. 3. Click Save Changes. M86 S ECURITY UIDE...
  • Page 216: Hardware Failure Detection

    Hardware Failure Detection is selected from the navigation panel. This feature shows the status of each drive on the RAID server. Fig. 2:1-61 Hardware Failure Detection window, 300 series model Fig. 2:1-62 Hardware Failure Detection window, 500 series model M86 S ECURITY UIDE...
  • Page 217: View The Status Of The Hard Drives

    2. Replace the failed drive with your spare replacement drive 3. Click on the “Rebuild” button on the GUI 4. To return a failed drive to M86 or to order additional replacement drives, please call M86 Technical Support NOTE: For information on troubleshooting RAID, refer to WFR Appendix II: RAID and Hardware Maintenance.
  • Page 218: Strikes Blocking

    X Strikes Blocking settings are effective only for filtering profiles with the X Strikes Blocking filter option enabled. (See Filter Options in the Policy screen section for information on setting up the X Strikes Blocking filter option.) M86 S ECURITY UIDE...
  • Page 219: Configuration

    6. Specify a Redirect URL to be used when the end user is locked out from his/her workstation. By default, “Default "Alternate" Locked Block Page” is selected, indicating that the standard lock out block page will display. M86 S ECURITY UIDE...
  • Page 220: Reset All Workstations

    A user who receives the final strike that locks him/her out the workstation will see the following lock page display on the screen: Fig. 2:1-64 Sample lock page The text informs the user: “Your Internet privileges have been temporarily suspended. For assistance, contact your Administrator.” M86 S ECURITY UIDE...
  • Page 221: Overblocking Or Underblocking

    • Maximum strikes = 5 • Time span for the maximum number of strikes = 5 minutes Within a five-minute period, if a user accesses five sites that contain blocked material, that user will be locked out of his/ M86 S ECURITY UIDE...
  • Page 222 If these configuration settings do not block users often enough • the time span for the maximum number of strikes may need to be reduced • the maximum number of strikes may need to be reduced M86 S ECURITY UIDE...
  • Page 223: Email Alert

    PM, and at midnight when the time interval is reset. To check the time(s) the email alert is scheduled to occur, click the Display Sending Time button to open The Daily Schedule pop-up window that shows the alert time schedule in the (HH:MM:SS) format: M86 S ECURITY UIDE...
  • Page 224: Set Up Email Alert Recipients

    2. Click Add to include the email address in the Current Email Alerts list box. NOTE: The maximum number of email alert recipients is 50. If more than 50 recipients need to be included, M86 recommends setting up an email alias list for group distribution. Remove Email Alert Recipients 1.
  • Page 225: Logon Accounts

    Users list box. NOTE: When an authorized staff member is added to this list, that username is automatically added to the Current Un-Acces- sible Users list box in the Logon Accounts tab of the Real Time Probe window. M86 S ECURITY UIDE...
  • Page 226: Deactivate An Authorized Logon Account

    (See Chapter 4: Reporting screen, Real Time Probe for information on setting up and using real time probes.) M86 S ECURITY UIDE...
  • Page 227: Categories

    “No Strike” Categories list box. 3. Click Apply to apply your settings. NOTE: Library categories in the “Strike” Categories list box will only be effective for filtering profiles with the X Strikes Blocking Filter Option enabled. M86 S ECURITY UIDE...
  • Page 228: Go To X Strikes Unlock Workstation Gui

    The Re-login window opens if the user’s session needs to be validated: Fig. 2:1-69 Re-login window 1. Enter your Username. 2. Enter your Password. 3. Click OK to close the Re-login window and to re-access the Web Filter console. M86 S ECURITY UIDE...
  • Page 229: Strikes Unlock Workstation

    Workstation pop-up window: IP Address, User Name, and Expire Date/Time of currently locked workstations. Fig. 2:1-70 X Strikes Unlock Workstation window Unlock a Workstation To unlock a specified workstation: 1. Select that workstation from the grid. 2. Click Unlock. M86 S ECURITY UIDE...
  • Page 230 X Strikes Unlock Workstation pop-up window (see Fig. 2:1- 70). • The Web Filter Introductory Window for X Strikes simultaneously opens with the Login window: Fig. 2:1-72 X Strikes introductory window This window must be left open during the entire session. M86 S ECURITY UIDE...
  • Page 231: Set Up An Email Address To Receive Alerts

    1. Enter the email address in the Email Address to be Subscribed/Unsubscribed text box. 2. Click Unsubscribe. Close the Pop-up Window Click the “X” in the upper right corner of the pop-up window to close the window. M86 S ECURITY UIDE...
  • Page 232: Warn Option Setting

    URL with a Warn setting. Fig. 2:1-73 Warn Option Setting window M86 S ECURITY UIDE...
  • Page 233: Specify Interval For Re-Displaying The Warn Page

    1. In the Warn Life Time (minutes) field, by default 10 displays. Enter the number of minutes (1-480) to be used in the interval for re-displaying the warning page for the end user. 2. Click Apply to enable your setting. M86 S ECURITY UIDE...
  • Page 234: Customization

    Target mode to synchronize both profile and library setting changes. Refer to the M86 Web Filter Authentication User Guide for infor- mation on using the Authentication Form Customization window. M86 S...
  • Page 235: Common Customization Window

    By default, in the Details frame all elements are selected to display in the HTML pages, the Help link points to the FAQs page on M86's public site that explains why access was denied, and a sample email address is included for adminis- trator contact information.
  • Page 236: Enable, Disable Features

    • Blocked URL Display - if enabled, displays “Blocked URL” followed by the blocked URL in block pages • Copyright Display - if enabled, displays M86 Web Filter copyright information at the footer of block and lock pages, and the authentication request form •...
  • Page 237 Enter the global administrator's email address. 2. Click Apply to save your entries. TIP: Click Restore Default and then click Apply to revert to the default settings in this window. M86 S ECURITY UIDE...
  • Page 238: Lock Page Customization Window

    NOTE: See X Strikes Blocking window in this chapter for informa- tion on using the X Strikes Blocking feature. Fig. 2:1-75 Lock Page Customization window TIP: An entry in any of the fields in this window is optional. M86 S ECURITY UIDE...
  • Page 239: Edit Entries, Setting

    Description field. Click “Off” to not have the explanatory text display in the lock page. 3. Click Apply. TIP: Click Restore Default and then click Apply to revert to the default settings in this window. M86 S ECURITY UIDE...
  • Page 240: Preview Sample Lock Page

    By default, the following standard links are included in the lock page: • HELP - Clicking this link takes the user to M86’s Tech- nical Support page that explains why access to the site or service may have been denied.
  • Page 241: Block Page Customization Window

    DMINISTRATOR ECTION HAPTER YSTEM SCREEN • M86 Security - Clicking this link takes the user to M86’s Web site. 2. Click the “X” in the upper right corner of the window to close the sample customized lock page. TIP: If necessary, make edits in the Lock Page Customization window or the Common Customization window, and then click Preview in this window again to view a sample lock page.
  • Page 242: Add, Edit Entries

    Any entries made in these fields will display centered in the customized block page, using the Arial font type. 2. Click Apply. TIP: Click Restore Default and then click Apply to revert to the default settings in this window. M86 S ECURITY UIDE...
  • Page 243: Preview Sample Block Page

    URL displays. If the content the user attempted to access is blocked by an Exception URL, “Exception” displays instead of the library category name. • Blocked URL field - The URL the user attempted to access displays. M86 S ECURITY UIDE...
  • Page 244 By default, the following standard links are included in the block page: • HELP - Clicking this link takes the user to M86’s Tech- nical Support page that explains why access to the site or service may have been denied.
  • Page 245: Warn Page Customization Window

    NOTE: See Warn Option Setting window in this chapter for more information about this feature. Fig. 2:1-79 Warn Page Customization window TIP: An entry in any of the fields in this window is optional. M86 S ECURITY UIDE...
  • Page 246: Add, Edit Entries

    Any entries made in these fields will display centered in the customized warning page, using the Arial font type. 2. Click Apply. TIP: Click Restore Default and then click Apply to revert to the default settings in this window. M86 S ECURITY UIDE...
  • Page 247: Preview Sample Warning Page

    • IP field - The user’s IP address displays. • Category field - The name of the library category that warned the user about accessing the URL displays. • Blocked URL field - The URL the user attempted to access displays. M86 S ECURITY UIDE...
  • Page 248 By default, the following standard links are included in the warning page: • HELP - Clicking this link takes the user to M86’s Tech- nical Support page that explains why access to the site or service may have been denied.
  • Page 249: Profile Control Window

    Common Customization window, and override accounts are set up for designated end users. NOTE: See Override Account window in the Policy section for more information about this feature. Fig. 2:1-81 Profile Control window M86 S ECURITY UIDE...
  • Page 250: Edit Entries

    TIP: Click Restore Default and then click Apply to revert to the default settings in this window. NOTE: For a sample profile control pop-up window, see Option 3 from the Options page section of the Block Page Authentication window. M86 S ECURITY UIDE...
  • Page 251: Quota Block Page Customization Window

    1. Make an entry in any of the following fields: • In the Header field, enter a static header to display at the top of the quota block page. • In the Description field, enter a static text message to be displayed beneath the header. M86 S ECURITY UIDE...
  • Page 252: Preview Sample Quota Block Page

    Fig. 2:1-83 Sample Customized Quota Block Page By default, the following data displays in the Category frame: • Category field - The name of the library category that blocked the user from accessing the URL displays. M86 S ECURITY UIDE...
  • Page 253 By default, the following standard links are included in the quota block page: • HELP - Clicking this link takes the user to M86’s Tech- nical Support page that explains why access to the site or service may have been denied.
  • Page 254: Quota Notice Page Customization Window

    1. Make an entry in any of the following fields: • In the Header field, enter a static header to display at the top of the quota notice page. • In the Description field, enter a static text message to be displayed beneath the header. M86 S ECURITY UIDE...
  • Page 255: Preview Sample Quota Notice Page

    1. Click Preview to launch a separate browser window containing a sample customized quota notice page, based on entries saved in this window and in the Common Customization window: Fig. 2:1-85 Sample Customized Quota Notice Page M86 S ECURITY UIDE...
  • Page 256 By default, the following standard links are included in the quota notice page: • HELP - Clicking this link takes the user to M86’s Tech- nical Support page that explains why access to the site or service may have been denied.
  • Page 257: Cmc Management

    Management menu. This window is used for viewing soft- ware updates currently applied to the source and target servers and any available software updates, and applying software updates to these servers. Fig. 2:1-86 Software Update Management window M86 S ECURITY UIDE...
  • Page 258: View Software Update Information

    Columns can be resized by mousing over the line in the header between two columns so that a double-ended arrow (<—>) displays, and then clicking and dragging the cursor to the left or right. M86 S ECURITY UIDE...
  • Page 259: Apply Or Undo A Software Update

    To undo a software update: 1. Select the row(s) corresponding to the server(s) that need(s) to have the last software update removed. 2. Clicking Undo to remove that software update from the server(s). M86 S ECURITY UIDE...
  • Page 260: Status Window

    • Filtering Status - “OK” displays if the server is being filtered, or “FAIL” displays if the server is not being filtered NOTE: Filtering Status information will only display if the “Upstream Failover Detect” option is enabled in the Synchroniza- tion > Setup window. M86 S ECURITY UIDE...
  • Page 261 Columns can be resized by mousing over the line in the header between two columns so that a double-ended arrow (<—>) displays, and then clicking and dragging the cursor to the left or right. M86 S ECURITY UIDE...
  • Page 262: Quota Setting

    Fig. 2:1-88 Quota Setting window TIP: After making all configuration settings in this window during this session, click Apply. M86 S ECURITY UIDE...
  • Page 263: Configure Quota Hit Settings

    NOTE: This field is greyed-out on a Web Filter set up as either a standalone server or as target server in the synchronization mode. TIP: After making all configuration settings in this window during this session, click Apply. M86 S ECURITY UIDE...
  • Page 264: Reset Quotas

    2. Click Add to include this reset time in the Current Reset Time(s) list box. TIP: Repeat steps 1 and 2 for each quota reset time to be sched- uled. After making all configuration settings in this window during this session, click Apply. M86 S ECURITY UIDE...
  • Page 265: Delete A Quota Reset Time From The Schedule

    When the end user has spent 75 percent of time in a quota- restricted library group/category, the quota notice page displays: Fig. 2:1-89 Sample Quota Notice Page By default, the following fields display: • Category field - Name of the library category with the most hits. M86 S ECURITY UIDE...
  • Page 266 LDAP user. This field is blank for the IP group user. By default, the following standard links are included in the quota notice page: • HELP - Clicking this link takes the user to M86’s Tech- nical Support page that explains why access to the site may have been denied.
  • Page 267: Quota Block Page

    • Requested URL field - The URL the user attempted to access displays. • IP field - The user’s IP address displays. • User/Machine field - The username displays for the LDAP user. This field may be blank for the IP group user. M86 S ECURITY UIDE...
  • Page 268: Ssl Certificate

    By default, the following standard links are included in the quota block page: • HELP - Clicking this link takes the user to M86’s Tech- nical Support page that explains why access to the site or service may have been denied.
  • Page 269: Chapter 2: Policy Screen

    At the root of this tree is Policy. The main branches of this tree include: Global Group and IP, followed by LDAP if authentication is enabled. M86 S ECURITY UIDE...
  • Page 270 Click an entity in the tree list to view a menu of topics or actions that can be performed for that entity. NOTES: Information on LDAP groups can be found in the M86 Web Filter Authentication User Guide. Information on creating filtering profiles for IP groups can be found in the WF Group Administrator Section of this user guide.
  • Page 271: Global Group

    Web Filter in the invisible or router mode. Service ports that should be open—ignored by the Web Filter—are also defined in this window. Fig. 2:2-2 Range to Detect Settings window, main window M86 S ECURITY UIDE...
  • Page 272: Add A Segment To The Network

    Fig. 2:2-3 Range to Detect Settings window, Node tab Add a Segment to the Network To add a segment to be detected on the network: 1. Click Add to go to the next page: M86 S ECURITY UIDE...
  • Page 273 • Advanced Settings - clicking this button takes you to the Range to Detect Advanced Settings window. Follow the instructions in the Range to Detect Advanced Settings sub-section to complete the addi- tion of the segment on the network. M86 S ECURITY UIDE...
  • Page 274: Range To Detect Setup Wizard

    1. Choose the appropriate option for entering the IP address(es): • IP / Netmask - use these fields to specify a range of IP addresses • Individual IP - use this field to enter a single IP address M86 S ECURITY UIDE...
  • Page 275 IP frames. This reduces the load on the Web Filter, thus enabling it to handle more traffic. Fig. 2:2-6 Range to Detect Setup Wizard window, Step 2 NOTE: For Steps 2-6, click Back to return to the previous page of the Wizard. M86 S ECURITY UIDE...
  • Page 276 NOTE: By making entries in Destination IP fields, traffic will be restricted to the range specified in the Source IP and Destination IP frames. This reduces the load on the Web Filter, thus enabling it to handle more traffic. M86 S ECURITY UIDE...
  • Page 277 Fig. 2:2-8 Range to Detect Setup Wizard window, Step 4 Step 5: Optional In this step you enter destination port numbers to be excluded from filtering. Fig. 2:2-9 Range to Detect Setup Wizard window, Step 5 M86 S ECURITY UIDE...
  • Page 278 • click the Modify button to the right of the list box if you need to make changes. This action takes you to that page of the Wizard where you make your edits. Click Next until you return to Step 6. M86 S ECURITY UIDE...
  • Page 279: Range To Detect Advanced Settings

    NOTE: Click Cancel to be given the option to return to the main Range to Detect Settings window without saving your settings. 2. Click Apply to accept your entries and to return to the main Range to Detect Settings window. M86 S ECURITY UIDE...
  • Page 280: Modify A Segment Of The Network

    Detect Advanced Settings sub-section. Remove a Segment from the Network To remove a segment: 1. In the main Range to Detect Settings window (see Fig. 2:2-2), select the segment from the Current Ranges list box. 2. Click Remove. M86 S ECURITY UIDE...
  • Page 281: Rules Window

    Select the rule from the Current Rules pull-down menu to populate the Rule Details frame with settings made for that rule. If this rule is not an M86 pre-defined rule it can be modified or deleted. A rule that does not yet exist can be added using any rule in this list as a template, if necessary.
  • Page 282: Add A Rule

    URL he/she requested can be accessed, but may be against the organization’s policies. The end user can view the URL after seeing a warning message and agreeing to its terms. • Block - URLs in this category will be blocked. M86 S ECURITY UIDE...
  • Page 283 NOTE: See the Quota Settings window in Chapter 1: System screen for more information on configuring quota settings and resetting quotas for end users currently blocked by quotas. M86 S ECURITY UIDE...
  • Page 284: Modify A Rule

    Rule Descrip- tion field. 3. Enter up to 20 characters for a unique Rule Description that describes the theme for that rule. 4. Modify settings for library groups and categories in the Rule Details frame. M86 S ECURITY UIDE...
  • Page 285: Remove A Rule

    Click the following tabs in this window: Category, Port, Default Redirect URL, and Filter Options. Entries in these tabs comprise the profile string for the global group. Fig. 2:2-13 Global Group Profile window, Category tab M86 S ECURITY UIDE...
  • Page 286: Category Profile

    • Warn - URLs in this category will warn the end user that the URL he/she requested can be accessed, but may be against the organization’s policies. The end user can view the URL after seeing a warning message and agreeing to its terms. M86 S ECURITY UIDE...
  • Page 287 URLs in that library group/category. TIP: If a quota entry is made for a category group, all library cate- gories in that group will show the same number of quota minutes. M86 S ECURITY UIDE...
  • Page 288: Port

    4. Click Apply to apply your settings at the global level. Port Port displays when the Port tab is clicked. This tab is used for blocking access to specified ports for the global filtering profile. Fig. 2:2-14 Global Group Profile window, Port tab M86 S ECURITY UIDE...
  • Page 289: Create, Edit A List Of Service Ports

    URL tab is clicked. This tab is used for specifying the URL to be used for redirecting users who attempt to access a site or service set up to be blocked for the global filtering profile. Fig. 2:2-15 Global Group Profile window, Default Redirect URL tab M86 S ECURITY UIDE...
  • Page 290: Create, Edit The Redirect Url

    Fig. 2:2-16 Global Group Profile window, Filter Options tab Create, Edit the Filter Options 1. Click the checkbox(es) corresponding to the option(s) to be applied to the global group filtering profile: “X Strikes Blocking”, “Google/Bing/Yahoo!/Youtube/Ask/AOL Safe Search Enforcement”, “Search Engine Keyword Filter M86 S ECURITY UIDE...
  • Page 291 An inappropriate image will only be blocked if that image is included in M86’s library or is blocked by Google, Bing.com, Yahoo!, YouTube, Ask.com, or AOL. If this option is used in conjunction with the X Strikes Blocking feature and a user is performing an inappropriate Google, Bing.com, Yahoo!, YouTube, Ask.com, or AOL Image search, the...
  • Page 292 • M86 Supplied Categories - see Chapter 3: Library screen, Search Engine Keywords window in this section. • Custom Categories - see the WF Group Administrator Section, Chapter 2: Library screen, Search Engine Keywords window.
  • Page 293 NOTE: To set up URL keywords in a URL Keywords window, see the following sections of this user guide for the specified library type: • M86 Supplied Categories - see Chapter 3: Library screen, URL Keywords window, in this section. • Custom Category - see the WF Group Administrator Section, Chapter 2: Library screen, URL Keywords window.
  • Page 294: Override Account Window

    IP group. See Appendix C: Override Pop-up Blockers for information on how a user with an override account can authenticate if a pop-up blocker is installed on his/her workstation. M86 S ECURITY UIDE...
  • Page 295: Add An Override Account

    (See Category Profile, Redirect URL, and Filter Options in this sub-section for information on the Rule, Redirect, and Filter Options tabs.) 6. Click Apply to activate the override account. 7. Click Close to close the pop-up window. M86 S ECURITY UIDE...
  • Page 296: Category Profile

    For example, if M86 S ECURITY UIDE...
  • Page 297 URL that has not yet been categorized: “Pass”, “Warn”, or “Block”. 4. To use the quota feature to restrict the end user’s access to a passed library group/category, do the following: M86 S ECURITY UIDE...
  • Page 298 5. Click Apply to apply your settings to the override account profile. 6. Click another tab (Redirect or Filter Options) to continue creating the override account profile, or click Close to close the pop-up window and to return to the Override Account window. M86 S ECURITY UIDE...
  • Page 299: Redirect Url

    2. Click Apply to apply your settings to the override account profile. 3. Click the Filter Options tab to continue creating the over- ride account profile, or click Close to close the pop-up window and to return to the Override Account window. M86 S ECURITY UIDE...
  • Page 300: Filter Options

    NOTE: See the X Strikes Blocking window in Chapter 1: System screen for information on setting up the X Strikes Blocking feature. M86 S ECURITY UIDE...
  • Page 301 NOTE: To set up search engine keywords in a Search Engine Keywords window, see the following sections of this user guide for the specified library type: • M86 Supplied Categories - see Chapter 3: Library screen, Search Engine Keywords window. • Custom Categories - see the WF Group Administrator Section, Chapter 2: Library screen, Search Engine Keywords window.
  • Page 302: Edit An Override Account

    NOTE: To set up URL keywords in a URL Keywords window, see the following sections of this user guide for the specified library type: • M86 Supplied Categories - see Chapter 3: Library screen, URL Keywords window. • Custom Category - see the WF Group Administrator Section, Chapter 2: Library screen, URL Keywords window.
  • Page 303: Modify An Override Account

    5. Click Apply. 6. Click Close to close the pop-up window. Delete an Override Account To delete an override account: 1. In the Current Accounts frame, select the username from the list box. 2. Click Remove. M86 S ECURITY UIDE...
  • Page 304: Approved Content Settings Window

    VuSafe removes all outside content on sites such as YouTube.com, eliminating access to inappro- priate material. This free Web-based service requires no additional software or hardware setup. Enabling the M86 S ECURITY UIDE...
  • Page 305: Approved Content Setup And Configuration

    • Text editor tool such as Notepad or TextPad • MD5 checksum calculator tool Once you have access to the aforementioned items, follow the instructions in the M86 Approved Content Portal Setup document at http://www.m86security.com/software/8e6/ docs/ug/misc/wf.ac.4.1.00.pdf . As explained in the portal setup document, a passkey must be created for each video to be included in the portal.
  • Page 306: Approved Content Settings Entries

    Passkeys list box will be available for users set up in the Policy tree. Though these users can be set up to use the Approved Content feature, they will need to have passkeys entered and saved in their profiles. M86 S ECURITY UIDE...
  • Page 307: Minimum Filtering Level Window

    Chapter 1 of the WF Group Administrator Section for more infor- mation about override accounts. Click the following tabs in this window: Category, Port, and Min. Filter Bypass. Entries in the Category and Port tabs comprise the profile string for the minimum filtering level. M86 S ECURITY UIDE...
  • Page 308: Minimum Filtering Categories

    Pass or Block column. TIP: In the Category Groups tree, double-click the group enve- lope to open that segment of the tree and to view library catego- ries belonging to that group. M86 S ECURITY UIDE...
  • Page 309: Create, Edit Minimum Filtering Categories

    Shift key on your keyboard while clicking the last category, and then double- clicking in the appropriate column. 2. Click Apply to apply your settings for the minimum filtering level. M86 S ECURITY UIDE...
  • Page 310: Port

    2. Click Add. Each port number you add displays in the Block Port(s) list box. 3. Click Apply to apply your settings at the minimum filtering level. To remove a port number from the list box: 1. Select the port number. 2. Click Remove. M86 S ECURITY UIDE...
  • Page 311: Minimum Filtering Bypass Options

    Fig. 2:2-24 Minimum Filtering Level window, Min. Filter Bypass tab NOTE: See the Override Account window and Exception URL window of the Policy screen in the Group Administrator Section of this user guide for information on setting up an override account and exception URLs. M86 S ECURITY UIDE...
  • Page 312: Specify Minimum Filtering Bypass Options

    If authentication is enabled, when Refresh All is clicked, the LDAP branch of the tree displays. When authentication is disabled, when Refresh All is clicked only the IP branch of the tree displays. M86 S ECURITY UIDE...
  • Page 313: Add Group

    "{" (left brace), "}" (right brace), "[" (left bracket), "]" (right bracket), "@" (at sign), "#" (pound sign), "$" (dollar sign), "%" (percent sign), "<" (less than symbol), “>” (greater than symbol), "+" (plus symbol), "-" (minus sign), "=" (equals sign). M86 S ECURITY UIDE...
  • Page 314: Refresh

    Group Administrator Section of this user guide. Refresh Refresh IP Groups From the IP group menu, click Refresh whenever changes have been made in this branch of the tree. M86 S ECURITY UIDE...
  • Page 315: Chapter 3: Library Screen

    Updates, Library Lookup, Customer Feedback Module, NNTP Newsgroup, and Pattern Detection Whitelist topics. Click Updates to display a menu of sub-topics: Configura- tion, Manual Update, Additional Language Support, Library Update Log, and Emergency Update Log. M86 S ECURITY UIDE...
  • Page 316 Groups to open the tree list. Double-click a category group envelope—any envelope except Custom Categories—to view M86 supplied library categories for that group. Click a library category topic to view a menu of sub-topics for that library category item: Library Details, URLs, URL Keywords, and Search Engine Keywords.
  • Page 317: Updates

    Configuration window The Configuration window displays when Configuration is selected from the Updates menu. This window is used for making settings to allow the Web Filter to receive M86 supplied library category updates on a daily basis. Fig. 2:3-2 Configuration window Set a Time for Updates to be Retrieved 1.
  • Page 318: Optional: Specify A Proxy Server

    Log Level 1 includes a summary of library and software update activity. Log Level 2 includes detailed information on library and soft- ware update activity. 2. Click Apply to apply your settings. M86 S ECURITY UIDE...
  • Page 319: Manual Update Window

    The Manual Update to M86 Supplied Categories window displays when Manual Update is selected from the Updates menu. This window is used for updating specified M86 supplied library categories on demand from the update server, if the Web Filter has not received daily updates due to an occurrence such as a power outage.
  • Page 320 Local Software Update window in Chapter 1: System screen. For information on viewing the status of downloaded software updates, see the Software Update Log window in Chapter 1, and the Emergency Update Log window in this chapter. M86 S ECURITY UIDE...
  • Page 321: Additional Language Support Window

    Additional Language Support window The Additional Language Support window displays when Additional Language Support is selected from the Updates menu. This window is used for including additional M86- supported languages in library downloads. Fig. 2:3-4 Additional Language Support window Select Additional Languages 1.
  • Page 322: Library Update Log Window

    View the Library Update Process When performing a manual (on demand) library update, click View Log to display contents from the log file with the status of the library update. Keep clicking this button to continue viewing log file data. M86 S ECURITY UIDE...
  • Page 323: Download Log, View, Print Contents

    View the Contents of the Log Once the log file has been downloaded to your workstation, you can view its contents. 1. Find the log file in the folder, and right-click in it to open the pop-up menu: M86 S ECURITY UIDE...
  • Page 324 2. Choose “Open With” and then select a zip file executable program such as “WinZip Executable” to launch that application: Fig. 2:3-7 WinZip Executable program 3. If using WinZip, click I Agree to open the window containing the zip file: M86 S ECURITY UIDE...
  • Page 325 “View” to open the View dialog box: Fig. 2:2-9 View dialog box 5. Select “Internal ASCII text viewer”, and then click View to open the View window containing the log file contents: Fig. 2:3-10 View window M86 S ECURITY UIDE...
  • Page 326: Save, Print The Log File Contents

    2. Open Notepad—in Windows XP: Start > All Programs > Accessories > Notepad 3. Paste the contents from the clipboard into the Notepad file: Fig. 2:3-11 Notepad The correctly formatted Notepad file can now be saved and/or printed. M86 S ECURITY UIDE...
  • Page 327: Emergency Update Log Window

    Fig. 2:3-12 Emergency Update Log window View the Emergency Software Update Process Click View Log to display contents from the emergency software update log file with the status of the software update. M86 S ECURITY UIDE...
  • Page 328: Download The Software Update Log File

    OK to close the alert box asking you to verify that the software update log file was successfully saved. NOTE: See Library Update Log window for information on viewing the contents of the log file, and printing and/or saving the log file contents. M86 S ECURITY UIDE...
  • Page 329: Library Lookup

    1. In the URL Lookup frame, enter the URL. For example, enter http://www.coors.com, coors.com, or use a wild- card by entering *.coors.com. A wildcard entry finds all URLs containing text that follows the period (.) after the asterisk (*). M86 S ECURITY UIDE...
  • Page 330: Remove A Url

    Result Category list box, showing the long name of the library category, followed by the URL. Remove a URL To remove the URL: 1. Select the item from the Result Category list box. 2. Click Remove. M86 S ECURITY UIDE...
  • Page 331: Submit An Email To The Administrator

    Remove a Search Engine Keyword To remove a search engine keyword/phrase from library categories: 1. After performing the search engine keyword search, select the categories from the Result Category list box. 2. Click Remove. M86 S ECURITY UIDE...
  • Page 332: Reload The Library

    Once all changes have been made to library windows, click Reload Library to refresh. NOTE: Since reloading the library utilizes system resources that impact the performance of the Web Filter, M86 recommends clicking Reload Library only after modifications to all library windows have been made.
  • Page 333: Customer Feedback Module

    Module feature, in which the most frequently visited non-categorized URLs in your Web Filter's filter log will be FTPed to M86 on a daily basis. The URLs collected by M86 will be reviewed and added to M86's standard library cate- gories, as appropriate, so they can be blocked.
  • Page 334: Disable Customer Feedback Module

    1. At the Customer Feedback Module - Auto Learning Feature field, click “On” to indicate that you wish to enable the Customer Feedback Module. 2. Click Apply to open the Disclaimer dialog box: Fig. 2:3-15 Disclaimer box M86 S ECURITY UIDE...
  • Page 335 “M86 Security agrees to discuss the information collected by the Customer Feedback Module only with M86 Security’s employees who have a need to know and who have been informed of the confidential nature of the information and of their personal obligation not to disclose or use such information.
  • Page 336 HAPTER IBRARY SCREEN “Your agreement to activate the Customer Feedback Module will be transmitted back to M86 Security once you click the ‘Accept’ button.” 4. After reading this text, if you agree with the terms, click in the checkbox to activate the Accept button.
  • Page 337: Category Weight System

    This feature lets you choose which category will be logged and reported for a URL request that exists in multiple cate- gories (possibly both M86 supplied and custom library cate- gories) with the same operational precedence. Fig. 2:3-17 Category Weight System window...
  • Page 338: View The Current Selections

    • “No Weight” Categories - Populated with M86 supplied categories • “Weight” Categories - Pre-populated by default with cate- gories M86 suggests you might want to use for this feature. The contents in each list box, combined with the end user’s profile, help to determine what will appear in the log for the end user’s Internet activity.
  • Page 339: Weighting Library Categories

    "weight" when ranked against other categories, based upon an end user’s URL request that appears in multiple library categories set up with the same operational precedence in the end user’s filtering profile. M86 S ECURITY UIDE...
  • Page 340: Nntp Newsgroup

    Add a Newsgroup to the Library To add a newsgroup to the library: 1. In the Newsgroup frame, enter the Newsgroup address. 2. Click Add. If the newsgroup already exists, an alert box will open to inform you that it exists. M86 S ECURITY UIDE...
  • Page 341: Remove A Newsgroup From The Library

    After all changes have been made to library windows, click Reload Library to refresh. NOTE: Since reloading the library utilizes system resources that impact the performance of the Web Filter, M86 recommends clicking Reload Library only after modifications to all library windows have been made.
  • Page 342: Pattern Detection Whitelist

    Fig. 2:3-19 Pattern Detection Whitelist window NOTE: This feature can be used in conjunction with the Pattern Blocking feature, which, when enabled, blocks IP address patterns. (See the Filter window sub-section in Chapter 1: System screen.) M86 S ECURITY UIDE...
  • Page 343: Create, Maintain A Whitelist Of Ip Addresses

    Shift key on the keyboard while simultaneously clicking the last IP address in the list. 3. After all IP addresses have been added and/or removed, click Apply. M86 S ECURITY UIDE...
  • Page 344: Category Groups

    Administrator Section for information on setting up customized category groups and library categories. WARNING: The maximum number of library categories that can be saved is 512. This figure includes both M86 supplied catego- ries and custom categories. Double-click Category Groups to open the tree and to display category groups.
  • Page 345: Library Details Window

    Click the M86 supplied category link to view a menu of sub- topics: Library Details, URLs, URL Keywords, and Search Engine Keywords. (Menus for Instant Messaging library categories only include the sub-topics Library Details, and URLs).
  • Page 346: Urls Window

    (*) symbol followed by a period (.) can be entered in a format such as *.playboy.com, for example, to block access to all URLs ending in “.playboy.com”. A query string can be entered to block access to a specific URL. Fig. 2:3-22 URLs window, Action tab M86 S ECURITY UIDE...
  • Page 347: View A List Of Urls In The Library Category

    2. Make a selection from the pull-down menu for “Addition List”, “Deletion List”, “Wildcard Addition List”, or “Wild- card Deletion List”. 3. Click View List to display the specified items in the Select List list box: Fig. 2:3-23 URLs window, View tab M86 S ECURITY UIDE...
  • Page 348: Add Or Remove Urls, Reload The Library

    NOTE: The pound sign (#) character is not allowed in this entry. 2. Click Add to display the associated URL(s) in the list box below. 3. Select the URL(s) that you wish to add to the category. M86 S ECURITY UIDE...
  • Page 349: Add A Wildcard Url To The Library Category

    *.cnn.com is added to a category set up to be blocked, the end user will be able to access http://www.cnn.com since it is a direct match, but will not be able to access http://www.sports.cnn.com, since direct URL entries take precedence over wildcard entries. M86 S ECURITY UIDE...
  • Page 350: Remove A Url From The Library Category

    After all changes have been made to library windows, click Reload Library to refresh. NOTE: Since reloading the library utilizes system resources that impact the performance of the Web Filter, M86 recommends clicking Reload Library only after modifications to all library windows have been made.
  • Page 351: Url Keywords Window

    URLs that are not even within blocked categories. For example, if all URL keywords containing “sex” are blocked, users will not be able to access a non-pornographic site such as http:// www.essex.com. M86 S ECURITY UIDE...
  • Page 352: View A List Of Url Keywords

    1. Enter the Keyword in the Edit Keyword List frame. 2. Click Add. Remove a URL Keyword from the Library To remove a URL keyword from the library category: 1. Enter the Keyword in the Edit Keyword List frame. 2. Click Remove. M86 S ECURITY UIDE...
  • Page 353: Upload A List Of Url Keywords To The Library

    4. Click Upload File to upload this file to the server. NOTE: A URL keyword text file must contain one URL keyword per line. WARNING: The text file uploaded to the server will overwrite the current file. M86 S ECURITY UIDE...
  • Page 354: Upload A List Of Url Keyword Deletions

    After all changes have been made to library windows, click Reload to refresh. NOTE: Since reloading the library utilizes system resources that impact the performance of the Web Filter, M86 recommends clicking Reload only after modifications to all library windows have been made.
  • Page 355: Search Engine Keywords Window

    Fig. 2:3-26 Search Engine Keywords window NOTES: Master lists cannot be uploaded to any M86 supplied library category. See the Custom Categories sub-section of the WF Group Administrator Section of this user guide for information on uploading a master list to the server.
  • Page 356: View A List Of Search Engine Keywords

    Add a Search Engine Keyword to the Library To add a search engine keyword/phrase to the library cate- gory: 1. In the Edit Search Keyword List frame, enter up to 75 alphanumeric characters in the Keyword field. 2. Click Add. M86 S ECURITY UIDE...
  • Page 357: Remove A Search Engine Keyword From The Library

    3. Click Upload File to upload this file to the server. NOTE: A search engine keywords text file must contain one keyword/phrase per line. WARNING: The text file uploaded to the server will overwrite the current file. M86 S ECURITY UIDE...
  • Page 358: Upload A List Of Search Engine Keyword Deletions

    After all changes have been made to library windows, click Reload to refresh. NOTE: Since reloading the library utilizes system resources that impact the performance of the Web Filter, M86 recommends clicking Reload only after modifications to all library windows have been made.
  • Page 359: Chapter 4: Reporting Screen

    Click Usage Graphs to display the Usage Graphs window, used for analyzing reports on daily peaks and trends of Internet usage. Click Shadow Log Format to specify the format in which Web Filter logs will be sent to the SR. M86 S ECURITY UIDE...
  • Page 360: Report Configuration

    SR. Fig. 2:4-2 Report Configuration window Execute Log Transfer Now In the Initiating Log Transfer frame, click Initiate to transfer the log on demand. M86 S ECURITY UIDE...
  • Page 361: Real Time Probe

    Fig. 2:4-3 Real Time Probe window, Configuration tab Configuration Enable Real Time Probes 1. On the Configuration tab, click “On”. 2. Click Save to enable the Real Time Probes feature. As a result, all elements in this window become activated. M86 S ECURITY UIDE...
  • Page 362: Set Up Real Time Probes

    2. Click Add to add the IP address in the Current White list of IPs. Remove IPs from the White List 1. Select the IP address(es) from the Current White list of IPs list box. 2. Click Delete to remove the IP address(es) from the white list. M86 S ECURITY UIDE...
  • Page 363: Report Recipients

    Format to be used for the file: “Plain Text” or “HTML”. By default, “HTML” is selected. 2. Select the Maximum File Size of an Email Report (MB) that can be sent, from 1MB increments up to 20MB. The default is 5 MB. 3. Click Save. M86 S ECURITY UIDE...
  • Page 364: Set Up Email Addresses To Receive Reports

    Completed Reports to be Emailed list box. NOTE: The maximum number of report recipients is 50. If more than 50 recipients need to be included, M86 recommends setting up an email alias list for group distribution. Remove Email Addresses 1.
  • Page 365: Logon Accounts

    Users list box. NOTE: When an authorized staff member is added to this list, that username is automatically added to the Current Un-Acces- sible Users list box in the Logon Accounts tab of the X Strikes Blocking window. M86 S ECURITY UIDE...
  • Page 366: Deactivate An Authorized Logon Account

    (See Chapter 1: System screen, X Strikes Blocking for information on reseting strikes and unlocking workstations.) M86 S ECURITY UIDE...
  • Page 367: Go To Real Time Probe Reports Gui

    The Re-login window opens if the user’s session needs to be validated: Fig. 2:4-6 Re-login window 1. Enter your Username. 2. Enter your Password. 3. Click OK to close the Re-login window and to re-access the Web Filter console. M86 S ECURITY UIDE...
  • Page 368: Real Time Probe Reports

    Enter the Username and Password and click OK to open the Real Time Probe Reports pop-up window (see Fig. 2:4-8). • The Web Filter Introductory Window for Real Time Probes simultaneously opens with the Login window: M86 S ECURITY UIDE...
  • Page 369: Create A Real Time Probe

    This window must be left open during the entire session. Create a Real Time Probe Click the Create tab to enter and specify criteria for the report you wish to generate: Fig. 2:4-9 Real Time Probe Reports, Create tab M86 S ECURITY UIDE...
  • Page 370 (*) character is not allowed. This selection generates a report with data for all URLs containing the consecutive characters you specified. In this example, if mail is entered, “http:// www.hotmail.com” and “http://loginnet.passport.com/ login.srf?id=2&svc=mail&cbid=24325&msppjph=1&tw =0&fs=1&fsa=1&fsat=1296000&lc=1033&_lang=EN” would be included in the report. M86 S ECURITY UIDE...
  • Page 371 A probe that is scheduled to run at a specified date and time can be scheduled to run on a daily basis by checking the “Daily” checkbox at the Recurrence field. 6. Enter the Total Run Time in Minutes. 7. Click Apply. M86 S ECURITY UIDE...
  • Page 372: View Real Time Probe Details

    By selecting a probe, buttons for the probe become acti- vated, based on the state of the probe. The following options are available for each of the probe statuses: • Completed: View, Properties, Delete, Email • In Progress: View, Properties, Stop • Scheduled: Properties, Delete M86 S ECURITY UIDE...
  • Page 373 SE Keyword or a URL Keyword); URL in Libraries, and Requested URL. The following actions can be performed in this window: • Click a URL to open a window that accesses the desig- nated site. M86 S ECURITY UIDE...
  • Page 374 Display Name; Email Address to Mail the Completed Report; Search Option criteria; Start Date & Time; Run Time; and User ID of the creator of the probe (Created by). Click Close to close this pop-up box. M86 S ECURITY UIDE...
  • Page 375 Email option Clicking Email opens the Email Address box: Fig. 2:4-14 Email Address box Enter the Email Address to Mail the Completed Report and click Send to send the completed report to the desig- nated email address. M86 S ECURITY UIDE...
  • Page 376: Usage Graphs

    URLs accessed by end users, number of machine IP addresses accessing the Internet, and number of end users who have been authenticated (if using the authentication feature). Fig. 2:4-15 Usage Graphs window M86 S ECURITY UIDE...
  • Page 377: Select A Graph To View

    The Recent Trend graph includes the following information: date range, and Number of Hits per Hour for a given date: Fig. 2:4-16 Recent Trend graph Click the “X” in the upper right corner to close this window. M86 S ECURITY UIDE...
  • Page 378: Daily Peaks

    The Daily Peaks graph includes the following information: date, and Number of Hits per Second at Peak Time for a given Time using the HH:MM format: Fig. 2:4-17 Daily Peaks graph Click the “X” in the upper right corner to close this window. M86 S ECURITY UIDE...
  • Page 379: Shadow Log Format

    Post 2.0 log format (manual)”, “Post 1.9 log format (manual)”, and “Pre 1.9 log format (manual)”. NOTE: For the WFR Web Filter, the only selection that should be made in this window is “Auto-detect” or “Post 2.0.10 log format (manual)”. M86 S ECURITY UIDE...
  • Page 380: Auto-Detect Option

    Post 2.0.10 log format option If this Web Filter currently has the 2.0.10 or higher software version applied, the Post 2.0.10 log format option should be selected. Apply Setting Click Apply to apply the setting for the shadow log format. M86 S ECURITY UIDE...
  • Page 381: Wf Group Administrator Section

    URL setup • creates and maintains customized library categories • uses the lookup tool to remove URLs or search engine keywords from customized libraries M86 S ECURITY UIDE...
  • Page 382: Chapter 1: Policy Screen

    IP sub-groups and/or individual IP members previously set up in the tree list. Click an entity in the tree list to view a menu of topics or actions that can be performed for that entity. M86 S ECURITY UIDE...
  • Page 383: Refresh

    ECTION HAPTER OLICY SCREEN Refresh Refresh the Master IP Group, Member Click Refresh whenever a change has been made to the master IP group or member level of the tree. Fig. 3:1-2 Policy screen, IP menu M86 S ECURITY UIDE...
  • Page 384: Master Ip Group

    This window is used for viewing the Group Name and for changing the password of the group administrator. Fig. 3:1-3 Group Details window Change the Group Administrator Password In the Group Administrator frame, the Group Name displays. M86 S ECURITY UIDE...
  • Page 385: Members Window

    For the mobile mode, a member’s MAC address is used for obtaining the end user’s filtering profile. NOTE: See Appendix D: Mobile Client for information on adding members when using the mobile mode. Fig. 3:1-4 Members window M86 S ECURITY UIDE...
  • Page 386: Add The Ip Address Of The Member

    Host and Max Host fields. Click Close to exit. Remove a Member from the Group To remove an entry from the Current Members list box: 1. Select the member from the list box. 2. Click Remove. M86 S ECURITY UIDE...
  • Page 387: Override Account Window

    A user can have only one override account. See the Override Account window in Chapter 2 of the WF Global Administrator Section for information on setting up a global group user’s over- ride account. M86 S ECURITY UIDE...
  • Page 388: Add An Override Account

    (See Category Profile, Redirect URL, and Filter Options in this sub-section for information on the Rule, Redirect, and Filter Options tabs.) 6. Click Apply to activate the override account. 7. Click Close to close the pop-up window. M86 S ECURITY UIDE...
  • Page 389: Category Profile

    For example, if M86 S ECURITY UIDE...
  • Page 390 URL that has not yet been categorized: “Pass”, “Warn”, or “Block”. 4. To use the quota feature to restrict the end user’s access to a passed library group/category, do the following: M86 S ECURITY UIDE...
  • Page 391 5. Click Apply to apply your settings to the override account profile. 6. Click another tab (Redirect or Filter Options) to continue creating the override account profile, or click Close to close the pop-up window and to return to the Override Account window. M86 S ECURITY UIDE...
  • Page 392: Redirect Url

    Page”, “Authentication Request Form”, or “Custom URL”. If “Custom URL” is selected, enter the redirect URL in the corresponding text box. The user will be redirected to the designated page at this URL instead of the block page. M86 S ECURITY UIDE...
  • Page 393: Filter Options

    WF Global Administrator Section for information on setting up the X Strikes Blocking feature. • “Google/Bing/Yahoo!/Youtube/Ask/AOL Safe Search Enforcement” - With the Google/Bing/Yahoo!/Youtube/ Ask/AOL Safe Search Enforcement option enabled, Google, Bing.com, Yahoo!, YouTube, Ask.com, and M86 S ECURITY UIDE...
  • Page 394 URL keywords are entered in the URL Keywords window of custom library categories. With the “Extend URL Keyword Filter Control” option enabled, a URL keyword search will be extended after the "?" character in a URL. M86 S ECURITY UIDE...
  • Page 395: Edit An Override Account

    3. Click the tab in which to make modifications (Rule, Redi- rect, Filter Options). 4. Make your edits in this tab and in any other tab, if neces- sary. 5. Click Apply. 6. Click Close to close the pop-up window. M86 S ECURITY UIDE...
  • Page 396: Delete An Override Account

    Category Profile displays by default when Group Profile is selected from the group menu, or when the Category tab is clicked. This tab is used for assigning filter settings to cate- gory groups/library categories for the group’s filtering profile. M86 S ECURITY UIDE...
  • Page 397: Create, Edit A List Of Selected Categories

    Sites are allowed to Pass. NOTE: By default, the Available Filter Levels pull-down menu also includes these five rule choices: Rule1 BYPASS”, “Rule2 BLOCK Porn”, “Rule3 Block IM and Porn”, “Rule4 M86 CIPA Compliance”, and “Block All”. Create, Edit a List of Selected Categories To create the category profile: 1.
  • Page 398 3. Make a selection from the Uncategorized Sites pull- down menu to specify how to handle a URL that has not yet been categorized: “Pass”, “Warn”, or “Block”. M86 S ECURITY UIDE...
  • Page 399 5. Click Apply to apply your settings to the override account profile. 6. Click another tab (Redirect or Filter Options) to continue creating the override account profile, or click Close to close the pop-up window and to return to the Override Account window. M86 S ECURITY UIDE...
  • Page 400: Redirect Url

    If “Custom URL” is selected, enter the redirect URL in the corresponding text box. Users will be redirected to the designated page at this URL instead of the block page. 2. Click Apply to apply your settings. M86 S ECURITY UIDE...
  • Page 401: Filter Options

    With the X Strikes Blocking option enabled, an end user who attempts to access inappropriate sites on the Internet will be locked out from his/her workstation after a specified number of tries within a fixed time period. M86 S ECURITY UIDE...
  • Page 402 An inappropriate image will only be blocked if that image is included in M86’s library or is blocked by Google, Bing.com, Yahoo!, YouTube, Ask.com, or AOL. If this option is used in conjunction with the X Strikes Blocking feature and a user is performing an inappropriate Google, Bing.com, Yahoo!, YouTube, Ask.com, or AOL Image search, the...
  • Page 403 URLs that are not even within blocked catego- ries. For example, if all URL keywords containing “sex” are blocked, users will not be able to access a non-pornographic site such as http://www.essex.com. M86 S ECURITY UIDE...
  • Page 404: Exception Url Window

    Minimum Filtering Bypass Options tab. (See the Override Account window in this section for informa- tion on setting up an override account to allow a user to bypass group settings and minimum filtering level settings, if allowed.) M86 S ECURITY UIDE...
  • Page 405: Valid Url Entries

    (.) and then the URL, such as: *.coors.com TIP: The minimum number of levels that can be entered for a wildcard entry is three (e.g. *.yahoo.com) and the maximum number of levels is six (e.g. *.mail.attachments.message.yahoo .com). M86 S ECURITY UIDE...
  • Page 406: Add Urls To Block Url Or Bypass Url Frame

    “URL cannot be added due to conflicts” (this message is preceded by a red circle icon with a line through it). Mousing over this URL in the table provides details about the status of the URL in the Exception URL window. M86 S ECURITY UIDE...
  • Page 407 TIP: Click Cancel to close this pop-up window without making any selections. 3. Click Add Selected to close the pop-up window and to add your selection(s) in the appropriate URL list box. M86 S ECURITY UIDE...
  • Page 408: Remove Urls From Block Url Or Bypass Url Frame

    Clicking the “Check/uncheck all” checkbox at the bottom of this window toggles between selecting or de-selecting all checkboxes in this window. TIP: Click Cancel to close this pop-up window without making any selections. M86 S ECURITY UIDE...
  • Page 409: Apply Settings

    The Current Time Profiles list box displays the Name and Description of any time profiles previously set up for the entity that are currently active. NOTE: This window is similar to the one used for Sub Group and Individual IP profiles. M86 S ECURITY UIDE...
  • Page 410: Add A Time Profile

    Time Profile pop-up window that displays the name of this profile at the top of the Time Profile frame: Fig. 3:1-18 Time Profile window Recurrence tab 4. In the Recurrence duration time frame, specify Start and End time range criteria: M86 S ECURITY UIDE...
  • Page 411 • Daily - If this selection is made, enter the interval for the number of days this time profile will be used. By default, “1” displays, indicating this profile will be used each day during the specified time period. M86 S ECURITY UIDE...
  • Page 412 Thursday (for example, May 1st), the third week day would be the following Monday (May 5th in this example). • Yearly - If this selection is made, the year(s), month, and day for this time profile’s interval must be speci- fied: M86 S ECURITY UIDE...
  • Page 413 MM/DD/YY format. To choose another date, click the arrow in the date drop-down menu to open the calendar pop-up box. (See the infor- mation on the previous pages on how to use the calendar box.) M86 S ECURITY UIDE...
  • Page 414 Name and Description of the time profile that was just added. WARNING: If there is an error in a time profile, the Description for that time profile displays in red text. Select that time profile and click View/Modify to make any necessary corrections. M86 S ECURITY UIDE...
  • Page 415: Category Profile

    Fig. 3:1-19 Time Profile pop-up window, Rule tab NOTE: See the Override Account window, Category Profile sub- section in this chapter for information about entries that can be made for this component of the filtering profile. M86 S ECURITY UIDE...
  • Page 416: Redirect Url

    Fig. 3:1-20 Time Profile pop-up window, Redirect URL tab NOTE: See the Override Account window, Redirect URL sub- section in this chapter for information about entries that can be made for this component of the filtering profile. M86 S ECURITY UIDE...
  • Page 417: Filter Options

    Fig. 3:1-21 Time Profile pop-up window, Filter Options tab NOTE: See the Override Account window, Filter Options sub- section in this chapter for information about entries that can be made for this component of the filtering profile. M86 S ECURITY UIDE...
  • Page 418: Exception Url

    Minimum Filtering Bypass Options tab. (See the Override Account window in this section for information on setting up an override account to allow a user to bypass group settings and minimum filtering level settings, if allowed.) M86 S ECURITY UIDE...
  • Page 419: Approved Content

    Fig. 3:1-23 Time Profile pop-up window, Approved Content tab NOTE: See the Approved Content Settings window sub-section in this chapter for information about entries that can be made for this component of the filtering profile. M86 S ECURITY UIDE...
  • Page 420: Modify A Time Profile

    6. Click Close to close the Modify Time Profiles pop-up window, and to return to the Time Profile window. Delete a Time Profile To delete a time profile: 1. Select the time profile from the Current Time Profiles list box. 2. Click Remove. M86 S ECURITY UIDE...
  • Page 421: Approved Content Settings Window

    There are two parts to set up in order to use the Approved Content feature: • A portal for viewing videos must be created • The passkey of each approved video must be entered in the Approved Content Settings window for the user’s profile M86 S ECURITY UIDE...
  • Page 422: Approved Content Portal Setup

    • Text editor tool such as Notepad or TextPad • MD5 checksum calculator tool NOTE: See the M86 Approved Content Portal Setup document at http://www.m86security.com/software/8e6/docs/ug/misc/ wf.ac.4.1.00.pdf for instructions on setting up a portal and pass- keys for users to view YouTube or SchoolTube videos.
  • Page 423 Enter the case-sensitive, eight to 20 character code in the Passkey field. b. Click Add. TIP: To remove a passkey from the list box, select it and then click Remove. 2. Click Apply to save your entries. M86 S ECURITY UIDE...
  • Page 424: Upload/Download Ip Profile Window

    Fig. 3:1-25 IP Profile Management window Upload IP Profiles 1. Click Upload File to open both the refresh message page (see Fig. 3:1-27) and the Upload IP Profiles pop-up window: Fig. 3:1-26 Upload IP Profiles pop-up window M86 S ECURITY UIDE...
  • Page 425 4. Click the “X” in the upper right corner of the Upload IP Profiles pop-up window to close it. 5. Click Refresh in the refresh page to refresh the IP groups branch of the tree: Fig. 3:1-27 Upload IP Profiles refresh page M86 S ECURITY UIDE...
  • Page 426: Download Profile

    1. Click Download Profile to open a browser window containing the profiles: Fig. 3:1-28 Download IP Profiles window The contents of this window can viewed, printed, and/or saved. 2. Click the “X” in the upper right corner of the window to close it. M86 S ECURITY UIDE...
  • Page 427: Add Sub Group

    WARNING: When adding a sub-group to the tree list, sub-group users will be blocked from Internet access until the minimum filtering level profile is defined via the Minimum Filtering Level window. The minimum filtering level is established by the global administrator. M86 S ECURITY UIDE...
  • Page 428: Add Individual Ip

    WARNING: When adding an Individual IP member to the tree list, the user will be blocked from Internet access until the minimum filtering level profile is defined via the Minimum Filtering Level window. The minimum filtering level is established by the global administrator. M86 S ECURITY UIDE...
  • Page 429: Delete Group

    Fig. 3:1-31 Paste Sub Group dialog box 2. In the Input sub group name field, enter the name of the sub-group. 3. Click OK to add the sub-group to the group in the Policy tree. M86 S ECURITY UIDE...
  • Page 430: Sub Group

    Fig. 3:1-32 Sub Group (IP Group) window View IP Sub-Group Details If the sub-group was previously defined, the fields in the Sub Group Details frame cannot be edited. The following infor- mation displays: • Sub Group Name M86 S ECURITY UIDE...
  • Page 431: Add Ip Sub-Group Details

    TIP: Use the IP Range pull-down menu to view the IP address(es) that can be entered in these fields. 2. Corresponding to the selected radio button: • enter the IP address and specify the netmask, or M86 S ECURITY UIDE...
  • Page 432: Members Window

    If using the mobile mode, MAC address(es) can be selected for inclusion in the sub-group. NOTE: See Appendix D: Mobile Client for information on modi- fying members when using the mobile mode. Fig. 3:1-34 Members window M86 S ECURITY UIDE...
  • Page 433: Modify Sub-Group Members

    The Exception URL window displays when Exception URL is selected from the sub-group menu. This window is used for blocking sub-group members’ access to specified URLs and/or for letting sub-group members access specified URLs blocked at the minimum filtering level. M86 S ECURITY UIDE...
  • Page 434: Time Profile Window

    WF Global Administrator Section of this user guide for information about the Approved Content feature and VuSafe. See the M86 Approved Content Portal Setup document at http:// www.m86security.com/software/8e6/docs/ug/misc/ wf.ac.4.1.00.pdf for information on setting up a portal and pass- keys for viewing online YouTube and/or SchoolTube videos.
  • Page 435: Delete Sub Group

    2. Select the group from the tree and choose Paste Sub Group from the group menu to paste the sub-group to the group. (See Paste Sub Group dialog box in the Group section of this chapter.) M86 S ECURITY UIDE...
  • Page 436: Individual Ip

    If using the mobile mode, the member’s MAC address can be selected for inclusion in the sub-group. NOTE: See Appendix D: Mobile Client for information on modi- fying members when using the mobile mode. Fig. 3:1-35 Member window M86 S ECURITY UIDE...
  • Page 437: Enter The Ip Address Of The Member

    Time Profile window The Time Profile window displays when Time Profile is selected from the individual IP member menu. This window is used for setting up or modifying a filtering profile to be activated at a specified time. M86 S ECURITY UIDE...
  • Page 438: Approved Content Settings Window

    WF Global Administrator Section of this user guide for information about the Approved Content feature and VuSafe. See the M86 Approved Content Portal Setup document at http:// www.m86security.com/software/8e6/docs/ug/misc/ wf.ac.4.1.00.pdf for information on setting up a portal and pass- keys for viewing online YouTube and/or SchoolTube videos.
  • Page 439: Chapter 2: Library Screen

    Library Lookup and Category Groups, the latter topic containing the Custom Categories sub-topic. NOTE: If the synchronization feature is used, a server set up in the Target mode will only have the Library Lookup topic available. M86 S ECURITY UIDE...
  • Page 440: Library Lookup

    Fig. 3:2-2 Library Lookup window NOTE: This window is also used by global administrators, except their permissions let them remove URLs and search engine keywords/phrases. The reload library function is used after making changes to the library. M86 S ECURITY UIDE...
  • Page 441: Look Up A Url

    3. Click OK to close the alert box and to display any results in the Result Category list box, showing the long name of the library category, followed by the URL. M86 S ECURITY UIDE...
  • Page 442: Look Up A Search Engine Keyword

    Custom Categories link to view a menu of topics: Add Cate- gory, and Refresh. Fig. 3:2-3 Custom Categories menu NOTE: Since custom categories are not created by M86, updates cannot be provided. Maintaining the list of URLs and keywords is the responsibility of the global or group administrator.
  • Page 443: Add Category

    ECTION HAPTER IBRARY SCREEN WARNING: The maximum number of categories that can be saved is 512. This figure includes both M86 supplied categories and custom categories. Add Category A unique custom library category should be created only if it does not exist in the Category Groups tree, and if any sub- group needs to use that library category.
  • Page 444: Refresh

    NOTE: The category must have URLs, URL keywords, and/or search keywords added to its profile in order for it to be effective. Refresh Refresh the Library Click Refresh after uploading a file to a customized library category. M86 S ECURITY UIDE...
  • Page 445: Custom Library Category

    Delete Category. Fig. 3:2-5 Library screen, custom library category menu NOTE: Since custom categories are not created by M86, updates cannot be provided. Maintaining the list of URLs and keywords is the responsibility of the global or group administrator.
  • Page 446: View, Edit Library Details

    The following display and cannot be edited: Custom Cate- gories Group Name and library category Short Name. 1. The long Description name displays and can be edited. 2. After modifying the description for the library category, click Apply to save your entry. M86 S ECURITY UIDE...
  • Page 447: Urls Window

    (*) symbol followed by a period (.) can be entered in a format such as *.playboy.com, for example, to block access to all URLs ending in “.playboy.com”. A query string can be entered to block access to a specific URL. Fig. 3:2-7 URLs window, Action tab M86 S ECURITY UIDE...
  • Page 448: View A List Of Urls In The Library Category

    2. Make a selection from the pull-down menu for “Master List”, or “Wild Card Master List”. 3. Click View List to display the specified items in the Select List list box: Fig. 3:2-8 URLs window, View tab M86 S ECURITY UIDE...
  • Page 449: Add Or Remove Urls Or Wildcard Urls

    NOTE: The pound sign (#) character is not allowed in this entry. 2. Click Add to display the associated URL(s) in the list box below. 3. Select the URL(s) that you wish to add to the category. M86 S ECURITY UIDE...
  • Page 450: Add A Wildcard Url To The Library Category

    *.cnn.com is added to a category set up to be blocked, the end user will be able to access http://www.cnn.com since it is a direct match, but will not be able to access http://www.sports.cnn.com, since direct URL entries take precedence over wildcard entries. M86 S ECURITY UIDE...
  • Page 451: Remove A Url From The Library Category

    1. Click Upload Master to open the Upload Custom Library URL pop-up window: Fig. 3:2-9 Upload Custom Library URL window 2. Click Browse... to open the Choose file pop-up window. 3. Select the file to be uploaded. M86 S ECURITY UIDE...
  • Page 452 5. If the file contains invalid URLs, click Back to return to the Upload URL window. Another attempt to validate the file can be made after corrections have been made to the file. If the file contains valid URLs: M86 S ECURITY UIDE...
  • Page 453: Upload A Master List Of Wildcard Urls

    To upload a master file with wildcard URL additions: 1. Click Upload Wildcard Master to open the Upload Custom Library WildCard URL pop-up window: Fig. 3:2-11 Upload Custom Library WildCard URL window 2. Click Browse... to open the Choose file pop-up window. M86 S ECURITY UIDE...
  • Page 454 Upload WildCard URL window. Another attempt to validate the file can be made after corrections have been made to the file. If the file contains valid wildcard URLs, click Upload to open the Upload Successful pop-up window. M86 S ECURITY UIDE...
  • Page 455: Reload The Library

    After all changes have been made to library windows, click Reload Library to refresh. NOTE: Since reloading the library utilizes system resources that impact the performance of the Web Filter, M86 recommends clicking Reload Library only after modifications to all library windows have been made.
  • Page 456: View A List Of Url Keywords

    1. Enter the Keyword in the Edit Keyword List frame. 2. Click Add. Remove a URL Keyword from the Library To remove a URL keyword from the library category: 1. Enter the Keyword. 2. Click Remove. M86 S ECURITY UIDE...
  • Page 457: Upload A List Of Url Keywords To The Library

    After all changes have been made to library windows, in the Reload URL Keywords frame, click Reload to refresh. NOTE: Since reloading the library utilizes system resources that impact the performance of the Web Filter, M86 recommends clicking Reload only after modifications to all library windows have been made.
  • Page 458: Search Engine Keywords Window

    For example, if all searches on “gin” are set up to be blocked, users will not be M86 S ECURITY UIDE...
  • Page 459: View A List Of Search Engine Keywords

    Remove a Search Engine Keyword To remove a search engine keyword or keyword phrase from a library category: 1. In the Edit Search Keyword List frame, enter up to 75 alphanumeric characters in the Keyword field. 2. Click Remove. M86 S ECURITY UIDE...
  • Page 460: Upload A Master List Of Search Engine Keywords

    After all changes have been made to library windows, in the Reload Search Keywords frame, click Reload to refresh. NOTE: Since reloading the library utilizes system resources that impact the performance of the Web Filter, M86 recommends clicking Reload only after modifications to all library windows have been made.
  • Page 461: Web Filter Appendices Section

    5. Filter Options (optional). For IP profiles, the code 0x1 should be placed at the end with all filter options disabled. 6. Quotas (optional). NOTE: Each filtering profile should be entered on a separate line in the file. M86 S ECURITY UIDE...
  • Page 462: Rule Criteria

    FTP (File Transfer Protocol) 80 = HTTP (Hyper Text Transfer Protocol) 119 = NNTP (Network News Transfer Protocol) 443 = HTTPS (Secured HTTP Transmission) Other • Filter Mode Values: Default, Block Mode Monitoring Mode Bypassing Mode M86 S ECURITY UIDE...
  • Page 463: Category Codes

    NOTE: The list of library category codes and corresponding descriptions is subject to change due to the addition of new cate- gories and modification of current categories. For explanations and examples of category items, go to http:// www.m86security.com/resources/database-categories.asp M86 S ECURITY UIDE...
  • Page 464: Filter Option Codes

    Quota minutes, a comma ( , ), the first library category code, a colon ( : ), the number of quota minutes, and a comma between each quota. For example: ;10, EMPL:30, FINAN:30, GENBUS:30, TRADING:30, ESTATE:30 NOTES: See http://www.m86security.com/software/8e6/hlp/ ifr/files/2group_ipprofiles.html for examples of filtering profile entries. M86 S ECURITY UIDE...
  • Page 465: Create A Custom Block Page

    PPENDIX Appendix B Create a Custom Block Page M86 offers ways for you to customize the block page so that the page can have a different look while retaining the infor- mation/functionality provided in M86’s default block page. NOTE: The solutions provided in this appendix will only let you customize the Block page, not the Options page.
  • Page 466: Exclude Filtering Ip

    A Web server must be set up to hold the customized block page. 2. Create a customized block page The customized block page must be accessible via this link: http://<server for block_page>[:<port for block page>]/ <blockpage> M86 S ECURITY UIDE...
  • Page 467: Show M86'S Information In The Block Page (Optional)

    User Name that accessed the blocked URL: (see URL) Implement the “further option” (optional) The “further option” is included in M86’s default block page. If used, the <block page> needs to provide a link back to Web Filter’s Options page and post the required hidden...
  • Page 468: Customized Block Page Examples

    NOTE: Don’t forget to replace <Web Filter IP> with the real IP in the HTML/CGI before using these samples. Part III: Restart the Web Filter You must restart the Web Filter to make your changes effec- tive. M86 S ECURITY UIDE...
  • Page 469: Reference

    = str.indexOf("?"); if ( i>= 0) { query = str.substr(i+1, len-i-1); url = parseData(query, "URL=", "&"); document.block.URL.value = url; ip = parseData(query, "IP=", "&"); document.block.IP.value = ip; cat = parseData(query, "CAT=", "&"); document.block.CAT.value = cat; M86 S ECURITY UIDE...
  • Page 470 <input type=hidden name="USER" value=""> <input type=hidden name="STEP" value="STEP2"> </form> <br>Web Filter Customized Block Page (HTML using Java Script to parse and post form data)<br> <script language=javascript> getData(); showData(); </script> <br>For further options, <a href="javascript:do_options()">click here</a><br> </body> </html> M86 S ECURITY UIDE...
  • Page 471: Cgi Written In Perl

    $user = $1 if ($string =~ /USER=(\S+)/i); print "Content-type: text/html\n\n"; print "<html>\n"; print "<head>\n"; print "</head>\n"; print "<body>\n"; print "<br>Web Filter Customized Block Page (CGI written with Perl)<br>\n"; print "URL: $url<br>\n"; print "IP: $ip<br>\n"; print "CAT: $cat<br>\n"; print "USER: $user<br>\n"; M86 S ECURITY UIDE...
  • Page 472: Use Java Script To Post Form Data

    $cat = $1 if ($string =~ /CAT=(\S+)&USER=/i); $user = $1 if ($string =~ /USER=(\S+)/i); print "Content-type: text/html\n\n"; print "<html>\n"; print "<head>\n"; print "<script language=\"JavaScript\">\n"; print "function do_options()\n"; print "{\n"; print "document.block.action=\"http://<Web Filter IP>:81/cgi/ block.cgi\"\n"; print "document.block.submit()\n"; print "}\n"; print "</script>\n"; print "</head>\n"; M86 S ECURITY UIDE...
  • Page 473: Cgi Written In C

    * Replace <Web Filter IP> with real IP and recompile before using * Revision: 1 * Date: 03/08/2004 #include <stdio.h> struct { char *name; char *val; } entries[20]; char szIP[16]; char szURL[1024]; char szUserName[1024]; char szCategory[8]; /*function prototypes*/ M86 S ECURITY UIDE...
  • Page 474 (strcmp(paramn, "CAT") == 0) strcpy(szCategory, paramv); else if (strcmp(paramn, "USER") == 0) strcpy(szUserName, paramv); getnextquery(&paramv); free(paramd); else /*==================================================== Read stdin and convert form data into an array; set a variety of global variables to be used by other M86 S ECURITY UIDE...
  • Page 475 Filter IP>:81/cgi/ block.cgi\"\n"); printf("document.block.submit()\n"); printf("}\n"); printf("</script>\n"); printf("</head>\n"); printf("<form method=post name=block >\n"); printf("<input type=hidden name=\"SITE\" value=\"_BLOCK_SITE_\">\n"); printf("<input type=hidden name=\"IP\" value=\"%s\">\n", szIP); printf("<input type=hidden name=\"URL\" value=\"%s\">\n", szURL); printf("<input type=hidden name=\"CAT\" value=\"%s\">\n", szCategory); printf("<input type=hidden name=\"USER\" value=\"%s\">\n", M86 S ECURITY UIDE...
  • Page 476 = (what[0] >= 'A' ? ((what[0] & 0xdf) - 'A')+10 : (what[0] - '0')); digit *= 16; digit += (what[1] >= 'A' ? ((what[1] & 0xdf) - 'A')+10 : (what[1] - '0')); return(digit); char *makeword(char *line, char stop) M86 S ECURITY UIDE...
  • Page 477 = 102400; ll=0; word = (char *) malloc(sizeof(char) * (wsize + 1)); while(1) word[ll] = (char)fgetc(f); if(ll==wsize) word[ll+1] = '\0'; wsize+=102400; word = (char *)realloc(word,sizeof(char)*(wsize+1)); --(*cl); if((word[ll] == stop) || (feof(f)) || (!(*cl))) if(word[ll] != stop) ll++; M86 S ECURITY UIDE...
  • Page 478 0; len=strlen(string); for (i=0; i<len; i++) string[i]=toupper(tmp[i]); free(tmp); return 1; void getquery(char *paramd, char **paramv) if (paramd == NULL) *paramv = NULL; else *paramv = (char *)strtok(paramd, "&"); void getnextquery(char **paramv) *paramv = (char *)strtok(NULL, "&"); M86 S ECURITY UIDE...
  • Page 479: Override Pop-Up Blockers

    This appendix provides instructions on how to use an over- ride account if typical pop-up blocking software is installed, as in the following products: Yahoo! Toolbar, Google Toolbar, AdwareSafe, Mozilla Firefox, and Windows XP Service Pack 2 (SP2). M86 S ECURITY UIDE...
  • Page 480: Yahoo! Toolbar Pop-Up Blocker

    1. Go to the Yahoo! Toolbar and click the pop-up icon to open the pop-up menu: Fig. C-2 Select menu option Always Allow Pop-Ups From 2. Choose Always Allow Pop-Ups From to open the Yahoo! Pop-Up Blocker dialog box: M86 S ECURITY UIDE...
  • Page 481 Pop-Ups list box to activate the Allow button. 4. Click Allow to move the selected source to the Always Allow Pop-Ups From These Sources list box. 5. Click Close to save your changes and to close the dialog box. M86 S ECURITY UIDE...
  • Page 482: Google Toolbar Pop-Up Blocker

    Pop-up blocker button: Fig. C-4 Pop-up blocker button enabled Clicking this button toggles to the Pop-ups okay button, adding the override account window to your white list: Fig. C-5 Pop-ups okay button enabled M86 S ECURITY UIDE...
  • Page 483: Adwaresafe Pop-Up Blocker

    3. Click the Override button to open the override account pop-up window. 4. Go back to the SearchSafe toolbar and click the icon for Popup protection off to toggle back to # popups blocked. This action turns on pop-up blocking again. M86 S ECURITY UIDE...
  • Page 484: Mozilla Firefox Pop-Up Blocker

    2. Click the Content tab at the top of this box to open the Content section: Fig. C-6 Mozilla Firefox Pop-up Windows Options 3. With the “Block pop-up windows” checkbox checked, click the Exceptions... button at right to open the Allowed Sites - Pop-ups box: M86 S ECURITY UIDE...
  • Page 485 5. Click Allow to add the URL to the list box section below. 6. Click Close to close the Allowed Sites - Pop-ups box. 7. Click OK to close the Options dialog box. M86 S ECURITY UIDE...
  • Page 486: Windows Xp Sp2 Pop-Up Blocker

    Internet Options to open the Internet Options dialog box. 2. Click the Privacy tab: Fig. C-8 Enable pop-up blocking 3. In the Pop-up Blocker frame, check “Turn on Pop-up Blocker”. 4. Click Apply and then click OK to close the dialog box. M86 S ECURITY UIDE...
  • Page 487: Use The Ie Toolbar

    1. In the Options page (see Fig. C-1), enter your Username and Password. 2. Press and hold the Ctrl key on your keyboard while simultaneously clicking the Override button—this action opens the override account pop-up window. M86 S ECURITY UIDE...
  • Page 488: Add Override Account To The White List

    Close to close the dialog box. The override account window has now been added to your white list. 3. In the Options page (see Fig. C-1), enter your Username and Password. 4. Click the Override button to open the override account pop-up window. M86 S ECURITY UIDE...
  • Page 489: Use The Information Bar

    Password. 2. Click the Override button. This action displays the following message in the Information Bar: “Pop-up blocked. To see this pop-up or additional options click here...”: Fig. C-11 Information Bar showing blocked pop-up status M86 S ECURITY UIDE...
  • Page 490 NOTE: To view your white list, go to the Pop-up Blocker Settings dialog box (see Fig. C-10) and see the entries in the Allowed sites list box. 6. Go back to the Options page and click Override to open the override account window. M86 S ECURITY UIDE...
  • Page 491: Mobile Client

    Internet security threats, and possible legal problems that can result from the misuse of Internet resources on an unfiltered, remote, laptop computer. M86 S ECURITY UIDE...
  • Page 492: Environment Requirements

    • Macintosh OS X Version 10.4, 10.5, or 10.6 running: • Safari 4.0 • Firefox 3.5 or 3.6 WARNING: The filtered end user must be set up with standard user rights only—these users should not have Power User, Administrator, or root level access. M86 S ECURITY UIDE...
  • Page 493: Network Requirement

    3. If the end user comes into the organization, logs into his/ her workstation and is authenticated on the internal network, the end user’s profile now comes from the Web Filter, and not the Mobile Client. M86 S ECURITY UIDE...
  • Page 494: Network Operations Overview

    2. The Mobile Client installed on the end user’s workstation sends a parallel request to the Web Filter. 3. The Web Filter searches its M86 database for a match to the request. If a match to the requested URL is found and the site is disallowed, the Mobile Client software blocks the connection to the Web server.
  • Page 495: Configure The Web Filter To Use The Mobile Mode

    More information about using this feature is provided in subsequent pages in this section of the user guide. The following features are not available when using the mobile mode: Minimum Filtering Level, Time Profile, Override Account, M86 S ECURITY UIDE...
  • Page 496: Add Mac Addresses To The Master Ip Group

    , master IP group with MAC addresses Fig. D-2 Members window 1. In the New Members frame, select “Source MAC”. 2. Enter the member’s MAC address. 3. Click Add to include the MAC address entry in the Current Members list box. M86 S ECURITY UIDE...
  • Page 497: Select Mac Addresses For A Sub Group

    • To add MAC addresses to the sub-group, select each sub-group by highlighting it in the Available MAC(s) list box, and then clicking the left arrow to move the item(s) to the Member MAC(s) list box. M86 S ECURITY UIDE...
  • Page 498: View Sub Group Mac Addresses

    MAC addresses previously added in the sub-group’s Members window. , view MAC Addresses Fig. D-4 Sub Group (IP Group) window MAC addresses display in the Member MAC(s) list box in the MAC Address frame. M86 S ECURITY UIDE...
  • Page 499: Add A Mac Address To An Individual Member

    MAC address for inclusion in the sub-group. Fig. D-5 Member window with MAC Address 1. In the Modify Individual Group Member frame, select the member’s MAC Address from the pull-down menu. 2. Click Modify to apply your changes. M86 S ECURITY UIDE...
  • Page 500: Upload Mac Address File For Ip Group

    IP group’s profile file: tlind,150.100.30.2,A,J CHAT R GPORN M I,1, ,0x103 tlind, 00:04:21:AF:33:E1,A,J CHAT R GPORN M I,1, ,0x103 NOTE: For other examples of entries to include in the profile file, go to http://www.m86security.com/software/8e6/hlp/ifr/files/ 2group_ipprofiles.html. M86 S ECURITY UIDE...
  • Page 501: Troubleshoot Mac Addresses

    "source" Web Filter. Fig. D-7 Active Profile Lookup window with MAC Address NOTE: See Active Profile Lookup window in Chapter 1: System screen from the WF Global Administrator Section for information on using the Active Profile Lookup window. M86 S ECURITY UIDE...
  • Page 502: Mobile Client Section

    • The optional Mobile Client Updater (MCU) component that updates Mobile Client binaries from your Mobile Server running M86 Web Filter software version 4.0 or higher, or from your own Web server (the “updater,” 8e6winmcu.msi for Windows, and 8e6osxmcu.pkg.tar for Macintosh OS X) •...
  • Page 503: Download And Install The Deployment Kit

    To download the Mobile Client Deployment Kit to your machine: 1. Launch the M86 Mobile Client Web page, and then find and click the link for the Mobile Client Deployment Kit Installer (.msi file) you wish to download to your machine.
  • Page 504 Windows and Macintosh packages for the Mobile Client will be installed for distribution to user workstations. When your machine is ready to install the Deployment Kit, the page that confirms the installation process is ready to begin displays: M86 S ECURITY UIDE...
  • Page 505 Fig. D-11 Installation process ready to begin 6. Click Install to begin the installation process. The following page displays when the installation process is complete: Fig. D-12 Installation complete 7. Click Finish to close the wizard dialog box. M86 S ECURITY UIDE...
  • Page 506: Access The Mobile Client Deployment Tool Window

    Help link in the Mobile Client Deployment Tool for instructions on using these windows. The Mobile Client Deployment Tool window is accessible via Start > All Programs > M86 Security Mobile Client Deployment Kit > Package Editor: Fig. D-13 Mobile Client Deployment Tool window The Mobile Client Deployment Tool’s package editor log...
  • Page 507: Configure A New Package Set

    2. Select the Mobile Client software version from the avail- able choices, and then click OK to close the Choose Product Version dialog box and to open the Package Configuration window: Fig. D-15 Package Configuration window M86 S ECURITY UIDE...
  • Page 508: Specify Package Criteria

    NOTE: To edit the default settings, from the Mobile Client Deploy- ment Tool window select Tools > Edit default configuration... (see Edit a Package Configuration: Edit default configuration settings for information about making edits to default settings). M86 S ECURITY UIDE...
  • Page 509: Configure Network Settings

    Mobile filter host(s) field of the Package Configuration window. NOTE: To remove a mobile filter from the list, select the entry from the Hosts list box, click Delete, and then click OK. M86 S ECURITY UIDE...
  • Page 510 Internal filter host(s) field of the Package Configuration window. NOTE: To remove an internal filter from the list, select the entry from the Hosts list box, click Delete, and then click OK. M86 S ECURITY UIDE...
  • Page 511 Internet access when the mobile filter host server is unavailable. WARNING: By deselecting this option, technically savvy end users may be able to bypass filtering permanently by disrupting communications between the workstation and the mobile filter host server. M86 S ECURITY UIDE...
  • Page 512: Optional: Specify Url For Mobile Client Updates

    (e.g. “http”), the port number (if a port other than port 80 is used), the host name, and directory name. For example: http://www.mycompany.com/ mobile_client_updates NOTE: Only the HTTP protocol is supported at this time. M86 S ECURITY UIDE...
  • Page 513: Optional: Set Up Application Options

    • There are specific applications you would like to perma- nently and unconditionally block from accessing the Internet • You wish to enable special log-verbosity settings for one or more applications—i.e. to troubleshoot possible conflicts between the Mobile Client and other network applications. M86 S ECURITY UIDE...
  • Page 514 Step 2: Identify the name and path of the application Determine the name and path of the executable program for which network access should be blocked or granted unre- stricted network access. For example: Program Files\Mozilla Firefox\Firefox.exe M86 S ECURITY UIDE...
  • Page 515 The -c option specifies a partial command line match. You could, therefore, just specify “Firefox.exe” instead of listing the entire path. However, doing so could also make it easier for a sophisti- cated end user to exploit a bypass setting. M86 S ECURITY UIDE...
  • Page 516 It is also possible to encrypt the Application Options Settings if you wish to obfuscate them from your users. NOTE: Contact M86 Technical Support for advanced information about Applications Options Settings. To encrypt or decrypt commands to be included in the Appli-...
  • Page 517: Save Configuration Settings, Download Files

    Package Configuration window is automati- cally incremented to the next sequential number, and the Mobile Client Package Contents local Web page launches, providing a summary of package contents with links to various components generated in the package: M86 S ECURITY UIDE...
  • Page 518 ILTER PPENDICES ECTION PPENDIX Fig. D-20 Mobile Client Package Contents page M86 S ECURITY UIDE...
  • Page 519 Mobile Client files, uncompress and extract files to the designated update server NOTE: More information about these tools is provided in subse- quent pages in this section of the user guide. M86 S ECURITY UIDE...
  • Page 520 NOTE: If you need to find the Mobile Client Package Contents page after you close it, from the Mobile Client Deployment Tool window, go to File > Explore Packages... and then locate “Pack- ages-View.html” inside the directory for the corresponding package. M86 S ECURITY UIDE...
  • Page 521: Edit A Package Configuration

    Package Configuration window displaying the last saved edits made for the package. NOTE: The “Configuration revision” is incremented to the next sequential revision number. 4. After making your edits, choose a Save option for saving the configuration package. M86 S ECURITY UIDE...
  • Page 522: Edit Default Configuration Settings

    • a different Path is used with the filename “cfg- defaults.mccfg” specified • “Save as defaults” is greyed-out • Mobile Client and MCU components for Windows and Macintosh OS X show "All" instead of software version numbers. M86 S ECURITY UIDE...
  • Page 523: View Package Configuration Contents

    Package window (see Fig. D-21) by clicking the Explore Pack- ages... button. 2. Double-click the selected package to display its contents. 3. When you are finished, click the “X” in the upper right corner of the window to close it. M86 S ECURITY UIDE...
  • Page 524: Mcu File Preparations

    2. Install the installer as you would any other program. No configuration is required for the MCU component. NOTE: This is a one time operation; after this procedure the MCU will update itself when a new version is deployed. M86 S ECURITY UIDE...
  • Page 525: Step 2: Choose A Deployment Host For Updates

    (unless you have modi- fied the Mobile Server configuration to specify otherwise). When a new Mobile Client version is detected, the MCU immediately attempts to download it. Because the clients do M86 S ECURITY UIDE...
  • Page 526 NOTE: A full Mobile Client update file size is about 1.5 MB for Windows and 1.4 MB for Macintosh OS X (as of software version 3.0.5). M86 S ECURITY UIDE...
  • Page 527: Step 3: Post The Latest Files For Mcu

    System > Mode > Operation Mode (see Fig. D1). 2. In the Mobile Client Control frame, at the Mobile Client Software Update field click Upload to open the Upload Mobile Client Software Package pop-up window: Fig. D-24 Upload Mobile Client Software Package window M86 S ECURITY UIDE...
  • Page 528 MCU finds no new software available, it checks to see if a new configuration is available. If the latter is available, that is downloaded and applied. Such updates are much smaller in size than updating an entire new version of the Mobile Client. M86 S ECURITY UIDE...
  • Page 529: Mc Deployment To Windows Computers

    Forest > Domains > {domain name} > Group Policy Objects. b. Right-click and choose "New", then create a name for the policy (suggested name: "M86 Mobile Client Deployment"). Click OK. c. In the Group Policy Object Editor, open the {policy name} >...
  • Page 530 Click OK. To create a WMI filter: WMI filters are capable of applying very sophisticated selection criteria to set the scope of a policy. See Microsoft Knowledgebase article #555253 for details on creating WMI filters: http://support.microsoft.com/kb/ 555253 M86 S ECURITY UIDE...
  • Page 531 NOTE: In some cases involving Windows XP workstations, it may be necessary to reboot twice for Group Policy processing to occur. c. Verify the Mobile Client is blocking access to unautho- rized Web sites, and is allowing access to other sites. M86 S ECURITY UIDE...
  • Page 532: Installation On A Single Computer

    Apple Computer provides a product called Apple Remote Desktop (http://www.apple.com/remotedesktop/) that can be used to deploy Macintosh OS X Mobile Client software version in bulk to many users simultaneously. Contact Apple for additional information about this product. M86 S ECURITY UIDE...
  • Page 533: Mobile Client Removal From Computers

    You will probably want to change the name of the policy (e.g. "Remove M86 Mobile Client"). Once the new policy has been processed on all target machines and the Mobile Client has been removed, you can delete or unlink the removal policy with GPMC.
  • Page 534 • Windows XP: Start > Control Panel > Add or Remove Programs 2. Find the Mobile Client program and click Remove to open the M86 Mobile Client - Uninstall dialog box: Fig. D-27 Mobile Client Uninstall dialog box 3. Copy the eight-digit number displayed in the Machine ID field.
  • Page 535 Copy this Uninstall key. In this example: f0d34d NOTE: Click Close to close the Create Uninstall Key pop-up window. 6. Access the M86 Mobile Client - Uninstall dialog box again, and enter the generated password key in the Key field. In this example: f0d34d Fig.
  • Page 536: Glossary

    - A Web Filter set up in the firewall mode will filter all requests. If the request is appropriate, the original packet will pass unchanged. If the request is inappropriate, the original packet will be blocked from being routed through. M86 S ECURITY UIDE...
  • Page 537 “essex”. library category - A list of URLs, URL keywords, and search engine keywords set up to be blocked. LDAP - One of two authentication method protocols used by the Web Filter. Lightweight Directory Access Protocol M86 S ECURITY UIDE...
  • Page 538 (Distinguished Names). M86 supplied category - A library category that was created by M86, and includes a list of URLs, URL keywords, and search engine keywords to be blocked. machine name - Pertains to the name of the user’s work- station machine (computer).
  • Page 539 P2P services specified in the library category. profile string - The string of characters that define a filtering profile. A profile string can consist of the following components: category codes, service port numbers, and redirect URL. M86 S ECURITY UIDE...
  • Page 540 Each rule created by the global administrator is assigned a number and a name that should be indicative of its theme. Rules are used when creating filtering profiles for entities on the network. M86 S ECURITY UIDE...
  • Page 541 Internet running Network Time Protocol (NTP) software. time profile - A customized filtering profile set up to be effective at a specified time period for designated users. Traveler - M86’s executable program that downloads updates to your Web Filter on demand or at a scheduled time.
  • Page 542 URL from that library category or an uncategorized URL is requested. white list - A list of approved library categories for a speci- fied entity’s filtering profile. M86 S ECURITY UIDE...
  • Page 543: Sr Introductory Section

    System Configuration administrator console and Report Manager. Using System Configuration screens, the global adminis- trator configures the SR to accept log files from the M86 Web Filter—and the M86 Secure Web Gateway, if this filtering device is added to the device registry—“normalize”...
  • Page 544: About This Portion Of The User Guide

    • SR Security Reports Section - Refer to this section for security report configuration and usage, if using a Secure Web Gateway appliance with the SR application in this WFR. NOTE: See the M86 Secure Web Gateway User Guide at http:// www.m86security.com/support/Secure-Web-Gateway/Docu- mentation.asp for information on the SWG. M86 S...
  • Page 545: Terminology

    • button - an object in a dialog box, alert box, window, or panel that can be clicked with your mouse to execute a command. M86 S ECURITY UIDE...
  • Page 546 • icon - a small image in a dialog box, window, or screen that can be clicked. This object can be a button or an executable file. M86 S ECURITY UIDE...
  • Page 547 This object allows you to toggle between two choices. By clicking a radio button, a dot is placed in the circle, indicating that you selected the option. When the circle is empty, the option is not selected. M86 S ECURITY UIDE...
  • Page 548 • text box - an area in a dialog box, window, or screen that accommodates your data entry. A text box is a type of field. (See “field”.) M86 S ECURITY UIDE...
  • Page 549 • window - can contain frames, fields, text boxes, list boxes, icons, buttons, and radio buttons. Types of windows include ones from the system such as the Save As window, pop-up windows, or login windows. M86 S ECURITY UIDE...
  • Page 550: Getting Started

    Fig. 1:1-1 Security Reporter icon in WFR Welcome window NOTE: If pop-up blocking software is installed on the workstation, it must be disabled. Information about disabling pop-up blocking software can be found in WFR Appendix I: Disable Pop-up Blocking Software. M86 S ECURITY UIDE...
  • Page 551: Enter Report Manager's Url In The Address Field

    In order to accept the security certificate, follow the instructions at: http://www.m86security.com/ software/8e6/docs/ig/misc/sec-cert-sr3.1.pdf 3. After accepting the security certificate, click Go to open the Security Reporter Login window (see Fig. 1:1-2). M86 S ECURITY UIDE...
  • Page 552: Log In

    If you are logging in as a group administrator, enter the password set up for you by the global administrator. TIP: M86 Security recommends administrators who access this application for the first time should change their account pass- word. Administrator usernames and passwords are modified in Administration >...
  • Page 553 A maximum of eight users can use the SR user interface simulta- neously. However, for optimum results, M86 Security recom- mends no more than four users generate reports at the same time.
  • Page 554: Re-Login

    If your password has been set by the global administrator to expire after a specified number of days (System Configura- tion: Database > Optional Features), upon clicking the Login button, the Update Password pop-up window opens: Fig. 1:1-4 Update Password window M86 S ECURITY UIDE...
  • Page 555 The password is case sensitive. 3. Click Save to close the pop-up window. 4. In the Security Reporter login window (see Fig. 1:1-2), enter your Username and new Password, and then click Login to access the user interface. M86 S ECURITY UIDE...
  • Page 556: User Interface Navigation

    Report Manager, and manage the SR. • Help - click this link to launch a separate browser window or tab displaying the page containing links to the latest user guides (in the .pdf format) for this application. M86 S ECURITY UIDE...
  • Page 557: Navigation Tips And Conventions

    • Select multiple items in specified windows - In speci- fied panels, when moving several items from one list box to another, or when deleting several items, the Ctrl and Shift keys can be used to expedite this task. M86 S ECURITY UIDE...
  • Page 558: Wildcard Searches

    • User IP: %200.10.100.51%, %100, or 192.168.% • Username: %jsmith%, %t, or %qa • Site: %yahoo%, %z, or cnn% 2. Click the designated button to perform the wildcard search. 3. Make your selection from records returned by the search. M86 S ECURITY UIDE...
  • Page 559: Links In The System Configuration Navigation Toolbar

    (in the .pdf format) for this application. • Logout - click this link to log out of the SR (see Log Out for details on log out procedures). M86 S ECURITY UIDE...
  • Page 560: Log Out

    ShutDown window sub-section from the WF Global Administrator Section of the Web Filter portion of this user guide. Failure to properly shut down the server can result in data being lost or corrupted. M86 S ECURITY UIDE...
  • Page 561: Sr System Onfiguration Ection

    • sets up administrators for receiving automatic alerts • analyzes SR statistics • utilizes diagnostics for monitoring the SR status to ensure optimum functioning of the SR • establishes and implements backup and restoration procedures for the SR M86 S ECURITY UIDE...
  • Page 562: Chapter 1: Access System Configuration

    If using this product in the Evaluation Mode the SR Status pop-up window opens when accessing this screen. Please see Appendix A: Evaluation Mode for information about the Evaluation Mode. M86 S ECURITY UIDE...
  • Page 563: Chapter 2: Configuring The Server

    SR and maintaining the Report Manager. TIP: When making a complete configuration in the System Configuration administrator console, M86 Security recommends you navigate from left to right (Network to Server to Database) in choosing your menu options.
  • Page 564: Box Mode Screen

    Once your server is configured and the server is set in the “live” mode, it will receive and process real time data from the Web Filter. The Report Manager can then be used to capture data and create views. M86 S ECURITY UIDE...
  • Page 565: Archive Mode

    2. Click the radio button corresponding to Live or Archive to specify the mode in which the server should function: • choose Live if you wish the server to function in the “live” mode, receiving and processing real time data from the Web Filter. M86 S ECURITY UIDE...
  • Page 566: Locked-Out Accounts And Ips Screen

    Fig. 2:2-3 Locked-out Accounts and IPs screen NOTE: An account or IP address becomes locked if the Pass- word Security Options feature is enabled in the Optional Features screen, and a user is unable to log into the Report Manager or M86 S ECURITY UIDE...
  • Page 567: View Locked Accounts, Ip Addresses

    • IP: ‘x.x.x.x’ has been successfully unlocked. NOTE: In the text above, ‘xxx’ and ‘x.x.x.x’ represents the unlocked username/IP address. 3. Click OK to return to the Locked-out Accounts and IPs screen that no longer shows the accounts/IPs that have been unlocked. M86 S ECURITY UIDE...
  • Page 568: Server Menu

    Server menu. This screen is used for setting up the password for the remote server’s FTP account, for executing an immediate backup on the SR, and for performing a restoration to the database from the previous backup run. Fig. 2:2-4 Backup screen M86 S ECURITY UIDE...
  • Page 569: Backup And Recovery Procedures

    ONFIGURING THE ERVER Backup and Recovery Procedures IMPORTANT: M86 Security recommends establishing backup and recovery procedures when you first begin using the SR. Please follow the advice in this section to ensure your SR is prop- erly maintained in the event that data is lost and back up proce- dures need to be performed to recover data.
  • Page 570: Set Up/Edit External Backup Ftp Password

    SR will be down. • Expiration about to occur - If a data expiration is about to occur, you might want to back up your data before M86 S ECURITY UIDE...
  • Page 571: Perform A Remote Backup

    From the remote server, the backup database can be retrieved via FTP, and then stored off site. TIP: M86 Security recommends executing an on demand backup during the lightest period of system usage, so the server will perform at maximum capacity.
  • Page 572: Perform A Restoration To The Sr

    NOTE: The amount of time it will take to restore data to the SR depends on the combined size of all database tables being restored. M86 Security recommends that you do not perform other functions on the SR until the restoration is complete.
  • Page 573: Self Monitoring Screen

    As the administrator of the SR, you have the option to either activate or deactivate this feature. When the self-monitoring feature is activated, an automated e-mail message is dispatched to designated recipients if the SR identifies a failed process during its hourly check for new data. M86 S ECURITY UIDE...
  • Page 574: View A List Of Contact E-Mail Addresses

    The Master Administrator and any remaining e-mail addresses in the list will continue receiving notifications. Deactivate Self-Monitoring 1. Click the radio button corresponding to NO. 2. Click the Save button to deactivate self-monitoring. M86 S ECURITY UIDE...
  • Page 575: Server Status Screen

    Server menu. This screen, which automatically refreshes itself every 10 seconds, displays the statuses of processes currently running on the SR, and provides information on the amount of space and memory used by each process. Fig. 2:2-6 Server Status screen M86 S ECURITY UIDE...
  • Page 576: View The Status Of The Server

    • Disk drives status - provides data on the status of each drive of the operating system • NETSTAT - displays the status of a local IP address M86 S ECURITY UIDE...
  • Page 577: Secure Access Screen

    The Secure Access screen displays when the Secure Access option is selected from the Server menu. This screen is primarily used by M86 Security technical support representatives to perform maintenance on your server, if your system is behind a firewall that denies access to your server.
  • Page 578: Terminate A Port Connection

    Terminate All Port Connections If more than one port is currently active on the customer’s server and you need to terminate all port connections, click the Stop All button. This action removes all port numbers from the list box. M86 S ECURITY UIDE...
  • Page 579: Shut Down Screen

    When the Shutdown Software option is selected, the MySQL database shuts off and no files are FTPed to the server. M86 S ECURITY UIDE...
  • Page 580: Perform A Server Action

    Shut Down screen. NOTE: When the Restart Software option is selected, the SR will take five to 10 minutes to reboot. After this time, you can go to another screen or log off. M86 S ECURITY UIDE...
  • Page 581: Report Manager Screen

    Report Manager application. As a result of this action, a screen displays with the following message: “The Report Manager will restart in a few minutes.” 2. Click OK to return to the Report Manager screen. M86 S ECURITY UIDE...
  • Page 582: Enable/Disable The Report Manager Scheduler

    • “ON” - Choose this option to let the Report Manager automatically run scheduled reports. • “OFF” - Choose this option if you do not want the Report Manager to run scheduled reports. 2. Click Apply. 3. Click Restart to restart the Report Manager application. M86 S ECURITY UIDE...
  • Page 583: Database Menu

    SR to identify users based on the IP addresses of their machines, their usernames, and/or their machine names. Information set up on this screen is used by the Report Manager when logging a user’s Internet activity. M86 S ECURITY UIDE...
  • Page 584 Fig. 2:2-11 User Name Identification screen with IP.ID activated As the administrator of the SR, you have the option to either enable or disable this feature for logging users’ activities by usernames, machine names, and/or IP addresses of machines. M86 S ECURITY UIDE...
  • Page 585 The second user logs on the same machine for 11 minutes and then logs off. The first user logs back on that machine for 16 minutes. All 30 minutes are logged as the first user’s activity. M86 S ECURITY UIDE...
  • Page 586: View The User Name Identification Screen

    IP addresses and machine names. After this table is created, the message screen displays to confirm the successful execution of this task. b. Click the Back button to return to the User Name Identification screen. M86 S ECURITY UIDE...
  • Page 587: Page View Elapsed Time Screen

    Establish the Unit of Elapsed Time for Page Views 1. In the Elapse Time field, enter the number of seconds that will be used as the value when tracking a user’s visit to a Web site. 2. Click the Save button. M86 S ECURITY UIDE...
  • Page 588: Elapsed Time Rules

    Web site, then exits, then returns to the same site for another 15 seconds, the user will have two sessions or three visits to that site logged for him/her (5 seconds = 1 visit, 15 seconds = 2 visits, for a total of 3 visits). M86 S ECURITY UIDE...
  • Page 589: Page Definition Screen

    Page searches. Fig. 2:2-13 Page Definition screen View the Current Page Types The Current page types list box contains the extensions of page types to be included in the detail report. M86 S ECURITY UIDE...
  • Page 590: Remove A Page Type

    Add a Page Type To add a page type in the detail report: 1. Enter the New Page Type extension. 2. Click Add to include the extension in the Current page types list box. 3. Click Apply. M86 S ECURITY UIDE...
  • Page 591: Tools Screen

    Report Manager application. Fig. 2:2-14 Tools screen The following options are available on this screen: • View Diagnostic Reports • View Database Status Logs • Technical Support Report Package M86 S ECURITY UIDE...
  • Page 592: View Diagnostic Reports

    • db Backup - This log provides information about the MySQL backup/restore operation. • db Control - This log shows a list of actions performed by the SR process when processing log files. M86 S ECURITY UIDE...
  • Page 593 Web Filter query errors. • File Watch Log - This log shows a list of records that were imported from one machine to another. • MYSQL Log - This log provides information pertaining to the MySQL server. M86 S ECURITY UIDE...
  • Page 594: Generate Technical Support Report Package

    Generate to begin generating the report package. 2. After the package has generated, the “Successfully generated tech support log” pop-up window opens with the message: “Please download the file to email to M86 tech support.” Click Download to download the .tgz package to your machine.
  • Page 595: Expiration Screen

    SR.) See the Server Information panel in the Report Manager Admin- istration Section for more information about expired data. See also Appendix A: Evaluation Mode for information about using the SR in the evaluation mode. M86 S ECURITY UIDE...
  • Page 596: Expiration Rules

    Saturday period) stored on the server is expired— i.e. deleted from the database. Once data expires, it cannot be recovered. WARNING: Storage capacity maintenance is performed each evening between 11:30 p.m. and midnight. During this period, the database will be locked. M86 S ECURITY UIDE...
  • Page 597: View Data Storage Statistics

    • Estimated total week(s) of data - the estimated number of weeks of data the server will store. This number is affected by end user hits/day and the storage capacity of the server. M86 S ECURITY UIDE...
  • Page 598: Optional Features Screen

    Count. This screen also is used for enabling and configuring the password security feature to be used for the System Configuration administrator console and Report Manager (see Fig. 2-2:16). NOTE: Optional features can be enabled or disabled at any time. M86 S ECURITY UIDE...
  • Page 599 SR S 2: C YSTEM ONFIGURATION ECTION HAPTER ONFIGURING THE ERVER Fig. 2:2-16 Optional Features screen M86 S ECURITY UIDE...
  • Page 600: Enable Search String Reporting

    1. Click the radio button corresponding to “ON” to make the Top 20 Users by Blocked Request report selection avail- able in an administrator’s Summary Reports menu. 2. Click Apply to apply your setting. WARNING: Applying this setting restarts the Report Manager. M86 S ECURITY UIDE...
  • Page 601: Enable Time Usage Reports

    (“0”) will display for object activity in generated reports. 1. Select one of two radio buttons to specify the type of hits to be included in drill down, Time Usage reports, and scheduled custom reports: M86 S ECURITY UIDE...
  • Page 602: Enable, Configure Password Security Option

    If a user’s password has expired, when he/she enters his/her Username and Password in the login screen and clicks Login, he/ she will be prompted to re-enter his/her Username and enter a new password in the Password and Confirm Password fields. M86 S ECURITY UIDE...
  • Page 603 Failed Password Attempts Timespan (in minutes) field before being locked out of the SR user interface. NOTE: The maximum number of failed attempts that can be entered is 10. M86 S ECURITY UIDE...
  • Page 604 Allowable Number of Failed Password Attempts field— before being locked out of the SR user interface. NOTE: The maximum number of minutes that can be entered is 1440. 2. Click Apply to apply your settings. M86 S ECURITY UIDE...
  • Page 605: User Group Import Screen

    This screen is used for specifying the Web Filter(s) to send LDAP user group membership information to this SR, for performing a user group import on demand, and for viewing on demand user group import criteria. Fig. 2:2-17 User Group Import screen M86 S ECURITY UIDE...
  • Page 606: Import User Groups

    Current Status for User Group Import box that opens at the bottom of this screen when the Import Now button is clicked. NOTE: User groups will be imported in the exact format defined on the Web Filter. M86 S ECURITY UIDE...
  • Page 607: Sr Report Manager Administration Section

    Report Manager processes; analyze data storage on the server; and remove all profiles and configuration settings in the Report Manager. M86 S ECURITY UIDE...
  • Page 608 SR R EPORT ANAGER DMINISTRATION ECTION NTRODUCTION • Chapter 3: Report Configuration - This chapter explains how to create and manage Custom Category Groups used for monitoring end user Internet activity, and configure general report settings. M86 S ECURITY UIDE...
  • Page 609: Chapter 1: Group, Profile Management

    2. Click User Groups to display the User Groups panel, which is comprised of the User Groups frame to the left and its Group Members target frame to the right: Fig. 3:1-1 User Groups panel M86 S ECURITY UIDE...
  • Page 610 • Open Directory For the Web Filter: • Active Directory Mixed Mode and Active Directory Native Mode are supported. • Open LDAP usernames will be included in user profiles only if those users generate network traffic. M86 S ECURITY UIDE...
  • Page 611: View User Group Information

    New, Edit, Delete, Rebuild All, and Refresh buttons. • If the selected user group was imported and cannot be rebuilt on demand, this action activates the New, Rebuild All, and Refresh buttons only. M86 S ECURITY UIDE...
  • Page 612 Fig. 3:1-2 View user group information, Single Users accordion NOTE: If using the LDAP user authentication method, user names display in the User Name column. If using IP groups, IP addresses of user machines display instead of user names. M86 S ECURITY UIDE...
  • Page 613: Add A User Group

    3. Enter at least three characters for the Group Name to be used for the new user group; this action activates the Save button. M86 S ECURITY UIDE...
  • Page 614: Patterns Frame

    ”200.10.100.3” as part of the IP address. 2. Click Add Pattern to include the pattern in the Assigned Patterns list box below. TIP: Follow steps 1 and 2 above to include additional patterns for the new user group. M86 S ECURITY UIDE...
  • Page 615: View Users Resolved By The Pattern

    To remove a pattern in the Assigned Patterns list box: 1. In the Patterns frame, select the pattern from the Assigned Patterns list box to highlight it. 2. Click Remove Pattern to remove that pattern from the list box. M86 S ECURITY UIDE...
  • Page 616: Ip Ranges Frame

    To set up the first parent user group to include an IP range, “All” user groups must be used as the base group. Fig. 3:1-5 Add user group, IP Ranges frame M86 S ECURITY UIDE...
  • Page 617: Specify An Ip Range

    Range button. d. Click Calculate IP Range to display the Starting IP and Ending IP in the fields above. 2. Click Add IP Range to include that IP range in the Assigned Ranges list box below: M86 S ECURITY UIDE...
  • Page 618: Remove An Ip Address Range

    1. Click the row to highlight and select it; this action acti- vates the Remove IP Range button below. 2. Click Remove IP Range to remove the IP address range from the list box. M86 S ECURITY UIDE...
  • Page 619: Single Users/Exclude Frame

    A user name preceded by an asterisk ( * ) indicates an auto- assigned user that can only be removed by adjusting the pattern or IP range for that user’s group. Fig. 3:1-7 Add user group, Single Users frame M86 S ECURITY UIDE...
  • Page 620: Add One Or More Individual Users

    NOTE: Users added to the Add tab will still be listed in the Avail- able Users list. After saving the entries in the New User Group panel, the users added to the Add tab display in the Assigned tab. M86 S ECURITY UIDE...
  • Page 621: Remove Users From The Add Tab

    1. Select the user(s) from the Add tab; this action activates the [-] Remove button: Fig. 3:1-8 Add user group, remove user from Add tab 2. Click [-] Remove to remove the user(s) from the Add tab. M86 S ECURITY UIDE...
  • Page 622: Edit A User Group

    Add tab, and users who are removed display in the Delete tab. • If necessary, edit the name of the user group in the Group Name field. 4. Click Save to save your edits and to return to the User Groups panel. M86 S ECURITY UIDE...
  • Page 623: Rebuild The User Group

    User Groups list as well as your User Groups list. TIP: Click No to close the dialog box and to return to the User Groups panel. 3. Click Yes to close the dialog box, and to remove the user group from the User Groups list. M86 S ECURITY UIDE...
  • Page 624: Admin Groups Panel

    Groups panel, comprised of the Admin Groups frame to the left and the Group Privileges frame to the right: Fig. 3:1-9 Admin Groups panel NOTE: Any administrator groups previously set up display in the Group Names list box in the Admin Groups frame. M86 S ECURITY UIDE...
  • Page 625: Add A Group

    3. In the Group Privileges section, click the appropriate checkbox(es) to specify the type of access the adminis- trator group will be granted on the SR console or its related devices: Fig. 3:1-10 Add a new Group M86 S ECURITY UIDE...
  • Page 626 TIP: To remove a checkmark from any active checkbox containing a checkmark, click the checkbox. 4. Click Save Group to save your entries and to add the new administrator group name in the Group Names list box. M86 S ECURITY UIDE...
  • Page 627: View, Edit An Admin Group's Permissions

    Group Privileges frame with previously- saved settings: Fig. 3:1-11 Admin Groups group selections With the Group Privileges frame populated, you can now make edits as described in the following sub-section. M86 S ECURITY UIDE...
  • Page 628: Edit Admin Group Settings

    “Are you sure you want to delete this admin group?” 3. Click Yes to close the dialog box and to remove the administrator group from the Group Names list box. NOTE: Clicking Cancel closes the dialog box without removing the administrator group. M86 S ECURITY UIDE...
  • Page 629: Admin Profiles Panel

    SR Login ID established during the wizard hardware installation process. At the right side of this panel is the Admin Detail panel, used for adding a group administrator profile, viewing an existing M86 S ECURITY UIDE...
  • Page 630: Add An Administrator Profile

    1. If privileges are granted for you to create a group admin- istrator profile, at the bottom of the Admins frame, click Add Admin to clear and reset the Admin Detail frame. 2. In the Admin Detail frame, make the following entries or selections as appropriate: M86 S ECURITY UIDE...
  • Page 631 SR Login ID, and enter that same password again in the Confirm Password field. These entries display as asterisks for security purposes. • Optional: Type in any Comments to be associated with the group administrator’s account. M86 S ECURITY UIDE...
  • Page 632 • In the Available User Groups list box, click the user group(s) to highlight your selection(s), and to activate the Add Group button. • Click Add Group to include the user group(s) in the Assigned User Groups list box. M86 S ECURITY UIDE...
  • Page 633 4. After selecting each user group to be assigned to the group administrator, click Save Admin to add the SR Login ID for the new administrator to the Admin Names list box. M86 S ECURITY UIDE...
  • Page 634: View, Edit Admin Detail

    Available User Groups box. For an account without permission to create other user profiles, the Admin Detail frame displays at minimum the Full Name, Email address, SR Login ID, and User Groups selection greyed-out: M86 S ECURITY UIDE...
  • Page 635: Edit Account Info

    2. After making any modifications, click Update Admin to save your edits. NOTE: If the administrator whose password was changed is currently logged into SR, he/she will need to log out and log back in again using the new password. M86 S ECURITY UIDE...
  • Page 636: Delete Admin

    “Are you sure you want to delete this admin?” TIP: Clicking Cancel closes the dialog box without removing the group administrator profile. 3. Click Yes to close the dialog box and to remove the administrator’s SR Login ID from the list. M86 S ECURITY UIDE...
  • Page 637: Chapter 2: Database Management

    HTTPS Configuration to open the HTTPS Configuration panel, comprised of Self-Signed, Trusted, and Download/Delete Certificate tabs used for creating, uploading, downloading, and/or deleting self- signed or third party SSL certificates: Fig. 3:2-1 HTTPS Configuration panel, Self-Signed tab M86 S ECURITY UIDE...
  • Page 638: Generate A Self-Signed Certificate For The Sr

    SR, and to restart the Report Manager. Hereafter, group administrators must accept the security certificate on their workstations in order for their machines to communicate with the Report Manager and/or System Configuration administrator console. M86 S ECURITY UIDE...
  • Page 639: Create, Upload A Third Party Certificate

    If the DNS name of the SR changes, a new certificate must be created and possibly added to each client workstation's trusted certificate list. 1. Click the Trusted tab: Fig. 3:2-2 HTTPS Configuration panel, Trusted tab 2. Make entries in these fields: M86 S ECURITY UIDE...
  • Page 640: Step B: Download The Csr, Submit To Agency

    2. Click Save CSR to save the CSR to your machine. TIP: Click Delete CSR to remove the CSR you created on your machine. 3. Submit the CSR to a trusted third party agency autho- rized to sign SSL certificates. M86 S ECURITY UIDE...
  • Page 641: Step C: Upload The Signed Ssl Certificate To Sr

    Browse to find the .cer file you just saved. 5. Click Upload to load the certificate on the SR. NOTE: Do not click this button until performing the actions in the following steps. TIP: Click Cancel in the dialog box to cancel the procedure. M86 S ECURITY UIDE...
  • Page 642: Download, Delete A Third Party Certificate

    The certificate can now be distributed to group administrator workstations. Delete the SSL Certificate To delete the third party certificate from the SR, go to the Download/Delete Certificate tab and click Delete to remove the certificate from the SR. M86 S ECURITY UIDE...
  • Page 643: User Profiles Panel

    Fig. 3:2-4 User Profiles panel By default, this panel is comprised of rows of end user records, sorted in ascending order by User Name (IP address). For each user name in the list, the corresponding end user IP Address displays. M86 S ECURITY UIDE...
  • Page 644: Search The User Database

    2. Click User Summary to open the User Summary panel, and perform any of the actions described for this panel in the Real Time Reports Section. M86 S ECURITY UIDE...
  • Page 645: Activity View Panel

    To perform a search on a specified activity: 1. Select the type of Activity from available choices in the list: All, Admin Login Successful, Admin Login Unsuc- cessful, Add Admin, Edit Admin, Delete Admin, Add Admin Group, Edit Admin Group, Delete Admin Group, M86 S ECURITY UIDE...
  • Page 646 6. To view the activity of a specified administrator, select the user name from the pull-down menu. 7. Click Search to display the specified records for the selected dates in the results list: M86 S ECURITY UIDE...
  • Page 647: Search Results

    (Admin Name), such as: • administrator name for Add/Edit/Delete Admin • group name for Add/Edit/Delete Admin Group • alert name for Add/Edit/Delete Alert • gauge name for Add/Edit/Delete URL/Bandwidth Gauge. M86 S ECURITY UIDE...
  • Page 648: Device Registry Panel

    SR, synchronizing the SR with user groups and libraries from the source Web Filter, editing M86 appliance criteria, and adding or deleting an additional Web Filter, or adding/deleting an SWG or LDAP server from the registry.
  • Page 649 - Click this button to add an SWG server to the device registry. • New LDAP Server (enabled only if an SWG has been added) - Click this button to add an LDAP server to the device registry. M86 S ECURITY UIDE...
  • Page 650: Removing/Adding Web Filter, Swg Devices

    WARNING: For any scenario specified above that would result in data being purged from the Security Reporter, M86 recommends backing up and saving current SR data off the server before adding or removing the designated device from the Device Registry.
  • Page 651: Web Filter Device Maintenance

    Web Filter will now be the source Web Filter, click in the checkbox to place a check mark here. TIP: Click Cancel to close this pop-up window. 3. Click Save to save your edits and to close the pop-up window. M86 S ECURITY UIDE...
  • Page 652: Add A Web Filter To The Device Registry

    “Are you sure you want to delete this device?” NOTE: Click No to close the dialog box. 2. Click Yes to delete the Web Filter device from the registry, and to remove the Web Filter server icon from the Device Registry panel. M86 S ECURITY UIDE...
  • Page 653: Security Reporter Maintenance

    Range IP Address and Subnet Mask fields, and buttons for adding or removing a range of IP addresses the SR application will monitor for network traffic. Any IP Address and Subnet Mask previously entered in this window displays in the list box. M86 S ECURITY UIDE...
  • Page 654: Add, Remove A Bandwidth Range

    SMTP, Patch Server, NTP Server, and Proxy Server. View SMTP device criteria 1. Go to the image of the SMTP server in the Device Registry panel and click View to open the SMTP Server pop-up window: M86 S ECURITY UIDE...
  • Page 655: View Patch Server Device Criteria

    Registry panel and click View to open the Proxy Server pop-up window. The following information displays: Name of server (Proxy Server), Device Type (Proxy Server), IP address, Port number, Username (if appli- cable), Password (if applicable, asterisks display), Proxy Switch ("on" or "off"). M86 S ECURITY UIDE...
  • Page 656: View Ntp Server Device Criteria

    2. Check the checkbox(es) pertaining to information to be synchronized between the Web Filter and SR devices, and to activate the Synchronize button: • Categories - Make this selection to synchronize M86 supplied library category updates and custom library categories from the source Web Filter to the SR.
  • Page 657: New Policy Server Device Maintenance

    View, edit Policy Server device criteria 1. Go to the SWG server icon in the Device Registry panel and click Edit to open the Edit Policy Server pop-up window: Fig. 3:2-13 Edit Policy Server pop-up window M86 S ECURITY UIDE...
  • Page 658: Add A Policy Server To The Device Registry

    The following information displays and cannot be edited: Device Type (SWG), ID, Username. 2. Edit any of the following fields: • Password - Password used to access the application. • Description - Description of the SWG server. M86 S ECURITY UIDE...
  • Page 659: Delete A Policy Server From The Device Registry

    If using an SWG, any LDAP server used with the SWG should be added to the device registry. Add an LDAP Server to the device registry 1. At the bottom of the Device Registry panel, click New LDAP Server to open the LDAP server pop-up window: M86 S ECURITY UIDE...
  • Page 660 • Member - Specify membership attributes, if necessary • Address - LDAP server IP address • User - Enter the authorized user's full LDAP Distin- guished Name. For example, enter the entire string in a format such as: M86 S ECURITY UIDE...
  • Page 661: Import Ldap Group Profiles

    TIP: If the importation process failed, make edits in the LDAP server pop-up window and run the import process again. View, edit LDAP Server device criteria 1. Go to the LDAP server icon in the Device Registry panel and click Edit to open the pop-up window: M86 S ECURITY UIDE...
  • Page 662: Delete An Ldap Server From The Device Registry

    “Are you sure you want to delete this device?” NOTE: Click No to close the dialog box. 2. Click Yes to delete the LDAP server device from the registry, and to remove the LDAP server icon from the Device Registry panel. M86 S ECURITY UIDE...
  • Page 663: Database Processes List Panel

    In the navigation toolbar, mouse over the Administration menu link and select Database Processes List to display the Database Processes List panel: Fig. 3:2-17 Database Processes List window M86 S ECURITY UIDE...
  • Page 664: View Details On A Process

    At the end of each row is the Terminate option. TIP: Click the Refresh button to refresh the list of records. Terminate a Process Select the process to be terminated and click Terminate. WARNING: Be sure that you do not terminate the wrong process. M86 S ECURITY UIDE...
  • Page 665: Server Information Panel

    Expiration Info. NOTE: If the WFR server is newly installed, server statistics will be available after they are initially correlated for the SR, immedi- ately after midnight. If this problem persists, please contact your system administrator. M86 S ECURITY UIDE...
  • Page 666: Mode

    Saturday, September 18, 2010. Registered mode pertains to an SR server that has been activated online and registered by M86 Security. An SR in registered mode will store as much data as allocated for data storage on its hard drive—and on its attached storage device, if applicable to the hardware model of the SR server.
  • Page 667: Date Scopes

    Server Info The Server Info section contains the following WFR server information: Software Version number and Database Server IP address—or the label “localhost” that designates the WFR as the host server for the Report Manager. M86 S ECURITY UIDE...
  • Page 668: Server Activity

    HH:MM AM/PM format), the login ID of the person who generated the chart (Generated by) and the Page number and page range. The chart image includes a graph illustrating the general Number of Hits (in purple) and Number of IPs that gener- M86 S ECURITY UIDE...
  • Page 669 The summary shows the general Number of Hits (in purple) and Number of IPs that generated those hits (in blue) for a specified Week (YYYY-WW). Weeks are numbered 1-52. M86 S ECURITY UIDE...
  • Page 670 The summary shows the general Number of Hits (in red) and Number of IPs that generated those hits (in green) for a specified Month (Month ’YY). Month names are abbreviated. Fig. 3:2-21 Hits Per Month chart M86 S ECURITY UIDE...
  • Page 671: Expiration Info

    SR if the server was activated and running in registered mode. • Estimated date of next expiration - the date scheduled for the next automatic database expiration (MM/DD/ YYYY format). M86 S ECURITY UIDE...
  • Page 672: Reset To Factory Defaults Panel

    WARNING: When using this option, all settings made to the SR— including administrator, group, and real time gauge configuration settings and alerts—will be purged and cannot be restored. The SR will also be set to Evaluation mode. M86 S ECURITY UIDE...
  • Page 673: Reset To Factory Default Settings Frame

    WFR’s End User License Agreement window: Fig. 3:2-23 End User License Agreement 4. After reading the contents of the EULA, click Yes to accept it and to go to the Wizard Login window: Fig. 3:2-24 Wizard Login window M86 S ECURITY UIDE...
  • Page 674: Wizard Panel

    3. Click Login to display the wizard panel: Fig. 3:2-25 Wizard panel 4. In the Main Administrator section, type in the following information: Username, Email address, Password, Confirm Password. NOTE: The username ‘admin’ cannot be used, since it is the default username. M86 S ECURITY UIDE...
  • Page 675 SWG policy servers can be set up to send logs to the SR. 8. Click Save to save your entries and to go to the Security Reporter login window: Fig. 3:2-26 SR Login window M86 S ECURITY UIDE...
  • Page 676: Chapter 3: Report Configuration

    In the navigation toolbar, mouse over the Administration menu link and select Default Report Settings to display the Default Report Settings panel: Fig. 3:3-1 Default Report Settings panel M86 S ECURITY UIDE...
  • Page 677: Set New Defaults

    TIP: Click Cancel to exit without saving your entries. 6. Click the Save button to save your settings and to exit the Default Report Settings panel. M86 S ECURITY UIDE...
  • Page 678: Custom Category Groups Panel

    Custom Category Groups panel: Fig. 3:3-2 Custom Category Groups panel The Custom Category Groups panel is comprised of two frames used for setting up and maintaining category groups: Custom Category Group, and Custom Category Group Detail. M86 S ECURITY UIDE...
  • Page 679: Add A Custom Category Group

    Assigned Categories/Ports list box, make your selection(s), and then click Remove to remove the selection(s). 5. Click Save to save your settings and to include the name of the group you added in the Custom Category Group list. M86 S ECURITY UIDE...
  • Page 680: Modify A Custom Category Group

    Delete a Category Group 1. Select the Custom Category Group name from the list box by clicking on your choice to highlight it. 2. Click Delete to remove the Custom Category Group name from the list box. M86 S ECURITY UIDE...
  • Page 681: Sr Productivity Eports Ection

    Report Schedule for running reports on a regular basis. • Chapter 4: Specialized Reports - This chapter informs you of three specialized types of reports you can generate: Executive Internet Usage Summary Reports, Blocked Request Reports, and Time Usage Reports. M86 S ECURITY UIDE...
  • Page 682: Chapter 1: A High Level Overview

    Security Reporter user interface, or when you use the navi- gation toolbar to navigate to Reports > Dashboard: Fig. 4:1-1 Dashboard panel NOTE: If using both a Web Filter and an SWG, only Web Filter log results display. M86 S ECURITY UIDE...
  • Page 683 Once you have a high level overview of end user produc- tivity report activity on the network, you can use productivity reports to obtain more information about specific end user trends and activity. M86 S ECURITY UIDE...
  • Page 684: Summary Reports

    TIPS: Click the left arrows or right arrows at the edges of the dashboard to display thumbnail images that are currently hidden. Mouse over each bar in the bar graph to view the name of graph entry and number of requests for that entry. M86 S ECURITY UIDE...
  • Page 685: Summary Report Types

    (Instant Messaging) category groups: BotNet, Malicious Code/Virus, Bad Reputation Domains, Spyware, Adware, and IRC. NOTE: For SWG users, results that display in the Top 20 Users by Malware report reflect library contents mapped to the M86 Supplied Categories. M86 S ECURITY...
  • Page 686 • Category Comparison - Pie chart report depicting the total Page Count in each top scoring filtering category. • User Group Comparison - Pie chart report depicting the total Page Count in each top scoring user group. M86 S ECURITY UIDE...
  • Page 687: Modify The Summary Report View

    • Report type thumbnails - Click one of the report type thumbnails beneath the Date Scope to display that report view. TIP: Click the left arrows or right arrows at the edges of the dash- board to display thumbnail images that are currently hidden. M86 S ECURITY UIDE...
  • Page 688: Download, Export A Summary Report

    The footer of the report includes the date and time the report was generated (M/D/YY, HH:MM AM/PM), administrator login ID (Generated by), and Page number and page range. The body of the first page of the report includes the following information: M86 S ECURITY UIDE...
  • Page 689: Export The Pdf Format Report

    Print dialog box, and proceed with standard print procedures. • save the report - Navigate to File > Save a Copy to open the Save a Copy dialog box, and proceed with standard save procedures. M86 S ECURITY UIDE...
  • Page 690: Csv Format

    ID of the user who generated the report. Export the CSV format report • print the report - Navigate to File > Print to open the Print dialog box, and proceed with standard print procedures. M86 S ECURITY UIDE...
  • Page 691: Png Format

    • Pie chart - color-coded pie graph showing a maximum of 15 categories or user groups. Any categories or user groups with page counts totalling less than one percent are grouped together under the “Others Combined” label. M86 S ECURITY UIDE...
  • Page 692: Export The Png Format Report

    These types of reports are accessible by navigating to Reports > Sample Reports and clicking one of the thumb- nails in the panel: Fig. 4:1-7 Sample Reports M86 S ECURITY UIDE...
  • Page 693: Sample Report Types

    • By Category/Site/IP - For each library category, the sites end users accessed, and IP address of each end user • By Category/User/Site - For each library category, the end users with activity in that library category, and the sites each end user accessed M86 S ECURITY UIDE...
  • Page 694: View, Export A Sample Report

    MB amounts display for SWG only), Page Count, Object Count, Time (HH:MM:SS), Hit Count, and Blocked Hits. Total counts display at the end of each section. The Grand Total and total Count for all sections display at the end of the report. M86 S ECURITY UIDE...
  • Page 695: Export The Sample Report

    • save the report - navigate to File > Save a Copy to open the Save a Copy dialog box, and proceed with standard save procedures. 2. Click the “X” in the upper right corner of the PDF file window to close it. M86 S ECURITY UIDE...
  • Page 696: Chapter 2: Drill Down Reports

    Chapter 3: Customize, Maintain Reports. Once you have generated a drill down report view, you can customize your view, save the view, export the view, and/or schedule the report to run at a designated time. M86 S ECURITY UIDE...
  • Page 697: Generate A Drill Down Report

    Page Count or Object Count column corresponding to a specific record displayed in the current summary drill down report view. 3. The drill down view can be exported, saved, and/or scheduled to run at a specified time. M86 S ECURITY UIDE...
  • Page 698: Summary Drill Down Report View

    (such as Category Count, IP Count, User Count, Site Count, Bandwidth, Page Count, and Object Count), and the Time HH:MM:SS column. Each filter column popu- lated with statistics includes links that if clicked will generate a different report view. Clicking a link in the M86 S ECURITY UIDE...
  • Page 699 Modify, Save, Export, Limited Detail Result, Check All, and Uncheck All. The Go to page navigation field at far right lets you navigate to a specific page and includes the total pages in the report view. M86 S ECURITY UIDE...
  • Page 700: Detail Drill Down Report View

    • Bottom section - includes buttons for customizing the current report view: Modify, Save, Export, Column visi- bility. The Go to page navigation field at far right lets you navigate to a specific page and includes the total pages in the report view. M86 S ECURITY UIDE...
  • Page 701: Report View Tools And Usage Tips

    If more than one page of records displays for the total pages returned, enter a page number within that range to navigate to that page of records, or use the up/down arrow(s) to specify the page you want displayed. M86 S ECURITY UIDE...
  • Page 702: Summary Report View Tools And Tips

    If a user visits a page with pop-up ads, these items would add to the page count. If a page has banner ads that link to other pages, these items also would factor into the page count. In categories that use a lot of pop-up M86 S ECURITY UIDE...
  • Page 703 (“0”) will display in the Object Count column in the report. See the Optional Features sub-section of the SR System Config- uration Section for information about Object Count frame options. M86 S ECURITY UIDE...
  • Page 704: Bandwidth And Time Columns

    Bandwidth, Page Count, Object Count, or Time HH:MM:SS. Click the same column header again to sort records for that column in the reverse order. Click another column header to sort records by that speci- fied column. M86 S ECURITY UIDE...
  • Page 705: Record Exportation

    Any of these columns can be hidden from view by clicking the Column visibility button at the bottom of the panel to open the Column visibility pop-up window, and de-selecting the checkbox corresponding to that column: M86 S ECURITY UIDE...
  • Page 706 • Search String - Displays the full search string the end user typed into a search engine text box in search sites such as Google, Bing, Yahoo!, MSN, AOL, Ask.com, YouTube.com, and MySpace.com—if the Search Engine Reporting option is enabled in the Optional Features M86 S ECURITY UIDE...
  • Page 707: Column Sorting Tips

    Truncated data viewing tip To view the entire text that displays truncated in a detail report view column, mouse over the column to view the entire string of data in the column for a given record: M86 S ECURITY UIDE...
  • Page 708: Customization Buttons

    Default Report Settings, or sort column. For summary drill down reports, if specifying a Sort By the first column, summary results must be limited to the top count for another designated column. Fig. 4:2-3 Summary drill down Modify Report pop-up box M86 S ECURITY UIDE...
  • Page 709: Limit Detail Result Button

    Fig. 4:2-5 Limit Detail Result pop-up box NOTE: After all modifications are made, click Apply to save your settings and to close the pop-up box. If generating a detail drill down report, the number of records specified in this box will display. M86 S ECURITY UIDE...
  • Page 710: Export Button

    Fig. 4:2-6 Summary drill down Export pop-up box For detail drill down reports, you have the option to specify the quantity of records, and whether blocked records or all returned records—both blocked and non-blocked—will be included. M86 S ECURITY UIDE...
  • Page 711 • See Exporting a Report in this chapter for information about using the Email option to email a report. • See View and Print Options in this chapter for information about using the View option to view and print a generated report, and for sample reports. M86 S ECURITY UIDE...
  • Page 712: Save Button

    TIP: The Copy (Ctrl+C) and Paste (Ctrl+V) functions can be used in the fields in the Save Report pop-up window. The Advanced Options tab lets you specify additional criteria for the report. For a summary drill down report, Advanced Options include Break Type criteria. M86 S ECURITY UIDE...
  • Page 713 Fig. 4:2-10 Save Report, Advanced Options tab for detail reports After all modifications are made, click one of the save option buttons: • Save and Schedule to open the Schedule Report pop- up window where a schedule can be set up for running the report: M86 S ECURITY UIDE...
  • Page 714 • Save and Email to save the report in the specified format and then email it to the designated email address(es). • Save Only to save the report. NOTE: See Report Wizard and Report Schedule in Chapter 3 for information about using these report options. M86 S ECURITY UIDE...
  • Page 715: Report View Components

    Custom Category Groups option from the Administration menu. • User Groups - This option performs a query on Internet activity of User Groups. User Groups are set up using the User Groups option from the Administration menu. M86 S ECURITY UIDE...
  • Page 716: Date Scope And Date Fields

    • Yesterday - This option generates the report view for yesterday only. • Month to Yesterday - This option generates the report view for the range of days that includes the first day of the current month through yesterday. M86 S ECURITY UIDE...
  • Page 717 In the from and to fields, use the calendar icons to make selections for the date range. In the time fields, specify the hour (1-24) and minute (0-59) time ranges. M86 S ECURITY UIDE...
  • Page 718: Records Fields

    The Filter String field displays greyed-out if “None” was selected at the Filter field. If any other selection was made at that field, enter text in this field corresponding to the type of filter term to be used. M86 S ECURITY UIDE...
  • Page 719: Sort By And Limit Summary Result To Fields

    "Filter Action", "Content Type", "Content", "Search String", "URL". Order field For detail drill down reports, at the Order field, make a selection from the pull-down menu for the order in which to display the selected sort option column: “Ascending”, “Descending”. M86 S ECURITY UIDE...
  • Page 720: Limit Detail Results Fields

    URLs that were blocked, as well as those that were not blocked. • Show blocked records only - For a detail drill down report, click this radio button to only include records for URLs that were blocked. M86 S ECURITY UIDE...
  • Page 721: Break Type Field

    At the Data to Export field pull-down menu, specify the amount of data to be exported: “All the rows on this report”, “Only rows on this page”, or “Only selected rows on this page”. M86 S ECURITY UIDE...
  • Page 722: For Additional-Break Reports Only

    Break type pull-down menu. At the activated Generate Using field, make a selection from the pull-down menu for the sort option to be used: M86 S ECURITY UIDE...
  • Page 723: Output Type Field

    By entering a check mark in this checkbox, activity on machines not assigned to specific end users will not be included in report views. Changing this selection will not affect the setting previously saved in the Default Report Settings panel. M86 S ECURITY UIDE...
  • Page 724: E-Mail / For E-Mail Output Only Fields

    • IP information - Click this checkbox to exclude the column that displays the end user IP address. • User information - Click this checkbox to exclude the column that displays the username. M86 S ECURITY UIDE...
  • Page 725 Engine Reporting option is enabled in the Optional Features screen of the System Configuration adminis- trator console user interface. NOTE: Refer to the Optional Features screen sub-section of the System Configuration Section for information about the Search String feature. M86 S ECURITY UIDE...
  • Page 726: Exporting A Report

    WARNING: Large reports might not be sent due to email size restrictions on your mail server. The maximum size of an email message is often two or three MB. Please consult your mail server administrator for more information about email size restric- tions. M86 S ECURITY UIDE...
  • Page 727: View And Print Options

    • Select All - Hghlight the entire text (Ctrl+A), and then Copy (Ctrl+C) and Paste (Ctrl+V) this text in an open file • Perform a search for text > Find - Search for specific text in the file (Ctrl+F) M86 S ECURITY UIDE...
  • Page 728: Sample Report File Formats

    MS-DOS Text, PDF, Rich Text Format, HTML, Comma-Delimited Text, Excel (Chinese), Excel (English). NOTES: M86 Security recommends using the PDF and HTML file formats over other file format selections—in particular for detail reports—since these files display and print in a format that is easiest to read.
  • Page 729: Ms-Dos Text

    DOS Text format, saved with a .txt file extension: Fig. 4:2-12 Category Groups report, MS-DOS Text file format This is a sample of the Category Groups report in the PDF format, saved with a .pdf file extension: Fig. 4:2-13 Category Groups report, PDF format M86 S ECURITY UIDE...
  • Page 730: Rich Text Format

    EPORTS ECTION HAPTER RILL EPORTS Rich Text Format This is a sample of the Category Groups report in the Rich Text file Format, saved with a .rtf file extension: Fig. 4:2-14 Category Groups report, RTF format M86 S ECURITY UIDE...
  • Page 731: Html

    Fig. 4:2-15 Category Groups report, HTML file format Comma-Delimited Text This is a sample of the Category Groups report in the Comma-Delimited Text format, saved with a .csv file exten- sion: Fig. 4:2-16 Category Groups report, Comma-Delimited Text file M86 S ECURITY UIDE...
  • Page 732: Excel (English)

    Fig. 4:2-17 Category Groups report, Excel (English) file format NOTES: The Excel (English) option supports up to 65,000 rows of exported data. If exporting more than 65,000 rows of data, M86 Security recommends using another format. The Excel (Chinese) option supports up to 10,000 rows of exported data.
  • Page 733: Chapter 3: Customize, Maintain Reports

    In the navigation toolbar, mouse over the Reports menu link and select Report Wizard to display the productivity Report Wizard panel: Fig. 4:3-1 Report Wizard panel for summary reports M86 S ECURITY UIDE...
  • Page 734: Step A: Select The Report Option

    Web page or Web object access for a specified time period. The fields that display in this panel depend upon whether a summary report or a detail report is selected. Fig. 4:3-2 Report Wizard panel for detail reports M86 S ECURITY UIDE...
  • Page 735: Step B: Specify The Report Type

    ‘%’ wildcard to return multiple IP addresses—and then click Search to display query results in the list box below. TIP: Click Reset to remove the IP address(es) from the list box. M86 S ECURITY UIDE...
  • Page 736 • By Keyword - This selection is available for detail reports only. If selecting this filter, enter a keyword from three to 255 characters to filter your results, and then click Add to include your keyword term in the list box M86 S ECURITY UIDE...
  • Page 737: Step D: Specify Other Report Components

    • Limit Detail Result - For a detail report, specify the number of records to be returned in the results, and if these records will only include records of blocked end user queries, or also records of non-blocked end user queries. M86 S ECURITY UIDE...
  • Page 738: Step E: Specify When To Generate The Report

    • Run - Click this button to generate and view the drill down report now in the specified report view format. Fig. 4:3-3 Summary drill down report Fig. 4:3-4 Detail by page drill down report M86 S ECURITY UIDE...
  • Page 739: Step F: Save Report Panel

    This panel is similar in design to the Save Report pop-up window that displays when saving a drill down report (see Chapter 2: Drill Down Reports). However, the Date Scope does not display in this panel. M86 S ECURITY UIDE...
  • Page 740 Type field, specify the top count option to be used in the # Records and Sort By fields. • For a summary report, For pie and bar charts only, the activated Generate using field lets you select the count column sort option. M86 S ECURITY UIDE...
  • Page 741 Fig. 4:3-6 Report Wizard’s Schedule Report panel a. Enter a Name for the event. b. Select the Report to Run from the list. c. Select the frequency When to Run from the pull- down menu (Daily, Weekly, or Monthly). M86 S ECURITY UIDE...
  • Page 742 After the report is emailed, the Saved Reports panel displays if you need to run this report again or another report. Fig. 4:3-7 Saved Reports panel M86 S ECURITY UIDE...
  • Page 743 • Save Only - Click this button to save your entries and to go to the Saved Reports panel where you can delete, edit, or run this report or another report. NOTE: See Report Schedule and Saved Reports in this chapter for information on using these options. M86 S ECURITY UIDE...
  • Page 744: Saved Reports

    NOTES: Refer to Report View Components in Chapter 2: Drill Down Reports for information on using the fields in the Save Report panel discussed on the following pages in this sub- section. Refer to the Security Reports Section for information on security reports. M86 S ECURITY UIDE...
  • Page 745: Edit A Report

    2. After making your selections and entries on the Basic Options tab and Advanced Options tab (as described in Save Report panel in this chapter, and for the Save button option in Chapter 2), click Save Only. M86 S ECURITY UIDE...
  • Page 746: Edit A Security Report

    2. After making your selections and entries in the Report Details, Users, and Email Settings frames—and Filters panel, if available for use—(as described in Chapter 2: Security Report Wizard from the Security Reports Section), click Save. M86 S ECURITY UIDE...
  • Page 747: Copy A Saved Report

    1. In the Saved Reports panel, select the report from the list. 2. Click Duplicate to display the panel for the specified report: • Save Report panel for a summary or detail productivity report: Fig. 4:3-11 Save Report, duplicate report M86 S ECURITY UIDE...
  • Page 748 Edit this text if you wish to modify this report name. 3. After making your selections and entries in the panel: • Click Save Only in the Save Report panel. • Click Save in the Security Report Wizard panel. M86 S ECURITY UIDE...
  • Page 749: Run A Saved Report

    3. Click Yes to close the dialog box and delete the report. TIP: Click No to close the dialog box without deleting the report. NOTE: If a report is scheduled to run via the Report Schedule option, deleting the report removes it from the Report Schedule list. M86 S ECURITY UIDE...
  • Page 750: Report Schedule

    Security reports are scheduled to run via the Schedule Settings option in the Security Report Wizard (see the Security Reports Section for more information about the Security Report Wizard). M86 S ECURITY UIDE...
  • Page 751: View Details For A Scheduled Report Run Event

    To view additional information on a scheduled report run event, select the record from the list to display the report schedule details frame to the right of the table of report records: Fig. 4:3-14 View report schedule details M86 S ECURITY UIDE...
  • Page 752: Edit A Scheduled Report Run Event

    • change the Start Time for running the report TIP: Click Cancel if you wish to return to the Report Schedule panel without saving your edits. 2. Click Save to display the updated criteria in the Report Schedule panel. M86 S ECURITY UIDE...
  • Page 753: Add A Report Run Event To The Schedule

    If Monthly, specify the Day of the Month from the pull- down menu (1 - 31). 5. Select the Start Time for the report: 1 - 12 for the hour, 0 - 59 for the minutes, and AM or PM. M86 S ECURITY UIDE...
  • Page 754: Delete A Scheduled Report Run Event

    2. Click Yes to close the dialog box and remove the record from the list. TIP: Click Cancel to return to the Report Schedule panel without deleting the record from the list of reports scheduled to run. M86 S ECURITY UIDE...
  • Page 755: Chapter 4: Specialized Reports

    Executive Internet Usage Summary to display the Executive Internet Usage Summary panel: Fig. 4:4-1 Executive Internet Usage Summary panel This panel contains the Reports frame listing saved report names, and the Report Details frame used for configuring reports. M86 S ECURITY UIDE...
  • Page 756: View, Edit Report Settings

    Report Name, E-Mail Subject criteria, Deliver report in E-Mail as... selection, Hide Unidentified IPs choice, E-Mail Recipients list and report delivery schedule, and Category Groups and/or User Groups selection(s). 2. Click Save to update any modifications made to these report settings. M86 S ECURITY UIDE...
  • Page 757: Add A New Report

    “Users.” IP hit counts will be included for all other sections of the report, such as those labeled “Categories”, “Category Groups”, etc. 6. In the E-Mail Recipients accordion, specify the user(s) to receive the report and the frequency of delivery. M86 S ECURITY UIDE...
  • Page 758 • In the Category Groups accordion, select the category group(s) from the Available M86 Category Groups and Custom Category Groups, and then click Add Cate- gory Group to move the selection(s) to the Selected list box.
  • Page 759: Sample Executive Internet Usage Report

    Total Blocked Requests are given for the following library categories: Malicious Code/Virus, Botnets/Malicious Code Command, Spyware, Bad Reputation Domains, Adult Content, Blended Threats, Phishing, Web-based Proxies/ Anonymizers, Hacking. NOTE: Blended Threats is not currently used and displays “N/A.” M86 S ECURITY UIDE...
  • Page 760 Fig. 4:4-3 Executive Internet Usage Summary monthly report, page 1 The second page includes a pie chart depicting Total Web Requests for M86 Category Groups. Each category group in the chart is represented by a pie slice and shows the number of requests and overall percentage for that pie slice.
  • Page 761 The range of Requests is shown beneath the chart. For Weekly and Monthly reports, the bottom half of the third page includes a line chart for Top Daily Web Requests by M86 S ECURITY UIDE...
  • Page 762 ‘X’ represents the name of the category group. The top 10 Users are listed in this chart, along with each user’s corresponding Page Count, IP Count, Site Count, Category Count, Time HH:MM:SS, and Hit Count. M86 S ECURITY UIDE...
  • Page 763 Fig. 4:4-6 Executive Internet Usage Summary monthly report, page 4 The balance of the report is comprised of statistics for each of the remaining category groups, represented by report page 3, and page 4 for Weekly and Monthly reports. M86 S ECURITY UIDE...
  • Page 764: Blocked Request Reports

    Section of this user guide for information about enabling or disabling the Block Request Count feature. In the navigation toolbar, mouse over the Reports menu link and select Blocked Request Reports to display the Blocked Request Reports panel: Fig. 4:4-7 Blocked Request Reports panel M86 S ECURITY UIDE...
  • Page 765: Generate A Blocked Request Report

    • Top 20 Users by Blocked Requests - If choosing this option, make a selection from the Date Scope field to display the date range for that time period: Yesterday, Last Week, Last Month, Week to Yesterday, Month to Yesterday. M86 S ECURITY UIDE...
  • Page 766 If a new user group with new users was added, by the next day only the “Yesterday” viewing option will contain data available for viewing. All other viewing options will not be available until the full length of time indicated by the viewing option has transpired. M86 S ECURITY UIDE...
  • Page 767: View The Blocked Request Report

    The footer of the report includes the Date and Time the report was generated, and Page number. The Total Count for all blocked requests displays at the end of the report. Fig. 4:4-8 Blocked Request Report for Top 20 Users M86 S ECURITY UIDE...
  • Page 768: Time Usage Reports

    Time Usage feature. In the navigation toolbar, mouse over the Reports menu link and select Time Usage Reports to display the Time Usage Reports panel: Fig. 4:4-9 Time Usage Reports panel M86 S ECURITY UIDE...
  • Page 769: Generate A Time Usage Report

    • Top 20 Users by Time Usage - If choosing this option, make a selection from the Date Scope field to display the date range for that time period: Yesterday, Last Week, Last Month, Week to Yesterday, Month to Yesterday. M86 S ECURITY UIDE...
  • Page 770 If a new user group with new users was added, by the next day only the “Yesterday” viewing option will contain data available for viewing. All other viewing options will not be available until the full length of time indicated by the viewing option has transpired. M86 S ECURITY UIDE...
  • Page 771: View The Time Usage Report

    The footer of the report includes the Date and Time the report was generated, and Page number. The Total Time for this Date Scope in days, hours, and minutes displays at the end of the report. Fig. 4:4-10 Sample Time Usage Report for Top 20 Users M86 S ECURITY UIDE...
  • Page 772: Time Usage Algorithm

    12:09:04 www.nbc.com The total for this end user is based on a nine-minute time span that includes 17 entries in the log, and seven unique minute entries: 00, 01, 02, 05, 07, 08, and 09. M86 S ECURITY UIDE...
  • Page 773: Sr Real Time Reports Section

    Internet/network activity. • Chapter 5: Identify Users, Categories - This chapter explains how to perform a custom search on Internet/ network usage by a specified user, or for a specified category or category group. M86 S ECURITY UIDE...
  • Page 774: Chapter 1: Gauge Components

    URLs in a specified library category. When clicking Gauges in the navigation toolbar, the URL gauges Dashboard panel displays showing overall activity in URL gauges: Fig. 5:1-1 URL gauges Dashboard M86 S ECURITY UIDE...
  • Page 775: Bandwidth Gauges

    With the URL gauges Dashboard displayed, click the Band- width tab—located beside the URL tab—to display the Bandwidth gauges Dashboard panel showing overall activity in bandwidth gauges: Fig. 5:1-2 Bandwidth gauges Dashboard M86 S ECURITY UIDE...
  • Page 776: Anatomy Of A Gauge

    (page count plus blocked object count) for all library categories the gauge monitors. • Bandwidth gauge - score includes the total number of bytes (kB, MB, GB) of inbound/outbound end user traffic for all protocols/ports the gauge monitors. M86 S ECURITY UIDE...
  • Page 777: How To Read A Gauge

    For bandwidth gauges, if the total byte score reaches the threshold limit, the score displays in red text and the triangle flashes. M86 S ECURITY UIDE...
  • Page 778: Bandwidth Gauge Components

    • SMTP - Simple Mail Transfer Protocol gauge monitors the protocol used for transferring email messages from one server to another. This protocol gauge is comprised of gauges for moni- toring the following ports by default: M86 S ECURITY UIDE...
  • Page 779 • 1863 - TCP/UDP port for MSN Messenger • 5050 - TCP/UDP port for Yahoo! Messenger • 5190 - TCP/UDP port for ICQ and AOL Instant Messenger (AIM) • 5222 - TCP/UDP port for Google Talk, XMPP/Jabber client connection M86 S ECURITY UIDE...
  • Page 780: Gauge Usage Shortcuts

    Trend Chart for this particular gauge that lets you analyze the gauge’s activity. (See View Trend Charts in Chapter 4.) M86 S ECURITY UIDE...
  • Page 781 This is a shortcut to use instead of going to Dashboard Settings, selecting the gauge from the list, and then clicking the Delete Gauge icon. (See Hide, Disable, Delete, Rear- range Gauges in Chapter 2.) M86 S ECURITY UIDE...
  • Page 782: Chapter 2: Custom Gauge Setup, Usage

    2. Do the following to view the contents in the tab to be used: • Click URL Gauges if this tab currently does not display. By default, this tab includes the following list of Gauge Names: Shopping, Security, Illegal, Bandwidth, Adult Content. M86 S ECURITY UIDE...
  • Page 783 3. Select a Gauge Name to display a list of its library cate- gories/protocols/ports in the Gauge Components frame: Fig. 5:2-2 Gauge Components frame populated M86 S ECURITY UIDE...
  • Page 784: Add A Gauge

    (see Specify Gauge Information). • Select the library categories/protocols/ports for the gauge to monitor (see Define Gauge Components). • Assign user groups whose end users’ Internet/network activity will be monitored by the gauge (see Assign User Groups). M86 S ECURITY UIDE...
  • Page 785: Specify Gauge Information

    • For a URL gauge - All (default), Others (all gauge methods, not including Keywords or URLs), Pattern, Search Engine Keyword, URL Keyword, URL, HTTPS Filtering - High, HTTPS Filtering - Medium, Wildcard, XStrike. • For a bandwidth gauge - Inbound, Outbound, Both (default). M86 S ECURITY UIDE...
  • Page 786: Define Gauge Components

    Super Category Group is available to him/her via the User Summary Panel. Thus, he/she will have the ability to lock out all users (assigned to him/her) who are currently using FTP, HTTP, IM, P2P and SMTP protocols. (See Monitor, Restrict End User Activity.) M86 S ECURITY UIDE...
  • Page 787: Assign User Groups

    This group consists of all end users whose network activities are set up to be monitored by the desig- nated group administrator. 2. From the Available User Groups list, select the user group to highlight it. M86 S ECURITY UIDE...
  • Page 788: Save Gauge Settings

    Available User Groups list. Save gauge settings After adding users, click Save to return to the Add/Edit Gauges panel that now includes the name of the gauge you just added: Fig. 5:2-5 New gauge added M86 S ECURITY UIDE...
  • Page 789: Modify A Gauge

    3. Click Edit Gauge to display the URL Gauge or Band- width Gauge panel showing the Gauge Information frame to the left and the Gauge Components frame to the right, populated with settings previously saved for the gauge: M86 S ECURITY UIDE...
  • Page 790 Timespan in minutes, Gauge Method (see Specify Gauge Information). • Gauge Components (see Define Gauge Components). • User Membership (see Assign user groups). 5. Click Save to save your edits and return to the Add/Edit Gauges panel. M86 S ECURITY UIDE...
  • Page 791: Hide, Disable, Delete, Rearrange Gauges

    Fig. 5:2-8 Dashboard Settings panel This panel shows the URL Gauges tab to the left and the Bandwidth Gauges tab to the right. In each of these tabs, a list of gauges displays with the following information: M86 S ECURITY UIDE...
  • Page 792 2. After making all necessary Dashboard Settings modifica- tions—hide, disable, show, rearrange, or delete a gauge—defined in the following sub-sections, click Save Changes to save your edits. M86 S ECURITY UIDE...
  • Page 793: Hide A Gauge

    Rearrange the gauge display in the dashboard To rearrange the order in which gauges display in the dash- board: 1. Select the gauge in the URL Gauges or Bandwidth Gauges tab. 2. In the Actions column, perform any of the following actions: M86 S ECURITY UIDE...
  • Page 794: Delete A Gauge

    TIP: Clicking Cancel closes the dialog box without removing the gauge. 3. Click Yes to close the dialog box and to remove both the Gauge Name from the tab and the gauge from the dash- board. M86 S ECURITY UIDE...
  • Page 795: View End User Gauge Activity

    View Overall Ranking 1. In the navigation toolbar, mouse over the Gauges menu link and select Overall Ranking to open the Overall Ranking panel: Fig. 5:2-9 Overall Ranking panel M86 S ECURITY UIDE...
  • Page 796: View A Gauge Ranking Table

    Internet/network. View a Gauge Ranking table 1. In the gauges dashboard, click a gauge to open the Gauge Ranking panel: Fig. 5:2-10 Gauge Ranking table M86 S ECURITY UIDE...
  • Page 797 • Access the Category View User panel by clicking a user’s score for a gauge (see Monitor, Restrict End User Activity: Access the Category View User panel). In the Category View User panel, you view current details for the gauge. M86 S ECURITY UIDE...
  • Page 798: Monitor, Restrict End User Activity

    In this panel you can perform the following actions: • Access the Category View User panel to see which of the gauge’s library categories/ports the end user accessed and the score (see Access the Category View User panel). M86 S ECURITY UIDE...
  • Page 799: Access The Category View User Panel

    The target URLs frame displays to the right. 1. Select a category from the list, which populates the URLs frame with URLs accessed by that end user for that cate- gory: M86 S ECURITY UIDE...
  • Page 800 For each URL included in the list, the Timestamp displays using military time in the YYYY-MM-DD HH:MM:SS format. 2. Click a URL from the list to open a separate browser window or tab displaying the contents of that URL. M86 S ECURITY UIDE...
  • Page 801: Bandwidth Gauges Tab Selection

    Inbound/Outbound bandwidth usage by the end user for that port, and the combined Total inbound and outbound bandwidth usage by the end user for that port: Fig. 5:2-13 Category View User panel for Bandwidth tab selection M86 S ECURITY UIDE...
  • Page 802: Manually Lock Out An End User

    (see Low severity lockout). • Medium - This selection locks out the end user from access to the World Wide Web (see Medium and High severity lockout). M86 S ECURITY UIDE...
  • Page 803: Low Severity Lockout

    “All Categories” selection for URL gauges, nor see the “All Protocols” selection available for bandwidth gauges. In order to lock out end users using either of these selec- tions, a “Medium” severity lockout should be used. M86 S ECURITY UIDE...
  • Page 804: Medium And High Severity Lockout

    Fig. 5:2-15 Low, medium level URL, medium bandwidth lockout page M86 S ECURITY UIDE...
  • Page 805: High Severity Url, Low/High Bandwidth Lockout

    By default, the following standard links are included in the block page: HELP; M86 Security; For further options, click here; To submit this blocked site for review, click here. NOTE: Please refer to the WF Global Administrator Section of this user guide for information about fields in the block page and how to use them.
  • Page 806: Chapter 3: Alerts, Lockout Management

    Alerts to open the Alerts panel: Fig. 5:3-1 Alerts panel This panel includes a frame to the left that contains the URL Gauges and Bandwidth Gauges tabs, and the empty, target Alerts frame to the right. M86 S ECURITY UIDE...
  • Page 807 By default, this tab includes the following list of Gauge Names: FTP, HTTP, IM, P2P, SMTP. For each Gauge Name in this list, the following infor- mation displays: Group Threshold (20 MB—64 MB for “HTTP”), Timespan (minutes)—15 by default. M86 S ECURITY UIDE...
  • Page 808: Add An Alert

    NOTE: An alert is triggered for any end user whose current score for a gauge matches the designated threshold limit. (See How to Read a Gauge in Chapter 1 of this section for information on how scoring is defined.) M86 S ECURITY UIDE...
  • Page 809: Email Alert Function

    Email Addresses accordion in the target frame to the right. 2. Type in the Email Address. 3. Click Add Email to include the address in the Email Addresses list box. Follow steps 2 and 3 for each email address to be sent an alert. M86 S ECURITY UIDE...
  • Page 810: Receive Email Alerts

    Appendix B: System Tray Alerts: Setup, Usage. NOTE: In order to use this feature, the LDAP User Name and Domain set up in the administrator’s profile account must be the same ones he/she uses when logging into his/her workstation. M86 S ECURITY UIDE...
  • Page 811: Lockout Function

    TCP connection if he/she reaches the threshold limit set up for the gauge. 3. Specify the Duration (minutes) of the lockout (the default is “15” minutes), or click the “Unlimited” checkbox. M86 S ECURITY UIDE...
  • Page 812: View, Modify, Delete An Alert

    3. Select the alert to be viewed or modified by clicking on it to highlight it; this action activates all buttons below the Alerts frame (Add Alert, Edit Alert, Delete Alert, View Alert): Fig. 5:3-3 Alert added M86 S ECURITY UIDE...
  • Page 813: View Alert Settings

    NOTE: The System Tray alert feature is only available if using Active Directory LDAP, and is not available if using IP groups. 2. Click the “X” in the upper right corner of the alert viewer pop-up window to close it. M86 S ECURITY UIDE...
  • Page 814: Modify An Alert

    • User Threshold • Alert Action selections: Email, System Tray—the latter is only functional for Active Directory LDAP—and Lockout • Lockout Severity selection (Low, Medium, High) • Duration (minutes) selection • Email Addresses • Low Lockout Components M86 S ECURITY UIDE...
  • Page 815: Delete An Alert

    NOTE: Clicking No closes the dialog box without removing the alert, and returns you to the main Alerts panel. 4. Click Yes to close the Confirm dialog box and to remove the alert from the list. M86 S ECURITY UIDE...
  • Page 816: View The Alert Log

    NOTE: If an alert was deleted during the most recent 24-hour time period, any records associated with that alert will be removed from the alert log. 3. To view details on an alert, select the alert record in the list to highlight it. M86 S ECURITY UIDE...
  • Page 817 Lockout Components accordions display. Click an accor- dion to expand it, and view the contents—if any—within that accordion. 5. Click the “X” in the upper right corner of alert viewer pop- up window to close it. M86 S ECURITY UIDE...
  • Page 818: Manage The Lockout List

    IP address); IP address; Duration (minutes); Severity of the lockout (Low, Medium, High); Cause of the lockout (Manual, Automatic); Source of the lockout (user name of the administrator who locked out the end user in a M86 S ECURITY UIDE...
  • Page 819: View A Specified Time Period Of Lockouts

    4. Click the ending date to select it and to close the calendar pop-up window. This action populates the field with the selected date. M86 S ECURITY UIDE...
  • Page 820: Unlock Workstations

    2. Next, click User Summary to display the User Summary panel where you can monitor that end user’s online activity and lock him/her out of designated areas of the Internet/network. (See Monitor, Restrict End User Activity for details about using the User Summary panel.) M86 S ECURITY UIDE...
  • Page 821: Chapter 4: Analyze Usage Trends

    If more information is required in your analysis, the Web Filter application, Report Manager tools, and System Configuration administrator console should be consulted so you can generate customized reports to run for a time period of your specifications. M86 S ECURITY UIDE...
  • Page 822: View Trend Charts

    3. Find the gauge for which the trend chart will be gener- ated, and then click the Trend Charts icon at the bottom middle of that gauge: M86 S ECURITY UIDE...
  • Page 823 100 percent. The top and bottom sections of this panel contain tabs. Information about all actions that can be performed in this panel appears in the Navigate a trend chart sub-section. M86 S ECURITY UIDE...
  • Page 824: View Overall Url Or Bandwidth Gauge Activity

    100 percent. The top and bottom sections of this panel contains tabs. For the bandwidth trend chart, buttons display above this panel. M86 S ECURITY UIDE...
  • Page 825: Navigate A Trend Chart

    24- hour time period • 1 Week - This selection displays the gauge URL/byte average score in 12 hour increments for the past seven- day time period M86 S ECURITY UIDE...
  • Page 826: Analyze Gauge Activity In A Pie Chart

    1. To view a line chart showing activity for a slice of the pie chart, do either of the following: • Click that slice of the pie chart • Click the specified tab beneath the pie chart Either action displays the line Trend Chart: M86 S ECURITY UIDE...
  • Page 827 TIP: Click a populated checkbox to remove the check mark and the line showing activity for that gauge. • To view information about a specific point in the line chart, mouse over that point in the chart: M86 S ECURITY UIDE...
  • Page 828: View In/Outbound Bandwidth Gauge Activity

    Print a trend chart from an IE browser window A trend chart can be printed from an IE browser window by using the browser window’s toolbar and going to File > Print and proceeding with the print commands. M86 S ECURITY UIDE...
  • Page 829: Chapter 5: Identify Users, Categories

    This panel displays the Search Criteria frame to the left with the open Users accordion and closed Available Categories/ Groups accordion, Timespan and Top Results sliders, Search button; and to the right, the empty Results target frame. M86 S ECURITY UIDE...
  • Page 830: Specify Search Criteria

    Users accordion, the Top Results slide becomes activated and you can make a selection for the maximum number of records to return in the results for that user: top 10, 20, 30, 40, 50, 60, 70, 80, 90, 100 records. M86 S ECURITY UIDE...
  • Page 831 Total score for that record. For a URL search, you can drill down even further by selecting a user’s record and then viewing the URLs that user accessed (see View URLs within the accessed category). M86 S ECURITY UIDE...
  • Page 832: View Urls Within The Accessed Category

    TIP: Click Back to results to return to the previous page where you can perform another query. You can now print the results displayed in this window if using an IE browser window, or access another selected URL. M86 S ECURITY UIDE...
  • Page 833: Sr Security Reports Section

    NOTES: If the SR is connected to an SWG running software version 9.2.X, reports may not be accurate since bypass transac- tions (e.g. streaming) are not logged for the SR to process. See the M86 Secure Web Gateway User Guide at http:// www.m86security.com/support/Secure-Web-Gateway/Docu- mentation.asp for information on the SWG.
  • Page 834: Chapter 1: Security Reports

    The Rule Transactions report also includes Actions and Policies information. By default, the bottom porton of the report view contains a table that includes rows of records. Columns of pertinent statistics display for each record. M86 S ECURITY UIDE...
  • Page 835: Blocked Viruses Report View

    The following statistics display for each Blocked Virus record in the table: IP Count and User Count of end users who encountered the blocked virus, and the total Count for all instances of this blocked virus encounter. M86 S ECURITY UIDE...
  • Page 836: Security Policy Violations Report View

    The following statistics display for each Security Policy Violation record in the table: IP Count and User Count of end users who breached that security policy, and the total Count for all instances of this type of security breach. M86 S ECURITY UIDE...
  • Page 837: Traffic Analysis Report View

    The following statistics display for each Traffic Analysis record in the table: IP Count and User Count of end users who accessed the high bandwidth usage object, and the total Bandwidth used in all occurrences of accessing this object. M86 S ECURITY UIDE...
  • Page 838: Rule Transactions Report View

    Policies column, the policy from the SWG applied to that transaction; the IP Count and User Count of end users who triggered that rule, and the total Count of all user encounters for that record. M86 S ECURITY UIDE...
  • Page 839: Security Report Tools

    TIP: To refresh the report view displayed in the panel, select Reports > Security Reports and choose the report type again. M86 S ECURITY UIDE...
  • Page 840: Report View Options

    Report View Graph Only Fig. 6:1-5 Sample top six bars view Report View Graph and Records Fig. 6:1-6 Sample top six bars and report records view (default view) M86 S ECURITY UIDE...
  • Page 841: Report View Records Only

    SR S 1: S ECURITY EPORTS ECTION HAPTER ECURITY EPORTS Report View Records Only Fig. 6:1-7 Sample records only view M86 S ECURITY UIDE...
  • Page 842: Report Settings Options

    • Date Range (default) - If selecting this option, use the calendar icons to set the date range. TIP: At the bottom left of the panel, click << Back at any time to return to the previous Security Report panel. M86 S ECURITY UIDE...
  • Page 843 For a Traffic Analysis or Rule Transactions report, you can narrow your search result by including filters: a. Click >> Filters at the bottom right of the panel to display the filter results panel: Fig. 6:1-9 Report Filters option M86 S ECURITY UIDE...
  • Page 844 Click << Back to return to the Security Report Wizard panel. 4. Click Run to generate the security report view: Fig. 6:1-10 Generated Security Report view The report can now be exported by selecting one of the export options (see Export a Security Report). M86 S ECURITY UIDE...
  • Page 845: Save A Security Report

    Yesterday”, “Last Week”, “Last Weekend”, “Current Week”, “Last Month”. • Date Range - If selecting this default option, use the calendar icons to set the date range. c. Specify the Break Type from the available choices in the pull-down menu. M86 S ECURITY UIDE...
  • Page 846 TIP: At the bottom left of the panel, click << Back at any time to return to the Security Report Wizard panel. b. Choose a filter type from an available accordion (Poli- cies, Rules, Action, Content Type) and indicate criteria to use in the filter: M86 S ECURITY UIDE...
  • Page 847 5. Click Save at the bottom of the Security Report Wizard panel to save your settings and to add the report to the Saved Reports panel (see Saved Reports in Chapter 3 from the SR Productivity Reports Section). M86 S ECURITY UIDE...
  • Page 848: Schedule A Security Report To Run

    Fig. 6:1-12 Report Settings Schedule option 2. After specifying criteria for saving the report, go to the lower right corner of the panel and click Schedule Settings to open the Schedule Settings pop-up window: Fig. 6:1-13 Schedule Settings M86 S ECURITY UIDE...
  • Page 849 7. Click Save at the bottom of the Security Report Wizard panel to save your settings and to add the report to the schedule to be run (see Report Schedule in Chapter 3 of the SR Productivity Reports Section). M86 S ECURITY UIDE...
  • Page 850: Export A Security Report

    • All URLs - Check this checkbox to export all URLs • Top - Specify the number of top URLs to be exported 4. To download the report without emailing it, click Down- load Report. To email the report, proceed to step 5. M86 S ECURITY UIDE...
  • Page 851 If you wish, enter text to be included in the Body of the message. e. Specify the Output type for the email: “E-Mail As Attachment” or “E-Mail As Link”. f. Click Email Report to send the email to the specified recipient(s). M86 S ECURITY UIDE...
  • Page 852: Security Report Format

    Item Count for each record. For break type reports, the Total displays at the end of each section. For non-break type Rule Transaction reports, Policy and Action column data precede Item Count column data. M86 S ECURITY UIDE...
  • Page 853 At the end of the report, the Grand Total displays for all records. For Rule Transaction reports, the total Count displays beneath the Grand Total. Fig. 6:1-17 Sample PDF for break type Security Report, page 3 M86 S ECURITY UIDE...
  • Page 854: Chapter 2: Security Report Wizard

    In the Report Details frame, specify general information for the security report to be generated: 1. Type in the Report Name. 2. Choose the Report Type from the pull-down menu (“Blocked Viruses”, “Security Policy Violations”, “Traffic M86 S ECURITY UIDE...
  • Page 855: Select Users

    Group for your report query results. • By Specific User - If selecting this option, enter the end user name—using the ‘%’ wildcard to return multiple usernames—and then click Preview Users to display query results in the list box below. M86 S ECURITY UIDE...
  • Page 856 Rules, Action, Content Type) and indicate criteria to use in the filter: • Select one or more records from the Available list box and click add > to move the record(s) to the Assigned list box. M86 S ECURITY UIDE...
  • Page 857: Specify Email Settings

    3. Type in the Subject for the email message. 4. If you wish, enter text to be included in the Body of the message. 5. Specify the Output type for the email: “E-Mail As Attach- ment” or “E-Mail As Link”. M86 S ECURITY UIDE...
  • Page 858: Schedule, Run A Report Using The Wizard

    Export a Security Report in Chapter 1), and a PDF of the report downloaded to your machine. • Saved by going to the Report Settings menu and selecting the Save option (see Report Settings Options: Save a Security Report in Chapter 1). M86 S ECURITY UIDE...
  • Page 859: Sr Appendices Section

    SR in the evaluation mode, and how to register the SR to function in the regis- tered mode. NOTE: Contact the administrator of the SR to enable the SR in the registered mode. M86 S ECURITY UIDE...
  • Page 860: System Configuration Console

    STORAGE ‘X’ WEEKS” also displays at the top of the Expiration screen in the System Configuration console. Refer to the Expira- tion screen sub-section in Chapter 2 of the SR System Configura- tion Section for more information about data storage and expira- tion. M86 S ECURITY UIDE...
  • Page 861: Use The Server In The Evaluation Mode

    When the SR is in the evaluation mode, the following message displays at the top of the screen: “EVALUATION – MAX DATA STORAGE ‘X’ WEEKS” (in which ‘X’ repre- sents the maximum number of weeks in the SR’s data storage scope). M86 S ECURITY UIDE...
  • Page 862: Change The Evaluation Mode

    Server, IP address, and Mac Address (Media Access Control address) display. 2. In the message “Please click here to activate your appli- ance.”, click the link ‘here’ to open the Product Activation page at the M86 Security Web site. 3. In this Web page: M86 S ECURITY...
  • Page 863 Choose the Activation Type: "Evaluation Extension" or "Full Activation." 4. Click Send Information. After M86 obtains your informa- tion, a technical support representative will issue you an activation code. 5. Return to the Activation Page (see Fig. A-3) and enter the activation code in the Activation Code field.
  • Page 864: System Tray Alerts: Setup, Usage

    LDAP server for authenticating administrators. 1. From the taskbar of the LDAP server, go to: Start > Run to open the Run dialog box: Fig. B-1 Run dialog box M86 S ECURITY UIDE...
  • Page 865 2. In the Run dialog box, type in the path to the scripts folder: C:\WINDOWS\sysvol\domain\scripts. 3. Click OK to open the scripts folder: Fig. B-2 C:\WINDOWS\sysvol\domain\scripts window 4. Right-click in this Windows folder to open the pop-up menu. M86 S ECURITY UIDE...
  • Page 866 6. Type the following text in the blank document file: @echo off start “” “\\X.X.X.X\win\tartrayw32.exe” ta[X.X.X.X] in which “X.X.X.X” represents the IP address of the SR, and “\win\tartrayw32.exe” refers to the location of the SR Tray Alert executable file on the SR. M86 S ECURITY UIDE...
  • Page 867 8. In the File name field, type in the name for the file using the “filename.bat” format. For example: tartray21.bat. NOTE: Be sure that the Save as type field has “All Files” selected. 9. Click Save to save your file and to close the window. M86 S ECURITY UIDE...
  • Page 868: Assign System Tray Logon Script To Administrators

    Fig. B-5 Programs > Administrative Tools > Active Directory Users 2. In the Active Directory Users and Computers folder, double-click the administrator’s Name in the Users list to open the Properties dialog box for his/her profile: M86 S ECURITY UIDE...
  • Page 869 4. In the Login script field, type in the “.bat” filename. For example: tartray21.bat. 5. Click Apply to save your entry. 6. Click OK to close the dialog box. 7. Click the “X” in the upper right corner of the folder to close the window. M86 S ECURITY UIDE...
  • Page 870: Administrator Usage Of System Tray

    System Tray Alert icon’s connection to the SR, reset- ting the status of the System Tray Alert icon to the stan- dard setting. • Exit - clicking this menu selection removes the System Tray Alert icon from the System Tray. M86 S ECURITY UIDE...
  • Page 871: Status Of The System Tray Alert Icon

    Alert”. If more than one alert is triggered for the administrator, the message reads: “New M86 SR Alert! (X Total)”, in which “X” represents the total number of new alerts. The following message displays whenever mousing over this icon: “X New M86 SR Alerts”, in which “X”...
  • Page 872: View System Tray Alert Messages

    SR Alert. Each time the Next >> button is clicked, the number of remaining alerts to be viewed decreases by one. The Next >> button no longer displays after the last alert is viewed. 3. Click Close to close the SR Alert box. M86 S ECURITY UIDE...
  • Page 873: Glossary

    - An authorized administrator of the network who maintains all aspects of the SR. The global administrator configures the SR, sets up user groups, administrator groups and group administrators, and performs routine maintenance on the server. M86 S ECURITY UIDE...
  • Page 874 - P2P involves communication between computing devices—desktops, servers, and other smart devices—that are linked directly to each other. protocol - A type of format for transmitting data between two devices. LDAP is a type of authentication method protocol. M86 S ECURITY UIDE...
  • Page 875 Traveler - M86 Security’s executable program that down- loads updates to the WFR at a scheduled time. UDP - An abbreviation for User Data Protocol, one of the core protocols of the Internet protocol suite.
  • Page 876 The second part specifies the IP address or the domain name where the resource is located (such as “203.15.47.23” or "m86security.com"). Web access logging device - The M86 Web Filter and possibly other filtering device (such as an M86 Secure Web Gateway) feeding logs to the SR.
  • Page 877: Wfr Appendices Section

    To do this: 1. Go to the Yahoo! Toolbar and click the pop-up icon to open the pop-up menu: Fig. I-1 Select menu option Always Allow Pop-Ups From M86 S ECURITY UIDE...
  • Page 878 Pop-Ups list box to activate the Allow button. 4. Click Allow to move the selected source to the Always Allow Pop-Ups From These Sources list box. 5. Click Close to save your changes and to close the dialog box. M86 S ECURITY UIDE...
  • Page 879: Google Toolbar Pop-Up Blocker

    Google Toolbar and click the Pop- up blocker button: Fig. I-3 Pop-up blocker button enabled Clicking this icon toggles to the Pop-ups okay button, adding the Client to your white list: Fig. I-4 Pop-ups okay button enabled M86 S ECURITY UIDE...
  • Page 880: Adwaresafe Pop-Up Blocker

    2. After you are finished using the Client, go back to the SearchSafe toolbar and click the icon for Popup protec- tion off to toggle back to # popups blocked. This action turns on pop-up blocking again. M86 S ECURITY UIDE...
  • Page 881: Mozilla Firefox Pop-Up Blocker

    2. Click the Content tab at the top of this box to open the Content section: Fig. I-5 Mozilla Firefox Pop-up Windows Options 3. With the “Block pop-up windows” checkbox checked, click the Exceptions... button at right to open the Allowed Sites - Pop-ups box: M86 S ECURITY UIDE...
  • Page 882 4. Enter the Address of the web site to let the client pass. 5. Click Allow to add the URL to the list box section below. 6. Click Close to close the Allowed Sites - Pop-ups box. 7. Click OK to close the Options dialog box. M86 S ECURITY UIDE...
  • Page 883: Windows Xp Sp2 Pop-Up Blocker

    1. From the IE browser, go to the toolbar and select Tools > Internet Options to open the Internet Options dialog box. 2. Click the Privacy tab: Fig. I-7 Enable pop-up blocking 3. In the Pop-up Blocker frame, check “Turn on Pop-up Blocker”. M86 S ECURITY UIDE...
  • Page 884: Use The Ie Toolbar

    When you click Turn On Pop-up Blocker, this menu selec- tion changes to Turn Off Pop-up Blocker and activates the Pop-up Blocker Settings menu item. You can toggle between the On and Off settings to enable or disable pop-up blocking. M86 S ECURITY UIDE...
  • Page 885: Add The Client To The White List

    Use the Information Bar With pop-up blocking enabled, the Information Bar can be set up and used for viewing information about blocked pop- ups or allowing pop-ups from a specified site. M86 S ECURITY UIDE...
  • Page 886: Set Up The Information Bar

    3. Click Yes to add the Client to your white list and to close the dialog box. NOTE: To view your white list, go to the Pop-up Blocker Settings dialog box (see Fig. I-9) and see the entries in the Allowed sites list box. M86 S ECURITY UIDE...
  • Page 887: Raid And Hardware Maintenance

    NOTE: As part of the ongoing maintenance procedure for your RAID server, M86 recommends that you always have a spare drive and spare power supply on hand. Contact M86 Technical Support for replacement hard drives and power supplies.
  • Page 888: Part 2: Server Interface

    500 series model front panel. The buttons let you perform a function on the unit, while an LED indicator corresponding to an icon alerts you to the status of that feature on the unit. 500 series model chassis front panel M86 S ECURITY UIDE...
  • Page 889 A steady green LED indicates power is being supplied to the unit’s power supplies. (See also Rear of chassis.) (See Power supply failure in the Troubleshooting sub-section for information on detecting a power supply failure and resolving this problem.) M86 S ECURITY UIDE...
  • Page 890: Part 3: Troubleshooting

    Step 2: Verify the failed drive in the Admin console The Hardware Failure Detection window in the Web Filter Administrator console is accessible via the System > Hard- ware Failure Detection menu selection: M86 S ECURITY UIDE...
  • Page 891 RAID Array Status for all the hard drives (HD) at the right side of the window. Normally, when all hard drives are functioning without failure, the text “OK” displays to the right of the hard drive number, and no other text displays in the window. M86 S ECURITY UIDE...
  • Page 892: Step 3: Replace The Failed Hard Drive

    Pull out the failed drive and replace it with your spare replacement drive. Push the drive into its slot, and press the carrier back in place. NOTE: Contact Technical Support if you have any questions about replacing a failed hard drive. M86 S ECURITY UIDE...
  • Page 893: Step 4: Rebuild The Hard Drive

    Step 2: Contact Technical Support Contact Technical Support for assistance with installing the replacement power supply, or to order a new replacement power supply, or for instructions on returning your failed power supply to M86. M86 S ECURITY UIDE...
  • Page 894: Fan Failure

    If this displays on your unit, contact Technical Support for an RMA (Return Merchandise Authorization) number and for instructions on returning the unit to M86. A steady red LED (on and not flashing) on a 500 series model indicates an overheating condition, which may be caused by cables obstructing the airflow in the system or the ambient room temperature being too warm.
  • Page 895: Index

    Approved Content portal setup 273 Approved Content Settings entries 390 Approved Content Settings window 272 Approved Content, definition 504 arrow, terminology 513 authentication 165 Authentication menu 165 back up SR data internal on demand backup 538 M86 S ECURITY UIDE...
  • Page 896 Break Type field 689 button, terminology 13 calculator in R3000 74 canned report, definition 841 category codes 431 custom categories 410 custom category 32 library 32 M86 supplied category 313 category codes 431 Category Groups menu 312 M86 S ECURITY UIDE...
  • Page 897 Customer Feedback Module window 301 Customization menu 202 Daily Peaks usage report graph 346 data storage setup 563 Data to Export field 689 Database Menu 551 database outage period 564 Database Processes List panel 631 database status logs 559 M86 S ECURITY UIDE...
  • Page 898 Mobile Client 460 EULA 227 evaluation mode 827 exception URL 89 Exception URL window 372 Executive Internet Usage Summary 723 expand or contract a column 525 expiration 564 Expiration Info 639 Expiration screen 563 M86 S ECURITY UIDE...
  • Page 899 For additional-break reports only 690 For e-mail output only field 692 For pie and bar charts only 690 Format field 689 frame, terminology 14 From Date field 684 CFM 301 Change Log FTP Setup 129 definition 841 M86 S ECURITY UIDE...
  • Page 900 Google/Bing/Yahoo!/Youtube/Ask/AOL Safe Search Enforcement global group filter option 259 grid, terminology 14 group create IP group 281 global 25 IP 281 types of R3000 groups 25 group administrator 11 definition 505 group administrator, definition 511 Group Profile window 364 M86 S ECURITY UIDE...
  • Page 901 680 save a Security Report 813 schedule a report to run 721 schedule a Security Report to run 816 schedule or run a report in the Security Report Wizard 826 set up a custom category 410 M86 S ECURITY UIDE...
  • Page 902 Time Profile 385 set up Quotas 230 set up Real Time Probes 329 set up Search Engine Keywords Custom Categories 426 M86 Supplied Categories 323 set up URL Keywords Custom Categories 423 M86 Supplied Categories 319 set up URLs in categories...
  • Page 903 832 create 281 delete 397 IP Profile Management window 392 IP.ID 551 Java Plug-in 6 Java Virtual Machine 6 JavaScript 6 keyword definition 505 search engine, custom category 426 search engine, M86 supplied category 323 M86 S ECURITY UIDE...
  • Page 904 URL update 288 lookup 297 manual updates 287 search engine keywords, custom category 426 search engine keywords, M86 supplied category 323 software update 288 update categories 287 update logs 290 URL keywords, custom category 423 URL keywords, M86 supplied category 319...
  • Page 905 88 Logon Settings window 106 lookup library 297 M86 supplied category 32 definition 506 M86 Web Filter and Reporter (WFR) server 7 machine name, definition 506 Macintosh 5 mail server 694 Manual Backup button 538 M86 S...
  • Page 906 NDEX Manual Update to M86 Supplied Categories 287 Manual Update window 287 master IP group 26 definition 506 filtering profile 29 setup 281 master list 323 definition 506 Member window Individual IP MAC address 467 Member window, Individual IP 404...
  • Page 907 262 Google Toolbar popup blocking 450 Mozilla Firefox popup blocking 452 override popup blockers 447 profile type 30 Windows XP SP2 popup blocking 454 Yahoo! Toolbar popup blocking 448 Override Account window 262 definition 507 M86 S ECURITY UIDE...
  • Page 908 Process list diagnostic tool 116 profile global group 253 group 364 individual IP member 405 minimum filtering level 275 sub-group 401 Profile Control window 217 profile string definition 507 elements 430 protocol bandwidth gauge 742 definition 842 M86 S ECURITY UIDE...
  • Page 909 Reboot window 94 Recent Logins diagnostic tool 118 Recent Trend usage report graph 345 records exportation 673 sort by another column 672 redirect URL global group 257 refresh the R3000 user interface 72 Regional Setting window 100 M86 S ECURITY UIDE...
  • Page 910 Reset to Factory Defaults panel 640 Reset window 178 resize button, terminology 516 restore download a file 174 perform a restoration 175 settings 166 restore data from previous SR backup 540 router mode 22 definition 508 Routing table diagnostic tool 117 M86 S ECURITY UIDE...
  • Page 911 15 search engine definition 509 search engine keyword custom category 426 M86 supplied category 323 Search Engine Keyword Filter Control global group filter option 260 search engine keyword filtering 260 Search Engine Keywords window 323 custom category 426...
  • Page 912 Status window 153 Status window, CMC Management 228 storage capacity maintenance 564 Sub Group (IP Group) window 398 MAC addresses 466 Sub Group Profile window 401 sub-group 398 add to master IP group 395 copy 403 M86 S ECURITY UIDE...
  • Page 913 45 System Command window 114 System Performance diagnostic tool 118 system requirements 5 System screen 62 System Tray 832 System uptime diagnostic tool 119 tab, terminology 516 table, terminology 516 TAR profile 28 Target mode 44 M86 S ECURITY UIDE...
  • Page 914 TOP CPU processes diagnostic tool 117 topic terminology 16 Trace Route 116 Traffic Analysis report view 805 Traveler 312 definition 509 tree terminology 17 tree in R3000 user interface 69 triple-break report 689 Troubleshooting Mode window 122 Type field 683 M86 S ECURITY UIDE...
  • Page 915 URL Keyword Filter Control global group filter option 261 URL keyword filtering 261 URL Keywords window 319 custom category 423 M86 supplied category 319 URL, definition 509 URLs window 314 custom category 415 M86 supplied category 314 Usage Graphs window 344...
  • Page 916 Windows 7 5 Windows Vista 5 Windows XP 5 wizard 7 installation procedures 520 Wizard panel 642 workstation requirements 5 Mobile Client 460 X Strikes Blocking global group filter option 259 X Strikes Blocking window 186 M86 S ECURITY UIDE...

Table of Contents