1. Manuals
  2. Brands
  3. M86 Security Manuals
  4. Network Hardware
  5. M86 Threat Analysis Reporter
  6. User manual

M86 Security M86 User Manual

Web filtering and reporting suite
Hide thumbs Also See for M86:
1
2
Table Of Contents
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
Table of Contents

Advertisement

Quick Links

Download this manual
M86 Web Filtering and Reporting Suite

USER GUIDE

Software Version: 4.2.00
Document Version: 10.10.11

Advertisement

Table of Contents
loading

Related Manuals for M86 Security M86

Summary of Contents for M86 Security M86

  • Page 1: User Guide

    M86 Web Filtering and Reporting Suite USER GUIDE Software Version: 4.2.00 Document Version: 10.10.11...
  • Page 2 M86 Security shall not be liable for any error or for incidental or consequential damages in connection with the furnishing, performance, or use of this manual or the examples herein.

  • Page 3: Table Of Contents

    About this Portion of the User Guide ........11 Terminology ..................13 Overview ..................18 Chapter 1: Filtering Operations ..........19 Operational Modes ................19 Invisible Mode ................20 Router Mode ................22 Firewall Mode ................23 Group Types ................... 25 M86 S ECURITY UIDE...
  • Page 4 Override Account Profile ............. 30 Time Profile ................. 30 Lock Profile ................. 30 Filtering Profile Components ............31 Library Categories ..............32 M86 Supplied Categories............ 32 Custom Categories ............. 32 Service Ports ................33 Rules ..................33 Minimum Filtering Level ............33 Filter Settings ................
  • Page 5 Screen and Window Navigation ......... 67 Console Tips and Shortcuts ..........72 Log Out ..................76 WF G ......77 LOBAL DMINISTRATOR ECTION Introduction ................77 Chapter 1: System screen ............78 Control ..................... 80 Filter window ................80 M86 S ECURITY UIDE...
  • Page 6 View Locked IP Address, Unlock IP Address....112 View Admin, Sub Admin User Interface Access ....113 Diagnostics ..................114 System Command window ............. 114 Perform a Diagnostic Test, View Data ......115 Command Selections ............116 M86 S ECURITY UIDE...
  • Page 7 Specify the Listening Device ..........161 Specify the Block Page Device ......... 161 Invisible Option: Specify the Block Page Delivery..... 162 ICAP Option: Specify ICAP Server Settings ..... 163 Mobile Option: Specify the Mobile Client Control ..... 165 M86 S ECURITY UIDE...
  • Page 8 Go to X Strikes Unlock Workstation GUI ......198 X Strikes Unlock Workstation ........... 199 Warn Option Setting ..............202 Warn Option Setting window ..........202 Specify Interval for Re-displaying the Warn page ..... 203 Customization ................204 viii M86 S ECURITY UIDE...
  • Page 9 Global Group ................. 241 Range to Detect window ............241 Add a Segment to the Network ......... 242 Modify a Segment of the Network ........250 Remove a Segment from the Network ......250 Rules window ................. 251 M86 S ECURITY UIDE...
  • Page 10 Manual Update window ............289 Specify the Type of On Demand Update ......289 Additional Language Support window ........291 Select Additional Languages..........291 Library Update Log window ............ 292 View the Library Update Process........292 M86 S ECURITY UIDE...
  • Page 11 Reload the Library............. 324 Search Engine Keywords window .......... 325 View a List of Search Engine Keywords ......326 Add or Remove Search Engine Keywords......326 Upload a List of Search Engine Keywords......327 Reload the Library............. 328 M86 S ECURITY UIDE...
  • Page 12 Override Account window ............357 Add an Override Account ..........358 Edit an Override Account ..........365 Delete an Override Account ..........366 Group Profile window ............. 366 Category Profile ..............366 Redirect URL ..............370 Filter Options ..............371 M86 S ECURITY UIDE...
  • Page 13 Copy Sub Group ..............407 Copy an IP Sub-Group............407 Individual IP ................... 408 Member window ..............408 Enter the IP Address of the Member ........ 409 Individual IP Profile window ............ 409 Exception URL window ............409 xiii M86 S ECURITY UIDE...
  • Page 14 Upload a Master List of Search Engine Keywords ... 432 Reload the Library............. 432 Delete Category ..............432 Delete a Custom Category..........432 ....... 433 ILTER PPENDICES ECTION Appendix A ................433 Filtering Profile Format and Rules ..........433 Rule Criteria ................434 M86 S ECURITY UIDE...
  • Page 15 Add Override Account to the White List ........460 Use the IE Toolbar ............460 Use the Information Bar ........... 461 Appendix D ................463 Mobile Client ................. 463 Environment Requirements ............ 464 Workstation Requirements..........464 Network Requirement ............465 M86 S ECURITY UIDE...
  • Page 16 Procedures for Logging In, Out ............. 522 Access the Security Reporter Login window ......522 Access SR Report Manager from the WFR Portal.... 522 Enter Report Manager’s URL in the Address field .... 523 Log In ..................524 M86 S ECURITY UIDE...
  • Page 17 View the Status of the Server ........... 550 Secure Access screen ............551 Activate a Port to Access the SR ........551 Terminate a Port Connection ..........552 Terminate All Port Connections ........552 xvii M86 S ECURITY UIDE...
  • Page 18 Import User Groups ............580 SR R ..581 EPORT ANAGER DMINISTRATION ECTION Introduction ................581 Chapter 1: Group, Profile Management ........ 583 User Groups panel ................ 583 View User Group Information ..........586 xviii M86 S ECURITY UIDE...
  • Page 19 Activity View panel ................ 620 Perform a Search on a Specified Activity ....... 621 Search results ..............622 Device Registry panel ..............624 Removing/adding Web Filter, SWG devices ......626 Web Filter Device Maintenance ..........627 M86 S ECURITY UIDE...
  • Page 20 Reset to Factory Defaults panel ............ 651 Reset SR to factory defaults ........... 652 Wizard panel ................653 Main Administrator ............654 Bandwidth Range and Web Filter Setup ......654 Secure Web Gateway Setup..........655 Save Entries ..............656 M86 S ECURITY UIDE...
  • Page 21 Time column..............684 Column sorting tips ............685 Summary Drill Down Record exportation ......685 Other navigation tips ............685 Detail Drill Down Report View ............686 Detail Report View Tools and Tips ......... 687 M86 S ECURITY UIDE...
  • Page 22 View and Print Options ..............712 View and Print Tools ............... 712 Sample Report File Formats ........... 713 MS-DOS Text ..............714 PDF ................... 714 Rich Text Format .............. 715 HTML ................716 Comma-Delimited Text ............. 716 xxii M86 S ECURITY UIDE...
  • Page 23 View the Blocked Request Report .......... 751 Time Usage Reports ..............752 Generate a Time Usage Report ..........753 View the Time Usage Report ..........755 Time Usage algorithm ............756 ........757 EPORTS ECTION Introduction ................757 xxiii M86 S ECURITY UIDE...
  • Page 24 Medium and High severity lockout ........788 End user workstation lockout ..........788 Chapter 3: Alerts, Lockout Management ......790 Add an Alert .................. 792 Email alert function ..............793 Configure email alerts ............793 Receive email alerts............794 xxiv M86 S ECURITY UIDE...
  • Page 25 Blocked Viruses report view ........... 821 Security Policy Violations report view ........821 Traffic Analysis report view ............. 822 Rule Transactions report view ..........823 Drill Down into a Security Report ..........824 Security Report Tools ..............825 M86 S ECURITY UIDE...
  • Page 26 Create the System Tray logon script......... 854 Assign System Tray logon script to administrators ... 858 Administrator usage of System Tray ........860 Use the System Tray Alert icon’s menu ......860 Status of the System Tray Alert icon......... 861 xxvi M86 S ECURITY UIDE...
  • Page 27 Front Control Panel on a 300 Series Unit ......880 Front control panel on the 500 series model..... 880 Part 3: Troubleshooting ............882 Hard drive failure............... 882 Power supply failure............885 Fan failure ................ 886 xxvii M86 S ECURITY UIDE...
  • Page 28 ONTENTS ................887 NDEX xxviii M86 S ECURITY UIDE...

  • Page 29: Wfr Suite Overview

    NOTE: The SR application can be configured to accept logs from a M86 Secure Web Gateway (SWG) and generate security reports. See the M86 Secure Web Gateway User Guide at http:// www.m86security.com/support/Secure-Web-Gateway/Docu- mentation.asp for information on the SWG.

  • Page 30: How To Use This User Guide

    WFR console and this user guide, and provides information on how to contact M86 Security technical support. • Web Filter (WF) - Refer to this portion for information on configuring and maintaining the Web Filter application.

  • Page 31: Conventions

    IMPORTANT: The "important" icon is followed by italicized text informing you about important information or procedures to follow to ensure maximum uptime on the WFR Server. M86 S ECURITY UIDE...

  • Page 32: Components And Environment

    • Optional: One or more attached “NAS” storage devices (e.g. Ethernet connected, SCSI/Fibre Channel connected “SAN”) Software • Linux OS • Administrator User Interface (UI) console utilized by an authorized administrator to configure and maintain the WFR server • MySQL database M86 S ECURITY UIDE...

  • Page 33: Environment

    Network Requirements • Power connection protected by an Uninterruptible Power Supply (UPS) • HTTPS connection to M86 Security’s software update server • SR must be be fully configured, and the Structured Query Language (SQL) server must be installed on the network and connected to the Web access logging device(s) (e.g.

  • Page 34: End User Workstation Requirements

    • Firefox 6.0 • Google Chrome 13.0 • Safari 5.1 • Macintosh OS X Version 10.6 or 10.7 running: • Safari 5.1 • Firefox 6.0 • JavaScript enabled • Pop-up blocking software, if installed, must be disabled M86 S ECURITY UIDE...

  • Page 35: How To Use The Wfr On The Web

    ON THE How to Use the WFR on the Web Initial Setup To initially set up your M86 Web Filter and Reporter (WFR) server, the administrator installing the unit should follow the instructions in the M86 WFR Installation Guide, the booklet packaged with your WFR unit.
  • Page 36 Web Filter, SR Report Manager and SR System Configuration administrator console on the WFR server, without needing to use this WFR Welcome portal to individually log into the two main applications. M86 S ECURITY UIDE...

  • Page 37: Single Sign-On Access

    2. Go to the navigation links at the top of the Report Manager panel and select: • Administration > System Configuration to access the SR administrator console • Administration > Web Filter > (IP address) to access the Web Filter user interface M86 S ECURITY UIDE...

  • Page 38: Default Usernames And Passwords

    Security Reporter are identical (admin), but the pass- words are dissimilar, the SSO feature will not function. Thus, in order to use SSO, M86 recommends setting up an admin- istrator account in the Web Filter that matches the global administrator account set up in the SR (Administration >...

  • Page 39: Web Filter Introductory Section

    NTRODUCTORY ECTION Web Filter M86 Security’s Web Filter tracks each user’s online activity, and can be configured to block specific Web sites, service ports, and pattern and file types, and lock out an end user from Internet access, thereby protecting your organization...
  • Page 40 Appendix D explains how to install, configure, and use the Mobile Client. Appendix E features a glos- sary of technical terminology used in this portion of the user guide. M86 S ECURITY UIDE...

  • Page 41: Terminology

    • field - an area in a dialog box, window, or screen that either accommodates your data entry, or displays pertinent information. A text box is a type of field. M86 S ECURITY UIDE...
  • Page 42 One or more tree lists also can display in this panel. When an item in the tree list is clicked, the tree list opens to reveal items that can be selected. M86 S ECURITY UIDE...
  • Page 43 When the circle is empty, the option is not selected. • screen - a main object of an appli- cation that displays across your monitor. A screen can contain panels, windows, frames, fields, tables, text boxes, list boxes, icons, buttons, and radio buttons. M86 S ECURITY UIDE...
  • Page 44 By clicking the link for a topic, the window for that topic displays in the right panel of the screen, or a menu of sub-topics opens. M86 S ECURITY UIDE...
  • Page 45 A window for a topic or sub-topic displays in the right panel of the screen. Other types of windows include pop-up windows, login windows, or ones from the system such as the Save As or Choose file windows. M86 S ECURITY UIDE...

  • Page 46: Overview

    • block instant messaging and peer-to-peer services • authenticate users via the existing authentication system on the network NOTE: See the M86 Web Filter Authentication User Guide at http://www.m86security.com/support/wf/documentation.asp for information on setting up and using authentication. • synchronize multiple Web Filter units so that all servers...

  • Page 47: Chapter 1: Filtering Operations

    Chapter 1: Filtering Operations Operational Modes Based on the setup of your network, the Web Filter can be configured to use one of these operational modes for filtering the network: • invisible mode • router mode • firewall mode M86 S ECURITY UIDE...

  • Page 48: Invisible Mode

    Figure 1:1-1 depicts the invisible mode that removes the Web Filter from any inclusion in the network connection path. Fig. 1:1-1 Pass-by filtering diagram M86 S ECURITY UIDE...
  • Page 49 Web Filter’s port mirrors the port connected to the router. Fig. 1:1-2 Invisible mode diagram, with port monitoring In the invisible mode, the Web Filter performs as a standa- lone server that can be connected to any network environ- ment. M86 S ECURITY UIDE...

  • Page 50: Router Mode

    Fig. 1:1-3 Router mode diagram As previously mentioned, a Web Filter set up in the router mode can also work in the invisible mode. The router mode setup also will work in the firewall mode. M86 S ECURITY UIDE...

  • Page 51: Firewall Mode

    NTRODUCTORY ECTION HAPTER ILTERING PERATIONS WARNING: M86 recommends contacting one of our solutions engineers if you need assistance with router mode setup proce- dures. Firewall Mode The firewall mode is a modification of the router mode. With the Web Filter set up in this mode, the unit will filter all requests.
  • Page 52 Web Filter. WARNING: Contact a solutions engineer at M86 Security for setup procedures if you wish to use the firewall mode. Fig. 1:1-5 Firewall mode diagram, with filtering and cache setup...

  • Page 53: Group Types

    The filtering profile created for the global group represents the default profile to be used by all groups that do not have a filtering profile, and all users who do not belong to a group. M86 S ECURITY UIDE...

  • Page 54: Ip Groups

    IP members, override account, time profiles and exception URLs, and maintains filtering profiles of all members in the master IP group. Fig. 1:1-6 IP diagram with a sample master IP group and its members M86 S ECURITY UIDE...

  • Page 55: Filtering Profile Types

    Other filtering profiles • authentication profile - used by LDAP group members. This type of profile includes the workstation profile. NOTE: For information about authentication filtering profiles, see the M86 Web Filter Authentication User Guide. M86 S ECURITY UIDE...
  • Page 56 Web Filter and the Radius authentication feature enabled. • TAR profile - used by the Threat Analysis Reporter (TAR) module if an end user is locked out by TAR when attempting to access blocked content in a library cate- gory. M86 S ECURITY UIDE...

  • Page 57: Static Filtering Profiles

    IP sub-group and is customized for sub-group members. Individual IP Member Filtering Profile An individual IP member filtering profile is created by the group administrator.This filtering profile applies to a speci- fied end user in a master IP group. M86 S ECURITY UIDE...

  • Page 58: Active Filtering Profiles

    Active filtering profiles include the Global Group Profile, Override Account profile, Time Profile, and Lock profile. NOTE: For information about authentication filtering profiles, see the M86 Web Filter Authentication User Guide. Global Filtering Profile The global filtering profile is created by the global adminis- trator.

  • Page 59: Filtering Profile Components

    (default) filtering profile • filter settings - used by service ports, filtering profiles, rules, and the minimum filtering level to indicate whether users should be granted or denied access to specified Internet content M86 S ECURITY UIDE...

  • Page 60: Library Categories

    M86 furnishes a collection of library categories, grouped under the heading “Category Groups” (excluding the “Custom Categories” group). Updates to these categories are provided by M86 on an ongoing basis, and administra- tors also can add or delete individual URLs within a speci- fied library category.

  • Page 61: Service Ports

    The minimum filtering level does not apply to any user who does not belong to a group, and to groups that do not have a filtering profile established. M86 S ECURITY UIDE...

  • Page 62: Filter Settings

    • warn - If a category is given a warn setting, a warning page displays for the end user to warn him/her that accessing the intended URL may be against established policies and to proceed at his/her own risk M86 S ECURITY UIDE...

  • Page 63: Filtering Rules

    IP group’s time profile. b. An IP sub-group time profile takes precedence over the IP sub-group profile. 5. For individual IP members: a. An individual IP member filtering profile takes prece- dence over the IP sub-group’s time profile. M86 S ECURITY UIDE...
  • Page 64 Global Group section of the console. 9. An X Strikes lockout profile takes precedence over all filtering profiles. This profile is set up under Filter Options, by enabling the X Strikes Blocking feature. M86 S ECURITY UIDE...
  • Page 65 1: F ILTER NTRODUCTORY ECTION HAPTER ILTERING PERATIONS Fig. 1:1-7 Sample filtering hierarchy diagram M86 S ECURITY UIDE...

  • Page 66: Chapter 2: Logging And Blocking

    When the IM module is loaded on the server, the Web Filter compares packets on the network with IM libraries stored on the Web Filter. If a match is found, the Web Filter checks the user’s profile to see whether the user’s connection to the IM M86 S ECURITY UIDE...

  • Page 67: P2P Blocking

    Web Filter. If a match is found, the Web Filter checks the user’s profile to see whether the user’s connec- tion to the P2P service should be blocked, and then performs the appropriate action. M86 S ECURITY UIDE...

  • Page 68: Setting Up Im And P2P

    IM and/or P2P, settings need to be made in the Policy section of the Administrator console. If applying M86’s supplied IM and/or P2P library category to an entity’s profile, all IM and/or P2P services included in that category will be blocked.

  • Page 69: Block Im, P2P For All Users

    • the Pattern Blocking option in the Filter window must be activated • the global filtering profile must have the PR2PR library category set up to be blocked • the minimum filtering level profile must have the PR2PR library category set up to be blocked. M86 S ECURITY UIDE...

  • Page 70: Block Specified Entities From Using Im, P2P

    P2P traffic with the Range to Detect feature is desired • the minimum filtering level profile should not have P2P blocked, unless blocking all P2P traffic with the Range to Detect feature is desired. M86 S ECURITY UIDE...

  • Page 71: Chapter 3: Synchronizing Multiple Units

    All other Web Filters on the network are configured as target servers to the source Web Filter unit, receiving updates from the source server. M86 S ECURITY UIDE...
  • Page 72 In this mode, filtering information from the source server will be uploaded to the target server. The only synchronization setup that needs to be made on the target server is to ensure that network interfaces are configured for network communication. M86 S ECURITY UIDE...

  • Page 73: Synchronization Setup

    Additionally, this IP address is used by the target server to identify the source server from which it M86 S ECURITY UIDE...

  • Page 74: Types Of Synchronization Processes

    When the target server resumes communication with the source server, it will actively download and apply the latest running configuration from the source server. M86 S ECURITY UIDE...

  • Page 75: Library Synchronization Process

    The use of queues ensures that if a target server is taken offline for a period of time, when it is brought back online, it will be updated with the latest changes from the source server. M86 S ECURITY UIDE...

  • Page 76: Delays In Synchronization

    The total time of this process will vary depending upon custom library entries, but the entire procedure should take approximately one minute. M86 S ECURITY UIDE...

  • Page 77: Synchronized, Non-Synchronized Items

    As you will see by the lists on the following pages, static configuration options—such as library changes—will be synchronized. All active options—such as profile changes— will be functionally synchronized. One time configuration options on the Web Filter—such as reporting configurations, or IP addresses—will not be synchronized. M86 S ECURITY UIDE...

  • Page 78: Synchronize All Items

    Synchronize All Items The following lists show which items will be synchronized when the option to synchronize all items is selected. Synchronized Items (All) • M86 Library additions/deletions • Custom library creations • Custom library additions/deletions • Search Engine keyword additions/deletions •...

  • Page 79: Non-Synchronized Items

    • Virtual IP and Authentication IP addresses • IP addresses • Default routes • Software Update application • Synchronization settings • Filter Mode • Backup/Restore • SNMP configuration • Warn Option Setting • Reporter configuration • CMC Management M86 S ECURITY UIDE...

  • Page 80: Synchronize Only Library Items

    The following lists show which items will be synchronized when the option to synchronize only library items is selected. Synchronized Items (Library Only) • M86 Library additions/deletions • Custom library creations • Custom library additions/deletions • Search Engine keyword additions/deletions •...
  • Page 81 • Default routes • Software Update application • Synchronization settings • Filter Mode • Backup/Restore • Radius Authentication Settings • SNMP configuration • X Strikes Blocking settings • Warn Option Setting • Reporter configuration • CMC Management M86 S ECURITY UIDE...

  • Page 82: Server Maintenance Procedures

    Web Filter servers should be designated as the new source server. Establish Backup Procedures To prevent down time during a source server failure, M86 recommends establishing backup and restore procedures. It is important that regular backups of the source Web Filter server are saved using the Backup/Restore window in the System section of the Web Filter console.

  • Page 83: Use A Backup File To Set Up A Source Server

    8. After the restoration of configuration settings is applied and a quick reload takes place, this Web Filter will now function as the source server in the Web Filter cluster. M86 S ECURITY UIDE...

  • Page 84: Set Up A Replacement Target Server

    4. Apply all software updates that were applied on the failed source server. 5. In the Policy section of the console, enter all groups and filtering profiles. 6. Make all necessary settings in all sections and windows of the console. M86 S ECURITY UIDE...

  • Page 85: Chapter 4: Getting Started

    Click the WF icon in the WFR Welcome window: Fig. 1:4-1 Web Filter icon in WFR Welcome window Clicking the WF icon opens a separate browser window/tab containing the Web Filter Login window (see Fig. 1:4-2). M86 S ECURITY UIDE...

  • Page 86: Enter Web Filter's Url In The Address Field

    In order to accept the security certificate, follow the instruc- tions at: http://www.m86security.com/software/8e6/ docs/ig/misc/sec-cert-wf4.2.pdf 3. After accepting the security certificate, click Go to open the Web Filter login window (see Fig. 1:4-2). M86 S ECURITY UIDE...

  • Page 87: Log In

    NOTE: See Chapter 1: System screen in the WF Global Adminis- trator Section for information on logging into the Web Filter user interface if your password has expired. 2. Click LOGIN to access the Welcome screen of the Web Filter Administrator console: M86 S ECURITY UIDE...

  • Page 88: Last Library Update Message

    • Yes - clicking this button closes the dialog box and opens an alert box indicating that it will take a few minutes to perform the library update. Click OK to close the alert box and to execute the command to update the libraries. M86 S ECURITY UIDE...
  • Page 89 After the libraries are updated, today’s date will appear as the Last Library Update on the welcome screen. NOTE: Refer to the Library screen’s Manual Update to M86 Supplied Categories window—in the Web Filter Global Group Section—for information about updating library categories on demand.

  • Page 90: Navigation Tips

    System section. This section is comprised of windows used by the global administrator for configuring and maintaining the server to authenticate users, and to filter or block specified Internet content for each user based on the applied filtering profile. M86 S ECURITY UIDE...
  • Page 91 Real Time Probe icon - If the Real Time Probe feature is enabled, this icon can be clicked by authorized users to access the Real Time Probe reporting tool. • system time - The system time displays using the YYYY/MM/DD HH:MM:SS date and time format M86 S ECURITY UIDE...

  • Page 92: Help Features

    1. Click a link to go to a specified topic. 2. To view Help Topics for another section, click the tab for that section: Policy, Library, Reporting, System, or Help. 3. Click Close Window to close the Help Topics window. M86 S ECURITY UIDE...
  • Page 93 F1 key on your keyboard. • Hover Display The yellow tooltip box displays when you hover over the icon with your mouse: Fig. 1:4-7 Tooltip mouseover effect To close the tooltip box, move the mouse away from the icon. M86 S ECURITY UIDE...
  • Page 94 ILTER NTRODUCTORY ECTION HAPTER ETTING TARTED • Help pop-up box The Help pop-up box opens when you press the F1 key on your keyboard: Fig. 1:4-8 Help pop-up box Click OK to close the pop-up box. M86 S ECURITY UIDE...

  • Page 95: Screen And Window Navigation

    Topic Links In Library, Reporting, and System screens, the navigation panel contains topic links. By clicking a topic link, the window for that topic displays in the right panel: Fig. 1:4-9 Selected topic and its corresponding window M86 S ECURITY UIDE...
  • Page 96 For these topics, clicking a topic link opens a menu of sub-topics: Fig. 1:4-10 Sub-topics menu When a sub-topic from this menu is selected, the window for that sub-topic displays in the right panel of the screen. M86 S ECURITY UIDE...

  • Page 97: Navigate A Tree List

    (+) sign, when that branch of the tree is collapsed. By double-clicking the entity, a minus (-) sign replaces the plus sign, and all branches within that branch of the tree display. An item in the tree is selected by clicking it. M86 S ECURITY UIDE...
  • Page 98 When a tree list topic is selected and clicked, a menu of sub- topics opens: Fig. 1:4-12 Tree list topics and sub-topics Clicking a sub-topic displays the corresponding window in the right panel, or opens a pop-up window or alert box, as appropriate. M86 S ECURITY UIDE...

  • Page 99: Navigate A Window With Tabs

    Apply button. NOTE: In the Time Profile and Override Account pop-up windows, entries are saved at the bottom of the window. Fig. 1:4-13 Window with tabs M86 S ECURITY UIDE...

  • Page 100: Console Tips And Shortcuts

    Refresh the Console Press F5 on your keyboard to refresh the Administrator console. This feature is useful in the event that more than one browser window is open simultaneously for the same Web Filter. M86 S ECURITY UIDE...
  • Page 101 • To paste text into an empty field, place the cursor in the field and then press the Ctrl and V keys. • To copy over existing text, highlight text currently in the field and then press the Ctrl and V keys. M86 S ECURITY UIDE...
  • Page 102 Calculate to display the Min Host and Max Host IP addresses. TIP: If necessary, make a different IP address entry and Netmask selection, and then click Calculate to display different Min Host and Max Host results. M86 S ECURITY UIDE...
  • Page 103 For greater ease in viewing content in any screen, re-size the browser window by placing your cursor at any edge or corner of the user interface, left clicking, and then dragging the cursor to the left or right, or inward or outward. M86 S ECURITY UIDE...

  • Page 104: Log Out

    3. Click the “X” in the upper right corner of the screen for the Login window to close it. WARNING: If you need to turn off the server, see the ShutDown window of the System screen in the WF Global Administrator Section. M86 S ECURITY UIDE...

  • Page 105: Wf Global Administrator Section

    • adds group administrators • sets up administrators for receiving automatic alerts • updates the WFR server with software supplied by M86 • analyzes server statistics • utilizes diagnostics for monitoring the server status to ensure optimum functioning of the server •...

  • Page 106: Chapter 1: System Screen

    Control settings, Network settings, Administrator account information, Secure Logon, Diagnostics, Alert contacts, Software Update, Synchronization, operation Mode, Authentication settings (see the M86 Web Filter Authentication User Guide for information about this topic), Backup/Restore operations, Reset settings, Radius Authen- tication Settings, SNMP, Hardware Failure Detection, X Strikes Blocking, Warn Option Setting, Customization, Quota Setting, and SSL Certificate.
  • Page 107 Click your selection to choose a main topic from this list, or to view a menu of sub-topics, if applicable. When a topic or sub-topic is selected, the designated window for that topic or sub-topic displays in the right panel. M86 S ECURITY UIDE...

  • Page 108: Control

    HTTPS sites on Web Filters set up in the Stand Alone or Source mode. In the Service Control frame, enabling Pattern Blocking will log IM and P2P end user activity, and block end users from using M86 S ECURITY UIDE...

  • Page 109: Local Filtering

    This frees up resources on the server. To disable Local Filtering and/or VLAN Detection, click the “Off” radio button(s). M86 S ECURITY UIDE...

  • Page 110: Http Filtering

    HTTP header inspection. Disable HTTP Packet Splitting Detection To disable automatic detection of a split HTTP packet, click “Off.” This action removes the field below the radio buttons. NOTE: After making all entries in this window, click Apply. M86 S ECURITY UIDE...

  • Page 111: Https Filtering

    Group Administrator Section for information on setting up a custom library category. See Global Group Profile window and Minimum Filtering Level window in Chapter 2: Policy screen for information on allowing a library category to pass.) M86 S ECURITY UIDE...

  • Page 112: Service Control

    IM and P2P activity of end users once IM and P2P pattern files are downloaded on demand via the Manual Update to M86 Supplied Categories window. NOTE: See http://www.m86security.com/software/8e6/hlp/ifr/ files/1system_proxy_block.html for a list of proxy pattern types that are set up to be blocked.

  • Page 113: Target(S) Filtering

    To enable All Target(s) Filtering, click the “On” radio button. Each target server on the network will filter the Range to Detect specified on that server. NOTE: After making all entries in this window, click Apply. M86 S ECURITY UIDE...

  • Page 114: Block Page Authentication Window

    See the Block Page Customization window and Common Customization window in this chapter for information on custom- izing the M86 block page. See Appendix B: Create a Custom Block Page for information on creating a customized block page using your own design.

  • Page 115: Enter, Edit Block Page Options

    NET USE script. NOTES: • Details about the Web-based Authentication option can be found in the M86 Web Filter Authentication User Guide. • For more information about the Override Account option, see information on the following windows in this user guide: •...

  • Page 116: Block Page

    3. Click Apply to apply your settings. Block page When a user attempts to access Internet content set up to be blocked, the block page displays on the user’s screen: Fig. 2:1-4 Sample Block Page M86 S ECURITY UIDE...
  • Page 117 By default, the following standard links are included in the block page: • HELP - Clicking this link takes the user to M86’s Tech- nical Support page that explains why access to the site or service may have been denied.

  • Page 118: Options Page

    For further options, click here. Fig. 2:1-5 Options page The following items previously described for the Block page display in the upper half of the Options page: • HELP link • User/Machine frame contents M86 S ECURITY UIDE...
  • Page 119 The frame beneath the User/Machine frame includes infor- mation for options (1, 2, and/or 3) based on settings made in this window and the Common Customization window. NOTE: Information about Option 1 is included in the M86 Web Filter Authentication User Guide. Option 2 Option 2 is included in the Options page, if “Override...
  • Page 120 • Try re-authenticating your user profile - This link displays if “Re-authentication” was selected at the Re- authentication Options field, and an entry was made in the Logon Script Path field. When the user clicks this link, a window opens: Fig. 2:1-7 Re-authentication option M86 S ECURITY UIDE...

  • Page 121: Shutdown Window

    Fig. 2:1-8 ShutDown window Shut Down the Server In the ShutDown frame, click ShutDown to power off the server. NOTE: See the WFR Overview for information about accessing the WFR user interface and logging back into the server. M86 S ECURITY UIDE...

  • Page 122: Reboot Window

    After the server is rebooted, the Web Filter status message box closes, and the Web Filter ready alert box opens. M86 S ECURITY UIDE...
  • Page 123 NOTE: See the WFR Suite Overview and Chapter 4: Getting Started from the Introductory Section of the Web Filter portion of this user guide for information about accessing the WFR user interface and logging back into the server. M86 S ECURITY UIDE...

  • Page 124: Network

    Block Page Route Table. LAN Settings window The LAN Settings window displays when LAN Settings is selected from the Network menu. This window is used for configuring network connection settings for the WFR. Fig. 2:1-10 LAN Settings window M86 S ECURITY UIDE...

  • Page 125: Specify Lan Settings

    3. Click Apply to apply your settings. NOTE: Whenever modifications are made in this window, the server must be restarted in order for the changes to take effect. M86 S ECURITY UIDE...

  • Page 126: Ntp Servers Window

    Web Filter will use the actual time from a clock at a specified IP address. NOTE: The System Time displays beneath the Details frame, using the YYYY/MM/DD HH:MM:SS Coordinated Universal Time (UTC) format for the current time zone. Fig. 2:1-11 NTP Servers window M86 S ECURITY UIDE...

  • Page 127: Specify Network Time Protocol Servers

    3. Click Apply to apply your settings. Remove an NTP Server To remove an NTP server: 1. Select the IP address from the Servers list box. 2. Click Delete. 3. Click Apply to apply your settings. M86 S ECURITY UIDE...

  • Page 128: Regional Setting Window

    If necessary, select a language set from the Language pull-down menu to specify that you wish to display that text in the console. 3. Click Apply to apply your settings, and to reboot the Web Filter. M86 S ECURITY UIDE...

  • Page 129: Block Page Route Table Window

    Fig. 2:1-13 Block Page Route Table window NOTE: See the Block Page Authentication window for information on setting up block pages. M86 S ECURITY UIDE...

  • Page 130: Add A Router

    NOTE: Follow steps 1-4 for each router you wish to include in the routing table. Remove a Router To remove one or more routers from the IP/Mask list box: 1. Select the router(s) from the list box. 2. Click Delete. M86 S ECURITY UIDE...

  • Page 131: Administrator

    WF Group Administrator Section for information on setting up and maintaining accounts for IP group administrators. See the M86 Web Filter Authentication User Guide for more information on setting up and maintaining LDAP Sub Admin group adminis- trator accounts. A help desk administrator will only see his/her account information and can only modify his/her password.

  • Page 132: View Administrator Accounts

    YSTEM SCREEN TIP: The default Username is admin and the Password is user3. M86 recommends that you retain this default account and pass- word in the event that the Web Filter unit cannot be accessed. An authorized M86 Security technical representative may need to use this username and password when troubleshooting the unit.

  • Page 133: Edit An Administrator Account

    NOTE: A username cannot be modified, but can be deleted and added again. Delete an Administrator Account To delete an administrator account: 1. Select the username from the Current User list box. 2. Click Delete to remove the account. M86 S ECURITY UIDE...

  • Page 134: Secure Logon

    IP address if an incorrect password is entered for a specified number of times within a defined timespan. NOTE: This window displays only on servers set up in the Stand- alone or Source mode. Fig. 2:1-15 Logon Settings window M86 S ECURITY UIDE...

  • Page 135: Enable, Disable Password Expiration

    LOGIN, a login dialog box opens: Fig. 2:1-16 New password entry This dialog box displays his/her Username and prompts him/her to enter a new password in the Password and Confirm Password fields. Upon clicking OK, the Web Filter user interface opens. M86 S ECURITY UIDE...

  • Page 136: Enable, Disable Account Lockout

    Lockout by IP address option(s) enabled— enter the number of times a user can enter an incorrect password during the interval defined in the Failed Password Attempts Timespan (in minutes) [1-1440] field before being locked out of the Web Filter. M86 S ECURITY UIDE...
  • Page 137 IP address on the third unsuccessful login attempt. But there would be no lockout for that IP address if the third failed attempt was made outside of the 10- minute timespan. 2. Click Apply to apply your settings. M86 S ECURITY UIDE...

  • Page 138: Logon Management

    Username/IP address feature is enabled in the Logon Settings window, and a user is unable to log into the Administrator console due to a password expiration, or having met the specified number of failed password attempts within the designated timespan. M86 S ECURITY UIDE...

  • Page 139: View User Account Status, Unlock Username

    YYYY-MM-DD format, based on the configuration in the Logon Settings window at the time the password was saved in that window) • lock symbol if the account is currently locked. TIP: This list can be resorted by clicking a specified column header. M86 S ECURITY UIDE...

  • Page 140: View Locked Ip Address, Unlock Ip Address

    TIP: Click No to close the dialog box. 3. Click Yes to display the alert box indicating the IP address was unlocked. 4. Click OK to close the alert box, and to remove the IP address from the list. M86 S ECURITY UIDE...

  • Page 141: View Admin, Sub Admin User Interface Access

    Click any of the available tabs (System, Policy, Library, Report, Help) to view menu topics, sub-topics, and branches of trees available to that administrator. 4. Click the “X” in the upper right corner of the window to close it. M86 S ECURITY UIDE...

  • Page 142: Diagnostics

    Command is selected from the Diagnostics menu. This window is used for viewing server statistics and for performing diagnostic tests on the server. Fig. 2:1-19 System Command window WARNING: Diagnostics tools utilize system resources, impacting the WFR’s performance. M86 S ECURITY UIDE...

  • Page 143: Perform A Diagnostic Test, View Data

    2. Click Execute to open a pop-up window containing the query results: Fig. 2:1-20 System Command, Results window 3. Click the “X” in the upper right corner of the pop-up window to close it. M86 S ECURITY UIDE...

  • Page 144: Command Selections

    When Execute is clicked, rows of processes display in the pop-up window, including the following information for each process: Process Identification Number, full device number of the controlling terminal, status code, amount of time it took to run the process, and command line. M86 S ECURITY UIDE...
  • Page 145 When Routing Table is selected and Execute is clicked, information about available routes and their statuses displays in the pop-up window. Each route consists of a destination host or network and a gateway to use in forwarding packets. M86 S ECURITY UIDE...
  • Page 146 The Recent Logins diagnostic tool is used for showing infor- mation on administrator login activity. When Execute is clicked, the pop-up window displays a row of data for each time an administrator logged on the WFR. M86 S ECURITY UIDE...
  • Page 147 When Execute is clicked, messages from the kernel ring buffer display in the Result pop-up window. These messages from system boot-up provide information about hardware and module initialization, useful for diagnosing system problems. M86 S ECURITY UIDE...

  • Page 148: View Log File Window

    • “Software Update Log (patch.log)” - used for viewing the results of a software update application, such as which files were copied to the server, and whether the software update was successfully applied. M86 S ECURITY UIDE...
  • Page 149 “eDirectory Agent Debug Log (edirAgent.log)”, “eDirectory Agent Event Log (edirEvent.log)” and “Authentication Module Log (authmodule.log)” options, see the View log results section in the M86 Web Filter Authentication User Guide. 2. Choose the Last Number of Lines to view (100-500) from that file.

  • Page 150: Troubleshooting Mode Window

    Disable to terminate your Troubleshooting Mode session. Once Disable is clicked, the Web Filter will resume filtering the network. NOTE: See the Operation Mode window for information about invisible, router, and firewall modes, and listening devices. M86 S ECURITY UIDE...

  • Page 151: Use The Troubleshooting Mode

    Web Filter; packets sent to or from port 20 or 21; packets sent to the Virtual IP address’s port 137 or 139, or Address Resolution Protocol (ARP). 7. Click Execute to display results in the Result list box. M86 S ECURITY UIDE...

  • Page 152: Active Profile Lookup Window

    NOTE: In order to use this diagnostic tool, IP groups and/or members must be set up in the Policy section of the Web Filter, and each IP group and/or member must have a filtering profile. MAC addresses are used in the mobile mode only. M86 S ECURITY UIDE...

  • Page 153: Verify Whether A Profile Is Active

    • Rule name - if this profile uses a non-custom rule, the rule number displays • Profile Type - type of profile, greyed-out: • Regular profiles - IP group, sub-group, individual, or MAC profile M86 S ECURITY UIDE...
  • Page 154 • TAR profile - Threat Analysis Reporter lock out profile • Radius profile - Radius accounting server profile NOTE: See the M86 Web Filter Authentication User Guide for information that displays in these fields if the domain is an LDAP domain.
  • Page 155 • Blocked Ports (optional) - ports that have been set up to be blocked, if established. • Redirect URL (optional) - the URL that will be used for redirecting the user away from a page that is blocked, if established. M86 S ECURITY UIDE...

  • Page 156: Admin Audit Trail Window

    FTP server. The log of changes made on the server can be viewed in this window. Admin Audit Trail The Admin Audit Trail tab displays by default: Fig. 2:1-26 Admin Audit Trail window M86 S ECURITY UIDE...

  • Page 157: Specify Ftp Criteria

    6. Specify whether or not to Send Daily Log to FTP Server by clicking either the “on” or “off” radio button. 7. Click Apply to apply your settings. FTP the Log on Demand Click FTP Now to transfer the log on demand. M86 S ECURITY UIDE...

  • Page 158: View

    (Time), IP address of the machine used by the administrator, administrator's User- name, and a brief description of the Action performed on the server. M86 S ECURITY UIDE...

  • Page 159: Alert

    WFR alerts the administrator about the failed process, and that an attempt will be made to reload the necessary process. The last few lines of any pertinent logs are included in the message to assist the administrator in M86 S ECURITY UIDE...
  • Page 160 80 percent, an alert is sent to the administrator. This problem usually occurs if the Web Filter is unable to transfer log files to the M86 Security Reporter. Action should be taken to prevent the hard drive from reaching 100 percent utilization.

  • Page 161: Enable The Alert Feature

    Delete key on your keyboard 2. After all edits have been made, click Apply to apply your settings. Disable the Alert Feature 1. Click the “Disable” radio button. 2. Click Apply to apply your settings. M86 S ECURITY UIDE...

  • Page 162: Smtp Server Settings Window

    3. By default, the Email queue size is 50. This can be changed to specify the maximum number of requests that can be placed into the queue awaiting an available outbound connection. M86 S ECURITY UIDE...

  • Page 163: Verify Smtp Settings

    2. Enter the email address in the pop-up box. 3. Click OK to close the pop-up box and to process your request. If all SMTP Server Settings are accepted, the test email should be received at the specified address. M86 S ECURITY UIDE...

  • Page 164: Software Update

    Availability (GA) release to be distributed to all WFRs. Fig. 2:1-31 Local Software Update window NOTE: Available software updates come from downloads made to the server via Traveler, M86’s executable program that can run on demand, or be set to run at a scheduled time. M86 S...

  • Page 165: Read Information About A Software Update

    HAPTER YSTEM SCREEN TIP: Click the link (“here”) at the bottom of the window to go to the Web page at M86 Security’s public site (http:// www.m86security.com/support/wfr/documentation.asp) where release notes about software updates can be obtained. Read Information about a Software Update...

  • Page 166: Select And Apply A Software Update

    1. Go to the Available Software Updates frame and select the software update to be applied. 2. Click Apply to open the software update installation dialog box: Fig. 2:1-33 Software update installation dialog box 3. Click Yes to open the EULA dialog box: M86 S ECURITY UIDE...
  • Page 167 Log File window for more information. 5. Click OK to close the alert box and to proceed. This action opens the connection failure alert box, indicating that the connection to the WFR has been lost due to the software update application: M86 S ECURITY UIDE...
  • Page 168 8. Wait a few minutes, and then log back into the Web Filter console again. NOTE: M86 recommends performing a backup of configuration files after applying a software update. (See the Backup/Restore window in this chapter for information on performing a backup.)
  • Page 169 NOTE: If you do not have an installation key, click the link “click here” to go to the M86 Security Web site where you will need to log in and request an installation key.

  • Page 170: Undo An Applied Software Update

    Undo an Applied Software Update NOTE: Only the most recently applied software update can be uninstalled. WARNING: If a software update is uninstalled, configuration settings will revert to the previous settings, before the software update was applied. M86 S ECURITY UIDE...

  • Page 171: Software Update Log Window

    Fig. 2:1-40 Software Update Log window View Log Contents Click View Log to display contents of the log in the frame below with the status of the software update. M86 S ECURITY UIDE...

  • Page 172: Download Log, View, Print Contents

    4. After the file has successfully downloaded to your work- station, click OK to close the alert box asking you to verify that the software update log file was successfully saved. M86 S ECURITY UIDE...

  • Page 173: View The Contents Of The Log

    1. Find the log file in the folder, and right-click on it to open the pop-up menu: Fig. 2:1-41 Folder containing downloaded file 2. Choose “Open With” and then select a zip file executable program such as “WinZip Executable” to launch that application: Fig. 2:1-42 WinZip Executable program M86 S ECURITY UIDE...
  • Page 174 “View” to open the View dialog box: Fig. 2:1-44 View dialog box 5. Select “Internal ASCII text viewer”, and then click View to open the View window containing the log file contents: Fig. 2:1-45 View window M86 S ECURITY UIDE...
  • Page 175 OK to close the dialog box. 2. Open Notepad—in Windows XP: Start > All Programs > Accessories > Notepad 3. Paste the contents from the clipboard into the Notepad file. The correctly formatted Notepad file can now be saved and/or printed. M86 S ECURITY UIDE...

  • Page 176: Synchronization

    Synchronizing Multiple Units, from the Web Filter Introductory Section. If synchronizing a WFR with a Web Filter, see http:// www.m86security.com/software/8e6/hlp/ifr/files/ 1system_sync_versions.html for software version compatibility. WARNING: This version of synchronization only supports the use of unique IP addresses throughout a network. M86 S ECURITY UIDE...

  • Page 177: Setup Window

    This indicates that all settings on the Web Filter that is currently being configured apply only to that Web Filter. For the Stand Alone mode setting: 1. In the Mode frame, click “Stand Alone”. 2. Click Apply. M86 S ECURITY UIDE...

  • Page 178: Using More Than One Web Filter On The Network

    This setup is required so that the source server can communicate with the target server(s). For the Source mode setting: 1. In the Mode frame, click “Source” to display the Source mode view: Fig. 2:1-47 Setup window, Source mode M86 S ECURITY UIDE...
  • Page 179 4. In the IP to Send frame, select either the LAN 1 or LAN 2 IP address from the IP to Send pull-down menu. This IP address will be used for sending profile/library setting changes to the target server(s). M86 S ECURITY UIDE...
  • Page 180 8. Click Apply after all settings have been made. Note that the CMC Management topic becomes available in the navigation panel for this source server when settings in this window are saved. M86 S ECURITY UIDE...
  • Page 181 NAT device between the target and source server, be sure that ports 26262 and 26268 are open on the target server. This setup is required so that the target server can communicate with the source server. M86 S ECURITY UIDE...
  • Page 182 4. Click OK to close the alert box, and make any adjust- ments, if necessary. 5. After validating the source IP address, click Change Source to display this IP address in the Current Source IP display field. M86 S ECURITY UIDE...

  • Page 183: Status Window

    Fig. 2:1-49 Status window, Source mode If set up in the Target mode, this window is used for verifying that profile/library setting updates are being received from the source server. M86 S ECURITY UIDE...

  • Page 184: View The Sync Status Of Targets From The Source

    To view items in the queue for a specified target server: 1. In the Current Queue column for that server, click Details to open the Queue of Target pop-up window: M86 S ECURITY UIDE...

  • Page 185: View Items Previously Synced To The Server

    (100, 200, 300, 400, 500) for the most recent synchronization history that you wish to view. 3. Click View to display lines of items in the History Log: Fig. 2:1-51 History of Target pop-up window 4. Click Close to close the pop-up window. M86 S ECURITY UIDE...

  • Page 186: Place Items In Queue For Syncing

    The Target Sync Status frame includes the following infor- mation: • Source IP - The IP address of the source server displays. • Connection Status - “OK” or “FAULT” displays, indi- cating whether or not there is a connection to the source server. M86 S ECURITY UIDE...
  • Page 187 • History Log - Click the Details button to open the History of Target pop-up window. See View Items Previ- ously Synced to the Server in this section for information on accessing and viewing the contents of this window. M86 S ECURITY UIDE...

  • Page 188: Mode

    Web Filter will solely filter workstations outside of the server location. In the ICAP mode, the Web Filter off- loads specific content normally handled by a Web Filter, such as filtering. Fig. 2:1-53 Operation Mode window M86 S ECURITY UIDE...

  • Page 189: Set The Operation Mode

    Web Filter, click the “Mobile” checkbox to use the mobile mode in conjunction with the selected filtering mode. WARNING: If using the router or firewall mode, M86 recommends contacting one of our solutions engineers if you need any assis- tance with setup procedures.

  • Page 190: Invisible Option: Specify The Block Page Delivery

    “Default Gateway” displays by default as the Block Page Route To selection. • “Alternate IP Address” - this option should be used if block pages are not being served. Enter the IP address of the router or device that will serve block pages. M86 S ECURITY UIDE...

  • Page 191: Icap Option: Specify Icap Server Settings

    This tag provides a way for ICAP servers to send a service- specific “cookie” to ICAP clients so that the ICAP server can communicate with the ICAP client. For example: "835nb0-20a5-3e52671" M86 S ECURITY UIDE...
  • Page 192 ICAP server. By default, this port number is 1344. NOTE: The port number must be the same one entered for the URI. WARNING: Go to http://www.m86security.com/software/8e6/ hlp/ifr/files/1system_opmode_icap.html to review a list of items to be considered when using the ICAP mode. M86 S ECURITY UIDE...

  • Page 193: Mobile Option: Specify The Mobile Client Control

    This window is used for specifying whether the WFR is in a proxy environment, if the default Web server port number 80 will be enabled, and if HTTPS traffic will be allowed to pass without being overblocked. Fig. 2:1-54 Proxy Environment Settings window M86 S ECURITY UIDE...

  • Page 194: Use A Local Proxy Server

    HTTPS traffic, and then click Add to include that IP address in the list box below. TIP: To remove an IP address from the list box, select it and then click Remove. 3. Click Apply to enable your settings. M86 S ECURITY UIDE...

  • Page 195: Authentication

    Settings, and Authentication SSL Certificate. NOTES: Information about these sub-topics can be found in the M86 Web Filter Authentication User Guide. The Authentication topic and sub-topics do not display if the synchronization feature is used, and this server being configured is set up in the Target mode to synchronize both profile and library setting changes.

  • Page 196: Backup/Restore

    Backup Configurations grid in the Restore tab. The newly added row includes the following information: Date the backup was executed, Filename of the backup file, general information about the Content of the file, and a Comment about the file. M86 S ECURITY UIDE...

  • Page 197: Backup Procedures

    Backup Procedures M86 recommends performing backup procedures whenever changes are made to system configurations or to library configurations. By creating backup files and saving these files off the WFR server, prior server settings can later be...

  • Page 198: Perform A Backup On Demand

    6. Click OK to close the Message alert box, and to add a new row for that file to the Backup Configurations grid in the Restore tab. NOTE: Once the file is added to the grid, it can be downloaded and saved on another machine, if necessary. M86 S ECURITY UIDE...

  • Page 199: Schedule A Backup

    7. Click OK to close the alert box. You can now set up a schedule for a backup in the Recur- rence Schedule section of the Scheduled Backup frame. M86 S ECURITY UIDE...

  • Page 200: Create A Backup Schedule

    Indicate whether this time slot is “AM” or “PM”. c. Today’s date displays using the MM/DD/YY format. To choose another date, click the arrow in the date drop- down menu to open the calendar pop-up box: M86 S ECURITY UIDE...
  • Page 201 Tuesday, these settings indicate this profile will be used each Tuesday during the specified time period. If 2 is entered and “Wednesday” and “Friday” are selected, this profile will be used every two weeks on Wednesday and Friday. M86 S ECURITY UIDE...
  • Page 202 • The second option lets you make selections from the three pull-down menus for the following: - week of the month: “First” - “Fourth”, or “Last” - day of the month: “Sunday” - “Saturday”, “Day”, M86 S ECURITY UIDE...
  • Page 203 Restore window now shows the schedule in the Recur- rence Schedule section of the Scheduled Backup frame. Remove a Backup Schedule Click Remove to remove the schedule from the Recurrence Schedule section of the Scheduled Backup frame. M86 S ECURITY UIDE...

  • Page 204: Download A File

    5. Select the folder in which to save the file, and then enter the File name, retaining the “.gz” file extension. Click Save to begin downloading the .gz file to your worksta- tion. M86 S ECURITY UIDE...

  • Page 205: Perform A Restoration

    Software Update window for more information about software updates.) Upload a File to the Server To upload a .gzip file to the server: 1. Click Upload to open the Upload Backup GZIP File pop- up window: Fig. 2:1-59 Upload GZIP File pop-up window M86 S ECURITY UIDE...

  • Page 206: Remove A Backup File

    1. Select the file from the Backup Configurations grid. 2. Click Restore to overwrite the current settings. Remove a Backup File To remove a file from the Backup Configurations grid: 1. Select the file. 2. Click Delete. M86 S ECURITY UIDE...

  • Page 207: View Backup And Restoration Details

    The following information displays for each row: the date and time a process was attempted to be executed, and a Message indicating whether that process succeeded or failed. 2. Click OK to close the pop-up box. M86 S ECURITY UIDE...

  • Page 208: Reset

    YSTEM SCREEN Reset Reset window The Reset window displays when Reset is selected from the navigation panel. This function, used for resetting the server to factory default settings, is not available in WFR. Fig. 2:1-61 Reset window M86 S ECURITY UIDE...

  • Page 209: Radius Authentication Settings

    Depending on your network setup, there may be more than one accounting server. Also there may be a client (Network Access Server or proxy server) that sends accounting request packets to the external Radius accounting server. M86 S ECURITY UIDE...

  • Page 210: Enable Radius

    • Check the box for Use Web Filter IP as Source IP, if the IP address of the Web Filter (LAN1 or LAN2) should be used when forwarding packets instead of the IP address of the NAS. M86 S ECURITY UIDE...

  • Page 211: Disable Radius

    Apply Settings Click Apply to save your settings. Disable Radius To disable the Radius feature: 1. At the Radius Mode field, click the “Off” radio button. 2. Click Apply. M86 S ECURITY UIDE...

  • Page 212: Snmp

    Enable SNMP The Monitoring mode is “Off” by default. To enable SNMP, click Enable in the Monitoring Mode frame. As a result, all elements in this window become activated. M86 S ECURITY UIDE...

  • Page 213: Specify Monitoring Settings

    Maintain the Access Control List 1. To remove one or more IP addresses from the list, select each IP address from the Access control list, using the Ctrl key for multiple selections. 2. Click Delete. 3. Click Save Changes. M86 S ECURITY UIDE...

  • Page 214: Hardware Failure Detection

    Hardware Failure Detection is selected from the navigation panel. This feature shows the status of each drive on the RAID server. Fig. 2:1-64 Hardware Failure Detection window, 300 series model Fig. 2:1-65 Hardware Failure Detection window, 500 series model M86 S ECURITY UIDE...

  • Page 215: View The Status Of The Hard Drives

    2. Replace the failed drive with your spare replacement drive 3. Click on the “Rebuild” button on the GUI 4. To return a failed drive to M86 or to order additional replacement drives, please call M86 Technical Support NOTE: For information on troubleshooting RAID, refer to WFR Appendix II: RAID and Hardware Maintenance.

  • Page 216: Strikes Blocking

    X Strikes Blocking settings are effective only for filtering profiles with the X Strikes Blocking filter option enabled. (See Filter Options in the Policy screen section for information on setting up the X Strikes Blocking filter option.) M86 S ECURITY UIDE...

  • Page 217: Configuration

    6. Specify a Redirect URL to be used when the end user is locked out from his/her workstation. By default, “Default "Alternate" Locked Block Page” is selected, indicating that the standard lock out block page will display. M86 S ECURITY UIDE...

  • Page 218: Lock Page

    A user who receives the final strike that locks him/her out the workstation will see the following lock page display on the screen: Fig. 2:1-67 Sample lock page The text informs the user: “Your Internet privileges have been temporarily suspended. For assistance, contact your Administrator.” M86 S ECURITY UIDE...

  • Page 219: Overblocking Or Underblocking

    • Maximum strikes = 5 • Time span for the maximum number of strikes = 5 minutes Within a five-minute period, if a user accesses five sites that contain blocked material, that user will be locked out of his/ M86 S ECURITY UIDE...
  • Page 220 If these configuration settings do not block users often enough • the time span for the maximum number of strikes may need to be reduced • the maximum number of strikes may need to be reduced M86 S ECURITY UIDE...

  • Page 221: Email Alert

    PM, and at midnight when the time interval is reset. To check the time(s) the email alert is scheduled to occur, click the Display Sending Time button to open The Daily Schedule pop-up window that shows the alert time schedule in the (HH:MM:SS) format: M86 S ECURITY UIDE...

  • Page 222: Set Up Email Alert Recipients

    2. Click Add to include the email address in the Current Email Alerts list box. NOTE: The maximum number of email alert recipients is 50. If more than 50 recipients need to be included, M86 recommends setting up an email alias list for group distribution. Remove Email Alert Recipients 1.

  • Page 223: Logon Accounts

    Users list box. NOTE: When an authorized staff member is added to this list, that username is automatically added to the Current Un-Accessible Users list box in the Logon Accounts tab of the Real Time Probe window. M86 S ECURITY UIDE...
  • Page 224 (See Chapter 4: Reporting screen, Real Time Probe for information on setting up and using real time probes.) M86 S ECURITY UIDE...

  • Page 225: Categories

    “No Strike” Categories list box. 3. Click Apply to apply your settings. NOTE: Library categories in the “Strike” Categories list box will only be effective for filtering profiles with the X Strikes Blocking Filter Option enabled. M86 S ECURITY UIDE...

  • Page 226: Go To X Strikes Unlock Workstation Gui

    The Re-login window opens if the user’s session needs to be validated: Fig. 2:1-72 Re-login window 1. Enter your Username. 2. Enter your Password. 3. Click OK to close the Re-login window and to re-access the Web Filter console. M86 S ECURITY UIDE...

  • Page 227: Strikes Unlock Workstation

    “x.x.x.x” is the IP address of the Web Filter—to view locked workstation criteria. When using the aforementioned URL, the following occurs: • The Login window opens: M86 S ECURITY UIDE...
  • Page 228 X Strikes Unlock Workstation pop-up window (see Fig. 2:1- 70). • The Web Filter Introductory Window for X Strikes simultaneously opens with the Login window: Fig. 2:1-75 X Strikes introductory window This window must be left open during the entire session. M86 S ECURITY UIDE...
  • Page 229 1. Enter the email address in the Email Address to be Subscribed/Unsubscribed text box. 2. Click Unsubscribe. Close the Pop-up Window Click the “X” in the upper right corner of the pop-up window to close the window. M86 S ECURITY UIDE...

  • Page 230: Warn Option Setting

    URL with a Warn setting. Fig. 2:1-76 Warn Option Setting window M86 S ECURITY UIDE...

  • Page 231: Specify Interval For Re-Displaying The Warn Page

    1. In the Warn Life Time (minutes) field, by default 10 displays. Enter the number of minutes (1-480) to be used in the interval for re-displaying the warning page for the end user. 2. Click Apply to enable your setting. M86 S ECURITY UIDE...

  • Page 232: Customization

    Target mode to synchronize both profile and library setting changes. Refer to the M86 Web Filter Authentication User Guide for infor- mation on using the Authentication Form Customization window. M86 S...

  • Page 233: Common Customization Window

    By default, in the Details frame all elements are selected to display in the HTML pages, the Help link points to the FAQs page on M86's public site that explains why access was denied, and a sample email address is included for adminis- trator contact information.

  • Page 234: Enable, Disable Features

    • Blocked URL Display - if enabled, displays “Blocked URL” followed by the blocked URL in block pages • Copyright Display - if enabled, displays M86 Web Filter copyright information at the footer of block and lock pages, and the authentication request form •...
  • Page 235 Enter the global administrator's email address. 2. Click Apply to save your entries. TIP: Click Restore Default and then click Apply to revert to the default settings in this window. M86 S ECURITY UIDE...

  • Page 236: Lock Page Customization Window

    NOTE: See X Strikes Blocking window in this chapter for informa- tion on using the X Strikes Blocking feature. Fig. 2:1-78 Lock Page Customization window TIP: An entry in any of the fields in this window is optional. M86 S ECURITY UIDE...

  • Page 237: Edit Entries, Setting

    Description field. Click “Off” to not have the explanatory text display in the lock page. 3. Click Apply. TIP: Click Restore Default and then click Apply to revert to the default settings in this window. M86 S ECURITY UIDE...

  • Page 238: Preview Sample Lock Page

    By default, the following standard links are included in the lock page: • HELP - Clicking this link takes the user to M86’s Tech- nical Support page that explains why access to the site or service may have been denied.

  • Page 239: Block Page Customization Window

    DMINISTRATOR ECTION HAPTER YSTEM SCREEN • M86 Security - Clicking this link takes the user to M86’s Web site. 2. Click the “X” in the upper right corner of the window to close the sample customized lock page. TIP: If necessary, make edits in the Lock Page Customization window or the Common Customization window, and then click Preview in this window again to view a sample lock page.

  • Page 240: Add, Edit Entries

    Any entries made in these fields will display centered in the customized block page, using the Arial font type. 2. Click Apply. TIP: Click Restore Default and then click Apply to revert to the default settings in this window. M86 S ECURITY UIDE...

  • Page 241: Preview Sample Block Page

    URL displays. If the content the user attempted to access is blocked by an Exception URL, “Exception” displays instead of the library category name. • Blocked URL field - The URL the user attempted to access displays. M86 S ECURITY UIDE...
  • Page 242 By default, the following standard links are included in the block page: • HELP - Clicking this link takes the user to M86’s Tech- nical Support page that explains why access to the site or service may have been denied.

  • Page 243: Warn Page Customization Window

    NOTE: See Warn Option Setting window in this chapter for more information about this feature. Fig. 2:1-82 Warn Page Customization window TIP: An entry in any of the fields in this window is optional. M86 S ECURITY UIDE...

  • Page 244: Add, Edit Entries

    Any entries made in these fields will display centered in the customized warning page, using the Arial font type. 2. Click Apply. TIP: Click Restore Default and then click Apply to revert to the default settings in this window. M86 S ECURITY UIDE...

  • Page 245: Preview Sample Warning Page

    • IP field - The user’s IP address displays. • Category field - The name of the library category that warned the user about accessing the URL displays. • Blocked URL field - The URL the user attempted to access displays. M86 S ECURITY UIDE...
  • Page 246 By default, the following standard links are included in the warning page: • HELP - Clicking this link takes the user to M86’s Tech- nical Support page that explains why access to the site or service may have been denied.

  • Page 247: Profile Control Window

    Common Customization window, and override accounts are set up for designated end users. NOTE: See Override Account window in the Policy section for more information about this feature. Fig. 2:1-84 Profile Control window M86 S ECURITY UIDE...

  • Page 248: Edit Entries

    TIP: Click Restore Default and then click Apply to revert to the default settings in this window. NOTE: For a sample profile control pop-up window, see Option 3 from the Options page section of the Block Page Authentication window. M86 S ECURITY UIDE...

  • Page 249: Quota Block Page Customization Window

    1. Make an entry in any of the following fields: • In the Header field, enter a static header to display at the top of the quota block page. • In the Description field, enter a static text message to be displayed beneath the header. M86 S ECURITY UIDE...

  • Page 250: Preview Sample Quota Block Page

    Fig. 2:1-86 Sample Customized Quota Block Page By default, the following data displays in the Category frame: • Category field - The name of the library category that blocked the user from accessing the URL displays. M86 S ECURITY UIDE...
  • Page 251 By default, the following standard links are included in the quota block page: • HELP - Clicking this link takes the user to M86’s Tech- nical Support page that explains why access to the site or service may have been denied.

  • Page 252: Quota Notice Page Customization Window

    1. Make an entry in any of the following fields: • In the Header field, enter a static header to display at the top of the quota notice page. • In the Description field, enter a static text message to be displayed beneath the header. M86 S ECURITY UIDE...

  • Page 253: Preview Sample Quota Notice Page

    1. Click Preview to launch a separate browser window containing a sample customized quota notice page, based on entries saved in this window and in the Common Customization window: Fig. 2:1-88 Sample Customized Quota Notice Page M86 S ECURITY UIDE...
  • Page 254 By default, the following standard links are included in the quota notice page: • HELP - Clicking this link takes the user to M86’s Tech- nical Support page that explains why access to the site or service may have been denied.

  • Page 255: Cmc Management

    Fig. 2:1-89 Software Update Management window View Software Update Information The Software Updates frame displays the software update statuses of the source and each target Web Filter: Host- name/Location (information entered in the LAN Settings M86 S ECURITY UIDE...
  • Page 256 Columns can be resized by mousing over the line in the header between two columns so that a double-ended arrow (<—>) displays, and then clicking and dragging the cursor to the left or right. M86 S ECURITY UIDE...

  • Page 257: Apply Or Undo A Software Update

    To undo a software update: 1. Select the row(s) corresponding to the server(s) that need(s) to have the last software update removed. 2. Clicking Undo to remove that software update from the server(s). M86 S ECURITY UIDE...

  • Page 258: Status Window

    • Filtering Status - “OK” displays if the server is being filtered, or “FAIL” displays if the server is not being filtered NOTE: Filtering Status information will only display if the “Upstream Failover Detect” option is enabled in the Synchroniza- tion > Setup window. M86 S ECURITY UIDE...
  • Page 259 Columns can be resized by mousing over the line in the header between two columns so that a double-ended arrow (<—>) displays, and then clicking and dragging the cursor to the left or right. M86 S ECURITY UIDE...

  • Page 260: Quota Setting

    Fig. 2:1-91 Quota Setting window TIP: After making all configuration settings in this window during this session, click Apply. M86 S ECURITY UIDE...

  • Page 261: Configure Quota Hit Settings

    NOTE: This field is greyed-out on a Web Filter set up as either a standalone server or as target server in the synchronization mode. TIP: After making all configuration settings in this window during this session, click Apply. M86 S ECURITY UIDE...

  • Page 262: Reset Quotas

    2. Click Add to include this reset time in the Current Reset Time(s) list box. TIP: Repeat steps 1 and 2 for each quota reset time to be sched- uled. After making all configuration settings in this window during this session, click Apply. M86 S ECURITY UIDE...

  • Page 263: Quota Notice Page

    When the end user has spent 75 percent of time in a quota- restricted library group/category, the quota notice page displays: Fig. 2:1-92 Sample Quota Notice Page By default, the following fields display: • Category field - Name of the library category with the most hits. M86 S ECURITY UIDE...
  • Page 264 LDAP user. This field is blank for the IP group user. By default, the following standard links are included in the quota notice page: • HELP - Clicking this link takes the user to M86’s Tech- nical Support page that explains why access to the site may have been denied.

  • Page 265: Quota Block Page

    • Requested URL field - The URL the user attempted to access displays. • IP field - The user’s IP address displays. • User/Machine field - The username displays for the LDAP user. This field may be blank for the IP group user. M86 S ECURITY UIDE...

  • Page 266: Ssl Certificate

    By default, the following standard links are included in the quota block page: • HELP - Clicking this link takes the user to M86’s Tech- nical Support page that explains why access to the site or service may have been denied.

  • Page 267: Chapter 2: Policy Screen

    At the root of this tree is Policy. The main branches of this tree include: Global Group and IP, followed by LDAP if authentication is enabled. M86 S ECURITY UIDE...
  • Page 268 Click an entity in the tree list to view a menu of topics or actions that can be performed for that entity. NOTES: Information on LDAP groups can be found in the M86 Web Filter Authentication User Guide. Information on creating filtering profiles for IP groups can be found in the WF Group Administrator Section of this user guide.

  • Page 269: Global Group

    Web Filter in the invisible or router mode. Service ports that should be open—ignored by the Web Filter—are also defined in this window. Fig. 2:2-2 Range to Detect Settings window, main window M86 S ECURITY UIDE...

  • Page 270: Add A Segment To The Network

    Fig. 2:2-3 Range to Detect Settings window, Node tab Add a Segment to the Network To add a segment to be detected on the network: 1. Click Add to go to the next page: M86 S ECURITY UIDE...
  • Page 271 • Advanced Settings - clicking this button takes you to the Range to Detect Advanced Settings window. Follow the instructions in the Range to Detect Advanced Settings sub-section to complete the addi- tion of the segment on the network. M86 S ECURITY UIDE...

  • Page 272: Range To Detect Setup Wizard

    1. Choose the appropriate option for entering the IP address(es): • IP / Netmask - use these fields to specify a range of IP addresses • Individual IP - use this field to enter a single IP address M86 S ECURITY UIDE...
  • Page 273 IP frames. This reduces the load on the Web Filter, thus enabling it to handle more traffic. Fig. 2:2-6 Range to Detect Setup Wizard window, Step 2 NOTE: For Steps 2-6, click Back to return to the previous page of the Wizard. M86 S ECURITY UIDE...
  • Page 274 NOTE: By making entries in Destination IP fields, traffic will be restricted to the range specified in the Source IP and Destination IP frames. This reduces the load on the Web Filter, thus enabling it to handle more traffic. M86 S ECURITY UIDE...
  • Page 275 Fig. 2:2-8 Range to Detect Setup Wizard window, Step 4 Step 5: Optional In this step you enter destination port numbers to be excluded from filtering. Fig. 2:2-9 Range to Detect Setup Wizard window, Step 5 M86 S ECURITY UIDE...
  • Page 276 • click the Modify button to the right of the list box if you need to make changes. This action takes you to that page of the Wizard where you make your edits. Click Next until you return to Step 6. M86 S ECURITY UIDE...

  • Page 277: Range To Detect Advanced Settings

    NOTE: Click Cancel to be given the option to return to the main Range to Detect Settings window without saving your settings. 2. Click Apply to accept your entries and to return to the main Range to Detect Settings window. M86 S ECURITY UIDE...

  • Page 278: Modify A Segment Of The Network

    Detect Advanced Settings sub-section. Remove a Segment from the Network To remove a segment: 1. In the main Range to Detect Settings window (see Fig. 2:2-2), select the segment from the Current Ranges list box. 2. Click Remove. M86 S ECURITY UIDE...

  • Page 279: Rules Window

    Select the rule from the Current Rules pull-down menu to populate the Rule Details frame with settings made for that rule. If this rule is not an M86 pre-defined rule it can be modified or deleted. A rule that does not yet exist can be added using any rule in this list as a template, if necessary.

  • Page 280: Add A Rule

    URL he/she requested can be accessed, but may be against the organization’s policies. The end user can view the URL after seeing a warning message and agreeing to its terms. • Block - URLs in this category will be blocked. M86 S ECURITY UIDE...
  • Page 281 NOTE: See the Quota Settings window in Chapter 1: System screen for more information on configuring quota settings and resetting quotas for end users currently blocked by quotas. M86 S ECURITY UIDE...

  • Page 282: Modify A Rule

    Rule Descrip- tion field. 3. Enter up to 20 characters for a unique Rule Description that describes the theme for that rule. 4. Modify settings for library groups and categories in the Rule Details frame. M86 S ECURITY UIDE...

  • Page 283: Remove A Rule

    Click the following tabs in this window: Category, Port, Default Redirect URL, and Filter Options. Entries in these tabs comprise the profile string for the global group. Fig. 2:2-13 Global Group Profile window, Category tab M86 S ECURITY UIDE...

  • Page 284: Category Profile

    • Warn - URLs in this category will warn the end user that the URL he/she requested can be accessed, but may be against the organization’s policies. The end user can view the URL after seeing a warning message and agreeing to its terms. M86 S ECURITY UIDE...
  • Page 285 URLs in that library group/category. TIP: If a quota entry is made for a category group, all library cate- gories in that group will show the same number of quota minutes. M86 S ECURITY UIDE...

  • Page 286: Port

    4. Click Apply to apply your settings at the global level. Port Port displays when the Port tab is clicked. This tab is used for blocking access to specified ports for the global filtering profile. Fig. 2:2-14 Global Group Profile window, Port tab M86 S ECURITY UIDE...

  • Page 287: Default Redirect Url

    URL tab is clicked. This tab is used for specifying the URL to be used for redirecting users who attempt to access a site or service set up to be blocked for the global filtering profile. Fig. 2:2-15 Global Group Profile window, Default Redirect URL tab M86 S ECURITY UIDE...

  • Page 288: Filter Options

    Fig. 2:2-16 Global Group Profile window, Filter Options tab Create, Edit the Filter Options 1. Click the checkbox(es) corresponding to the option(s) to be applied to the global group filtering profile: “X Strikes Blocking”, “Google/Bing/Yahoo!/Youtube/Ask/AOL Safe Search Enforcement”, “Search Engine Keyword Filter M86 S ECURITY UIDE...
  • Page 289 An inappropriate image will only be blocked if that image is included in M86’s library or is blocked by Google, Bing.com, Yahoo!, YouTube, Ask.com, or AOL. If this option is used in conjunction with the X Strikes Blocking feature and a user is performing an inappropriate Google, Bing.com, Yahoo!, YouTube, Ask.com, or AOL Image search, the...
  • Page 290 • M86 Supplied Categories - see Chapter 3: Library screen, Search Engine Keywords window in this section. • Custom Categories - see the WF Group Administrator Section, Chapter 2: Library screen, Search Engine Keywords window.
  • Page 291 NOTE: To set up URL keywords in a URL Keywords window, see the following sections of this user guide for the specified library type: • M86 Supplied Categories - see Chapter 3: Library screen, URL Keywords window, in this section. • Custom Category - see the WF Group Administrator Section, Chapter 2: Library screen, URL Keywords window.

  • Page 292: Override Account Window

    IP group. See Appendix C: Override Pop-up Blockers for information on how a user with an override account can authenticate if a pop-up blocker is installed on his/her workstation. M86 S ECURITY UIDE...

  • Page 293: Add An Override Account

    (See Category Profile, Redirect URL, and Filter Options in this sub-section for information on the Rule, Redirect, and Filter Options tabs.) 6. Click Apply to activate the override account. 7. Click Close to close the pop-up window. M86 S ECURITY UIDE...
  • Page 294 For example, if M86 S ECURITY UIDE...
  • Page 295 URL that has not yet been categorized: “Pass”, “Warn”, or “Block”. 4. To use the quota feature to restrict the end user’s access to a passed library group/category, do the following: M86 S ECURITY UIDE...
  • Page 296 5. Click Apply to apply your settings to the override account profile. 6. Click another tab (Redirect or Filter Options) to continue creating the override account profile, or click Close to close the pop-up window and to return to the Override Account window. M86 S ECURITY UIDE...
  • Page 297 2. Click Apply to apply your settings to the override account profile. 3. Click the Filter Options tab to continue creating the over- ride account profile, or click Close to close the pop-up window and to return to the Override Account window. M86 S ECURITY UIDE...
  • Page 298 NOTE: See the X Strikes Blocking window in Chapter 1: System screen for information on setting up the X Strikes Blocking feature. M86 S ECURITY UIDE...
  • Page 299 NOTE: To set up search engine keywords in a Search Engine Keywords window, see the following sections of this user guide for the specified library type: • M86 Supplied Categories - see Chapter 3: Library screen, Search Engine Keywords window. • Custom Categories - see the WF Group Administrator Section, Chapter 2: Library screen, Search Engine Keywords window.

  • Page 300: Edit An Override Account

    NOTE: To set up URL keywords in a URL Keywords window, see the following sections of this user guide for the specified library type: • M86 Supplied Categories - see Chapter 3: Library screen, URL Keywords window. • Custom Category - see the WF Group Administrator Section, Chapter 2: Library screen, URL Keywords window.

  • Page 301: Delete An Override Account

    5. Click Apply. 6. Click Close to close the pop-up window. Delete an Override Account To delete an override account: 1. In the Current Accounts frame, select the username from the list box. 2. Click Remove. M86 S ECURITY UIDE...

  • Page 302: Approved Content Settings Window

    VuSafe removes all outside content on sites such as YouTube.com, eliminating access to inappro- priate material. This free Web-based service requires no additional software or hardware setup. Enabling the M86 S ECURITY UIDE...

  • Page 303: Approved Content Setup And Configuration

    • Text editor tool such as Notepad or TextPad • MD5 checksum calculator tool Once you have access to the aforementioned items, follow the instructions in the M86 Approved Content Portal Setup document at http://www.m86security.com/software/8e6/ docs/ug/misc/wf.ac.4.1.00.pdf . As explained in the portal setup document, a passkey must be created for each video to be included in the portal.
  • Page 304 Passkeys list box will be avail- able for users set up in the Policy tree. Though these users can be set up to use the Approved Content feature, they will need to have passkeys entered and saved in their profiles. M86 S ECURITY UIDE...

  • Page 305: Minimum Filtering Level Window

    Chapter 1 of the WF Group Administrator Section for more infor- mation about override accounts. Click the following tabs in this window: Category, Port, and Min. Filter Bypass. Entries in the Category and Port tabs comprise the profile string for the minimum filtering level. M86 S ECURITY UIDE...

  • Page 306: Minimum Filtering Categories

    Pass or Block column. TIP: In the Category Groups tree, double-click the group enve- lope to open that segment of the tree and to view library catego- ries belonging to that group. M86 S ECURITY UIDE...
  • Page 307 Shift key on your keyboard while clicking the last category, and then double- clicking in the appropriate column. 2. Click Apply to apply your settings for the minimum filtering level. M86 S ECURITY UIDE...

  • Page 308: Port

    2. Click Add. Each port number you add displays in the Block Port(s) list box. 3. Click Apply to apply your settings at the minimum filtering level. To remove a port number from the list box: 1. Select the port number. 2. Click Remove. M86 S ECURITY UIDE...

  • Page 309: Minimum Filtering Bypass Options

    Fig. 2:2-24 Minimum Filtering Level window, Min. Filter Bypass tab NOTE: See the Override Account window and Exception URL window of the Policy screen in the Group Administrator Section of this user guide for information on setting up an override account and exception URLs. M86 S ECURITY UIDE...

  • Page 310: Refresh All

    If authentication is enabled, when Refresh All is clicked, the LDAP branch of the tree displays. When authentication is disabled, when Refresh All is clicked only the IP branch of the tree displays. M86 S ECURITY UIDE...

  • Page 311: Add Group

    "{" (left brace), "}" (right brace), "[" (left bracket), "]" (right bracket), "@" (at sign), "#" (pound sign), "$" (dollar sign), "%" (percent sign), "<" (less than symbol), “>” (greater than symbol), "+" (plus symbol), "-" (minus sign), "=" (equals sign). M86 S ECURITY UIDE...

  • Page 312: Refresh

    Group Administrator Section of this user guide. Refresh Refresh IP Groups From the IP group menu, click Refresh whenever changes have been made in this branch of the tree. M86 S ECURITY UIDE...

  • Page 313: Chapter 3: Library Screen

    Updates, Library Lookup, Customer Feedback Module, NNTP Newsgroup, and Pattern Detection Whitelist topics. Click Updates to display a menu of sub-topics: Configura- tion, Manual Update, Additional Language Support, Library Update Log, and Emergency Update Log. M86 S ECURITY UIDE...
  • Page 314 Groups to open the tree list. Double-click a category group envelope—any envelope except Custom Categories—to view M86 supplied library categories for that group. Click a library category topic to view a menu of sub-topics for that library category item: Library Details, URLs, URL Keywords, and Search Engine Keywords.

  • Page 315: Updates

    Configuration window The Configuration window displays when Configuration is selected from the Updates menu. This window is used for making settings to allow the Web Filter to receive M86 supplied library category updates on a daily basis. Fig. 2:3-2 Configuration window Set a Time for Updates to be Retrieved 1.

  • Page 316: Optional: Specify A Proxy Server

    Log Level 1 includes a summary of library and software update activity. Log Level 2 includes detailed information on library and soft- ware update activity. 2. Click Apply to apply your settings. M86 S ECURITY UIDE...

  • Page 317: Manual Update Window

    The Manual Update to M86 Supplied Categories window displays when Manual Update is selected from the Updates menu. This window is used for updating specified M86 supplied library categories on demand from the update server, if the Web Filter has not received daily updates due to an occurrence such as a power outage.
  • Page 318 Local Software Update window in Chapter 1: System screen. For information on viewing the status of downloaded software updates, see the Software Update Log window in Chapter 1, and the Emergency Update Log window in this chapter. M86 S ECURITY UIDE...

  • Page 319: Additional Language Support Window

    Additional Language Support window The Additional Language Support window displays when Additional Language Support is selected from the Updates menu. This window is used for including additional M86- supported languages in library downloads. Fig. 2:3-4 Additional Language Support window Select Additional Languages 1.

  • Page 320: Library Update Log Window

    View the Library Update Process When performing a manual (on demand) library update, click View Log to display contents from the log file with the status of the library update. Keep clicking this button to continue viewing log file data. M86 S ECURITY UIDE...

  • Page 321: Download Log, View, Print Contents

    View the Contents of the Log Once the log file has been downloaded to your workstation, you can view its contents. 1. Find the log file in the folder, and right-click in it to open the pop-up menu: M86 S ECURITY UIDE...
  • Page 322 2. Choose “Open With” and then select a zip file executable program such as “WinZip Executable” to launch that application: Fig. 2:3-7 WinZip Executable program 3. If using WinZip, click I Agree to open the window containing the zip file: M86 S ECURITY UIDE...
  • Page 323 “View” to open the View dialog box: Fig. 2:2-9 View dialog box 5. Select “Internal ASCII text viewer”, and then click View to open the View window containing the log file contents: Fig. 2:3-10 View window M86 S ECURITY UIDE...
  • Page 324 2. Open Notepad—in Windows XP: Start > All Programs > Accessories > Notepad 3. Paste the contents from the clipboard into the Notepad file: Fig. 2:3-11 Notepad The correctly formatted Notepad file can now be saved and/or printed. M86 S ECURITY UIDE...

  • Page 325: Emergency Update Log Window

    Fig. 2:3-12 Emergency Update Log window View the Emergency Software Update Process Click View Log to display contents from the emergency software update log file with the status of the software update. M86 S ECURITY UIDE...

  • Page 326: Download The Software Update Log File

    OK to close the alert box asking you to verify that the software update log file was successfully saved. NOTE: See Library Update Log window for information on viewing the contents of the log file, and printing and/or saving the log file contents. M86 S ECURITY UIDE...

  • Page 327: Library Lookup

    1. In the URL Lookup frame, enter the URL. For example, enter http://www.coors.com, coors.com, or use a wild- card by entering *.coors.com. A wildcard entry finds all URLs containing text that follows the period (.) after the asterisk (*). M86 S ECURITY UIDE...
  • Page 328 Result Category list box, showing the long name of the library category, followed by the URL. Remove a URL To remove the URL: 1. Select the item from the Result Category list box. 2. Click Remove. M86 S ECURITY UIDE...

  • Page 329: Search Engine Keyword Lookup, Removal

    Remove a Search Engine Keyword To remove a search engine keyword/phrase from library categories: 1. After performing the search engine keyword search, select the categories from the Result Category list box. 2. Click Remove. M86 S ECURITY UIDE...

  • Page 330: Reload The Library

    Once all changes have been made to library windows, click Reload Library to refresh. NOTE: Since reloading the library utilizes system resources that impact the performance of the Web Filter, M86 recommends clicking Reload Library only after modifications to all library windows have been made.

  • Page 331: Customer Feedback Module

    Module feature, in which the most frequently visited non-categorized URLs in your Web Filter's filter log will be FTPed to M86 on a daily basis. The URLs collected by M86 will be reviewed and added to M86's standard library cate- gories, as appropriate, so they can be blocked.

  • Page 332: Disable Customer Feedback Module

    1. At the Customer Feedback Module - Auto Learning Feature field, click “On” to indicate that you wish to enable the Customer Feedback Module. 2. Click Apply to open the Disclaimer dialog box: Fig. 2:3-15 Disclaimer box M86 S ECURITY UIDE...
  • Page 333 “M86 Security agrees to discuss the information collected by the Customer Feedback Module only with M86 Security’s employees who have a need to know and who have been informed of the confidential nature of the information and of their personal obligation not to disclose or use such information.
  • Page 334 HAPTER IBRARY SCREEN “Your agreement to activate the Customer Feedback Module will be transmitted back to M86 Security once you click the ‘Accept’ button.” 4. After reading this text, if you agree with the terms, click in the checkbox to activate the Accept button.

  • Page 335: Category Weight System

    This feature lets you choose which category will be logged and reported for a URL request that exists in multiple cate- gories (possibly both M86 supplied and custom library cate- gories) with the same operational precedence. Fig. 2:3-17 Category Weight System window...

  • Page 336: View The Current Selections

    • “No Weight” Categories - Populated with M86 supplied categories • “Weight” Categories - Pre-populated by default with cate- gories M86 suggests you might want to use for this feature. The contents in each list box, combined with the end user’s profile, help to determine what will appear in the log for the end user’s Internet activity.

  • Page 337: Weighting Library Categories

    "weight" when ranked against other categories, based upon an end user’s URL request that appears in multiple library categories set up with the same operational precedence in the end user’s filtering profile. M86 S ECURITY UIDE...

  • Page 338: Nntp Newsgroup

    Add a Newsgroup to the Library To add a newsgroup to the library: 1. In the Newsgroup frame, enter the Newsgroup address. 2. Click Add. If the newsgroup already exists, an alert box will open to inform you that it exists. M86 S ECURITY UIDE...

  • Page 339: Remove A Newsgroup From The Library

    After all changes have been made to library windows, click Reload Library to refresh. NOTE: Since reloading the library utilizes system resources that impact the performance of the Web Filter, M86 recommends clicking Reload Library only after modifications to all library windows have been made.

  • Page 340: Pattern Detection Whitelist

    Fig. 2:3-19 Pattern Detection Whitelist window NOTE: This feature can be used in conjunction with the Pattern Blocking feature, which, when enabled, blocks IP address patterns. (See the Filter window sub-section in Chapter 1: System screen.) M86 S ECURITY UIDE...

  • Page 341: Create, Maintain A Whitelist Of Ip Addresses

    Shift key on the keyboard while simultaneously clicking the last IP address in the list. 3. After all IP addresses have been added and/or removed, click Apply. M86 S ECURITY UIDE...

  • Page 342: Category Groups

    Administrator Section for information on setting up customized category groups and library categories. WARNING: The maximum number of library categories that can be saved is 512. This figure includes both M86 supplied catego- ries and custom categories. Double-click Category Groups to open the tree and to display category groups.

  • Page 343: Library Details Window

    Click the M86 supplied category link to view a menu of sub- topics: Library Details, URLs, URL Keywords, and Search Engine Keywords. (Menus for Instant Messaging library categories only include the sub-topics Library Details, and URLs).

  • Page 344: Urls Window

    (*) symbol followed by a period (.) can be entered in a format such as *.playboy.com, for example, to block access to all URLs ending in “.playboy.com”. A query string can be entered to block access to a specific URL. Fig. 2:3-22 URLs window, Action tab M86 S ECURITY UIDE...

  • Page 345: View A List Of Urls In The Library Category

    2. Make a selection from the pull-down menu for “Addition List”, “Deletion List”, “Wildcard Addition List”, or “Wild- card Deletion List”. 3. Click View List to display the specified items in the Select List list box: Fig. 2:3-23 URLs window, View tab M86 S ECURITY UIDE...

  • Page 346: Add Or Remove Urls, Reload The Library

    NOTE: The pound sign (#) character is not allowed in this entry. 2. Click Add to display the associated URL(s) in the list box below. 3. Select the URL(s) that you wish to add to the category. M86 S ECURITY UIDE...
  • Page 347 *.cnn.com is added to a category set up to be blocked, the end user will be able to access http://www.cnn.com since it is a direct match, but will not be able to access http://www.sports.cnn.com, since direct URL entries take precedence over wildcard entries. M86 S ECURITY UIDE...

  • Page 348: Remove A Url From The Library Category

    After all changes have been made to library windows, click Reload Library to refresh. NOTE: Since reloading the library utilizes system resources that impact the performance of the Web Filter, M86 recommends clicking Reload Library only after modifications to all library windows have been made.

  • Page 349: Url Keywords Window

    URLs that are not even within blocked categories. For example, if all URL keywords containing “sex” are blocked, users will not be able to access a non-pornographic site such as http:// www.essex.com. M86 S ECURITY UIDE...

  • Page 350: View A List Of Url Keywords

    1. Enter the Keyword in the Edit Keyword List frame. 2. Click Add. Remove a URL Keyword from the Library To remove a URL keyword from the library category: 1. Enter the Keyword in the Edit Keyword List frame. 2. Click Remove. M86 S ECURITY UIDE...

  • Page 351: Upload A List Of Url Keywords To The Library

    4. Click Upload File to upload this file to the server. NOTE: A URL keyword text file must contain one URL keyword per line. WARNING: The text file uploaded to the server will overwrite the current file. M86 S ECURITY UIDE...

  • Page 352: Reload The Library

    After all changes have been made to library windows, click Reload to refresh. NOTE: Since reloading the library utilizes system resources that impact the performance of the Web Filter, M86 recommends clicking Reload only after modifications to all library windows have been made.

  • Page 353: Search Engine Keywords Window

    Fig. 2:3-26 Search Engine Keywords window NOTES: Master lists cannot be uploaded to any M86 supplied library category. See the Custom Categories sub-section of the WF Group Administrator Section of this user guide for information on uploading a master list to the server.

  • Page 354: View A List Of Search Engine Keywords

    Add a Search Engine Keyword to the Library To add a search engine keyword/phrase to the library cate- gory: 1. In the Edit Search Keyword List frame, enter up to 75 alphanumeric characters in the Keyword field. 2. Click Add. M86 S ECURITY UIDE...

  • Page 355: Upload A List Of Search Engine Keywords

    3. Click Upload File to upload this file to the server. NOTE: A search engine keywords text file must contain one keyword/phrase per line. WARNING: The text file uploaded to the server will overwrite the current file. M86 S ECURITY UIDE...

  • Page 356: Reload The Library

    After all changes have been made to library windows, click Reload to refresh. NOTE: Since reloading the library utilizes system resources that impact the performance of the Web Filter, M86 recommends clicking Reload only after modifications to all library windows have been made.

  • Page 357: Chapter 4: Reporting Screen

    Click Usage Graphs to display the Usage Graphs window, used for analyzing reports on daily peaks and trends of Internet usage. Click Shadow Log Format to specify the format in which Web Filter logs will be sent to the SR. M86 S ECURITY UIDE...

  • Page 358: Report Configuration

    SR. Fig. 2:4-2 Report Configuration window Execute Log Transfer Now In the Initiating Log Transfer frame, click Initiate to transfer the log on demand. M86 S ECURITY UIDE...

  • Page 359: Real Time Probe

    Fig. 2:4-3 Real Time Probe window, Configuration tab Configuration Enable Real Time Probes 1. On the Configuration tab, click “On”. 2. Click Save to enable the Real Time Probes feature. As a result, all elements in this window become activated. M86 S ECURITY UIDE...
  • Page 360 2. Click Add to add the IP address in the Current White list of IPs. Remove IPs from the White List 1. Select the IP address(es) from the Current White list of IPs list box. 2. Click Delete to remove the IP address(es) from the white list. M86 S ECURITY UIDE...

  • Page 361: Report Recipients

    Format to be used for the file: “Plain Text” or “HTML”. By default, “HTML” is selected. 2. Select the Maximum File Size of an Email Report (MB) that can be sent, from 1MB increments up to 20MB. The default is 5 MB. 3. Click Save. M86 S ECURITY UIDE...

  • Page 362: Set Up Email Addresses To Receive Reports

    Completed Reports to be Emailed list box. NOTE: The maximum number of report recipients is 50. If more than 50 recipients need to be included, M86 recommends setting up an email alias list for group distribution. Remove Email Addresses 1.

  • Page 363: Logon Accounts

    Users list box. NOTE: When an authorized staff member is added to this list, that username is automatically added to the Current Un-Accessible Users list box in the Logon Accounts tab of the X Strikes Blocking window. M86 S ECURITY UIDE...
  • Page 364 (See Chapter 1: System screen, X Strikes Blocking for information on reseting strikes and unlocking workstations.) M86 S ECURITY UIDE...

  • Page 365: Go To Real Time Probe Reports Gui

    The Re-login window opens if the user’s session needs to be validated: Fig. 2:4-6 Re-login window 1. Enter your Username. 2. Enter your Password. 3. Click OK to close the Re-login window and to re-access the Web Filter console. M86 S ECURITY UIDE...

  • Page 366: Real Time Probe Reports

    Enter the Username and Password and click OK to open the Real Time Probe Reports pop-up window (see Fig. 2:4-8). • The Web Filter Introductory Window for Real Time Probes simultaneously opens with the Login window: M86 S ECURITY UIDE...

  • Page 367: Create A Real Time Probe

    This window must be left open during the entire session. Create a Real Time Probe Click the Create tab to enter and specify criteria for the report you wish to generate: Fig. 2:4-9 Real Time Probe Reports, Create tab M86 S ECURITY UIDE...
  • Page 368 (*) character is not allowed. This selection generates a report with data for all URLs containing the consecutive characters you specified. In this example, if mail is entered, “http:// www.hotmail.com” and “http://loginnet.passport.com/ login.srf?id=2&svc=mail&cbid=24325&msppjph=1&tw =0&fs=1&fsa=1&fsat=1296000&lc=1033&_lang=EN” would be included in the report. M86 S ECURITY UIDE...
  • Page 369 A probe that is scheduled to run at a specified date and time can be scheduled to run on a daily basis by checking the “Daily” checkbox at the Recurrence field. 6. Enter the Total Run Time in Minutes. 7. Click Apply. M86 S ECURITY UIDE...

  • Page 370: View Real Time Probe Details

    By selecting a probe, buttons for the probe become acti- vated, based on the state of the probe. The following options are available for each of the probe statuses: • Completed: View, Properties, Delete, Email • In Progress: View, Properties, Stop • Scheduled: Properties, Delete M86 S ECURITY UIDE...
  • Page 371 SE Keyword or a URL Keyword); URL in Libraries, and Requested URL. The following actions can be performed in this window: • Click a URL to open a window that accesses the desig- nated site. M86 S ECURITY UIDE...
  • Page 372 Display Name; Email Address to Mail the Completed Report; Search Option criteria; Start Date & Time; Run Time; and User ID of the creator of the probe (Created by). Click Close to close this pop-up box. M86 S ECURITY UIDE...
  • Page 373 Email option Clicking Email opens the Email Address box: Fig. 2:4-14 Email Address box Enter the Email Address to Mail the Completed Report and click Send to send the completed report to the desig- nated email address. M86 S ECURITY UIDE...

  • Page 374: Usage Graphs

    URLs accessed by end users, number of machine IP addresses accessing the Internet, and number of end users who have been authenticated (if using the authentication feature). Fig. 2:4-15 Usage Graphs window M86 S ECURITY UIDE...

  • Page 375: Select A Graph To View

    The Recent Trend graph includes the following information: date range, and Number of Hits per Hour for a given date: Fig. 2:4-16 Recent Trend graph Click the “X” in the upper right corner to close this window. M86 S ECURITY UIDE...

  • Page 376: Daily Peaks

    The Daily Peaks graph includes the following information: date, and Number of Hits per Second at Peak Time for a given Time using the HH:MM format: Fig. 2:4-17 Daily Peaks graph Click the “X” in the upper right corner to close this window. M86 S ECURITY UIDE...

  • Page 377: Shadow Log Format

    Post 2.0 log format (manual)”, “Post 1.9 log format (manual)”, and “Pre 1.9 log format (manual)”. NOTE: For the WFR Web Filter, the only selection that should be made in this window is “Auto-detect” or “Post 2.0.10 log format (manual)”. M86 S ECURITY UIDE...

  • Page 378: Apply Setting

    Post 2.0.10 log format option If this Web Filter currently has the 2.0.10 or higher software version applied, the Post 2.0.10 log format option should be selected. Apply Setting Click Apply to apply the setting for the shadow log format. M86 S ECURITY UIDE...

  • Page 379: Wf Group Dministrator Ection

    URL setup • creates and maintains customized library categories • uses the lookup tool to remove URLs or search engine keywords from customized libraries M86 S ECURITY UIDE...

  • Page 380: Chapter 1: Policy Screen

    IP sub-groups and/or individual IP members previously set up in the tree list. Click an entity in the tree list to view a menu of topics or actions that can be performed for that entity. M86 S ECURITY UIDE...

  • Page 381: Refresh

    ECTION HAPTER OLICY SCREEN Refresh Refresh the Master IP Group, Member Click Refresh whenever a change has been made to the master IP group or member level of the tree. Fig. 3:1-2 Policy screen, IP menu M86 S ECURITY UIDE...

  • Page 382: Master Ip Group

    This window is used for viewing the Group Name and for changing the password of the group administrator. Fig. 3:1-3 Group Details window Change the Group Administrator Password In the Group Administrator frame, the Group Name displays. M86 S ECURITY UIDE...

  • Page 383: Members Window

    For the mobile mode, a member’s MAC address is used for obtaining the end user’s filtering profile. NOTE: See Appendix D: Mobile Client for information on adding members when using the mobile mode. Fig. 3:1-4 Members window M86 S ECURITY UIDE...

  • Page 384: Add The Ip Address Of The Member

    Host and Max Host fields. Click Close to exit. Remove a Member from the Group To remove an entry from the Current Members list box: 1. Select the member from the list box. 2. Click Remove. M86 S ECURITY UIDE...

  • Page 385: Override Account Window

    A user can have only one override account. See the Override Account window in Chapter 2 of the WF Global Administrator Section for information on setting up a global group user’s over- ride account. M86 S ECURITY UIDE...

  • Page 386: Add An Override Account

    (See Category Profile, Redirect URL, and Filter Options in this sub-section for information on the Rule, Redirect, and Filter Options tabs.) 6. Click Apply to activate the override account. 7. Click Close to close the pop-up window. M86 S ECURITY UIDE...
  • Page 387 For example, if M86 S ECURITY UIDE...
  • Page 388 URL that has not yet been categorized: “Pass”, “Warn”, or “Block”. 4. To use the quota feature to restrict the end user’s access to a passed library group/category, do the following: M86 S ECURITY UIDE...
  • Page 389 5. Click Apply to apply your settings to the override account profile. 6. Click another tab (Redirect or Filter Options) to continue creating the override account profile, or click Close to close the pop-up window and to return to the Override Account window. M86 S ECURITY UIDE...
  • Page 390 Page”, “Authentication Request Form”, or “Custom URL”. If “Custom URL” is selected, enter the redirect URL in the corresponding text box. The user will be redirected to the designated page at this URL instead of the block page. M86 S ECURITY UIDE...
  • Page 391 WF Global Administrator Section for information on setting up the X Strikes Blocking feature. • “Google/Bing/Yahoo!/Youtube/Ask/AOL Safe Search Enforcement” - With the Google/Bing/Yahoo!/Youtube/ Ask/AOL Safe Search Enforcement option enabled, Google, Bing.com, Yahoo!, YouTube, Ask.com, and M86 S ECURITY UIDE...
  • Page 392 URL keywords are entered in the URL Keywords window of custom library categories. With the “Extend URL Keyword Filter Control” option enabled, a URL keyword search will be extended after the "?" character in a URL. M86 S ECURITY UIDE...

  • Page 393: Edit An Override Account

    3. Click the tab in which to make modifications (Rule, Redi- rect, Filter Options). 4. Make your edits in this tab and in any other tab, if neces- sary. 5. Click Apply. 6. Click Close to close the pop-up window. M86 S ECURITY UIDE...

  • Page 394: Delete An Override Account

    Category Profile displays by default when Group Profile is selected from the group menu, or when the Category tab is clicked. This tab is used for assigning filter settings to cate- gory groups/library categories for the group’s filtering profile. M86 S ECURITY UIDE...
  • Page 395 NOTE: By default, the Available Filter Levels pull-down menu also includes these five rule choices: Rule1 BYPASS”, “Rule2 BLOCK Porn”, “Rule3 Block IM and Porn”, “Rule4 M86 CIPA Compliance”, and “Rule5 Block All”. Create, Edit a List of Selected Categories To create the category profile: 1.
  • Page 396 3. Make a selection from the Uncategorized Sites pull- down menu to specify how to handle a URL that has not yet been categorized: “Pass”, “Warn”, or “Block”. M86 S ECURITY UIDE...
  • Page 397 5. Click Apply to apply your settings to the override account profile. 6. Click another tab (Redirect or Filter Options) to continue creating the override account profile, or click Close to close the pop-up window and to return to the Override Account window. M86 S ECURITY UIDE...

  • Page 398: Redirect Url

    If “Custom URL” is selected, enter the redirect URL in the corresponding text box. Users will be redirected to the designated page at this URL instead of the block page. 2. Click Apply to apply your settings. M86 S ECURITY UIDE...

  • Page 399: Filter Options

    With the X Strikes Blocking option enabled, an end user who attempts to access inappropriate sites on the Internet will be locked out from his/her workstation after a specified number of tries within a fixed time period. M86 S ECURITY UIDE...
  • Page 400 An inappropriate image will only be blocked if that image is included in M86’s library or is blocked by Google, Bing.com, Yahoo!, YouTube, Ask.com, or AOL. If this option is used in conjunction with the X Strikes Blocking feature and a user is performing an inappropriate Google, Bing.com, Yahoo!, YouTube, Ask.com, or AOL Image search, the...
  • Page 401 URLs that are not even within blocked catego- ries. For example, if all URL keywords containing “sex” are blocked, users will not be able to access a non-pornographic site such as http://www.essex.com. M86 S ECURITY UIDE...

  • Page 402: Exception Url Window

    Minimum Filtering Bypass Options tab. (See the Override Account window in this section for informa- tion on setting up an override account to allow a user to bypass group settings and minimum filtering level settings, if allowed.) M86 S ECURITY UIDE...

  • Page 403: Valid Url Entries

    (.) and then the URL, such as: *.coors.com TIP: The minimum number of levels that can be entered for a wildcard entry is three (e.g. *.yahoo.com) and the maximum number of levels is six (e.g. *.mail.attachments.message.yahoo .com). M86 S ECURITY UIDE...

  • Page 404: Add Urls To Block Url Or Bypass Url Frame

    See the subsequent Status column messages and icons sub- section for information regarding conflicting URLs found by the query. If a multi-level URL query was executed (as in http:// yahoo.com/mail), the Match case column contains an M86 S ECURITY UIDE...
  • Page 405 - Preceded by the yellow warning triangle icon containing an exclamation point, this type of conflict indi- cates the URL entry found by the query is already included in the other frame of the Exception URL window (ByPass URL or Block URL). M86 S ECURITY UIDE...
  • Page 406 URL cannot be added due to conflicts If a URL found by the query results is already included in the current list (see Fig. 3:1-13), it will not include a checkbox in the Add column since it cannot be added again. M86 S ECURITY UIDE...

  • Page 407: Remove Urls From Block Url Or Bypass Url Frame

    URL you do not want to remove from your list. TIP: Clicking the “Check/Uncheck All” checkbox at the bottom of this window toggles between selecting or de-selecting all check- boxes in this window. M86 S ECURITY UIDE...

  • Page 408: Apply Settings

    The Current Time Profiles list box displays the Name and Description of any time profiles previously set up for the entity that are currently active. NOTE: This window is similar to the one used for Sub Group and Individual IP profiles. M86 S ECURITY UIDE...

  • Page 409: Add A Time Profile

    Time Profile pop-up window that displays the name of this profile at the top of the Time Profile frame: Fig. 3:1-18 Time Profile window Recurrence tab 4. In the Recurrence duration time frame, specify Start and End time range criteria: M86 S ECURITY UIDE...
  • Page 410 • Daily - If this selection is made, enter the interval for the number of days this time profile will be used. By default, “1” displays, indicating this profile will be used each day during the specified time period. M86 S ECURITY UIDE...
  • Page 411 Thursday (for example, May 1st), the third week day would be the following Monday (May 5th in this example). • Yearly - If this selection is made, the year(s), month, and day for this time profile’s interval must be speci- fied: M86 S ECURITY UIDE...
  • Page 412 MM/DD/YY format. To choose another date, click the arrow in the date drop-down menu to open the calendar pop-up box. (See the infor- mation on the previous pages on how to use the calendar box.) M86 S ECURITY UIDE...
  • Page 413 Name and Description of the time profile that was just added. WARNING: If there is an error in a time profile, the Description for that time profile displays in red text. Select that time profile and click View/Modify to make any necessary corrections. M86 S ECURITY UIDE...
  • Page 414 Fig. 3:1-19 Time Profile pop-up window, Rule tab NOTE: See the Override Account window, Category Profile sub- section in this chapter for information about entries that can be made for this component of the filtering profile. M86 S ECURITY UIDE...
  • Page 415 Fig. 3:1-20 Time Profile pop-up window, Redirect URL tab NOTE: See the Override Account window, Redirect URL sub- section in this chapter for information about entries that can be made for this component of the filtering profile. M86 S ECURITY UIDE...
  • Page 416 Fig. 3:1-21 Time Profile pop-up window, Filter Options tab NOTE: See the Override Account window, Filter Options sub- section in this chapter for information about entries that can be made for this component of the filtering profile. M86 S ECURITY UIDE...
  • Page 417 Minimum Filtering Bypass Options tab. (See the Override Account window in this section for information on setting up an override account to allow a user to bypass group settings and minimum filtering level settings, if allowed.) M86 S ECURITY UIDE...
  • Page 418 Fig. 3:1-23 Time Profile pop-up window, Approved Content tab NOTE: See the Approved Content Settings window sub-section in this chapter for information about entries that can be made for this component of the filtering profile. M86 S ECURITY UIDE...

  • Page 419: Modify A Time Profile

    6. Click Close to close the Modify Time Profiles pop-up window, and to return to the Time Profile window. Delete a Time Profile To delete a time profile: 1. Select the time profile from the Current Time Profiles list box. 2. Click Remove. M86 S ECURITY UIDE...

  • Page 420: Approved Content Settings Window

    There are two parts to set up in order to use the Approved Content feature: • A portal for viewing videos must be created • The passkey of each approved video must be entered in the Approved Content Settings window for the user’s profile M86 S ECURITY UIDE...
  • Page 421 • Text editor tool such as Notepad or TextPad • MD5 checksum calculator tool NOTE: See the M86 Approved Content Portal Setup document at http://www.m86security.com/software/8e6/docs/ug/misc/ wf.ac.4.1.00.pdf for instructions on setting up a portal and pass- keys for users to view YouTube or SchoolTube videos.
  • Page 422 Enter the case-sensitive, eight to 20 character code in the Passkey field. b. Click Add. TIP: To remove a passkey from the list box, select it and then click Remove. 2. Click Apply to save your entries. M86 S ECURITY UIDE...

  • Page 423: Upload/Download Ip Profile Window

    Fig. 3:1-25 IP Profile Management window Upload IP Profiles 1. Click Upload File to open both the refresh message page (see Fig. 3:1-27) and the Upload IP Profiles pop-up window: Fig. 3:1-26 Upload IP Profiles pop-up window M86 S ECURITY UIDE...
  • Page 424 4. Click the “X” in the upper right corner of the Upload IP Profiles pop-up window to close it. 5. Click Refresh in the refresh page to refresh the IP groups branch of the tree: Fig. 3:1-27 Upload IP Profiles refresh page M86 S ECURITY UIDE...

  • Page 425: Download Profile

    1. Click Download Profile to open a browser window containing the profiles: Fig. 3:1-28 Download IP Profiles window The contents of this window can viewed, printed, and/or saved. 2. Click the “X” in the upper right corner of the window to close it. M86 S ECURITY UIDE...

  • Page 426: Add Sub Group

    WARNING: When adding a sub-group to the tree list, sub-group users will be blocked from Internet access until the minimum filtering level profile is defined via the Minimum Filtering Level window. The minimum filtering level is established by the global administrator. M86 S ECURITY UIDE...

  • Page 427: Add Individual Ip

    WARNING: When adding an Individual IP member to the tree list, the user will be blocked from Internet access until the minimum filtering level profile is defined via the Minimum Filtering Level window. The minimum filtering level is established by the global administrator. M86 S ECURITY UIDE...

  • Page 428: Delete Group

    Fig. 3:1-31 Paste Sub Group dialog box 2. In the Input sub group name field, enter the name of the sub-group. 3. Click OK to add the sub-group to the group in the Policy tree. M86 S ECURITY UIDE...

  • Page 429: Sub Group

    Fig. 3:1-32 Sub Group (IP Group) window View IP Sub-Group Details If the sub-group was previously defined, the fields in the Sub Group Details frame cannot be edited. The following infor- mation displays: • Sub Group Name M86 S ECURITY UIDE...

  • Page 430: Add Ip Sub-Group Details

    TIP: Use the IP Range pull-down menu to view the IP address(es) that can be entered in these fields. 2. Corresponding to the selected radio button: • enter the IP address and specify the netmask, or M86 S ECURITY UIDE...

  • Page 431: Members Window

    If using the mobile mode, MAC address(es) can be selected for inclusion in the sub-group. NOTE: See Appendix D: Mobile Client for information on modi- fying members when using the mobile mode. Fig. 3:1-34 Members window M86 S ECURITY UIDE...

  • Page 432: Modify Sub-Group Members

    NOTE: See the Group Profile window in this chapter for informa- tion about entries that can be made for the following components of the filtering profile: Category Profile, Redirect URL, Filter Options. M86 S ECURITY UIDE...

  • Page 433: Exception Url Window

    NOTE: See the Time Profile window in the Master IP Group sub- section of this chapter for information on entries that can be made for the following components of the filtering profile: Category Profile, Redirect URL, Filter Options, Exception URL, Approved Content. M86 S ECURITY UIDE...

  • Page 434: Approved Content Settings Window

    WF Global Administrator Section of this user guide for information about the Approved Content feature and VuSafe. See the M86 Approved Content Portal Setup document at http:// www.m86security.com/software/8e6/docs/ug/misc/ wf.ac.4.1.00.pdf for information on setting up a portal and pass- keys for viewing online YouTube and/or SchoolTube videos.

  • Page 435: Delete Sub Group

    2. Select the group from the tree and choose Paste Sub Group from the group menu to paste the sub-group to the group. (See Paste Sub Group dialog box in the Group section of this chapter.) M86 S ECURITY UIDE...

  • Page 436: Individual Ip

    If using the mobile mode, the member’s MAC address can be selected for inclusion in the sub-group. NOTE: See Appendix D: Mobile Client for information on modi- fying members when using the mobile mode. Fig. 3:1-35 Member window M86 S ECURITY UIDE...

  • Page 437: Enter The Ip Address Of The Member

    Time Profile window The Time Profile window displays when Time Profile is selected from the individual IP member menu. This window is used for setting up or modifying a filtering profile to be activated at a specified time. M86 S ECURITY UIDE...

  • Page 438: Approved Content Settings Window

    WF Global Administrator Section of this user guide for information about the Approved Content feature and VuSafe. See the M86 Approved Content Portal Setup document at http:// www.m86security.com/software/8e6/docs/ug/misc/ wf.ac.4.1.00.pdf for information on setting up a portal and pass- keys for viewing online YouTube and/or SchoolTube videos.

  • Page 439: Chapter 2: Library Screen

    Library Lookup and Category Groups, the latter topic containing the Custom Categories sub-topic. NOTE: If the synchronization feature is used, a server set up in the Target mode will only have the Library Lookup topic available. M86 S ECURITY UIDE...

  • Page 440: Library Lookup

    Fig. 3:2-2 Library Lookup window NOTE: This window is also used by global administrators, except their permissions let them remove URLs and search engine keywords/phrases. The reload library function is used after making changes to the library. M86 S ECURITY UIDE...

  • Page 441: Look Up A Url

    3. Click OK to close the alert box and to display any results in the Result Category list box, showing the long name of the library category, followed by the URL. M86 S ECURITY UIDE...

  • Page 442: Look Up A Search Engine Keyword

    Custom Categories link to view a menu of topics: Add Cate- gory, and Refresh. Fig. 3:2-3 Custom Categories menu NOTE: Since custom categories are not created by M86, updates cannot be provided. Maintaining the list of URLs and keywords is the responsibility of the global or group administrator.

  • Page 443: Add Category

    ECTION HAPTER IBRARY SCREEN WARNING: The maximum number of categories that can be saved is 512. This figure includes both M86 supplied categories and custom categories. Add Category A unique custom library category should be created only if it does not exist in the Category Groups tree, and if any sub- group needs to use that library category.

  • Page 444: Refresh

    NOTE: The category must have URLs, URL keywords, and/or search keywords added to its profile in order for it to be effective. Refresh Refresh the Library Click Refresh after uploading a file to a customized library category. M86 S ECURITY UIDE...

  • Page 445: Custom Library Category

    Delete Category. Fig. 3:2-5 Library screen, custom library category menu NOTE: Since custom categories are not created by M86, updates cannot be provided. Maintaining the list of URLs and keywords is the responsibility of the global or group administrator.

  • Page 446: View, Edit Library Details

    The following display and cannot be edited: Custom Cate- gories Group Name and library category Short Name. 1. The long Description name displays and can be edited. 2. After modifying the description for the library category, click Apply to save your entry. M86 S ECURITY UIDE...

  • Page 447: Urls Window

    (*) symbol followed by a period (.) can be entered in a format such as *.playboy.com, for example, to block access to all URLs ending in “.playboy.com”. A query string can be entered to block access to a specific URL. Fig. 3:2-7 URLs window, Action tab M86 S ECURITY UIDE...

  • Page 448: View A List Of Urls In The Library Category

    2. Make a selection from the pull-down menu for “Master List”, or “Wild Card Master List”. 3. Click View List to display the specified items in the Select List list box: Fig. 3:2-8 URLs window, View tab M86 S ECURITY UIDE...

  • Page 449: Add Or Remove Urls Or Wildcard Urls

    NOTE: The pound sign (#) character is not allowed in this entry. 2. Click Add to display the associated URL(s) in the list box below. 3. Select the URL(s) that you wish to add to the category. M86 S ECURITY UIDE...
  • Page 450 *.cnn.com is added to a category set up to be blocked, the end user will be able to access http://www.cnn.com since it is a direct match, but will not be able to access http://www.sports.cnn.com, since direct URL entries take precedence over wildcard entries. M86 S ECURITY UIDE...

  • Page 451: Upload A Master List To The Library

    1. Click Upload Master to open the Upload Custom Library URL pop-up window: Fig. 3:2-9 Upload Custom Library URL window 2. Click Browse... to open the Choose file pop-up window. 3. Select the file to be uploaded. M86 S ECURITY UIDE...
  • Page 452 5. If the file contains invalid URLs, click Back to return to the Upload URL window. Another attempt to validate the file can be made after corrections have been made to the file. If the file contains valid URLs: M86 S ECURITY UIDE...

  • Page 453: Upload A Master List Of Wildcard Urls

    To upload a master file with wildcard URL additions: 1. Click Upload Wildcard Master to open the Upload Custom Library WildCard URL pop-up window: Fig. 3:2-11 Upload Custom Library WildCard URL window 2. Click Browse... to open the Choose file pop-up window. M86 S ECURITY UIDE...
  • Page 454 Upload WildCard URL window. Another attempt to validate the file can be made after corrections have been made to the file. If the file contains valid wildcard URLs, click Upload to open the Upload Successful pop-up window. M86 S ECURITY UIDE...

  • Page 455: Reload The Library

    After all changes have been made to library windows, click Reload Library to refresh. NOTE: Since reloading the library utilizes system resources that impact the performance of the Web Filter, M86 recommends clicking Reload Library only after modifications to all library windows have been made.

  • Page 456: View A List Of Url Keywords

    1. Enter the Keyword in the Edit Keyword List frame. 2. Click Add. Remove a URL Keyword from the Library To remove a URL keyword from the library category: 1. Enter the Keyword. 2. Click Remove. M86 S ECURITY UIDE...

  • Page 457: Upload A List Of Url Keywords To The Library

    After all changes have been made to library windows, in the Reload URL Keywords frame, click Reload to refresh. NOTE: Since reloading the library utilizes system resources that impact the performance of the Web Filter, M86 recommends clicking Reload only after modifications to all library windows have been made.

  • Page 458: Search Engine Keywords Window

    For example, if all searches on “gin” are set up to be blocked, users will not be M86 S ECURITY UIDE...

  • Page 459: View A List Of Search Engine Keywords

    Remove a Search Engine Keyword To remove a search engine keyword or keyword phrase from a library category: 1. In the Edit Search Keyword List frame, enter up to 75 alphanumeric characters in the Keyword field. 2. Click Remove. M86 S ECURITY UIDE...

  • Page 460: Upload A Master List Of Search Engine Keywords

    After all changes have been made to library windows, in the Reload Search Keywords frame, click Reload to refresh. NOTE: Since reloading the library utilizes system resources that impact the performance of the Web Filter, M86 recommends clicking Reload only after modifications to all library windows have been made.

  • Page 461: Web Filter Appendices Section

    5. Filter Options (optional). For IP profiles, the code 0x1 should be placed at the end with all filter options disabled. 6. Quotas (optional). NOTE: Each filtering profile should be entered on a separate line in the file. M86 S ECURITY UIDE...

  • Page 462: Rule Criteria

    FTP (File Transfer Protocol) 80 = HTTP (Hyper Text Transfer Protocol) 119 = NNTP (Network News Transfer Protocol) 443 = HTTPS (Secured HTTP Transmission) Other • Filter Mode Values: Default, Block Mode Monitoring Mode Bypassing Mode M86 S ECURITY UIDE...
  • Page 463 NOTE: The list of library category codes and corresponding descriptions is subject to change due to the addition of new cate- gories and modification of current categories. For explanations and examples of category items, go to http:// www.m86security.com/resources/database-categories.asp M86 S ECURITY UIDE...
  • Page 464 Quota minutes, a comma ( , ), the first library category code, a colon ( : ), the number of quota minutes, and a comma between each quota. For example: ;10, EMPL:30, FINAN:30, GENBUS:30, TRADING:30, ESTATE:30 NOTES: See http://www.m86security.com/software/8e6/hlp/ ifr/files/2group_ipprofiles.html for examples of filtering profile entries. M86 S ECURITY UIDE...

  • Page 465: Create A Custom Block Page

    PPENDIX Appendix B Create a Custom Block Page M86 offers ways for you to customize the block page so that the page can have a different look while retaining the infor- mation/functionality provided in M86’s default block page. NOTE: The solutions provided in this appendix will only let you customize the Block page, not the Options page.

  • Page 466: Exclude Filtering Ip

    A Web server must be set up to hold the customized block page. 2. Create a customized block page The customized block page must be accessible via this link: http://<server for block_page>[:<port for block page>]/ <blockpage> M86 S ECURITY UIDE...
  • Page 467 User Name that accessed the blocked URL: (see URL) Implement the “further option” (optional) The “further option” is included in M86’s default block page. If used, the <block page> needs to provide a link back to Web Filter’s Options page and post the required hidden...

  • Page 468: Part Iii: Restart The Web Filter

    NOTE: Don’t forget to replace <Web Filter IP> with the real IP in the HTML/CGI before using these samples. Part III: Restart the Web Filter You must restart the Web Filter to make your changes effec- tive. M86 S ECURITY UIDE...

  • Page 469: Reference

    = str.indexOf("?"); if ( i>= 0) { query = str.substr(i+1, len-i-1); url = parseData(query, "URL=", "&"); document.block.URL.value = url; ip = parseData(query, "IP=", "&"); document.block.IP.value = ip; cat = parseData(query, "CAT=", "&"); document.block.CAT.value = cat; M86 S ECURITY UIDE...
  • Page 470 <input type=hidden name="USER" value=""> <input type=hidden name="STEP" value="STEP2"> </form> <br>Web Filter Customized Block Page (HTML using Java Script to parse and post form data)<br> <script language=javascript> getData(); showData(); </script> <br>For further options, <a href="javascript:do_options()">click here</a><br> </body> </html> M86 S ECURITY UIDE...

  • Page 471: Cgi Written In Perl

    $user = $1 if ($string =~ /USER=(\S+)/i); print "Content-type: text/html\n\n"; print "<html>\n"; print "<head>\n"; print "</head>\n"; print "<body>\n"; print "<br>Web Filter Customized Block Page (CGI written with Perl)<br>\n"; print "URL: $url<br>\n"; print "IP: $ip<br>\n"; print "CAT: $cat<br>\n"; print "USER: $user<br>\n"; M86 S ECURITY UIDE...

  • Page 472: Use Java Script To Post Form Data

    $cat = $1 if ($string =~ /CAT=(\S+)&USER=/i); $user = $1 if ($string =~ /USER=(\S+)/i); print "Content-type: text/html\n\n"; print "<html>\n"; print "<head>\n"; print "<script language=\"JavaScript\">\n"; print "function do_options()\n"; print "{\n"; print "document.block.action=\"http://<Web Filter IP>:81/cgi/ block.cgi\"\n"; print "document.block.submit()\n"; print "}\n"; print "</script>\n"; print "</head>\n"; M86 S ECURITY UIDE...

  • Page 473: Cgi Written In C

    * Replace <Web Filter IP> with real IP and recompile before using * Revision: 1 * Date: 03/08/2004 #include <stdio.h> struct { char *name; char *val; } entries[20]; char szIP[16]; char szURL[1024]; char szUserName[1024]; char szCategory[8]; /*function prototypes*/ M86 S ECURITY UIDE...
  • Page 474 (strcmp(paramn, "CAT") == 0) strcpy(szCategory, paramv); else if (strcmp(paramn, "USER") == 0) strcpy(szUserName, paramv); getnextquery(&paramv); free(paramd); else /*==================================================== Read stdin and convert form data into an array; set a variety of global variables to be used by other M86 S ECURITY UIDE...
  • Page 475 Filter IP>:81/cgi/ block.cgi\"\n"); printf("document.block.submit()\n"); printf("}\n"); printf("</script>\n"); printf("</head>\n"); printf("<form method=post name=block >\n"); printf("<input type=hidden name=\"SITE\" value=\"_BLOCK_SITE_\">\n"); printf("<input type=hidden name=\"IP\" value=\"%s\">\n", szIP); printf("<input type=hidden name=\"URL\" value=\"%s\">\n", szURL); printf("<input type=hidden name=\"CAT\" value=\"%s\">\n", szCategory); printf("<input type=hidden name=\"USER\" value=\"%s\">\n", M86 S ECURITY UIDE...
  • Page 476 = (what[0] >= 'A' ? ((what[0] & 0xdf) - 'A')+10 : (what[0] - '0')); digit *= 16; digit += (what[1] >= 'A' ? ((what[1] & 0xdf) - 'A')+10 : (what[1] - '0')); return(digit); char *makeword(char *line, char stop) M86 S ECURITY UIDE...
  • Page 477 = 102400; ll=0; word = (char *) malloc(sizeof(char) * (wsize + 1)); while(1) word[ll] = (char)fgetc(f); if(ll==wsize) word[ll+1] = '\0'; wsize+=102400; word = (char *)realloc(word,sizeof(char)*(wsize+1)); --(*cl); if((word[ll] == stop) || (feof(f)) || (!(*cl))) if(word[ll] != stop) ll++; M86 S ECURITY UIDE...
  • Page 478 0; len=strlen(string); for (i=0; i<len; i++) string[i]=toupper(tmp[i]); free(tmp); return 1; void getquery(char *paramd, char **paramv) if (paramd == NULL) *paramv = NULL; else *paramv = (char *)strtok(paramd, "&"); void getnextquery(char **paramv) *paramv = (char *)strtok(NULL, "&"); M86 S ECURITY UIDE...

  • Page 479: Override Pop-Up Blockers

    This appendix provides instructions on how to use an over- ride account if typical pop-up blocking software is installed, as in the following products: Yahoo! Toolbar, Google Toolbar, AdwareSafe, Mozilla Firefox, and Windows XP Service Pack 2 (SP2). M86 S ECURITY UIDE...

  • Page 480: Yahoo! Toolbar Pop-Up Blocker

    1. Go to the Yahoo! Toolbar and click the pop-up icon to open the pop-up menu: Fig. C-2 Select menu option Always Allow Pop-Ups From 2. Choose Always Allow Pop-Ups From to open the Yahoo! Pop-Up Blocker dialog box: M86 S ECURITY UIDE...
  • Page 481 Pop-Ups list box to activate the Allow button. 4. Click Allow to move the selected source to the Always Allow Pop-Ups From These Sources list box. 5. Click Close to save your changes and to close the dialog box. M86 S ECURITY UIDE...

  • Page 482: Google Toolbar Pop-Up Blocker

    Pop-up blocker button: Fig. C-4 Pop-up blocker button enabled Clicking this button toggles to the Pop-ups okay button, adding the override account window to your white list: Fig. C-5 Pop-ups okay button enabled M86 S ECURITY UIDE...

  • Page 483: Adwaresafe Pop-Up Blocker

    3. Click the Override button to open the override account pop-up window. 4. Go back to the SearchSafe toolbar and click the icon for Popup protection off to toggle back to # popups blocked. This action turns on pop-up blocking again. M86 S ECURITY UIDE...

  • Page 484: Mozilla Firefox Pop-Up Blocker

    2. Click the Content tab at the top of this box to open the Content section: Fig. C-6 Mozilla Firefox Pop-up Windows Options 3. With the “Block pop-up windows” checkbox checked, click the Exceptions... button at right to open the Allowed Sites - Pop-ups box: M86 S ECURITY UIDE...
  • Page 485 5. Click Allow to add the URL to the list box section below. 6. Click Close to close the Allowed Sites - Pop-ups box. 7. Click OK to close the Options dialog box. M86 S ECURITY UIDE...

  • Page 486: Windows Xp Sp2 Pop-Up Blocker

    Internet Options to open the Internet Options dialog box. 2. Click the Privacy tab: Fig. C-8 Enable pop-up blocking 3. In the Pop-up Blocker frame, check “Turn on Pop-up Blocker”. 4. Click Apply and then click OK to close the dialog box. M86 S ECURITY UIDE...

  • Page 487: Use The Ie Toolbar

    1. In the Options page (see Fig. C-1), enter your Username and Password. 2. Press and hold the Ctrl key on your keyboard while simultaneously clicking the Override button—this action opens the override account pop-up window. M86 S ECURITY UIDE...

  • Page 488: Add Override Account To The White List

    Close to close the dialog box. The override account window has now been added to your white list. 3. In the Options page (see Fig. C-1), enter your Username and Password. 4. Click the Override button to open the override account pop-up window. M86 S ECURITY UIDE...

  • Page 489: Use The Information Bar

    Password. 2. Click the Override button. This action displays the following message in the Information Bar: “Pop-up blocked. To see this pop-up or additional options click here...”: Fig. C-11 Information Bar showing blocked pop-up status M86 S ECURITY UIDE...
  • Page 490 NOTE: To view your white list, go to the Pop-up Blocker Settings dialog box (see Fig. C-10) and see the entries in the Allowed sites list box. 6. Go back to the Options page and click Override to open the override account window. M86 S ECURITY UIDE...

  • Page 491: Mobile Client

    Internet security threats, and possible legal problems that can result from the misuse of Internet resources on an unfiltered, remote, laptop computer. M86 S ECURITY UIDE...

  • Page 492: Environment Requirements

    • Macintosh OS X Version 10.4, 10.5, or 10.6 running: • Safari 4.0 • Firefox 3.5 or 3.6 WARNING: The filtered end user must be set up with standard user rights only—these users should not have Power User, Administrator, or root level access. M86 S ECURITY UIDE...

  • Page 493: Network Requirement

    3. If the end user comes into the organization, logs into his/ her workstation and is authenticated on the internal network, the end user’s profile now comes from the Web Filter, and not the Mobile Client. M86 S ECURITY UIDE...

  • Page 494: Network Operations Overview

    2. The Mobile Client installed on the end user’s workstation sends a parallel request to the Web Filter. 3. The Web Filter searches its M86 database for a match to the request. If a match to the requested URL is found and the site is disallowed, the Mobile Client software blocks the connection to the Web server.

  • Page 495: Configure The Web Filter To Use The Mobile Mode

    More information about using this feature is provided in subsequent pages in this section of the user guide. The following features are not available when using the mobile mode: Minimum Filtering Level, Time Profile, Override Account, M86 S ECURITY UIDE...

  • Page 496: Add Mac Addresses To The Master Ip Group

    , master IP group with MAC addresses Fig. D-2 Members window 1. In the New Members frame, select “Source MAC”. 2. Enter the member’s MAC address. 3. Click Add to include the MAC address entry in the Current Members list box. M86 S ECURITY UIDE...

  • Page 497: Select Mac Addresses For A Sub Group

    • To add MAC addresses to the sub-group, select each sub-group by highlighting it in the Available MAC(s) list box, and then clicking the left arrow to move the item(s) to the Member MAC(s) list box. M86 S ECURITY UIDE...

  • Page 498: View Sub Group Mac Addresses

    MAC addresses previously added in the sub-group’s Members window. , view MAC Addresses Fig. D-4 Sub Group (IP Group) window MAC addresses display in the Member MAC(s) list box in the MAC Address frame. M86 S ECURITY UIDE...

  • Page 499: Add A Mac Address To An Individual Member

    MAC address for inclusion in the sub-group. Fig. D-5 Member window with MAC Address 1. In the Modify Individual Group Member frame, select the member’s MAC Address from the pull-down menu. 2. Click Modify to apply your changes. M86 S ECURITY UIDE...

  • Page 500: Upload Mac Address File For Ip Group

    IP group’s profile file: tlind,150.100.30.2,A,J CHAT R GPORN M I,1, ,0x103 tlind, 00:04:21:AF:33:E1,A,J CHAT R GPORN M I,1, ,0x103 NOTE: For other examples of entries to include in the profile file, go to http://www.m86security.com/software/8e6/hlp/ifr/files/ 2group_ipprofiles.html. M86 S ECURITY UIDE...

  • Page 501: Troubleshoot Mac Addresses

    "source" Web Filter. Fig. D-7 Active Profile Lookup window with MAC Address NOTE: See Active Profile Lookup window in Chapter 1: System screen from the WF Global Administrator Section for information on using the Active Profile Lookup window. M86 S ECURITY UIDE...

  • Page 502: Mobile Client Section

    • The optional Mobile Client Updater (MCU) component that updates Mobile Client binaries from your Mobile Server running M86 Web Filter software version 4.0 or higher, or from your own Web server (the “updater,” 8e6winmcu.msi for Windows, and 8e6osxmcu.pkg.tar for Macintosh OS X) •...

  • Page 503: Download And Install The Deployment Kit

    To download the Mobile Client Deployment Kit to your machine: 1. Launch the M86 Mobile Client Web page, and then find and click the link for the Mobile Client Deployment Kit Installer (.msi file) you wish to download to your machine.
  • Page 504 Windows and Macintosh packages for the Mobile Client will be installed for distribution to user workstations. When your machine is ready to install the Deployment Kit, the page that confirms the installation process is ready to begin displays: M86 S ECURITY UIDE...
  • Page 505 Fig. D-11 Installation process ready to begin 6. Click Install to begin the installation process. The following page displays when the installation process is complete: Fig. D-12 Installation complete 7. Click Finish to close the wizard dialog box. M86 S ECURITY UIDE...

  • Page 506: Access The Mobile Client Deployment Tool Window

    Help link in the Mobile Client Deployment Tool for instructions on using these windows. The Mobile Client Deployment Tool window is accessible via Start > All Programs > M86 Security Mobile Client Deployment Kit > Package Editor: Fig. D-13 Mobile Client Deployment Tool window The Mobile Client Deployment Tool’s package editor log...

  • Page 507: Configure A New Package Set

    2. Select the Mobile Client software version from the avail- able choices, and then click OK to close the Choose Product Version dialog box and to open the Package Configuration window: Fig. D-15 Package Configuration window M86 S ECURITY UIDE...
  • Page 508 NOTE: To edit the default settings, from the Mobile Client Deploy- ment Tool window select Tools > Edit default configuration... (see Edit a Package Configuration: Edit default configuration settings for information about making edits to default settings). M86 S ECURITY UIDE...
  • Page 509 Mobile filter host(s) field of the Package Configuration window. NOTE: To remove a mobile filter from the list, select the entry from the Hosts list box, click Delete, and then click OK. M86 S ECURITY UIDE...
  • Page 510 Internal filter host(s) field of the Package Configuration window. NOTE: To remove an internal filter from the list, select the entry from the Hosts list box, click Delete, and then click OK. M86 S ECURITY UIDE...
  • Page 511 Internet access when the mobile filter host server is unavailable. WARNING: By deselecting this option, technically savvy end users may be able to bypass filtering permanently by disrupting communications between the workstation and the mobile filter host server. M86 S ECURITY UIDE...
  • Page 512 (e.g. “http”), the port number (if a port other than port 80 is used), the host name, and directory name. For example: http://www.mycompany.com/ mobile_client_updates NOTE: Only the HTTP protocol is supported at this time. M86 S ECURITY UIDE...
  • Page 513 • There are specific applications you would like to perma- nently and unconditionally block from accessing the Internet • You wish to enable special log-verbosity settings for one or more applications—i.e. to troubleshoot possible conflicts between the Mobile Client and other network applications. M86 S ECURITY UIDE...
  • Page 514 Step 2: Identify the name and path of the application Determine the name and path of the executable program for which network access should be blocked or granted unre- stricted network access. For example: Program Files\Mozilla Firefox\Firefox.exe M86 S ECURITY UIDE...
  • Page 515 The -c option specifies a partial command line match. You could, therefore, just specify “Firefox.exe” instead of listing the entire path. However, doing so could also make it easier for a sophisti- cated end user to exploit a bypass setting. M86 S ECURITY UIDE...
  • Page 516 It is also possible to encrypt the Application Options Settings if you wish to obfuscate them from your users. NOTE: Contact M86 Technical Support for advanced information about Applications Options Settings. To encrypt or decrypt commands to be included in the Appli-...
  • Page 517 Package Configuration window is automati- cally incremented to the next sequential number, and the Mobile Client Package Contents local Web page launches, providing a summary of package contents with links to various components generated in the package: M86 S ECURITY UIDE...
  • Page 518 ILTER PPENDICES ECTION PPENDIX Fig. D-20 Mobile Client Package Contents page M86 S ECURITY UIDE...
  • Page 519 Mobile Client files, uncompress and extract files to the designated update server NOTE: More information about these tools is provided in subse- quent pages in this section of the user guide. M86 S ECURITY UIDE...
  • Page 520 NOTE: If you need to find the Mobile Client Package Contents page after you close it, from the Mobile Client Deployment Tool window, go to File > Explore Packages... and then locate “Pack- ages-View.html” inside the directory for the corresponding package. M86 S ECURITY UIDE...

  • Page 521: Edit A Package Configuration

    Package Configuration window displaying the last saved edits made for the package. NOTE: The “Configuration revision” is incremented to the next sequential revision number. 4. After making your edits, choose a Save option for saving the configuration package. M86 S ECURITY UIDE...
  • Page 522 • a different Path is used with the filename “cfg- defaults.mccfg” specified • “Save as defaults” is greyed-out • Mobile Client and MCU components for Windows and Macintosh OS X show "All" instead of software version numbers. M86 S ECURITY UIDE...

  • Page 523: View Package Configuration Contents

    Package window (see Fig. D-21) by clicking the Explore Pack- ages... button. 2. Double-click the selected package to display its contents. 3. When you are finished, click the “X” in the upper right corner of the window to close it. M86 S ECURITY UIDE...

  • Page 524: Mcu File Preparations

    2. Install the installer as you would any other program. No configuration is required for the MCU component. NOTE: This is a one time operation; after this procedure the MCU will update itself when a new version is deployed. M86 S ECURITY UIDE...
  • Page 525 (unless you have modi- fied the Mobile Server configuration to specify otherwise). When a new Mobile Client version is detected, the MCU immediately attempts to download it. Because the clients do M86 S ECURITY UIDE...
  • Page 526 NOTE: A full Mobile Client update file size is about 1.5 MB for Windows and 1.4 MB for Macintosh OS X (as of software version 3.0.5). M86 S ECURITY UIDE...
  • Page 527 System > Mode > Operation Mode (see Fig. D1). 2. In the Mobile Client Control frame, at the Mobile Client Software Update field click Upload to open the Upload Mobile Client Software Package pop-up window: Fig. D-24 Upload Mobile Client Software Package window M86 S ECURITY UIDE...
  • Page 528 MCU finds no new software available, it checks to see if a new configuration is available. If the latter is available, that is downloaded and applied. Such updates are much smaller in size than updating an entire new version of the Mobile Client. M86 S ECURITY UIDE...

  • Page 529: Mc Deployment To Windows Computers

    Forest > Domains > {domain name} > Group Policy Objects. b. Right-click and choose "New", then create a name for the policy (suggested name: "M86 Mobile Client Deployment"). Click OK. c. In the Group Policy Object Editor, open the {policy name} >...
  • Page 530 Click OK. To create a WMI filter: WMI filters are capable of applying very sophisticated selection criteria to set the scope of a policy. See Microsoft Knowledgebase article #555253 for details on creating WMI filters: http://support.microsoft.com/kb/ 555253 M86 S ECURITY UIDE...
  • Page 531 NOTE: In some cases involving Windows XP workstations, it may be necessary to reboot twice for Group Policy processing to occur. c. Verify the Mobile Client is blocking access to unautho- rized Web sites, and is allowing access to other sites. M86 S ECURITY UIDE...

  • Page 532: Mc Deployment To Macintosh Os X Computers

    Apple Computer provides a product called Apple Remote Desktop (http://www.apple.com/remotedesktop/) that can be used to deploy Macintosh OS X Mobile Client software version in bulk to many users simultaneously. Contact Apple for additional information about this product. M86 S ECURITY UIDE...

  • Page 533: Mobile Client Removal From Computers

    You will probably want to change the name of the policy (e.g. "Remove M86 Mobile Client"). Once the new policy has been processed on all target machines and the Mobile Client has been removed, you can delete or unlink the removal policy with GPMC.
  • Page 534 • Windows XP: Start > Control Panel > Add or Remove Programs 2. Find the Mobile Client program and click Remove to open the M86 Mobile Client - Uninstall dialog box: Fig. D-27 Mobile Client Uninstall dialog box 3. Copy the eight-digit number displayed in the Machine ID field.
  • Page 535 Copy this Uninstall key. In this example: f0d34d NOTE: Click Close to close the Create Uninstall Key pop-up window. 6. Access the M86 Mobile Client - Uninstall dialog box again, and enter the generated password key in the Key field. In this example: f0d34d Fig.

  • Page 536: Glossary

    - A Web Filter set up in the firewall mode will filter all requests. If the request is appropriate, the original packet will pass unchanged. If the request is inappropriate, the original packet will be blocked from being routed through. M86 S ECURITY UIDE...
  • Page 537 “essex”. library category - A list of URLs, URL keywords, and search engine keywords set up to be blocked. LDAP - One of two authentication method protocols used by the Web Filter. Lightweight Directory Access Protocol M86 S ECURITY UIDE...
  • Page 538 (Distinguished Names). M86 supplied category - A library category that was created by M86, and includes a list of URLs, URL keywords, and search engine keywords to be blocked. machine name - Pertains to the name of the user’s work- station machine (computer).
  • Page 539 P2P services specified in the library category. profile string - The string of characters that define a filtering profile. A profile string can consist of the following components: category codes, service port numbers, and redirect URL. M86 S ECURITY UIDE...
  • Page 540 Each rule created by the global administrator is assigned a number and a name that should be indicative of its theme. Rules are used when creating filtering profiles for entities on the network. M86 S ECURITY UIDE...
  • Page 541 Internet running Network Time Protocol (NTP) software. time profile - A customized filtering profile set up to be effective at a specified time period for designated users. Traveler - M86’s executable program that downloads updates to your Web Filter on demand or at a scheduled time.
  • Page 542 URL from that library category or an uncategorized URL is requested. white list - A list of approved library categories for a speci- fied entity’s filtering profile. M86 S ECURITY UIDE...

  • Page 543: Sr Introductory Section

    System Configuration administrator console and Report Manager. Using System Configuration screens, the global adminis- trator configures the SR to accept log files from the M86 Web Filter—and the M86 Secure Web Gateway, if this filtering device is added to the device registry—“normalize”...

  • Page 544: About This Portion Of The User Guide

    • SR Security Reports Section - Refer to this section for security report configuration and usage, if using a Secure Web Gateway appliance with the SR application in this WFR. NOTE: See the M86 Secure Web Gateway User Guide at http:// www.m86security.com/support/Secure-Web-Gateway/Docu- mentation.asp for information on the SWG. M86 S...
  • Page 545 Appendix B provides details on setting up and using the System Tray feature for real time gauge alerts. Appendix C features a glossary of technical terminology used in this portion of the user guide. M86 S ECURITY UIDE...

  • Page 546: Terminology

    (such as “Yes” or “No”, or “Next” or “Cancel”) to execute your command. As dictated by this box, you also might need to make one or more entries or selections prior to clicking a button. M86 S ECURITY UIDE...
  • Page 547 • panel - the central portion of a screen that is replaced by a different view when clicking a pertinent link or button. A sub- panel is a boxed-in section within a panel. M86 S ECURITY UIDE...
  • Page 548 • screen - a main object of an applica- tion that displays across your monitor. A screen can contain panels, sub-panels, windows, frames, fields, tables, text boxes, list boxes, icons, buttons, and radio buttons. M86 S ECURITY UIDE...
  • Page 549 • window - can contain frames, fields, text boxes, list boxes, icons, buttons, and radio buttons. Types of windows include ones from the system such as the Save As window, pop-up windows, or login windows. M86 S ECURITY UIDE...

  • Page 550: Getting Started

    Fig. 1:1-1 Security Reporter icon in WFR Welcome window NOTE: If pop-up blocking software is installed on the workstation, it must be disabled. Information about disabling pop-up blocking software can be found in WFR Appendix I: Disable Pop-up Blocking Software. M86 S ECURITY UIDE...

  • Page 551: Enter Report Manager's Url In The Address Field

    In order to accept the security certificate, follow the instructions at: http://www.m86security.com/ software/8e6/docs/ig/misc/sec-cert-sr3.1.10.pdf 3. After accepting the security certificate, click Go to open the Security Reporter Login window (see Fig. 1:1-2). M86 S ECURITY UIDE...

  • Page 552: Log In

    If you are logging in as a group administrator, enter the password set up for you by the global administrator. TIP: M86 Security recommends administrators who access this application for the first time should change their account pass- word. Administrator usernames and passwords are modified in Administration >...
  • Page 553 Page Count Summary Report displays instead of Top 20 Users by Blocked Requests. A maximum of eight users can use the SR user interface simulta- neously. However, for optimum results, M86 Security recom- mends no more than four users generate reports at the same time.

  • Page 554: Re-Login

    To log in again, click OK to close the alert box; this action displays the Security Reporter login window where you will need to log in again. M86 S ECURITY UIDE...

  • Page 555: Expired Passwords

    The password is case sensitive. 3. Click Save to close the pop-up window. 4. In the Security Reporter login window (see Fig. 1:1-2), enter your Username and new Password, and then click Login to access the user interface. M86 S ECURITY UIDE...

  • Page 556: Forgot Your Password

    Reporter password reset” message. NOTE: The action of clicking “OK” displays the original login window. 4. Click the link in the email message to launch the Reset Your Password login window; the Username field displays your username greyed-out: M86 S ECURITY UIDE...
  • Page 557 5. Enter a password comprised of eight to 20 characters (using at least one alpha, one numeric, and one symbol character) In the New Password and Confirm Pass- word fields. 6. Click Submit to access the Security Reporter user inter- face. M86 S ECURITY UIDE...

  • Page 558: User Interface Navigation

    A link to Web Filter is also available via a menu link. Clicking “Security Reporter” or the M86 Security logo in the banner accesses the M86 Security Web site. NOTE: See Appendix A: Evaluation Mode for information about using the Security Reporter in evaluation mode and/or converting the application to registered mode.
  • Page 559 Version, and hardware Serial number of the M86 WFR appliance. This criteria can be copied and pasted into an email or online form to be submitted to M86 Secu- rity for troubleshooting purposes. Click “Close” to close the pop-up window.
  • Page 560 • View tooltip information - To view information about any object that has a circled “i” icon beside it, hover over the icon to display tooltips that explain how to use that button or field. M86 S ECURITY UIDE...

  • Page 561: Links In The System Configuration Navigation Toolbar

    (in the .pdf format) for this application. • Logout - Click this link to log out of the SR (see Log Out for details on log out procedures). M86 S ECURITY UIDE...

  • Page 562: Log Out

    ShutDown window sub-section from the WF Global Administrator Section of the Web Filter portion of this user guide. Failure to properly shut down the server can result in data being lost or corrupted. M86 S ECURITY UIDE...

  • Page 563: Sr System Onfiguration Ection

    • sets up administrators for receiving automatic alerts • analyzes SR statistics • utilizes diagnostics for monitoring the SR status to ensure optimum functioning of the SR • establishes and implements backup and restoration procedures for the SR M86 S ECURITY UIDE...

  • Page 564: Chapter 1: Access System Configuration

    If using this product in the evaluation mode the SR Status pop-up window opens when accessing this screen. Please see Appendix A: Evaluation Mode for information about the evaluation mode. M86 S ECURITY UIDE...

  • Page 565: Chapter 2: Configuring The Server

    SR and maintaining the Report Manager. TIP: When making a complete configuration in the System Configuration administrator console, M86 Security recommends you navigate from left to right (Network to Server to Database) in choosing your menu options.

  • Page 566: Box Mode Screen

    Once your server is configured and the server is set in the “live” mode, it will receive and process real time data from the Web Filter. The Report Manager can then be used to capture data and create views. M86 S ECURITY UIDE...

  • Page 567: Archive Mode

    2. Click the radio button corresponding to Live or Archive to specify the mode in which the server should function: • choose Live if you wish the server to function in the “live” mode, receiving and processing real time data from the Web Filter. M86 S ECURITY UIDE...

  • Page 568: Locked-Out Accounts And Ips Screen

    (see Optional Features screen in this chapter), and a user is unable to log into the SR user interface due to an expired pass- word, or having met the specified number of failed password attempts within the designated timespan. M86 S ECURITY UIDE...

  • Page 569: View Locked Accounts, Ip Addresses

    • IP: ‘x.x.x.x’ has been successfully unlocked. NOTE: In the text above, ‘xxx’ and ‘x.x.x.x’ represents the unlocked username/IP address. 3. Click OK to return to the Locked-out Accounts and IPs screen that no longer shows the accounts/IPs that have been unlocked. M86 S ECURITY UIDE...

  • Page 570: Server Menu

    Server menu. This screen is used for setting up the password for the remote server’s FTP account, for executing an immediate backup on the SR, and for performing a restoration to the database from the previous backup run. Fig. 2:2-4 Backup screen M86 S ECURITY UIDE...

  • Page 571: Backup And Recovery Procedures

    ONFIGURING THE ERVER Backup and Recovery Procedures IMPORTANT: M86 Security recommends establishing backup and recovery procedures when you first begin using the SR. Please follow the advice in this section to ensure your SR is prop- erly maintained in the event that data is lost and back up proce- dures need to be performed to recover data.

  • Page 572: Set Up/Edit External Backup Ftp Password

    SR will be down. • Expiration about to occur - If a data expiration is about to occur, you might want to back up your data before M86 S ECURITY UIDE...

  • Page 573: Perform A Remote Backup

    From the remote server, the backup database can be retrieved via FTP, and then stored off site. TIP: M86 Security recommends executing an on demand backup during the lightest period of system usage, so the server will perform at maximum capacity.

  • Page 574: Perform A Restoration To The Sr

    NOTE: The amount of time it will take to restore data to the SR depends on the combined size of all database tables being restored. M86 Security recommends that you do not perform other functions on the SR until the restoration is complete.

  • Page 575: Self Monitoring Screen

    As the administrator of the SR, you have the option to either activate or deactivate this feature. When the self-monitoring feature is activated, an automated e-mail message is dispatched to designated recipients if the SR identifies a failed process during its hourly check for new data. M86 S ECURITY UIDE...

  • Page 576: View A List Of Contact E-Mail Addresses

    The Master Administrator and any remaining e-mail addresses in the list will continue receiving notifications. Deactivate Self-Monitoring 1. Click the radio button corresponding to NO. 2. Click the Save button to deactivate self-monitoring. M86 S ECURITY UIDE...

  • Page 577: Server Status Screen

    Server menu. This screen, which automatically refreshes itself every 10 seconds, displays the statuses of processes currently running on the SR, and provides information on the amount of space and memory used by each process. Fig. 2:2-6 Server Status screen M86 S ECURITY UIDE...

  • Page 578: View The Status Of The Server

    • Disk drives status - provides data on the status of each drive of the operating system • NETSTAT - displays the status of a local IP address M86 S ECURITY UIDE...

  • Page 579: Secure Access Screen

    The Secure Access screen displays when the Secure Access option is selected from the Server menu. This screen is primarily used by M86 Security technical support representatives to perform maintenance on your server, if your system is behind a firewall that denies access to your server.

  • Page 580: Terminate A Port Connection

    Terminate All Port Connections If more than one port is currently active on the customer’s server and you need to terminate all port connections, click the Stop All button. This action removes all port numbers from the list box. M86 S ECURITY UIDE...

  • Page 581: Shut Down Screen

    MySQL database is rebooted. • Shut Down the SR’s Software - The Shutdown Soft- ware option should be selected if the MySQL database needs to be shut off and no files FTPed to the server. M86 S ECURITY UIDE...

  • Page 582: Perform A Server Action

    Shut Down screen. NOTE: When the Restart Software option is selected, the SR will take five to 10 minutes to reboot. After this time, you can go to another screen or log off. M86 S ECURITY UIDE...

  • Page 583: Report Manager Screen

    Report Manager application. As a result of this action, a screen displays with the following message: “The Report Manager will restart in a few minutes.” 2. Click OK to return to the Report Manager screen. M86 S ECURITY UIDE...

  • Page 584: Enable/Disable The Report Manager Scheduler

    • “ON” - Choose this option to let the Report Manager automatically run scheduled reports. • “OFF” - Choose this option if you do not want the Report Manager to run scheduled reports. 2. Click Apply. 3. Click Restart to restart the Report Manager application. M86 S ECURITY UIDE...

  • Page 585: Database Menu

    SR to identify users based on the IP addresses of their machines, their usernames, and/or their machine names. Information set up on this screen is used by the Report Manager when logging a user’s Internet activity. M86 S ECURITY UIDE...
  • Page 586 Fig. 2:2-11 User Name Identification screen with IP.ID activated As the administrator of the SR, you have the option to either enable or disable this feature for logging users’ activities by usernames, machine names, and/or IP addresses of machines. M86 S ECURITY UIDE...
  • Page 587 The second user logs on the same machine for 11 minutes and then logs off. The first user logs back on that machine for 16 minutes. All 30 minutes are logged as the first user’s activity. M86 S ECURITY UIDE...

  • Page 588: View The User Name Identification Screen

    IP addresses and machine names. After this table is created, the message screen displays to confirm the successful execution of this task. b. Click the Back button to return to the User Name Identification screen. M86 S ECURITY UIDE...

  • Page 589: Page View Elapsed Time Screen

    Establish the Unit of Elapsed Time for Page Views 1. In the Elapse Time field, enter the number of seconds that will be used as the value when tracking a user’s visit to a Web site. 2. Click the Save button. M86 S ECURITY UIDE...

  • Page 590: Elapsed Time Rules

    Web site, then exits, then returns to the same site for another 15 seconds, the user will have two sessions or three visits to that site logged for him/her (5 seconds = 1 visit, 15 seconds = 2 visits, for a total of 3 visits). M86 S ECURITY UIDE...

  • Page 591: Page Definition Screen

    Page searches. Fig. 2:2-13 Page Definition screen View the Current Page Types The Current page types list box contains the extensions of page types to be included in the detail report. M86 S ECURITY UIDE...

  • Page 592: Remove A Page Type

    Add a Page Type To add a page type in the detail report: 1. Enter the New Page Type extension. 2. Click Add to include the extension in the Current page types list box. 3. Click Apply. M86 S ECURITY UIDE...

  • Page 593: Tools Screen

    Report Manager application. Fig. 2:2-14 Tools screen The following options are available on this screen: • View Diagnostic Reports • View Database Status Logs • Technical Support Report Package M86 S ECURITY UIDE...

  • Page 594: View Diagnostic Reports

    • db Backup - This log provides information about the MySQL backup/restore operation. • db Control - This log shows a list of actions performed by the SR process when processing log files. M86 S ECURITY UIDE...
  • Page 595 • File Watch Log - This log shows a list of records that were imported from one machine to another. • MYSQL Log - This log provides information pertaining to the MySQL server. • Partitioner - This log displays results of server parti- tioning for database expiration. M86 S ECURITY UIDE...

  • Page 596: Generate Technical Support Report Package

    Generate to begin generating the report package. 2. After the package has generated, the “Successfully generated tech support log” pop-up window opens with the message: “Please download the file to email to M86 tech support.” Click Download to download the .tgz package to your machine.

  • Page 597: Expiration Screen

    SR.) See the Server Information panel in the Report Manager Admin- istration Section for more information about expired data. See also Appendix A: Evaluation Mode for information about using the SR in the evaluation mode. M86 S ECURITY UIDE...

  • Page 598: Expiration Rules

    Saturday period) stored on the server is expired— i.e. deleted from the database. Once data expires, it cannot be recovered. WARNING: Storage capacity maintenance is performed each evening between 11:30 p.m. and midnight. During this period, the database will be locked. M86 S ECURITY UIDE...

  • Page 599: View Data Storage Statistics

    • Last 8 weeks hits/day average - The average number of end user hits per day, based on the last eight weeks of data stored on the server. NOTE: If the server has not yet expired any data, a “0” (zero) displays in this field. M86 S ECURITY UIDE...

  • Page 600: Optional Features Screen

    Count. This screen also is used for enabling and configuring the password security feature to be used for the System Configuration administrator console and Report Manager (see Fig. 2-2:16). NOTE: Optional features can be enabled or disabled at any time. M86 S ECURITY UIDE...
  • Page 601 SR S 2: C YSTEM ONFIGURATION ECTION HAPTER ONFIGURING THE ERVER Fig. 2:2-16 Optional Features screen M86 S ECURITY UIDE...

  • Page 602: Enable Search String Reporting

    1. Click the radio button corresponding to “ON” to make the Top 20 Users by Blocked Requests report selection avail- able in an administrator’s Summary Reports menu. 2. Click Apply to apply your setting. WARNING: Applying this setting restarts the Report Manager. M86 S ECURITY UIDE...

  • Page 603: Enable Time Usage Reports

    (“0”) will display for object activity in generated reports. 1. Select one of two radio buttons to specify the type of hits to be included in drill down, Time Usage reports, and scheduled custom reports: M86 S ECURITY UIDE...

  • Page 604: Enable, Configure Password Security Option

    If a user’s password has expired, when he/she enters his/her Username and Password in the login screen and clicks Login, he/ she will be prompted to re-enter his/her Username and enter a new password in the Password and Confirm Password fields. M86 S ECURITY UIDE...
  • Page 605 Failed Password Attempts Timespan (in minutes) field before being locked out of the SR user interface. NOTE: The maximum number of failed attempts that can be entered is 10. M86 S ECURITY UIDE...
  • Page 606 Allowable Number of Failed Password Attempts field— before being locked out of the SR user interface. NOTE: The maximum number of minutes that can be entered is 1440. 2. Click Apply to apply your settings. M86 S ECURITY UIDE...

  • Page 607: User Group Import Screen

    This screen is used for specifying the Web Filter(s) to send LDAP user group membership information to this SR, for performing a user group import on demand, and for viewing on demand user group import criteria. Fig. 2:2-17 User Group Import screen M86 S ECURITY UIDE...

  • Page 608: Import User Groups

    Current Status for User Group Import box that opens at the bottom of this screen when the Import Now button is clicked. NOTE: User groups will be imported in the exact format defined on the Web Filter. M86 S ECURITY UIDE...

  • Page 609: Sr Report Manager Administration Section

    Report Manager processes; analyze data storage on the server; and remove all profiles and configuration settings in the Report Manager. M86 S ECURITY UIDE...
  • Page 610 SR R EPORT ANAGER DMINISTRATION ECTION NTRODUCTION • Chapter 3: Report Configuration - This chapter explains how to create and manage Custom Category Groups used for monitoring end user Internet activity, and configure general report settings. M86 S ECURITY UIDE...

  • Page 611: Chapter 1: Group, Profile Management

    2. Click User Groups to display the User Groups panel, which is comprised of User Groups sub-panel to the left and its Group Members target sub-panel to the right: Fig. 3:1-1 User Groups panel M86 S ECURITY UIDE...
  • Page 612 From this panel you can view information about an existing user group, or click a button to add a user group, modify or delete an existing user group, rebuild a user group on demand, or refresh the display of the current list. M86 S ECURITY UIDE...
  • Page 613 • Open Directory For the Web Filter: • Active Directory Mixed Mode and Active Directory Native Mode are supported. • Open LDAP usernames will be included in user profiles only if those users generate network traffic. M86 S ECURITY UIDE...

  • Page 614: View User Group Information

    New, Edit, Delete, Rebuild All, and Refresh buttons. • If the selected user group was imported and cannot be rebuilt on demand, this action activates the New, Rebuild All, and Refresh buttons only. M86 S ECURITY UIDE...
  • Page 615 Fig. 3:1-2 View user group information, Single Users accordion NOTE: If using the LDAP user authentication method, user names display in the User Name column. If using IP groups, IP addresses of user machines display instead of user names. M86 S ECURITY UIDE...

  • Page 616: Add A User Group

    3. Enter at least three characters for the Group Name to be used for the new user group; this action activates the Save button. 4. Click the checkbox(es) to activate the pertinent corre- sponding box(es) below: Patterns, IP Ranges, Single Users/Exclude. M86 S ECURITY UIDE...

  • Page 617: Patterns Sub-Panel

    ”200.10.100.3” as part of the IP address. 2. Click Add Pattern to include the pattern in the Assigned Patterns list box below. TIP: Follow steps 1 and 2 above to include additional patterns for the new user group. M86 S ECURITY UIDE...
  • Page 618 To remove a pattern in the Assigned Patterns list box: 1. In the Patterns box, select the pattern from the Assigned Patterns list box to highlight it. 2. Click Remove Pattern to remove that pattern from the list box. M86 S ECURITY UIDE...

  • Page 619: Ip Ranges Sub-Panel

    To set up the first parent user group to include an IP range, “All” user groups must be used as the base group. Fig. 3:1-5 Add user group, IP Ranges sub-panel M86 S ECURITY UIDE...
  • Page 620 Range button. d. Click Calculate IP Range to display the Starting IP and Ending IP in the fields above. 2. Click Add IP Range to include that IP range in the Assigned Ranges list box below: M86 S ECURITY UIDE...
  • Page 621 1. Click the row to highlight and select it; this action acti- vates the Remove IP Range button below. 2. Click Remove IP Range to remove the IP address range from the list box. M86 S ECURITY UIDE...

  • Page 622: Single Users/Exclude Sub-Panel

    A user name preceded by an asterisk ( * ) indicates an auto- assigned user that can only be removed by adjusting the pattern or IP range for that user’s group. Fig. 3:1-7 Add user group, Single Users sub-panel M86 S ECURITY UIDE...
  • Page 623 NOTE: Users added to the Add tab will still be listed in the Avail- able Users list. After saving the entries in the New User Group panel, the users added to the Add tab display in the Assigned tab. M86 S ECURITY UIDE...
  • Page 624 1. Select the user(s) from the Add tab; this action activates the [-] Remove button: Fig. 3:1-8 Add user group, remove user from Add tab 2. Click [-] Remove to remove the user(s) from the Add tab. M86 S ECURITY UIDE...

  • Page 625: Edit A User Group

    Delete tab. • If necessary, edit the name of the user group in the Group Name field. 4. Click Save to save your edits and to return to the User Groups panel. M86 S ECURITY UIDE...

  • Page 626: Rebuild The User Group

    User Groups list as well as your User Groups list. TIP: Click No to close the dialog box and to return to the User Groups panel. 3. Click Yes to close the dialog box, and to remove the user group from the User Groups list. M86 S ECURITY UIDE...

  • Page 627: Admin Groups Panel

    NOTES: Any administrator groups previously set up display in the Group Names list box in the Administrator Groups sub-panel. In this panel, you can add an administrator group, view information for an existing administrator group, and modify or delete that group, as necessary. M86 S ECURITY UIDE...

  • Page 628: Add A Group

    • Admins - This privilege lets the administrator create another administrator account with equal or lesser privileges as that administrator. • System Administration - This privilege gives the administrator access to the Device Registry and System Configuration administrator console. M86 S ECURITY UIDE...
  • Page 629 TIP: To remove a checkmark from any active checkbox containing a checkmark, click the checkbox. 4. Click Save Group to save your entries and to add the new administrator group name in the Group Names list box. M86 S ECURITY UIDE...

  • Page 630: View, Edit Administrator Group Permissions

    Group Privileges sub-panel with previously-saved settings: Fig. 3:1-11 Administrator Groups group selections With the Group Privileges sub-panel populated, you can now make edits as described in the following sub-section. M86 S ECURITY UIDE...

  • Page 631: Edit Administrator Group Settings

    3. Click Yes to close the dialog box and to remove the administrator group from the Group Names list box. NOTE: Clicking Cancel closes the dialog box without removing the administrator group. M86 S ECURITY UIDE...

  • Page 632: Admin Profiles Panel

    At the right side of this panel is the Admin Detail sub-panel, used for adding a group administrator profile, viewing an M86 S ECURITY UIDE...
  • Page 633 If logged in as a group administrator without privileges to create other administrator profiles, only the Admin Detail sub-panel displays, as in the sample screen below: Fig. 3:1-13 Admin Profiles panel, group administrator view M86 S ECURITY UIDE...

  • Page 634: Add An Administrator Profile

    • Optional: Select another report color scheme from the available Graph Colors choices. • Type in the Username the group administrator will use to access the SR user interface. This entry will display in the Admin list when the record is saved. M86 S ECURITY UIDE...
  • Page 635 System Tray feature.) • Optional: Type in the group administrator’s Work Phone number, without entering special characters such as parentheses ( ), a hyphen (-), a period (.), or a left slash (/). M86 S ECURITY UIDE...
  • Page 636 Remove Group to remove the user group(s). 4. After selecting each user group to be assigned to the group administrator, click Save Admin to add the User- name for the new administrator to the Admin list box. M86 S ECURITY UIDE...

  • Page 637: View, Edit Admin Detail

    For an account without permission to create other user profiles, the Admin Detail sub-panel displays at minimum that user’s Email address, Graph Colors selection, User- name, Language selection, Username Format selection, and Assigned User Groups selection(s) greyed-out: M86 S ECURITY UIDE...

  • Page 638: Edit Account Info

    • An administrator account with permissions to create other user accounts also has the ability to modify the Administrator Group selection, and User Groups selections for user accounts he/she set up. 2. After making any modifications, click Update Admin to save your edits. M86 S ECURITY UIDE...

  • Page 639: Delete Admin

    TIP: Clicking Cancel closes the dialog box without removing the group administrator profile. 3. Click Yes to close the dialog box and to remove the administrator’s username from the list. M86 S ECURITY UIDE...

  • Page 640: Chapter 2: Database Management

    HTTPS Configuration to open the HTTPS Configuration panel, comprised of Self-Signed, Trusted, and Download/Delete Certificate tabs used for creating, uploading, downloading, and/or deleting self- signed or third party SSL certificates: Fig. 3:2-1 HTTPS Configuration panel, Self-Signed tab M86 S ECURITY UIDE...

  • Page 641: Generate A Self-Signed Certificate For The Sr

    SR, and to restart the Report Manager. Hereafter, group administrators must accept the security certificate on their workstations in order for their machines to communicate with the Report Manager and/or System Configuration administrator console. M86 S ECURITY UIDE...

  • Page 642: Create, Upload A Third Party Certificate

    1. Click the Trusted tab: Fig. 3:2-2 HTTPS Configuration panel, Trusted tab 2. Make entries in these fields: a. Common Name (Full DNS Name) - Hostname of the SR server, such as logo.com. M86 S ECURITY UIDE...

  • Page 643: Step B: Download The Csr, Submit To Agency

    2. Click Save CSR to save the CSR to your machine. TIP: Click Delete CSR to remove the CSR you created on your machine. 3. Submit the CSR to a trusted third party agency autho- rized to sign SSL certificates. M86 S ECURITY UIDE...

  • Page 644: Step C: Upload The Signed Ssl Certificate To Sr

    Browse to find the .cer file you just saved. 5. Click Upload to load the certificate on the SR. NOTE: Do not click this button until performing the actions in the following steps. TIP: Click Cancel in the dialog box to cancel the procedure. M86 S ECURITY UIDE...

  • Page 645: Download, Delete A Third Party Certificate

    The certificate can now be distributed to group administrator workstations. Delete the SSL Certificate To delete the third party certificate from the SR, go to the Download/Delete Certificate tab and click Delete to remove the certificate from the SR. M86 S ECURITY UIDE...

  • Page 646: User Profiles Panel

    Fig. 3:2-4 User Profiles panel By default, this panel is comprised of rows of end user records, sorted in ascending order by Username (IP address). For each username in the list, the corresponding end user IP Address displays. M86 S ECURITY UIDE...

  • Page 647: Search The User Database

    2. Click User Summary to open the User Summary panel, and perform any of the actions described for this panel in the Real Time Reports Section. M86 S ECURITY UIDE...

  • Page 648: Activity View Panel

    Fig. 3:2-5 Activity View panel The Activities sub-panel displays to the left and the empty target sub-panel displays to the right. Below these sub- panels is the Date Range field, the administrator usernames menu, and Search button. M86 S ECURITY UIDE...

  • Page 649: Perform A Search On A Specified Activity

    5. Click the ending date to select it and to close the calendar pop-up window. This action populates the field to the left of the calendar icon with the selected date. 6. To view the activity of a specified administrator, select the username from the pull-down menu. M86 S ECURITY UIDE...

  • Page 650: Search Results

    The Target field displays information only as applicable for any of the following actions executed by the administrator (Admin Name), such as: • administrator name for Add/Edit/Delete Admin • group name for Add/Edit/Delete Admin Group M86 S ECURITY UIDE...
  • Page 651 SR R 2: D EPORT ANAGER DMINISTRATION ECTION HAPTER ATABASE ANAGEMENT • alert name for Add/Edit/Delete Alert • gauge name for Add/Edit/Delete URL/Bandwidth Gauge. M86 S ECURITY UIDE...

  • Page 652: Device Registry Panel

    SR, synchronizing the SR with user groups and libraries from the source Web Filter, editing M86 appliance criteria, and adding/deleting an addi- tional Web Filter, or adding/deleting an SWG or LDAP server to/from the registry.
  • Page 653 SWG policy server to the device registry. • New LDAP Server (enabled only if an SWG has been added to the device registry) - Click this button to add an LDAP server to the device registry. M86 S ECURITY UIDE...

  • Page 654: Removing/Adding Web Filter, Swg Devices

    WARNING: For any scenario specified above that would result in data being purged from the Security Reporter, M86 recommends backing up and saving current SR data off the server before adding or removing the designated device from the device registry.

  • Page 655: Web Filter Device Maintenance

    Web Filter device you added now displays. View, edit Web Filter device criteria 1. Go to the Web Filter server icon in the Device Registry panel and click Edit to open the Web Filter pop-up window: M86 S ECURITY UIDE...

  • Page 656: Delete A Web Filter From The Device Registry

    NOTE: Click No to close the dialog box. 2. Click Yes to delete the Web Filter device from the registry, and to remove the Web Filter server icon from the Device Registry panel. M86 S ECURITY UIDE...

  • Page 657: Security Reporter Maintenance

    Range IP Address and Subnet Mask fields, and buttons for adding or removing a range of IP addresses the SR application will monitor for network traffic. Any IP Address and Subnet Mask previously entered in this window displays in the list box. M86 S ECURITY UIDE...

  • Page 658: Add, Remove A Bandwidth Range

    SMTP, Patch Server, NTP Server, and Proxy Server. View SMTP device criteria 1. Go to the image of the SMTP server in the Device Registry panel and click View to open the SMTP Server pop-up window: M86 S ECURITY UIDE...

  • Page 659: View Patch Server Device Criteria

    Registry panel and click View to open the Proxy Server pop-up window. The following information displays: Name of server (Proxy Server), Device Type (Proxy Server), IP address, Port number, Username (if appli- cable), Password (if applicable, asterisks display), Proxy Switch ("on" or "off"). M86 S ECURITY UIDE...

  • Page 660: View Ntp Server Device Criteria

    2. Check the checkbox(es) pertaining to information to be synchronized between the Web Filter and SR devices, and to activate the Synchronize button: • Categories - Make this selection to synchronize M86 supplied library category updates and custom library categories from the source Web Filter to the SR.

  • Page 661: Swg Policy Server Device Maintenance

    SR Wizard installation process—nor subsequently added to this device registry—click New SWG Policy Server at the bottom of the Device Registry panel to open the New SWG Policy Server pop-up window: Fig. 3:2-13 Add New SWG Policy Server M86 S ECURITY UIDE...

  • Page 662: Add Another Policy Server To The Device Registry

    New SWG Policy Server at the bottom of the Device Registry panel to open the New SWG Policy Server pop-up window: Fig. 3:2-14 Add another New SWG Policy Server The following information displays and cannot be edited: Device Type (SWG), ID, Username. M86 S ECURITY UIDE...

  • Page 663: Edit Policy Server Criteria, Change Password

    2. The following actions can be performed in this window: • Make entries or edits in the following fields: • Name - Name for the device. • Description - Description of the device. TIP: Click Cancel to close this pop-up window. M86 S ECURITY UIDE...
  • Page 664 TIP: Click Cancel to close this pop-up window. c) Click Change Password to save your entries, close this pop-up window, and return to the Edit SWG Policy Server pop-up window. 3. Click Save to save your edits and to close the pop-up window. M86 S ECURITY UIDE...

  • Page 665: Delete A Policy Server From The Device Registry

    Add an LDAP Server to the device registry 1. At the bottom of the Device Registry panel, click New LDAP Server to open the LDAP server pop-up window: Fig. 3:2-17 Add LDAP server The Device Type image displays. M86 S ECURITY UIDE...
  • Page 666 TIP: Click Cancel to close this pop-up window. 3. Click Save to save and process your information, and to return to the Device Registry panel where an icon repre- senting the LDAP server device you added now displays. M86 S ECURITY UIDE...

  • Page 667: Import Ldap Group Profiles

    Edit to open the pop-up window: Fig. 3:2-18 LDAP Server pop-up window The Device Type image for the LDAP server displays, along with entries previously made and saved in this window. 2. Edit any of the fields in this pop-up window. M86 S ECURITY UIDE...

  • Page 668: Delete An Ldap Server From The Device Registry

    NOTE: Click No to close the dialog box. 2. Click Yes to delete the LDAP server device from the registry, and to remove the LDAP server icon from the Device Registry panel. M86 S ECURITY UIDE...

  • Page 669: Database Processes List Panel

    In the navigation toolbar, hover over the Administration menu link and select Database Processes List to display the Database Processes List panel: Fig. 3:2-19 Database Processes List window M86 S ECURITY UIDE...

  • Page 670: View Details On A Process

    At the end of each row is the Terminate option. TIP: Click the Refresh button to refresh the list of records. Terminate a Process Select the process to be terminated and click Terminate. WARNING: Be sure that you do not terminate the wrong process. M86 S ECURITY UIDE...

  • Page 671: Server Information Panel

    Activity, and Expiration Info. NOTE: If the WFR unit is newly installed, server statistics will be available after they are initially correlated for the SR, immediately after midnight. If this problem persists, please contact your system administrator. M86 S ECURITY UIDE...

  • Page 672: Mode

    ‘X’ WEEKS”—in which ‘X’ represents the number of weeks). Registered mode pertains to an SR that has been activated online and registered by M86 Security. An SR in registered mode will store as much data as allocated for data storage on its hard drive—and on its attached storage device, if...

  • Page 673: Date Scopes

    Server Info The Server Info section contains the following WFR server information: Software Version number and Database Server IP address—or the label “localhost” that designates the SR administration module as the host server for the Report Manager. M86 S ECURITY UIDE...

  • Page 674: Server Activity

    HH:MM AM/PM format), the login ID of the person who generated the chart (Generated by) and the Page number and page range. The chart image includes a graph illustrating the general Number of Hits (in purple) and Number of IPs that gener- M86 S ECURITY UIDE...
  • Page 675 Number of IPs that generated those hits (in blue) for a specified Week (YYYY-WW). Weeks are numbered 01-52. For example, 2011-05 indicates the fifth week in the year 2011—or the first week of February 2011, which included days 1-5. M86 S ECURITY UIDE...
  • Page 676 The summary shows the general Number of Hits (in purple) and Number of IPs that generated those hits (in blue) for a specified Month (Month ’YY). Month names are abbreviated. Fig. 3:2-23 Hits Per Month chart M86 S ECURITY UIDE...
  • Page 677 Save a Copy dialog box, and proceed with standard save procedures. • Close the chart window - Click the “X” in the upper right corner to close the chart window. • Generate a new chart - Make new entries in the Server Information panel. M86 S ECURITY UIDE...

  • Page 678: Expiration Info

    TERED)” is included in the label to indicate the number of weeks of data that would be stored on the SR if the SR was activated and running in registered mode. (See Registered Mode and Eval- uation Mode in this sub-section.) M86 S ECURITY UIDE...

  • Page 679: Reset To Factory Defaults Panel

    WARNING: When using this option, all settings made on the SR—including administrator, group, and real time gauge configu- ration settings and alerts—will be purged and cannot be restored. The SR will also be set to evaluation mode. M86 S ECURITY UIDE...

  • Page 680: Reset Sr To Factory Defaults

    WFR’s End User License Agree- ment window: Fig. 3:2-25 End User License Agreement 4. After reading the contents of the EULA, click Yes to accept it and to go to the Wizard Login window: Fig. 3:2-26 Wizard Login window M86 S ECURITY UIDE...

  • Page 681: Wizard Panel

    1. In the Wizard Login window, type in the Username created during the wizard hardware installation process. 2. Type in the Password created for the Username during the wizard hardware installation process. 3. Click Login to display the wizard panel: Fig. 3:2-27 Wizard panel M86 S ECURITY UIDE...

  • Page 682: Main Administrator

    2. In the Web Filter Setup section, by default the first row in the table is populated with an “X” in the Source column and the Server Name and Server IP address of the Local Web Filter. M86 S ECURITY UIDE...

  • Page 683: Secure Web Gateway Setup

    SWGs can send logs to this SR. NOTE: The password entered in this field must be added in the user interface of each SWG that will send logs to this SR, as explained in the SWG’s Management Console Reference Guide. M86 S ECURITY UIDE...

  • Page 684: Save Entries

    SR R 2: D EPORT ANAGER DMINISTRATION ECTION HAPTER ATABASE ANAGEMENT Save Entries Click Save to save your entries and to go to the SR login window: Fig. 3:2-28 SR Login window M86 S ECURITY UIDE...

  • Page 685: Chapter 3: Report Configuration

    In the navigation toolbar, hover over the Administration menu link and select Default Report Settings to display the Default Report Settings panel: Fig. 3:3-1 Default Report Settings panel M86 S ECURITY UIDE...

  • Page 686: Set New Defaults

    If you wish to include uncategorized sites in drill down reports, click in the checkbox to remove the check mark. 6. If using one or more SWG policy servers with this SR being configured, make a selection from the Combine Duplicate Names pull-down menu: M86 S ECURITY UIDE...
  • Page 687 SWGs collectively will remain as separate record entries in the generated report. TIP: Click Cancel to exit without saving your entries. 7. Click the Save button to save your settings in the Default Report Settings panel. M86 S ECURITY UIDE...

  • Page 688: Custom Category Groups Panel

    Custom Category Groups panel: Fig. 3:3-2 Custom Category Groups panel The Custom Category Groups panel is comprised of two sub-panels used for setting up and maintaining category groups: Custom Category Group, and Custom Category Group Detail. M86 S ECURITY UIDE...

  • Page 689: Add A Custom Category Group

    Assigned Categories/Ports list box, make your selection(s), and then click Remove to remove the selection(s). 5. Click Save to save your settings and to include the name of the group you added in the Custom Category Group list. M86 S ECURITY UIDE...

  • Page 690: Modify A Custom Category Group

    Delete a Category Group 1. Select the Custom Category Group name from the list box by clicking on your choice to highlight it. 2. Click Delete to remove the Custom Category Group name from the list box. M86 S ECURITY UIDE...

  • Page 691: Introduction

    Report Schedule for running reports on a regular basis. • Chapter 4: Specialized Reports - This chapter informs you of three specialized types of reports you can generate: Executive Internet Usage Summary Reports, Blocked Request Reports, and Time Usage Reports. M86 S ECURITY UIDE...

  • Page 692: Chapter 1: A High Level Overview

    Fig. 4:1-1 Dashboard panel NOTE: If using an SWG with the Web Filter, only Web Filter log results display. At the top of the panel, the following information displays for the current period: Total Web Requests, Total Blocked M86 S ECURITY UIDE...
  • Page 693 Once you have a high level overview of end user produc- tivity report activity on the network, you can use productivity reports to obtain more information about specific end user trends and activity. M86 S ECURITY UIDE...

  • Page 694: Summary Reports

    “No Data to display.” displays in the panel. If the Blocked Requests Report feature is disabled in System Configuration > Database > Optional Features > Blocked Request Count frame, yesterday’s Top 20 Categories report view displays by default instead. M86 S ECURITY UIDE...

  • Page 695: Summary Report Types

    • Top 20 Users by Malware Hit Count - Bar chart report depicting each top end user’s total “Blocked” and “Permitted” Hit Count from the following categories in the Security, Internet Productivity, and Internet Communica- tion (Instant Messaging) category groups: BotNet, Mali- M86 S ECURITY UIDE...
  • Page 696 Code/Virus, Bad Reputation Domains, Spyware, Adware, and IRC. NOTE: For SWG users, results that display in the Top 20 Users by Malware report reflect library contents mapped to the M86 Supplied Categories. • Top 20 Sites by Page Count - Bar chart report depicting the total Page Count for the most popular sites accessed by end users.

  • Page 697: Modify The Summary Report View

    • Report type thumbnails - Click one of the report type thumbnails beneath the Date Scope to display that report view. TIP: Click the left arrows or right arrows at the edges of the dash- board to display thumbnail images that are currently hidden. M86 S ECURITY UIDE...

  • Page 698: Download, Export A Summary Report

    The footer of the report includes the date and time the report was generated (M/D/YY, HH:MM:SS AM/PM), administrator login ID (Generated by), and Page number and page range. The body of the first page of the report includes the following information: M86 S ECURITY UIDE...
  • Page 699 • All other reports - Count columns and corresponding totals for all reports. Grand Total and Count display at the end of the report. The report can be exported by printing it or saving it to your machine. M86 S ECURITY UIDE...

  • Page 700: Csv Format

    The footer of the report includes the date, time, and time zone in which the report was generated (MM/D/YYYY HH:MM:SS AM/PM, time zone code), product name, Filter specifications, and the login ID of the user who generated the report (Generated by). M86 S ECURITY UIDE...

  • Page 701: Png Format

    15 categories or user groups. Any categories or user groups with page counts totalling less than one percent are grouped together under the “Others Combined” label. The report can be exported by printing it or saving it to your machine. M86 S ECURITY UIDE...

  • Page 702: Sample Reports

    These types of reports are accessible by navigating to Reports > Sample Reports and clicking one of the thumb- nails in the panel: Fig. 4:1-7 Sample Reports M86 S ECURITY UIDE...

  • Page 703: Sample Report Types

    • By Category/Site/IP - For each library category, the sites end users accessed, and IP address of each end user • By Category/User/Site - For each library category, the end users with activity in that library category, and the sites each end user accessed M86 S ECURITY UIDE...

  • Page 704: View, Export A Sample Report

    Total counts display at the end of each section. The Grand Total and total Count for all sections display at the end of the report. The footer on each page contains the following information: today’s date (M/D/YYYY), time (HH:MM:SS AM/PM), and M86 S ECURITY UIDE...

  • Page 705: Export The Sample Report

    • Save the report - Navigate to the Save (Page) As... selection to open the Save As window, and proceed with standard save procedures. 2. Click the “X” in the upper right corner of the tab to close it. M86 S ECURITY UIDE...

  • Page 706: Chapter 2: Drill Down Reports

    M86 S ECURITY UIDE...

  • Page 707: Generate A Drill Down Report

    Page Count or Object Count column corresponding to a specific record displayed in the current summary drill down report view. 3. The drill down view can be exported, saved, modified and re-run, and/or scheduled to run at a specified time. M86 S ECURITY UIDE...

  • Page 708: Summary Drill Down Report View

    The bottom portion of the report view panel includes tools for modifying the current report view, exporting or saving the report, and/or scheduling the report to run at a specified time. Fig. 4:2-1 Default Summary Drill Down Report view M86 S ECURITY UIDE...

  • Page 709: Summary Report View Tools And Tips

    Navigation and Usage). Report view option icons Click the following report view icon to change the report view display: • Click this icon to display only the top six bars: Fig. 4:2-2 Sample top six bars view M86 S ECURITY UIDE...

  • Page 710: Count Columns And Links

    It is possible for a site to be listed in more than one category, so even if a user has visited only one site, this column may count the user’s visit in two or three categories. M86 S ECURITY UIDE...
  • Page 711 However, if an advertisement or banner ad (an object on the page) is actually a page from another site, this item would not be classified as an object but as a page, since it comes from a different server. M86 S ECURITY UIDE...

  • Page 712: Time Column

    10 to 30 seconds, a user could show an incredibly high page count and many minutes, even though only one page was opened by that user. M86 S ECURITY UIDE...

  • Page 713: Column Sorting Tips

    Export Selected to open the Export pop-up window (see Export a Productivity Report). Other navigation tips See Report View Navigation and Usage for information about navigating the current report view using breadcrumb trails and the Go to page ‘x’ of ‘x’ total pages field. M86 S ECURITY UIDE...

  • Page 714: Detail Drill Down Report View

    Search String. Any of these columns can be hidden by unchecking the corresponding title in the Column Visibility checkbox. The bottom portion of the report view panel includes tools for modifying the current report view, exporting, and/or saving the report. M86 S ECURITY UIDE...

  • Page 715: Detail Report View Tools And Tips

    TIP: After making your modifications, click Close to close the Column visibility pop-up window. • Date - Displays the date in the M/D/YYYY H:M:S AM/PM format • Category - Displays the category name (e.g. “Alcohol”). M86 S ECURITY UIDE...
  • Page 716 Google, Bing, Yahoo!, MSN, AOL, Ask.com, YouTube.com, and MySpace.com—if the Search Engine Reporting option is enabled in the Optional Features screen of the System Configuration administrator console user interface. M86 S ECURITY UIDE...

  • Page 717: Column Sorting Tips

    Truncated data viewing tip To view the entire text that displays truncated in a detail report view column, hover over the column to view the entire string of data in the column for a given record: M86 S ECURITY UIDE...

  • Page 718: Detail Drill Down Record Exportation

    (see Export a Productivity Report). Other navigation tips See Report Navigation and Usage for information about navigating the current report view using breadcrumb trails and the Go to page ‘x’ of ‘x’ total pages field. M86 S ECURITY UIDE...

  • Page 719: Report View Navigation And Usage

    If more than one page of records displays for the total pages returned, enter a page number within that range to navigate to that page of records, or use the up/down arrow(s) to specify the page you want displayed. M86 S ECURITY UIDE...

  • Page 720: Usage Tools

    - Clicking this selection in a summary drill down report opens the Limit Detail Result pop-up box that lets you specify the default number of records to include in the report view for detail drill down reports. M86 S ECURITY UIDE...
  • Page 721 If the summary drill down report view is currently grouped by more than one report type (e.g. Category/Site), choosing the Run option opens a Run Report pop-up box that does not include the Type and Date Scope selections: M86 S ECURITY UIDE...
  • Page 722 Basic Options requirements include a report Save Name, Description, Date Scope, Email and Output Type and Format criteria, and whether unidentified IPs should be included. M86 S ECURITY UIDE...
  • Page 723 Group By sorting options, and pie and bar chart criteria. Fig. 4:2-9 Save Report, Advanced Options tab for summary reports For a detail drill down report, Advanced Options include Group By, column selection, and record type criteria. M86 S ECURITY UIDE...
  • Page 724 Fig. 4:2-11 Save Report, Schedule Report option • Save and Email to save the report in the specified format and then email it to the designated email address(es). • Save Only to save the report. M86 S ECURITY UIDE...
  • Page 725 If generating a detail drill down report, the number of records specified in this box will display in the Run Report and Export pop-up boxes and in the generated report view. M86 S ECURITY UIDE...

  • Page 726: Export Records Option

    Fig. 4:2-13 Summary drill down Export pop-up box For detail drill down reports, you have the option to specify the quantity of records, and whether blocked records or all returned records—both blocked and non-blocked—will be included. M86 S ECURITY UIDE...
  • Page 727 Email option to email a report. • See View and Print Options in this chapter for information about using the View option to view and print a generated report, and for sample reports. M86 S ECURITY UIDE...

  • Page 728: Report View Components

    Custom Category Groups option from the Administration menu. • User Groups - This option performs a query on Internet activity of User Groups. User Groups are set up using the User Groups option from the Administration menu. M86 S ECURITY UIDE...

  • Page 729: Date Scope And Date Fields

    • Yesterday - This option generates the report view for yesterday only. • Month to Yesterday - This option generates the report view for the range of days that includes the first day of the current month through yesterday. M86 S ECURITY UIDE...
  • Page 730 In the from and to fields, use the calendar icons to make selections for the date range. In the time fields, specify the hour (1-24) and minute (0-59) time ranges. M86 S ECURITY UIDE...

  • Page 731: Number Of Records Fields

    For summary drill down reports, at the Sort By field, make a selection from the pull-down menu for one of the available sort options: “Category Count”, “IP Count”, “User Count”, “Site Count”, “Page Count”, “Object Count”, “Time”, “Hit M86 S ECURITY UIDE...

  • Page 732: Limit Detail Result Fields

    • Show blocked records only - Click this radio button to only include records for URLs that were blocked. The Show top ‘x’ records checkbox is included with the “Show both blocked and non-blocked records” and “Show M86 S ECURITY UIDE...

  • Page 733: Group By Field

    The Format field is used for specifying the manner in which text from the report view will be outputted. At the Format pull-down menu, choose the format for the report: “MS-DOS Text”, “PDF”, “Rich Text Format”, “HTML”, “Comma-Delimited Text”, “Excel (Chinese)”, “Excel (English)”. M86 S ECURITY UIDE...

  • Page 734: Data To Export Field

    For summary drill down reports, at the Sort By field, make a selection from the pull-down menu for one of the available sort options: “Category Count”, “IP Count”, “User Count”, “Site Count”, “Page Count”, “Object Count”, “Time”, “Hit Count”. M86 S ECURITY UIDE...

  • Page 735: For Pie And Bar Charts Only

    Chapter 3 of the Report Manager Administration Section for more information about the Hide Unidentified IPs option. To change the selection in this field, click the Hide Uniden- tified IPs checkbox to remove—or add—a check mark in M86 S ECURITY UIDE...

  • Page 736: Email / For Email Output Only Fields

    • Bcc (optional) - Enter the email address of each intended recipient of a blind carbon copy of this message, sepa- rating each address by a comma (,) and a space. • Body - Type in text pertaining to the report. M86 S ECURITY UIDE...

  • Page 737: Detailed Info Fields

    Engine Keyword), “URL KW” (URL Keyword), “URL”, “Wildcard”, “Https High” (HTTPS Filtering Level set at High), “X-strike” (X Strikes Blocking), “Pattern” (Proxy Pattern Blocking), or “N/A” if the content was unclassified at the time the log file was created. M86 S ECURITY UIDE...
  • Page 738 Engine Reporting option is enabled in the Optional Features screen of the System Configuration adminis- trator console user interface. NOTE: Refer to the Optional Features screen sub-section of the System Configuration Section for information about the Search String feature. M86 S ECURITY UIDE...

  • Page 739: Export A Productivity Report

    WARNING: Large reports might not be sent due to email size restrictions on your mail server. The maximum size of an email message is often two or three MB. Please consult your mail server administrator for more information about email size restric- tions. M86 S ECURITY UIDE...

  • Page 740: View And Print Options

    • Select All - Highlight the entire text (Ctrl+A), and then Copy (Ctrl+C) and Paste (Ctrl+V) this text in an open file • Perform a search for text > Find - Search for specific text in the file (Ctrl+F) M86 S ECURITY UIDE...

  • Page 741: Sample Report File Formats

    MS-DOS Text, PDF, Rich Text Format, HTML, Comma-Delimited Text, Excel (Chinese), Excel (English). NOTES: M86 Security recommends using the PDF and HTML file formats over other file format selections—in particular for detail reports—since these files display and print in a format that is easiest to read.

  • Page 742: Ms-Dos Text

    Fig. 4:2-15 Category Groups detail report, MS-DOS Text file format This is a sample of the Category Groups detail report in the PDF format, saved with a .pdf file extension: Fig. 4:2-16 Category Groups detail report, PDF format M86 S ECURITY UIDE...

  • Page 743: Rich Text Format

    HAPTER RILL EPORTS Rich Text Format This is a sample of the Category Groups detail report in the Rich Text file Format, saved with a .rtf file extension: Fig. 4:2-17 Category Groups detail report, RTF format M86 S ECURITY UIDE...

  • Page 744: Html

    Fig. 4:2-18 Category Groups detail report, HTML file format Comma-Delimited Text This is a sample of the Category Groups detail report in the Comma-Delimited Text format, saved with a .csv file exten- sion: Fig. 4:2-19 Category Groups detail report, Comma-Delimited Text file M86 S ECURITY UIDE...

  • Page 745: Excel (English)

    Fig. 4:2-20 Category Groups detail report, Excel (English) file format NOTES: The Excel (English) option supports up to 65,000 rows of exported data. If exporting more than 65,000 rows of data, M86 Security recommends using another format. The Excel (Chinese) option supports up to 10,000 rows of exported data.

  • Page 746: Chapter 3: Customize, Maintain Reports

    In the navigation toolbar, hover over the Reports menu link and navigate to Drill Down Reports > Report Wizard to display the Drill Down Report Wizard panel: Fig. 4:3-1 Drill Down Report Wizard panel for summary reports M86 S ECURITY UIDE...

  • Page 747: Step A: Select The Report Option

    Web page or Web object access for a specified time period. The fields that display in this panel depend upon whether a summary report or a detail report is selected. Fig. 4:3-2 Drill Down Report Wizard panel for detail reports M86 S ECURITY UIDE...

  • Page 748: Detail Report

    ‘%’ wildcard to return multiple IP addresses—and then click Search to display query results in the list box below. TIP: Click Reset to remove the IP address(es) from the list box. M86 S ECURITY UIDE...
  • Page 749 • By Keyword - This selection is available for detail drill down reports only. If selecting this filter, enter a keyword from three to 255 characters to filter your results, and then click Add to include your keyword term in the list M86 S ECURITY UIDE...

  • Page 750: Step D: Specify Other Report Components

    • Limit Detail Result - For a detail drill down report, specify the number of records to be returned in the results, and if these records will only include records of blocked end user queries, or also records of non-blocked end user queries. M86 S ECURITY UIDE...

  • Page 751: Step E: Specify When To Generate The Report

    • Run - Click this button to generate and view the drill down report now in the specified report view format. Fig. 4:3-3 Summary drill down report Fig. 4:3-4 Detail by page drill down report M86 S ECURITY UIDE...

  • Page 752: Step F: Save Report Panel

    Reports > Saved Reports list box. TIP: The Copy (Ctrl+C) and Paste (Ctrl+V) functions can be used in the fields in this screen. 3. In the Description field, enter the report description. 4. Specify Email criteria: M86 S ECURITY UIDE...
  • Page 753 • Detailed Info - Uncheck any checkbox corresponding to a column that should not be included in the report. • Limit Detail Result - Indicate the maximum number of records to be included in the report, and M86 S ECURITY UIDE...
  • Page 754 If Monthly, specify the Day of the Month from the pull-down menu (1 - 31). d. Select the Start Time for the report: 1 - 12 for the hour, 0 - 59 for the minutes, and AM or PM. M86 S ECURITY UIDE...
  • Page 755 Report Wizard for a detail report, the Save and Email button is greyed-out. • Save Only - Click this button to save your entries and to go to the Saved Reports panel where you can delete, edit, or run this report or another report. M86 S ECURITY UIDE...

  • Page 756: Saved Reports

    TIP: On the Save Report panel discussed in this sub-section, click Back to return to the Saved Reports panel without saving your edits or performing any other action. M86 S ECURITY UIDE...

  • Page 757: Edit A Report

    2. After making your selections and entries on the Basic Options tab and Advanced Options tab (as described in Save Report panel in this chapter, and for the Save button option in Chapter 2), click Save Only. M86 S ECURITY UIDE...

  • Page 758: Edit A Security Report

    2. After making your selections and entries in the Report Details, Users, and Email Settings sub-panels—and Filters panel, if available for use—(as described in Chapter 2: Security Report Wizard from the Security Reports Section), click Save. M86 S ECURITY UIDE...

  • Page 759: Copy A Saved Report

    1. In the Saved Reports panel, select the report from the list. 2. Click Duplicate to display the panel for the specified report: • Save Report panel for a drill down report: Fig. 4:3-11 Save Report, duplicate report M86 S ECURITY UIDE...

  • Page 760: Run A Saved Report

    • Click Save in the Security Report Wizard panel. Run a Saved Report 1. In the Saved Reports panel (see Fig. 4:3-8), select the report from the list. 2. Click Run to generate the report view and email the report to the specified recipient(s). M86 S ECURITY UIDE...

  • Page 761: Delete A Report

    3. Click Yes to close the dialog box and delete the report. TIP: Click No to close the dialog box without deleting the report. NOTE: If a report is scheduled to run via the Report Schedule option, deleting the report removes it from the Report Schedule list. M86 S ECURITY UIDE...

  • Page 762: Report Schedule

    NOTES: Records in this panel may include drill down reports and security reports. Security reports are scheduled to run via the Schedule Settings option in the Security Report Wizard (see the Security Reports Section for more information about the Security Report Wizard). M86 S ECURITY UIDE...

  • Page 763: View Details For A Scheduled Report Run Event

    To view additional information on a scheduled report run event, select the record from the list to display the report schedule details sub-panel to the right of the table of report records: Fig. 4:3-14 View report schedule details M86 S ECURITY UIDE...

  • Page 764: Edit A Scheduled Report Run Event

    • change the Start Time for running the report TIP: Click Cancel if you wish to return to the Report Schedule panel without saving your edits. 2. Click Save to display the updated criteria in the Report Schedule panel. M86 S ECURITY UIDE...

  • Page 765: Add A Report Run Event To The Schedule

    If Monthly, specify the Day of the Month from the pull- down menu (1 - 31). 5. Select the Start Time for the report: 1 - 12 for the hour, 0 - 59 for the minutes, and AM or PM. M86 S ECURITY UIDE...

  • Page 766: Delete A Scheduled Report Run Event

    2. Click Yes to close the dialog box and remove the record from the list. TIP: Click Cancel to return to the Report Schedule panel without deleting the record from the list of reports scheduled to run. M86 S ECURITY UIDE...

  • Page 767: Chapter 4: Specialized Reports

    Executive Internet Usage Summary to display the Executive Internet Usage Summary panel: Fig. 4:4-1 Executive Internet Usage Summary panel This panel contains the Reports sub-panel listing saved report names, and the Report Details sub-panel used for configuring reports. M86 S ECURITY UIDE...

  • Page 768: View, Edit Report Settings

    Report Name, Email Subject criteria, Deliver report in email as... selection, Hide Unidentified IPs choice, Email Recipients list and report delivery schedule, and Category Groups and/or User Groups selection(s). 2. Click Save to update any modifications made to these report settings. M86 S ECURITY UIDE...

  • Page 769: Add A New Report

    “Users.” IP hit counts will be included for all other sections of the report, such as those labeled “Categories”, “Category Groups”, etc. 6. In the Email Recipients accordion, specify the user(s) to receive the report and the frequency of delivery. M86 S ECURITY UIDE...
  • Page 770 • In the Category Groups accordion, select the category group(s) from the Available M86 Category Groups and Custom Category Groups, and then click Add Cate- gory Group to move the selection(s) to the Selected list box.

  • Page 771: Sample Executive Internet Usage Report

    Total Blocked Requests are given for the following library categories: Malicious Code/Virus, Botnets/Malicious Code Command, Spyware, Bad Reputation Domains, Adult Content, Blended Threats, Phishing, Web-based Proxies/ Anonymizers, Hacking. NOTE: Blended Threats is not currently used and displays “N/A.” M86 S ECURITY UIDE...
  • Page 772 Fig. 4:4-3 Executive Internet Usage Summary monthly report, page 1 The second page includes a pie chart depicting Total Web Requests for M86 Category Groups. Each category group in the chart is represented by a pie slice and shows the number of requests and overall percentage for that pie slice.
  • Page 773 The range of Requests is shown beneath the chart. For Weekly and Monthly reports, the bottom half of the third page includes a line chart for Top Daily Web Requests by M86 S ECURITY UIDE...
  • Page 774 ‘X’ represents the name of the category group. The top 10 Users are listed in this chart, along with each user’s corresponding Page Count, IP Count, Site Count, Category Count, Time HH:MM:SS, and Hit Count. M86 S ECURITY UIDE...
  • Page 775 Fig. 4:4-6 Executive Internet Usage Summary monthly report, page 4 The balance of the report is comprised of statistics for each of the remaining category groups, represented by report page 3, and page 4 for Weekly and Monthly reports. M86 S ECURITY UIDE...

  • Page 776: Blocked Request Reports

    Block Request Count feature. In the navigation toolbar, hover over the Reports menu link and select Blocked Request Reports to display the Blocked Request Reports panel: Fig. 4:4-7 Blocked Request Reports panel M86 S ECURITY UIDE...

  • Page 777: Generate A Blocked Request Report

    • Top 20 Users by Blocked Requests - If choosing this option, make a selection from the Date Scope field to display the date range for that time period: Yesterday, Last Week, Last Month, Week to Yesterday, Month to Yesterday. M86 S ECURITY UIDE...
  • Page 778 If a new user group with new users was added, by the next day only the “Yesterday” viewing option will contain data available for viewing. All other viewing options will not be available until the full length of time indicated by the viewing option has transpired. M86 S ECURITY UIDE...

  • Page 779: View The Blocked Request Report

    The footer of the report includes the Date and Time the report was generated, and Page number. The Total Count for all blocked requests displays at the end of the report. Fig. 4:4-8 Blocked Request Report for Top 20 Users M86 S ECURITY UIDE...

  • Page 780: Time Usage Reports

    Time Usage feature. In the navigation toolbar, hover over the Reports menu link and select Time Usage Reports to display the Time Usage Reports panel: Fig. 4:4-9 Time Usage Reports panel M86 S ECURITY UIDE...

  • Page 781: Generate A Time Usage Report

    • Top 20 Users by Time Usage - If choosing this option, make a selection from the Date Scope field to display the date range for that time period: Yesterday, Last Week, Last Month, Week to Yesterday, Month to Yesterday. M86 S ECURITY UIDE...
  • Page 782 If a new user group with new users was added, by the next day only the “Yesterday” viewing option will contain data available for viewing. All other viewing options will not be available until the full length of time indicated by the viewing option has transpired. M86 S ECURITY UIDE...

  • Page 783: View The Time Usage Report

    The footer of the report includes the Date and Time the report was generated, and Page number. The Total Time for this Date Scope in days, hours, and minutes displays at the end of the report. Fig. 4:4-10 Sample Time Usage Report for Top 20 Users M86 S ECURITY UIDE...

  • Page 784: Time Usage Algorithm

    12:09:04 www.nbc.com The total for this end user is based on a nine-minute time span that includes 17 entries in the log, and seven unique minute entries: 00, 01, 02, 05, 07, 08, and 09. M86 S ECURITY UIDE...

  • Page 785: Introduction

    Internet/network activity. • Chapter 5: Identify Users, Categories - This chapter explains how to perform a custom search on Internet/ network usage by a specified user, or for a specified category or category group. M86 S ECURITY UIDE...

  • Page 786: Chapter 1: Gauge Components

    URLs in a specified library category. When clicking Gauges in the navigation toolbar, the URL gauges Dashboard panel displays showing overall activity in URL gauges: Fig. 5:1-1 URL gauges Dashboard M86 S ECURITY UIDE...

  • Page 787: Bandwidth Gauges

    With the URL gauges Dashboard displayed, click the Band- width tab—located beside the URL tab—to display the Bandwidth gauges Dashboard panel showing overall activity in bandwidth gauges: Fig. 5:1-2 Bandwidth gauges Dashboard M86 S ECURITY UIDE...

  • Page 788: Anatomy Of A Gauge

    (page count plus blocked object count) for all library categories the gauge monitors. • Bandwidth gauge - score includes the total number of bytes (kB, MB, GB) of inbound/outbound end user traffic for all protocols/ports the gauge monitors. M86 S ECURITY UIDE...
  • Page 789 For bandwidth gauges, if the total byte score reaches the threshold limit, the score displays in red text and the triangle flashes. M86 S ECURITY UIDE...

  • Page 790: Bandwidth Gauge Components

    • SMTP - Simple Mail Transfer Protocol gauge monitors the protocol used for transferring email messages from one server to another. This protocol gauge is comprised of gauges for moni- toring the following ports by default: M86 S ECURITY UIDE...
  • Page 791 • 1863 - TCP/UDP port for MSN Messenger • 5050 - TCP/UDP port for Yahoo! Messenger • 5190 - TCP/UDP port for ICQ and AOL Instant Messenger (AIM) • 5222 - TCP/UDP port for Google Talk, XMPP/Jabber client connection M86 S ECURITY UIDE...

  • Page 792: Gauge Usage Shortcuts

    Trend Chart for this particular gauge that lets you analyze the gauge’s activity. (See View Trend Charts in Chapter 4.) M86 S ECURITY UIDE...
  • Page 793 This is a shortcut to use instead of going to Dashboard Settings, selecting the gauge from the list, and then clicking the Delete Gauge icon. (See Hide, Disable, Delete, Rear- range Gauges in Chapter 2.) M86 S ECURITY UIDE...

  • Page 794: Chapter 2: Custom Gauge Setup, Usage

    2. Do the following to view the contents in the tab to be used: • Click URL Gauges if this tab currently does not display. By default, this tab includes the following list of Gauge Names: Shopping, Security, Illegal, Bandwidth, Adult Content. M86 S ECURITY UIDE...
  • Page 795 3. Select a Gauge Name to display a list of its library cate- gories/protocols/ports in the Gauge Components sub- panel: Fig. 5:2-2 Gauge Components sub-panel populated M86 S ECURITY UIDE...
  • Page 796 (see Specify Gauge Information). • Select the library categories/protocols/ports for the gauge to monitor (see Define Gauge Components). • Assign user groups whose end users’ Internet/network activity will be monitored by the gauge (see Assign User Groups). M86 S ECURITY UIDE...

  • Page 797: Specify Gauge Information

    • For a URL gauge - All (default), Others (all gauge methods, not including Keywords or URLs), Pattern, Search Engine Keyword, URL Keyword, URL, HTTPS Filtering - High, HTTPS Filtering - Medium, Wildcard, X Strike. • For a bandwidth gauge - Inbound, Outbound, Both (default). M86 S ECURITY UIDE...

  • Page 798: Define Gauge Components

    Super Category Group is available to him/her via the User Summary Panel. Thus, he/she will have the ability to lock out all users (assigned to him/her) who are currently using FTP, HTTP, IM, P2P and SMTP protocols. (See Monitor, Restrict End User Activity.) M86 S ECURITY UIDE...

  • Page 799: Assign User Groups

    This group consists of all end users whose network activities are set up to be monitored by the desig- nated group administrator. 2. From the Available User Groups list, select the user group to highlight it. M86 S ECURITY UIDE...

  • Page 800: Save Gauge Settings

    Available User Groups list. Save gauge settings After adding users, click Save to return to the Add/Edit Gauges panel that now includes the name of the gauge you just added: Fig. 5:2-5 New gauge added M86 S ECURITY UIDE...

  • Page 801: Modify A Gauge

    3. Click Edit Gauge to display the URL Gauge or Band- width Gauge panel showing the Gauge Information sub- panel to the left and the Gauge Components sub-panel to the right, populated with settings previously saved for the gauge: M86 S ECURITY UIDE...
  • Page 802 Timespan in minutes, Gauge Method (see Specify Gauge Information). • Gauge Components (see Define Gauge Components). • User Membership (see Assign user groups). 5. Click Save to save your edits and return to the Add/Edit Gauges panel. M86 S ECURITY UIDE...

  • Page 803: Hide, Disable, Delete, Rearrange Gauges

    Fig. 5:2-8 Dashboard Settings panel This panel shows the URL Gauges tab to the left and the Bandwidth Gauges tab to the right. In each of these tabs, a list of gauges displays with the following information: M86 S ECURITY UIDE...
  • Page 804 2. After making all necessary Dashboard Settings modifica- tions—hide, disable, show, rearrange, or delete a gauge—defined in the following sub-sections, click Save Changes to save your edits. M86 S ECURITY UIDE...

  • Page 805: Hide A Gauge

    Rearrange the gauge display in the dashboard To rearrange the order in which gauges display in the dash- board: 1. Select the gauge in the URL Gauges or Bandwidth Gauges tab. 2. In the Actions column, perform any of the following actions: M86 S ECURITY UIDE...

  • Page 806: Delete A Gauge

    TIP: Clicking Cancel closes the dialog box without removing the gauge. 3. Click Yes to close the dialog box and to remove both the Gauge Name from the tab and the gauge from the dash- board. M86 S ECURITY UIDE...

  • Page 807: View End User Gauge Activity

    View Overall Ranking 1. In the navigation toolbar, hover over the Gauges menu link and select Overall Ranking to open the Overall Ranking panel: Fig. 5:2-9 Overall Ranking panel M86 S ECURITY UIDE...

  • Page 808: View A Gauge Ranking Table

    Internet/network. View a Gauge Ranking table 1. In the gauges dashboard, click a gauge to open the Gauge Ranking panel: Fig. 5:2-10 Gauge Ranking table M86 S ECURITY UIDE...
  • Page 809 • Access the Category View User panel by clicking a user’s score for a gauge (see Monitor, Restrict End User Activity: Access the Category View User panel). In the Category View User panel, you view current details for the gauge. M86 S ECURITY UIDE...

  • Page 810: Monitor, Restrict End User Activity

    Fig. 5:2-11 User Summary panel In this panel you can perform the following actions: • Access the Category View User panel to see which of the gauge’s library categories/ports the end user accessed M86 S ECURITY UIDE...

  • Page 811: Access The Category View User Panel

    The target URLs sub- panel displays to the right. 1. Select a category from the list, which populates the URLs sub-panel with URLs accessed by that end user for that category: M86 S ECURITY UIDE...
  • Page 812 For each URL included in the list, the Timestamp displays using military time in the YYYY-MM-DD HH:MM:SS format. 2. Click a URL from the list to open a separate browser window or tab displaying the contents of that URL. M86 S ECURITY UIDE...

  • Page 813: Bandwidth Gauges Tab Selection

    Inbound/Outbound bandwidth usage by the end user for that port, and the combined Total inbound and outbound bandwidth usage by the end user for that port: Fig. 5:2-13 Category View User panel for Bandwidth tab selection M86 S ECURITY UIDE...

  • Page 814: Manually Lock Out An End User

    (see Low severity lockout). • Medium - This selection locks out the end user from access to the World Wide Web (see Medium and High severity lockout). M86 S ECURITY UIDE...

  • Page 815: Low Severity Lockout

    “All Categories” selection for URL gauges, nor see the “All Protocols” selection available for bandwidth gauges. In order to lock out end users using either of these selec- tions, a “Medium” severity lockout should be used. M86 S ECURITY UIDE...

  • Page 816: Medium And High Severity Lockout

    Fig. 5:2-15 Low, medium level URL, medium bandwidth lockout page M86 S ECURITY UIDE...
  • Page 817 To submit this blocked site for review, click here. NOTE: Please refer to the Global Administrator Section of the M86 Web Filter User Guide or M86 IR Web Filter User Guide for information about fields in the block page and how to use them.

  • Page 818: Chapter 3: Alerts, Lockout Management

    Alerts to open the Alerts panel: Fig. 5:3-1 Alerts panel This panel includes a sub-panel to the left that contains the URL Gauges and Bandwidth Gauges tabs, and the empty, target Alerts sub-panel to the right. M86 S ECURITY UIDE...
  • Page 819 By default, this tab includes the following list of Gauge Names: FTP, HTTP, IM, P2P, SMTP. For each Gauge Name in this list, the following infor- mation displays: Group Threshold (20 MB—64 MB for “HTTP”), Timespan (minutes)—15 by default. M86 S ECURITY UIDE...

  • Page 820: Add An Alert

    NOTE: An alert is triggered for any end user whose current score for a gauge matches the designated threshold limit. (See How to Read a Gauge in Chapter 1 for information on how scoring is defined.) M86 S ECURITY UIDE...

  • Page 821: Email Alert Function

    2. Type in the Email Address. 3. Click Add Email to include the address in the Email Addresses list box. Follow steps 2 and 3 for each email address to be sent an alert. M86 S ECURITY UIDE...

  • Page 822: Receive Email Alerts

    Appendix D: System Tray Alerts: Setup, Usage. NOTE: In order to use this feature, the LDAP User Name and Domain set up in the administrator’s profile account must be the same ones he/she uses when logging into his/her workstation. M86 S ECURITY UIDE...

  • Page 823: Lockout Function

    TCP connection if he/she reaches the threshold limit set up for the gauge. 3. Specify the Duration (minutes) of the lockout (the default is “15” minutes), or click the “Unlimited” checkbox. M86 S ECURITY UIDE...

  • Page 824: View, Modify, Delete An Alert

    3. Select the alert to be viewed or modified by clicking on it to highlight it; this action activates all buttons below the Alerts sub-panel (Add Alert, Edit Alert, Delete Alert, View Alert): Fig. 5:3-3 Alert added M86 S ECURITY UIDE...

  • Page 825: View Alert Settings

    NOTE: The System Tray alert feature is only available if using Active Directory LDAP, and is not available if using IP groups. 2. Click the “X” in the upper right corner of the alert viewer pop-up window to close it. M86 S ECURITY UIDE...

  • Page 826: Modify An Alert

    • User Threshold • Alert Action selections: Email, System Tray—the latter is only functional for Active Directory LDAP—and Lockout • Lockout Severity selection (Low, Medium, High) • Duration (minutes) selection • Email Addresses • Low Lockout Components M86 S ECURITY UIDE...

  • Page 827: Delete An Alert

    NOTE: Clicking No closes the dialog box without removing the alert, and returns you to the main Alerts panel. 4. Click Yes to close the Confirm dialog box and to remove the alert from the list. M86 S ECURITY UIDE...

  • Page 828: View The Alert Log

    NOTE: If an alert was deleted during the most recent 24-hour time period, any records associated with that alert will be removed from the alert log. 3. To view details on an alert, select the alert record in the list to highlight it. M86 S ECURITY UIDE...
  • Page 829 Lockout Components accordions display. Click an accor- dion to expand it, and view the contents—if any—within that accordion. 5. Click the “X” in the upper right corner of alert viewer pop- up window to close it. M86 S ECURITY UIDE...

  • Page 830: Manage The Lockout List

    Username (or IP address); IP address; Duration (minutes); Severity of the lockout (Low, Medium, High); Cause of the lockout (Manual, Automatic); Source of the lockout (username of the administrator who locked out the end user in a M86 S ECURITY UIDE...

  • Page 831: View A Specified Time Period Of Lockouts

    4. Click the ending date to select it and to close the calendar pop-up window. This action populates the field with the selected date. M86 S ECURITY UIDE...

  • Page 832: Unlock Workstations

    2. Next, click User Summary to display the User Summary panel where you can monitor that end user’s online activity and lock him/her out of designated areas of the Internet/network. (See Monitor, Restrict End User Activity for details about using the User Summary panel.) M86 S ECURITY UIDE...

  • Page 833: Chapter 4: Analyze Usage Trends

    If more information is required in your analysis, the Web Filter application, Report Manager tools, and System Configuration administrator console should be consulted so you can generate customized reports to run for a time period of your specifications. M86 S ECURITY UIDE...

  • Page 834: View Trend Charts

    3. Find the gauge for which the trend chart will be gener- ated, and then click the Trend Charts icon at the bottom middle of that gauge: M86 S ECURITY UIDE...
  • Page 835 100 percent. The top and bottom sections of this panel contain tabs. Information about all actions that can be performed in this panel appears in the Navigate a trend chart sub-section. M86 S ECURITY UIDE...

  • Page 836: View Overall Url Or Bandwidth Gauge Activity

    100 percent. The top and bottom sections of this panel contains tabs. For the bandwidth trend chart, buttons display above this panel. M86 S ECURITY UIDE...

  • Page 837: Navigate A Trend Chart

    24- hour time period • 1 Week - This selection displays the gauge URL/byte average score in 12 hour increments for the past seven- day time period M86 S ECURITY UIDE...

  • Page 838: Analyze Gauge Activity In A Pie Chart

    1. To view a line chart showing activity for a slice of the pie chart, do either of the following: • Click that slice of the pie chart • Click the specified tab beneath the pie chart Either action displays the line Trend Chart: M86 S ECURITY UIDE...
  • Page 839 TIP: Click a populated checkbox to remove the check mark and the line showing activity for that gauge. • To view information about a specific point in the line chart, hover over that point in the chart: M86 S ECURITY UIDE...

  • Page 840: View In/Outbound Bandwidth Gauge Activity

    Print a trend chart from an IE browser window A trend chart can be printed from an IE browser window by using the browser window’s toolbar and going to File > Print and proceeding with the print commands. M86 S ECURITY UIDE...

  • Page 841: Chapter 5: Identify Users, Categories

    This panel displays the Search Criteria sub-panel to the left with the open Users accordion and closed Available Cate- gories/Groups accordion, Timespan and Top Results sliders, Search button; and to the right, the empty Results target sub-panel. M86 S ECURITY UIDE...

  • Page 842: Specify Search Criteria

    Users accordion, the Top Results slide becomes activated and you can make a selection for the maximum number of records to return in the results for that user: top 10, 20, 30, 40, 50, 60, 70, 80, 90, 100 records. M86 S ECURITY UIDE...
  • Page 843 Total score for that record. For a URL search, you can drill down even further by selecting a user’s record and then viewing the URLs that user accessed (see View URLs within the accessed category). M86 S ECURITY UIDE...

  • Page 844: View Urls Within The Accessed Category

    TIP: Click Back to results to return to the previous page where you can perform another query. You can now print the results displayed in this window if using an IE browser window, or access another selected URL. M86 S ECURITY UIDE...

  • Page 845: Introduction

    SR’s source email address in your email client. The source email address can be found in System Configuration > Server > SMTP Server Setting, in the “From Email Address” field. M86 S ECURITY UIDE...

  • Page 846: Chapter 1: Security Reports

    Report Wizard to customize your view, save the view, export the view, and/or schedule the report to run at a designated time. The Report Wizard feature for secu- rity reports is discussed in detail in Chapter 2: Security Report Wizard. M86 S ECURITY UIDE...

  • Page 847: Security Report Format

    Fig. 6:1-1 Sample Blocked Viruses report view The bottom portion of the report view panel includes tools for modifying and exporting the report view, and/or saving or scheduling the report to run at a specified time. M86 S ECURITY UIDE...
  • Page 848 The bottom portion of this panel only includes tools for hiding columns and exporting all records. TIP: To refresh the report view displayed in the panel, select Reports > Security Reports and choose the report type again. M86 S ECURITY UIDE...

  • Page 849: Security Report Types

    (see Drill Down into a Security Report). Security Policy Violations report view The Security Policy Violations report view is accessible via Reports > Security Reports > Security Policy Violations: Fig. 6:1-3 Security Policy Violations report view M86 S ECURITY UIDE...

  • Page 850: Traffic Analysis Report View

    Bandwidth used in all occurrences of accessing this object. Click a link in any of these columns to drill down into the specified record and create a new report view (see Drill Down into a Security Report). M86 S ECURITY UIDE...

  • Page 851: Rule Transactions Report View

    Hit Count of all user encounters for that record. Click a link in any of the Count columns to drill down into the specified record and create a new report view (see Drill Down into a Security Report). M86 S ECURITY UIDE...

  • Page 852: Drill Down Into A Security Report

    Date (M/D/YYYY H:MM:SS AM/PM format), User IP, User name path, Site name, Bandwidth, and URL. • Clicking a User Count column link displays a report view with columns for Users, IP Count, and Bandwidth. M86 S ECURITY UIDE...

  • Page 853: Security Report Tools

    NOTE: The Report Settings menu is not available for second and third level report views. Report view icons Click the following report view icon to change the report view display: • Click this icon to display only the top six bars: M86 S ECURITY UIDE...
  • Page 854 Note that the graph only report view footer does not include the Export Selected button and page navigation field. • Click this icon to display the top six bars and table of records: Fig. 6:1-7 Sample top six bars and report records view (default view) M86 S ECURITY UIDE...

  • Page 855: Security Report Exportation

    If more than one page of records displays for the total pages returned, enter a page number within that range to navigate to that page of records, or use the up/down arrow(s) to specify the page you want displayed. M86 S ECURITY UIDE...

  • Page 856: Detail Report Column Visibility

    • Bandwidth (for Bandwidth detail results only) - Displays the amount of bandwidth (in MB or GB) used by the end user. • URL - Displays the link for the item accessed by the end user. M86 S ECURITY UIDE...

  • Page 857: Security Report Tips

    Click another column header to sort records by that speci- fied column. URL viewing tip In a URL column, click the URL for a specified record to view the item currently indexed in the SR’s memory. M86 S ECURITY UIDE...

  • Page 858: Report Settings Options

    (default), “Month to Date”, “Year to Date”, “Yesterday”, “Month to Yesterday”, “Year to Yesterday”, “Last Week”, “Last Weekend”, “Current Week”, “Last Month”. • Date Range (default) - If selecting this option, use the calendar icons to set the date range. M86 S ECURITY UIDE...
  • Page 859 Preview Users to display query results in the list box below. For a Traffic Analysis or Rule Transactions report, you can narrow your search result by including filters: a. Click Filters at the bottom right of the panel to display the filter results panel: M86 S ECURITY UIDE...
  • Page 860 Remove. • Click the “Assign All” checkbox to select all records and grey-out the panel. c. Click Back to return to the Security Report Wizard panel. 4. Click Run to generate the security report view: M86 S ECURITY UIDE...
  • Page 861 1: S ECURITY EPORTS ECTION HAPTER ECURITY EPORTS Fig. 6:1-11 Generated Security Report view The report can now be exported by selecting one of the export options (see Export a Security Report). M86 S ECURITY UIDE...

  • Page 862: Save A Security Report

    (default), “Month to Date”, “Year to Date”, “Yesterday”, “Month to Yesterday”, “Year to Yesterday”, “Last Week”, “Last Weekend”, “Current Week”, “Last Month”. • Date Range - If selecting this default option, use the calendar icons to set the date range. M86 S ECURITY UIDE...
  • Page 863 Click Filters at the bottom right of the panel to display the filter results panel (see Fig. 6:1-10). TIP: At the bottom left of the panel, click Back at any time to return to the Security Report Wizard panel. M86 S ECURITY UIDE...
  • Page 864 Specify the Output Type to be used for the PDF report file in the email: “Email As Attachment” or “Email As Link”. NOTE: The report will be generated in the PDF Format and emailed to the address(es) provided. M86 S ECURITY UIDE...

  • Page 865: Schedule A Security Report To Run

    Fig. 6:1-13 Report Settings Schedule option 2. After specifying criteria for saving the report, go to the lower right corner of the panel and click Schedule Settings to open the Schedule Settings pop-up window: M86 S ECURITY UIDE...
  • Page 866 6. Click Save at the bottom of the Security Report Wizard panel to save your settings and to add the report to the schedule to be run (see Report Schedule in Chapter 3 of the Productivity Reports Section). M86 S ECURITY UIDE...

  • Page 867: Export A Security Report

    “All”. NOTE: “All” records may take a long time for the report to generate, depending on the number of records to be included. M86 S ECURITY UIDE...
  • Page 868 If you wish, enter text to be included in the Body of the message. e. Specify the Output Type to be used for the PDF report file in the email: “Email As Attachment” or “Email As Link”. M86 S ECURITY UIDE...

  • Page 869: Security Report Format

    Following the bar chart is a list of records, with the corre- sponding Item Count for each record. For Rule Transaction reports, Actions and Policies column data precede Item Count column data. M86 S ECURITY UIDE...
  • Page 870 IP, User name path, Site, bandwidth Size (e.g. kB), and URL, as in the sample below: Fig. 6:1-17 Sample PDF for detail Security Report At the end of the report, the Total Items display for all records. M86 S ECURITY UIDE...

  • Page 871: Chapter 2: Security Report Wizard

    In the Report Details sub-panel, specify general information for the security report to be generated: 1. Type in the Report Name. 2. Choose the Report Type from the pull-down menu (“Blocked Viruses”, “Security Policy Violations”, “Traffic M86 S ECURITY UIDE...
  • Page 872 URLs to save: • All URLs - Check this checkbox to save all URLs • Top - Specify the number of top URLs to be saved M86 S ECURITY UIDE...

  • Page 873: Select Users

    For a Traffic Analysis or Rule Transactions report, you can narrow your search result by including filters: a. Click Filters at the bottom right of the panel to display the filter results panel: Fig. 6:2-2 Security Report Wizard Filters option M86 S ECURITY UIDE...
  • Page 874 To remove the record(s), select the record(s) from the Assigned list box and click Remove. • Click the “Assign All” checkbox to select all records and grey-out the panel. c. Click Back to return to the Security Report Wizard panel. M86 S ECURITY UIDE...

  • Page 875: Specify Email Settings

    4. If you wish, enter text to be included in the Body of the message. 5. Specify the Output Type to be used for the PDF report file in the email: “Email As Attachment” or “Email As Link”. M86 S ECURITY UIDE...

  • Page 876: Schedule, Run A Report Using The Wizard

    Export a Security Report in Chapter 1), and a PDF of the report downloaded to your machine. • Saved by going to the Report Settings menu and selecting the Save option (see Report Settings Options: Save a Security Report in Chapter 1). M86 S ECURITY UIDE...

  • Page 877: Evaluation Mode

    Fig. A-1 Server Information panel in evaluation mode Hover over the ‘EVALUATION MODE’ link to display a defi- nition of ‘Evaluation Mode’. Click this link to launch the SR Server Status screen of the System Configuration adminis- M86 S ECURITY UIDE...

  • Page 878: Sr A Ppendices S Ection

    STORAGE ‘X’ WEEKS” also displays at the top of the Expiration screen in the System Configuration console. Refer to the Expira- tion screen sub-section in Chapter 2 of the System Configuration Section for more information about data storage and expiration. M86 S ECURITY UIDE...

  • Page 879: Use The Server In The Evaluation Mode

    ‘X’ represents the maximum number of weeks in the SR’s data storage scope). This message is followed by a line stating: “Please click here to activate the box.” Clicking the link “here” is used for activating the SR to func- tion in registered mode. M86 S ECURITY UIDE...

  • Page 880: Change The Evaluation Mode

    • in the Evaluation screen, click the link (“here”) in the message at the top of the screen: “Please click here to activate the box”. By clicking the button or link, the Activation Page pop-up box opens: Fig. A-4 Activation Page pop-up box M86 S ECURITY UIDE...
  • Page 881 Choose the Activation Type: "Evaluation Extension" or "Full Activation." 4. Click Send Information. After M86 obtains your informa- tion, a technical support representative will issue you an activation code. 5. Return to the Activation Page (see Fig. A-4) and enter the activation code in the Activation Code field.

  • Page 882: Appendix B

    LDAP server for authenticating administrators. 1. From the taskbar of the LDAP server, go to: Start > Run to open the Run dialog box: Fig. B-1 Run dialog box M86 S ECURITY UIDE...
  • Page 883 2. In the Run dialog box, type in the path to the scripts folder: C:\WINDOWS\sysvol\domain\scripts. 3. Click OK to open the scripts folder: Fig. B-2 C:\WINDOWS\sysvol\domain\scripts window 4. Right-click in this Windows folder to open the pop-up menu. M86 S ECURITY UIDE...
  • Page 884 6. Type the following text in the blank document file: @echo off start “” “\\X.X.X.X\win\tartrayw32.exe” ta[X.X.X.X] in which “X.X.X.X” represents the IP address of the SR server, and “\win\tartrayw32.exe” refers to the location of the SR Tray Alert executable file on the SR server. M86 S ECURITY UIDE...
  • Page 885 8. In the File name field, type in the name for the file using the “filename.bat” format. For example: tartray21.bat. NOTE: Be sure that the Save as type field has “All Files” selected. 9. Click Save to save your file and to close the window. M86 S ECURITY UIDE...

  • Page 886: Assign System Tray Logon Script To Administrators

    Fig. B-5 Programs > Administrative Tools > Active Directory Users 2. In the Active Directory Users and Computers folder, double-click the administrator’s Name in the Users list to open the Properties dialog box for his/her profile: M86 S ECURITY UIDE...
  • Page 887 4. In the Login script field, type in the “.bat” filename. For example: tartray21.bat. 5. Click Apply to save your entry. 6. Click OK to close the dialog box. 7. Click the “X” in the upper right corner of the folder to close the window. M86 S ECURITY UIDE...

  • Page 888: Administrator Usage Of System Tray

    System Tray Alert icon’s connection to the SR, reset- ting the status of the System Tray Alert icon to the stan- dard setting. • Exit - clicking this menu selection removes the System Tray Alert icon from the System Tray. M86 S ECURITY UIDE...

  • Page 889: Status Of The System Tray Alert Icon

    Alert”. If more than one alert is triggered for the administrator, the message reads: “New M86 SR Alert! (X Total)”, in which “X” represents the total number of new alerts. The following message displays whenever hovering over this icon: “X New M86 SR Alerts”, in which “X”...

  • Page 890: View System Tray Alert Messages

    SR Alert. Each time the Next >> button is clicked, the number of remaining alerts to be viewed decreases by one. The Next >> button no longer displays after the last alert is viewed. 3. Click Close to close the SR Alert box. M86 S ECURITY UIDE...

  • Page 891: Appendix C

    SR, sets up user groups, administrator groups and group administrators, and performs routine maintenance on the server. group administrator - An authorized administrator of the SR who maintains user group, administrator groups, group administrator profiles, and gauges. M86 S ECURITY UIDE...
  • Page 892 - P2P involves communication between computing devices—desktops, servers, and other smart devices—that are linked directly to each other. protocol - A type of format for transmitting data between two devices. LDAP is a type of authentication method protocol. M86 S ECURITY UIDE...
  • Page 893 Traveler - M86 Security’s executable program that down- loads updates to the SR at a scheduled time. UDP - An abbreviation for User Data Protocol, one of the core protocols of the Internet protocol suite.
  • Page 894 The second part specifies the IP address or the domain name where the resource is located (such as “203.15.47.23” or "m86security.com"). Web access logging device - The device feeding logs to the SR—e.g. M86 Web Filter or M86 Secure Web Gateway (SWG). M86 S ECURITY...

  • Page 895: Internet Explorer

    If you wish to block all pop-ups except those from URLs you choose to whitelist, enable Turn On Pop-up Blocker and then navigate to Pop-up Blocker Settings, adding the SR's URL in the Allowed sites list box. M86 S ECURITY UIDE...

  • Page 896: Mozilla Firefox 6.0

    • Do not allow any site to show pop-ups (recom- mended) > Exceptions..., adding the SR's URL to the Pop-up Exceptions box. Safari 5.1 In the Safari toolbar, navigate to the Safari menu and de- select “Block Pop-Up Windows” to disable pop-up blocking. M86 S ECURITY UIDE...

  • Page 897: Yahoo! Toolbar Pop-Up Blocker

    To do this: 1. Go to the Yahoo! Toolbar and click the pop-up icon to open the pop-up menu: Fig. I-1 Select menu option Always Allow Pop-Ups From M86 S ECURITY UIDE...
  • Page 898 Pop-Ups list box to activate the Allow button. 4. Click Allow to move the selected source to the Always Allow Pop-Ups From These Sources list box. 5. Click Close to save your changes and to close the dialog box. M86 S ECURITY UIDE...

  • Page 899: Google Toolbar Pop-Up Blocker

    Google Toolbar and click the Pop- up blocker button: Fig. I-3 Pop-up blocker button enabled Clicking this icon toggles to the Pop-ups okay button, adding the Client to your white list: Fig. I-4 Pop-ups okay button enabled M86 S ECURITY UIDE...

  • Page 900: Adwaresafe Pop-Up Blocker

    2. After you are finished using the Client, go back to the SearchSafe toolbar and click the icon for Popup protec- tion off to toggle back to # popups blocked. This action turns on pop-up blocking again. M86 S ECURITY UIDE...

  • Page 901: Mozilla Firefox Pop-Up Blocker

    2. Click the Content tab at the top of this box to open the Content section: Fig. I-5 Mozilla Firefox Pop-up Windows Options 3. With the “Block pop-up windows” checkbox checked, click the Exceptions... button at right to open the Allowed Sites - Pop-ups box: M86 S ECURITY UIDE...
  • Page 902 4. Enter the Address of the web site to let the client pass. 5. Click Allow to add the URL to the list box section below. 6. Click Close to close the Allowed Sites - Pop-ups box. 7. Click OK to close the Options dialog box. M86 S ECURITY UIDE...

  • Page 903: Windows Xp Sp2 Pop-Up Blocker

    1. From the IE browser, go to the toolbar and select Tools > Internet Options to open the Internet Options dialog box. 2. Click the Privacy tab: Fig. I-7 Enable pop-up blocking 3. In the Pop-up Blocker frame, check “Turn on Pop-up Blocker”. M86 S ECURITY UIDE...

  • Page 904: Use The Ie Toolbar

    When you click Turn On Pop-up Blocker, this menu selec- tion changes to Turn Off Pop-up Blocker and activates the Pop-up Blocker Settings menu item. You can toggle between the On and Off settings to enable or disable pop-up blocking. M86 S ECURITY UIDE...

  • Page 905: Add The Client To The White List

    Use the Information Bar With pop-up blocking enabled, the Information Bar can be set up and used for viewing information about blocked pop- ups or allowing pop-ups from a specified site. M86 S ECURITY UIDE...

  • Page 906: Set Up The Information Bar

    3. Click Yes to add the Client to your white list and to close the dialog box. NOTE: To view your white list, go to the Pop-up Blocker Settings dialog box (see Fig. I-9) and see the entries in the Allowed sites list box. M86 S ECURITY UIDE...

  • Page 907: Appendix Ii

    NOTE: As part of the ongoing maintenance procedure for your RAID server, M86 recommends that you always have a spare drive and spare power supply on hand. Contact M86 Technical Support for replacement hard drives and power supplies.

  • Page 908: Front Control Panel On A 300 Series Unit

    500 series model front panel. The buttons let you perform a function on the unit, while an LED indicator corresponding to an icon alerts you to the status of that feature on the unit. 500 series model chassis front panel M86 S ECURITY UIDE...
  • Page 909 A steady green LED indicates power is being supplied to the unit’s power supplies. (See also Rear of chassis.) (See Power supply failure in the Troubleshooting sub-section for information on detecting a power supply failure and resolving this problem.) M86 S ECURITY UIDE...

  • Page 910: Part 3: Troubleshooting

    Step 2: Verify the failed drive in the Admin console The Hardware Failure Detection window in the Web Filter Administrator console is accessible via the System > Hard- ware Failure Detection menu selection: M86 S ECURITY UIDE...
  • Page 911 RAID Array Status for all the hard drives (HD) at the right side of the window. Normally, when all hard drives are functioning without failure, the text “OK” displays to the right of the hard drive number, and no other text displays in the window. M86 S ECURITY UIDE...
  • Page 912 Pull out the failed drive and replace it with your spare replacement drive. Push the drive into its slot, and press the carrier back in place. NOTE: Contact Technical Support if you have any questions about replacing a failed hard drive. M86 S ECURITY UIDE...

  • Page 913: Power Supply Failure

    Step 2: Contact Technical Support Contact Technical Support for assistance with installing the replacement power supply, or to order a new replacement power supply, or for instructions on returning your failed power supply to M86. M86 S ECURITY UIDE...

  • Page 914: Fan Failure

    If this displays on your unit, contact Technical Support for an RMA (Return Merchandise Authorization) number and for instructions on returning the unit to M86. A steady red LED (on and not flashing) on a 500 series model indicates an overheating condition, which may be caused by cables obstructing the airflow in the system or the ambient room temperature being too warm.
  • Page 915 Approved Content Settings window 274 Approved Content, definition 508 authentication 167 Authentication menu 167 back up SR data internal on demand backup 544 to remote server 545 backup SR procedures 543 backup procedures 169 Backup screen 542 M86 S ECURITY UIDE...
  • Page 916 R3000 74 canned report, definition 863 category codes 435 custom categories 414 custom category 32 library 32 M86 supplied category 315 category codes 435 Category Groups menu 314 category profile global 256 minimum filtering level 278 Category Weight System window 307...
  • Page 917 Date Scope 701 Expiration screen 569 Server Information 645 username or keyword entries 722 Default Report Settings panel 657 Default Top ’N’ Value in reports 658 delete a gauge 775 detail drill down report, definition 863 M86 S ECURITY UIDE...
  • Page 918 Exception URL window 374 Executive Internet Usage Summary 739 expand or contract a column 531 expiration 570 Expiration Info 650 Expiration screen 569 expire data from server 569 passwords 576 export reports 685 Export button 698 M86 S ECURITY UIDE...
  • Page 919 Forgot Your Password 528 Format field 705 frame, terminology 14 From Date field 701 bandwidth gauge 762 CFM 303 Change Log FTP Setup 129 definition 863 proxy setting 288 FTP (File Transfer Protocol) 544 General Availability 136 M86 S ECURITY UIDE...
  • Page 920 IP 283 types of R3000 groups 25 group administrator 11 definition 509 group administrator, definition 515 Group By field 705 group by report, definition 864 Group Profile window 366 hardware 4 Hardware Failure Detection window 186 M86 S ECURITY UIDE...
  • Page 921 694 save a Security Report 834 schedule a report to run 737 schedule a Security Report to run 837 schedule or run a report in the Security Report Wizard 848 set up a custom category 414 M86 S ECURITY UIDE...
  • Page 922 Time Profile 388 set up Quotas 232 set up Real Time Probes 331 set up Search Engine Keywords Custom Categories 430 M86 Supplied Categories 325 set up URL Keywords Custom Categories 427 M86 Supplied Categories 321 set up URLs in categories...
  • Page 923 Internet Explorer 5 invisible mode 20 definition 509 IP group 26 authentication method 854 create 283 delete 400 IP Profile Management window 395 IP.ID 557 Java Plug-in 6 Java Virtual Machine 6 JavaScript 6 keyword definition 509 M86 S ECURITY UIDE...
  • Page 924 URL update 290 lookup 299 manual updates 289 search engine keywords, custom category 430 search engine keywords, M86 supplied category 325 software update 290 update categories 289 update logs 292 URL keywords, custom category 427 URL keywords, M86 supplied category 321...
  • Page 925 Web Filter 76 Logon Management window 110 logon script path block page authentication 88 Logon Settings window 106 lookup library 299 M86 supplied category 32 definition 510 M86 Web Filter and Reporter (WFR) server 7 M86 S ECURITY UIDE...
  • Page 926 NDEX machine name, definition 510 Macintosh 6 mail server 711 Manual Backup button 544 Manual Update to M86 Supplied Categories 289 Manual Update window 289 master IP group 26 definition 510 filtering profile 29 setup 283 master list 325 definition 510...
  • Page 927 511 global group 264 Google Toolbar popup blocking 454 Mozilla Firefox popup blocking 456 override popup blockers 451 profile type 30 Windows XP SP2 popup blocking 458 Yahoo! Toolbar popup blocking 452 Override Account window 264 M86 S ECURITY UIDE...
  • Page 928 Print Kernel Ring Buffer diagnostic tool 119 Print report 712 Process list diagnostic tool 116 profile global group 255 group 366 individual IP member 409 minimum filtering level 277 sub-group 404 Profile Control window 219 profile string definition 511 elements 434 M86 S ECURITY UIDE...
  • Page 929 120 rearrange the gauge display 775 re-authentication block page authentication 87 Reboot window 94 Recent Logins diagnostic tool 118 Recent Trend usage report graph 347 records exportation 685 sort by another column 685 redirect URL M86 S ECURITY UIDE...
  • Page 930 Reporting screen 62 reports diagnostic 566 Reset to Factory Defaults panel 651 Reset window 180 resize button, terminology 520 restore download a file 176 perform a restoration 177 settings 168 restore data from previous SR backup 546 M86 S ECURITY UIDE...
  • Page 931 15 search engine definition 513 search engine keyword custom category 430 M86 supplied category 325 Search Engine Keyword Filter Control global group filter option 262 search engine keyword filtering 262 Search Engine Keywords window 325 custom category 430...
  • Page 932 Sort By field 703 sort records 532 Source mode 44 spam filter 711 perform manual backup 544 SSL Certificate window 238 Stand Alone mode 44 static filtering profiles 29 Status window 155 Status window, CMC Management 230 M86 S ECURITY UIDE...
  • Page 933 624 user list update 618 Synchronization menu 148 synchronization setup 45 System Command window 114 System Performance diagnostic tool 118 system requirements 5 System screen 62 System Tray 854 System uptime diagnostic tool 119 M86 S ECURITY UIDE...
  • Page 934 To Date field 701 tolerance timer 191 Tools screen 565 tooltip information 532 tooltips in R3000 65 TOP CPU processes diagnostic tool 117 topic terminology 16 Trace Route 116 Traffic Analysis report view 822 Traveler 314 definition 513 M86 S ECURITY UIDE...
  • Page 935 URL Keyword Filter Control global group filter option 263 URL keyword filtering 263 URL Keywords window 321 custom category 427 M86 supplied category 321 URL, definition 513 URL, same URL in multiple categories 307 URLs window 316 custom category 419...
  • Page 936 87 white list definition 514 wildcard 299 wildcard searches 533 window, terminology 17 Windows 7 5 Windows Vista 5 Windows XP 5 wizard 7 installation procedures 524 Wizard panel 653 workstation requirements 5 M86 S ECURITY UIDE...
  • Page 937 NDEX Mobile Client 464 X Strikes Blocking global group filter option 261 X Strikes Blocking window 188 M86 S ECURITY UIDE...
  • Page 938 NDEX M86 S ECURITY UIDE...

Table of Contents