M86 Web Filtering and Reporting Suite USER GUIDE Software Version: 4.2.00 Document Version: 10.10.11...
Page 2
M86 Security shall not be liable for any error or for incidental or consequential damages in connection with the furnishing, performance, or use of this manual or the examples herein.
Page 5
Screen and Window Navigation ......... 67 Console Tips and Shortcuts ..........72 Log Out ..................76 WF G ......77 LOBAL DMINISTRATOR ECTION Introduction ................77 Chapter 1: System screen ............78 Control ..................... 80 Filter window ................80 M86 S ECURITY UIDE...
Page 6
View Locked IP Address, Unlock IP Address....112 View Admin, Sub Admin User Interface Access ....113 Diagnostics ..................114 System Command window ............. 114 Perform a Diagnostic Test, View Data ......115 Command Selections ............116 M86 S ECURITY UIDE...
Page 7
Specify the Listening Device ..........161 Specify the Block Page Device ......... 161 Invisible Option: Specify the Block Page Delivery..... 162 ICAP Option: Specify ICAP Server Settings ..... 163 Mobile Option: Specify the Mobile Client Control ..... 165 M86 S ECURITY UIDE...
Page 8
Go to X Strikes Unlock Workstation GUI ......198 X Strikes Unlock Workstation ........... 199 Warn Option Setting ..............202 Warn Option Setting window ..........202 Specify Interval for Re-displaying the Warn page ..... 203 Customization ................204 viii M86 S ECURITY UIDE...
Page 9
Global Group ................. 241 Range to Detect window ............241 Add a Segment to the Network ......... 242 Modify a Segment of the Network ........250 Remove a Segment from the Network ......250 Rules window ................. 251 M86 S ECURITY UIDE...
Page 10
Manual Update window ............289 Specify the Type of On Demand Update ......289 Additional Language Support window ........291 Select Additional Languages..........291 Library Update Log window ............ 292 View the Library Update Process........292 M86 S ECURITY UIDE...
Page 11
Reload the Library............. 324 Search Engine Keywords window .......... 325 View a List of Search Engine Keywords ......326 Add or Remove Search Engine Keywords......326 Upload a List of Search Engine Keywords......327 Reload the Library............. 328 M86 S ECURITY UIDE...
Page 12
Override Account window ............357 Add an Override Account ..........358 Edit an Override Account ..........365 Delete an Override Account ..........366 Group Profile window ............. 366 Category Profile ..............366 Redirect URL ..............370 Filter Options ..............371 M86 S ECURITY UIDE...
Page 13
Copy Sub Group ..............407 Copy an IP Sub-Group............407 Individual IP ................... 408 Member window ..............408 Enter the IP Address of the Member ........ 409 Individual IP Profile window ............ 409 Exception URL window ............409 xiii M86 S ECURITY UIDE...
Page 14
Upload a Master List of Search Engine Keywords ... 432 Reload the Library............. 432 Delete Category ..............432 Delete a Custom Category..........432 ....... 433 ILTER PPENDICES ECTION Appendix A ................433 Filtering Profile Format and Rules ..........433 Rule Criteria ................434 M86 S ECURITY UIDE...
Page 15
Add Override Account to the White List ........460 Use the IE Toolbar ............460 Use the Information Bar ........... 461 Appendix D ................463 Mobile Client ................. 463 Environment Requirements ............ 464 Workstation Requirements..........464 Network Requirement ............465 M86 S ECURITY UIDE...
Page 16
Procedures for Logging In, Out ............. 522 Access the Security Reporter Login window ......522 Access SR Report Manager from the WFR Portal.... 522 Enter Report Manager’s URL in the Address field .... 523 Log In ..................524 M86 S ECURITY UIDE...
Page 17
View the Status of the Server ........... 550 Secure Access screen ............551 Activate a Port to Access the SR ........551 Terminate a Port Connection ..........552 Terminate All Port Connections ........552 xvii M86 S ECURITY UIDE...
Page 18
Import User Groups ............580 SR R ..581 EPORT ANAGER DMINISTRATION ECTION Introduction ................581 Chapter 1: Group, Profile Management ........ 583 User Groups panel ................ 583 View User Group Information ..........586 xviii M86 S ECURITY UIDE...
Page 19
Activity View panel ................ 620 Perform a Search on a Specified Activity ....... 621 Search results ..............622 Device Registry panel ..............624 Removing/adding Web Filter, SWG devices ......626 Web Filter Device Maintenance ..........627 M86 S ECURITY UIDE...
Page 20
Reset to Factory Defaults panel ............ 651 Reset SR to factory defaults ........... 652 Wizard panel ................653 Main Administrator ............654 Bandwidth Range and Web Filter Setup ......654 Secure Web Gateway Setup..........655 Save Entries ..............656 M86 S ECURITY UIDE...
Page 21
Time column..............684 Column sorting tips ............685 Summary Drill Down Record exportation ......685 Other navigation tips ............685 Detail Drill Down Report View ............686 Detail Report View Tools and Tips ......... 687 M86 S ECURITY UIDE...
Page 22
View and Print Options ..............712 View and Print Tools ............... 712 Sample Report File Formats ........... 713 MS-DOS Text ..............714 PDF ................... 714 Rich Text Format .............. 715 HTML ................716 Comma-Delimited Text ............. 716 xxii M86 S ECURITY UIDE...
Page 23
View the Blocked Request Report .......... 751 Time Usage Reports ..............752 Generate a Time Usage Report ..........753 View the Time Usage Report ..........755 Time Usage algorithm ............756 ........757 EPORTS ECTION Introduction ................757 xxiii M86 S ECURITY UIDE...
Page 24
Medium and High severity lockout ........788 End user workstation lockout ..........788 Chapter 3: Alerts, Lockout Management ......790 Add an Alert .................. 792 Email alert function ..............793 Configure email alerts ............793 Receive email alerts............794 xxiv M86 S ECURITY UIDE...
Page 25
Blocked Viruses report view ........... 821 Security Policy Violations report view ........821 Traffic Analysis report view ............. 822 Rule Transactions report view ..........823 Drill Down into a Security Report ..........824 Security Report Tools ..............825 M86 S ECURITY UIDE...
Page 26
Create the System Tray logon script......... 854 Assign System Tray logon script to administrators ... 858 Administrator usage of System Tray ........860 Use the System Tray Alert icon’s menu ......860 Status of the System Tray Alert icon......... 861 xxvi M86 S ECURITY UIDE...
Page 27
Front Control Panel on a 300 Series Unit ......880 Front control panel on the 500 series model..... 880 Part 3: Troubleshooting ............882 Hard drive failure............... 882 Power supply failure............885 Fan failure ................ 886 xxvii M86 S ECURITY UIDE...
Page 28
ONTENTS ................887 NDEX xxviii M86 S ECURITY UIDE...
NOTE: The SR application can be configured to accept logs from a M86 Secure Web Gateway (SWG) and generate security reports. See the M86 Secure Web Gateway User Guide at http:// www.m86security.com/support/Secure-Web-Gateway/Docu- mentation.asp for information on the SWG.
WFR console and this user guide, and provides information on how to contact M86 Security technical support. • Web Filter (WF) - Refer to this portion for information on configuring and maintaining the Web Filter application.
IMPORTANT: The "important" icon is followed by italicized text informing you about important information or procedures to follow to ensure maximum uptime on the WFR Server. M86 S ECURITY UIDE...
• Optional: One or more attached “NAS” storage devices (e.g. Ethernet connected, SCSI/Fibre Channel connected “SAN”) Software • Linux OS • Administrator User Interface (UI) console utilized by an authorized administrator to configure and maintain the WFR server • MySQL database M86 S ECURITY UIDE...
Network Requirements • Power connection protected by an Uninterruptible Power Supply (UPS) • HTTPS connection to M86 Security’s software update server • SR must be be fully configured, and the Structured Query Language (SQL) server must be installed on the network and connected to the Web access logging device(s) (e.g.
• Firefox 6.0 • Google Chrome 13.0 • Safari 5.1 • Macintosh OS X Version 10.6 or 10.7 running: • Safari 5.1 • Firefox 6.0 • JavaScript enabled • Pop-up blocking software, if installed, must be disabled M86 S ECURITY UIDE...
ON THE How to Use the WFR on the Web Initial Setup To initially set up your M86 Web Filter and Reporter (WFR) server, the administrator installing the unit should follow the instructions in the M86 WFR Installation Guide, the booklet packaged with your WFR unit.
Page 36
Web Filter, SR Report Manager and SR System Configuration administrator console on the WFR server, without needing to use this WFR Welcome portal to individually log into the two main applications. M86 S ECURITY UIDE...
2. Go to the navigation links at the top of the Report Manager panel and select: • Administration > System Configuration to access the SR administrator console • Administration > Web Filter > (IP address) to access the Web Filter user interface M86 S ECURITY UIDE...
Security Reporter are identical (admin), but the pass- words are dissimilar, the SSO feature will not function. Thus, in order to use SSO, M86 recommends setting up an admin- istrator account in the Web Filter that matches the global administrator account set up in the SR (Administration >...
NTRODUCTORY ECTION Web Filter M86 Security’s Web Filter tracks each user’s online activity, and can be configured to block specific Web sites, service ports, and pattern and file types, and lock out an end user from Internet access, thereby protecting your organization...
Page 40
Appendix D explains how to install, configure, and use the Mobile Client. Appendix E features a glos- sary of technical terminology used in this portion of the user guide. M86 S ECURITY UIDE...
• field - an area in a dialog box, window, or screen that either accommodates your data entry, or displays pertinent information. A text box is a type of field. M86 S ECURITY UIDE...
Page 42
One or more tree lists also can display in this panel. When an item in the tree list is clicked, the tree list opens to reveal items that can be selected. M86 S ECURITY UIDE...
Page 43
When the circle is empty, the option is not selected. • screen - a main object of an appli- cation that displays across your monitor. A screen can contain panels, windows, frames, fields, tables, text boxes, list boxes, icons, buttons, and radio buttons. M86 S ECURITY UIDE...
Page 44
By clicking the link for a topic, the window for that topic displays in the right panel of the screen, or a menu of sub-topics opens. M86 S ECURITY UIDE...
Page 45
A window for a topic or sub-topic displays in the right panel of the screen. Other types of windows include pop-up windows, login windows, or ones from the system such as the Save As or Choose file windows. M86 S ECURITY UIDE...
• block instant messaging and peer-to-peer services • authenticate users via the existing authentication system on the network NOTE: See the M86 Web Filter Authentication User Guide at http://www.m86security.com/support/wf/documentation.asp for information on setting up and using authentication. • synchronize multiple Web Filter units so that all servers...
Chapter 1: Filtering Operations Operational Modes Based on the setup of your network, the Web Filter can be configured to use one of these operational modes for filtering the network: • invisible mode • router mode • firewall mode M86 S ECURITY UIDE...
Figure 1:1-1 depicts the invisible mode that removes the Web Filter from any inclusion in the network connection path. Fig. 1:1-1 Pass-by filtering diagram M86 S ECURITY UIDE...
Page 49
Web Filter’s port mirrors the port connected to the router. Fig. 1:1-2 Invisible mode diagram, with port monitoring In the invisible mode, the Web Filter performs as a standa- lone server that can be connected to any network environ- ment. M86 S ECURITY UIDE...
Fig. 1:1-3 Router mode diagram As previously mentioned, a Web Filter set up in the router mode can also work in the invisible mode. The router mode setup also will work in the firewall mode. M86 S ECURITY UIDE...
NTRODUCTORY ECTION HAPTER ILTERING PERATIONS WARNING: M86 recommends contacting one of our solutions engineers if you need assistance with router mode setup proce- dures. Firewall Mode The firewall mode is a modification of the router mode. With the Web Filter set up in this mode, the unit will filter all requests.
Page 52
Web Filter. WARNING: Contact a solutions engineer at M86 Security for setup procedures if you wish to use the firewall mode. Fig. 1:1-5 Firewall mode diagram, with filtering and cache setup...
The filtering profile created for the global group represents the default profile to be used by all groups that do not have a filtering profile, and all users who do not belong to a group. M86 S ECURITY UIDE...
IP members, override account, time profiles and exception URLs, and maintains filtering profiles of all members in the master IP group. Fig. 1:1-6 IP diagram with a sample master IP group and its members M86 S ECURITY UIDE...
Other filtering profiles • authentication profile - used by LDAP group members. This type of profile includes the workstation profile. NOTE: For information about authentication filtering profiles, see the M86 Web Filter Authentication User Guide. M86 S ECURITY UIDE...
Page 56
Web Filter and the Radius authentication feature enabled. • TAR profile - used by the Threat Analysis Reporter (TAR) module if an end user is locked out by TAR when attempting to access blocked content in a library cate- gory. M86 S ECURITY UIDE...
IP sub-group and is customized for sub-group members. Individual IP Member Filtering Profile An individual IP member filtering profile is created by the group administrator.This filtering profile applies to a speci- fied end user in a master IP group. M86 S ECURITY UIDE...
Active filtering profiles include the Global Group Profile, Override Account profile, Time Profile, and Lock profile. NOTE: For information about authentication filtering profiles, see the M86 Web Filter Authentication User Guide. Global Filtering Profile The global filtering profile is created by the global adminis- trator.
(default) filtering profile • filter settings - used by service ports, filtering profiles, rules, and the minimum filtering level to indicate whether users should be granted or denied access to specified Internet content M86 S ECURITY UIDE...
M86 furnishes a collection of library categories, grouped under the heading “Category Groups” (excluding the “Custom Categories” group). Updates to these categories are provided by M86 on an ongoing basis, and administra- tors also can add or delete individual URLs within a speci- fied library category.
The minimum filtering level does not apply to any user who does not belong to a group, and to groups that do not have a filtering profile established. M86 S ECURITY UIDE...
• warn - If a category is given a warn setting, a warning page displays for the end user to warn him/her that accessing the intended URL may be against established policies and to proceed at his/her own risk M86 S ECURITY UIDE...
IP group’s time profile. b. An IP sub-group time profile takes precedence over the IP sub-group profile. 5. For individual IP members: a. An individual IP member filtering profile takes prece- dence over the IP sub-group’s time profile. M86 S ECURITY UIDE...
Page 64
Global Group section of the console. 9. An X Strikes lockout profile takes precedence over all filtering profiles. This profile is set up under Filter Options, by enabling the X Strikes Blocking feature. M86 S ECURITY UIDE...
Page 65
1: F ILTER NTRODUCTORY ECTION HAPTER ILTERING PERATIONS Fig. 1:1-7 Sample filtering hierarchy diagram M86 S ECURITY UIDE...
When the IM module is loaded on the server, the Web Filter compares packets on the network with IM libraries stored on the Web Filter. If a match is found, the Web Filter checks the user’s profile to see whether the user’s connection to the IM M86 S ECURITY UIDE...
Web Filter. If a match is found, the Web Filter checks the user’s profile to see whether the user’s connec- tion to the P2P service should be blocked, and then performs the appropriate action. M86 S ECURITY UIDE...
IM and/or P2P, settings need to be made in the Policy section of the Administrator console. If applying M86’s supplied IM and/or P2P library category to an entity’s profile, all IM and/or P2P services included in that category will be blocked.
• the Pattern Blocking option in the Filter window must be activated • the global filtering profile must have the PR2PR library category set up to be blocked • the minimum filtering level profile must have the PR2PR library category set up to be blocked. M86 S ECURITY UIDE...
P2P traffic with the Range to Detect feature is desired • the minimum filtering level profile should not have P2P blocked, unless blocking all P2P traffic with the Range to Detect feature is desired. M86 S ECURITY UIDE...
All other Web Filters on the network are configured as target servers to the source Web Filter unit, receiving updates from the source server. M86 S ECURITY UIDE...
Page 72
In this mode, filtering information from the source server will be uploaded to the target server. The only synchronization setup that needs to be made on the target server is to ensure that network interfaces are configured for network communication. M86 S ECURITY UIDE...
When the target server resumes communication with the source server, it will actively download and apply the latest running configuration from the source server. M86 S ECURITY UIDE...
The use of queues ensures that if a target server is taken offline for a period of time, when it is brought back online, it will be updated with the latest changes from the source server. M86 S ECURITY UIDE...
The total time of this process will vary depending upon custom library entries, but the entire procedure should take approximately one minute. M86 S ECURITY UIDE...
As you will see by the lists on the following pages, static configuration options—such as library changes—will be synchronized. All active options—such as profile changes— will be functionally synchronized. One time configuration options on the Web Filter—such as reporting configurations, or IP addresses—will not be synchronized. M86 S ECURITY UIDE...
Synchronize All Items The following lists show which items will be synchronized when the option to synchronize all items is selected. Synchronized Items (All) • M86 Library additions/deletions • Custom library creations • Custom library additions/deletions • Search Engine keyword additions/deletions •...
The following lists show which items will be synchronized when the option to synchronize only library items is selected. Synchronized Items (Library Only) • M86 Library additions/deletions • Custom library creations • Custom library additions/deletions • Search Engine keyword additions/deletions •...
Web Filter servers should be designated as the new source server. Establish Backup Procedures To prevent down time during a source server failure, M86 recommends establishing backup and restore procedures. It is important that regular backups of the source Web Filter server are saved using the Backup/Restore window in the System section of the Web Filter console.
8. After the restoration of configuration settings is applied and a quick reload takes place, this Web Filter will now function as the source server in the Web Filter cluster. M86 S ECURITY UIDE...
4. Apply all software updates that were applied on the failed source server. 5. In the Policy section of the console, enter all groups and filtering profiles. 6. Make all necessary settings in all sections and windows of the console. M86 S ECURITY UIDE...
Click the WF icon in the WFR Welcome window: Fig. 1:4-1 Web Filter icon in WFR Welcome window Clicking the WF icon opens a separate browser window/tab containing the Web Filter Login window (see Fig. 1:4-2). M86 S ECURITY UIDE...
In order to accept the security certificate, follow the instruc- tions at: http://www.m86security.com/software/8e6/ docs/ig/misc/sec-cert-wf4.2.pdf 3. After accepting the security certificate, click Go to open the Web Filter login window (see Fig. 1:4-2). M86 S ECURITY UIDE...
NOTE: See Chapter 1: System screen in the WF Global Adminis- trator Section for information on logging into the Web Filter user interface if your password has expired. 2. Click LOGIN to access the Welcome screen of the Web Filter Administrator console: M86 S ECURITY UIDE...
• Yes - clicking this button closes the dialog box and opens an alert box indicating that it will take a few minutes to perform the library update. Click OK to close the alert box and to execute the command to update the libraries. M86 S ECURITY UIDE...
Page 89
After the libraries are updated, today’s date will appear as the Last Library Update on the welcome screen. NOTE: Refer to the Library screen’s Manual Update to M86 Supplied Categories window—in the Web Filter Global Group Section—for information about updating library categories on demand.
System section. This section is comprised of windows used by the global administrator for configuring and maintaining the server to authenticate users, and to filter or block specified Internet content for each user based on the applied filtering profile. M86 S ECURITY UIDE...
Page 91
Real Time Probe icon - If the Real Time Probe feature is enabled, this icon can be clicked by authorized users to access the Real Time Probe reporting tool. • system time - The system time displays using the YYYY/MM/DD HH:MM:SS date and time format M86 S ECURITY UIDE...
1. Click a link to go to a specified topic. 2. To view Help Topics for another section, click the tab for that section: Policy, Library, Reporting, System, or Help. 3. Click Close Window to close the Help Topics window. M86 S ECURITY UIDE...
Page 93
F1 key on your keyboard. • Hover Display The yellow tooltip box displays when you hover over the icon with your mouse: Fig. 1:4-7 Tooltip mouseover effect To close the tooltip box, move the mouse away from the icon. M86 S ECURITY UIDE...
Page 94
ILTER NTRODUCTORY ECTION HAPTER ETTING TARTED • Help pop-up box The Help pop-up box opens when you press the F1 key on your keyboard: Fig. 1:4-8 Help pop-up box Click OK to close the pop-up box. M86 S ECURITY UIDE...
Topic Links In Library, Reporting, and System screens, the navigation panel contains topic links. By clicking a topic link, the window for that topic displays in the right panel: Fig. 1:4-9 Selected topic and its corresponding window M86 S ECURITY UIDE...
Page 96
For these topics, clicking a topic link opens a menu of sub-topics: Fig. 1:4-10 Sub-topics menu When a sub-topic from this menu is selected, the window for that sub-topic displays in the right panel of the screen. M86 S ECURITY UIDE...
(+) sign, when that branch of the tree is collapsed. By double-clicking the entity, a minus (-) sign replaces the plus sign, and all branches within that branch of the tree display. An item in the tree is selected by clicking it. M86 S ECURITY UIDE...
Page 98
When a tree list topic is selected and clicked, a menu of sub- topics opens: Fig. 1:4-12 Tree list topics and sub-topics Clicking a sub-topic displays the corresponding window in the right panel, or opens a pop-up window or alert box, as appropriate. M86 S ECURITY UIDE...
Apply button. NOTE: In the Time Profile and Override Account pop-up windows, entries are saved at the bottom of the window. Fig. 1:4-13 Window with tabs M86 S ECURITY UIDE...
Refresh the Console Press F5 on your keyboard to refresh the Administrator console. This feature is useful in the event that more than one browser window is open simultaneously for the same Web Filter. M86 S ECURITY UIDE...
Page 101
• To paste text into an empty field, place the cursor in the field and then press the Ctrl and V keys. • To copy over existing text, highlight text currently in the field and then press the Ctrl and V keys. M86 S ECURITY UIDE...
Page 102
Calculate to display the Min Host and Max Host IP addresses. TIP: If necessary, make a different IP address entry and Netmask selection, and then click Calculate to display different Min Host and Max Host results. M86 S ECURITY UIDE...
Page 103
For greater ease in viewing content in any screen, re-size the browser window by placing your cursor at any edge or corner of the user interface, left clicking, and then dragging the cursor to the left or right, or inward or outward. M86 S ECURITY UIDE...
3. Click the “X” in the upper right corner of the screen for the Login window to close it. WARNING: If you need to turn off the server, see the ShutDown window of the System screen in the WF Global Administrator Section. M86 S ECURITY UIDE...
• adds group administrators • sets up administrators for receiving automatic alerts • updates the WFR server with software supplied by M86 • analyzes server statistics • utilizes diagnostics for monitoring the server status to ensure optimum functioning of the server •...
Control settings, Network settings, Administrator account information, Secure Logon, Diagnostics, Alert contacts, Software Update, Synchronization, operation Mode, Authentication settings (see the M86 Web Filter Authentication User Guide for information about this topic), Backup/Restore operations, Reset settings, Radius Authen- tication Settings, SNMP, Hardware Failure Detection, X Strikes Blocking, Warn Option Setting, Customization, Quota Setting, and SSL Certificate.
Page 107
Click your selection to choose a main topic from this list, or to view a menu of sub-topics, if applicable. When a topic or sub-topic is selected, the designated window for that topic or sub-topic displays in the right panel. M86 S ECURITY UIDE...
HTTPS sites on Web Filters set up in the Stand Alone or Source mode. In the Service Control frame, enabling Pattern Blocking will log IM and P2P end user activity, and block end users from using M86 S ECURITY UIDE...
HTTP header inspection. Disable HTTP Packet Splitting Detection To disable automatic detection of a split HTTP packet, click “Off.” This action removes the field below the radio buttons. NOTE: After making all entries in this window, click Apply. M86 S ECURITY UIDE...
Group Administrator Section for information on setting up a custom library category. See Global Group Profile window and Minimum Filtering Level window in Chapter 2: Policy screen for information on allowing a library category to pass.) M86 S ECURITY UIDE...
IM and P2P activity of end users once IM and P2P pattern files are downloaded on demand via the Manual Update to M86 Supplied Categories window. NOTE: See http://www.m86security.com/software/8e6/hlp/ifr/ files/1system_proxy_block.html for a list of proxy pattern types that are set up to be blocked.
To enable All Target(s) Filtering, click the “On” radio button. Each target server on the network will filter the Range to Detect specified on that server. NOTE: After making all entries in this window, click Apply. M86 S ECURITY UIDE...
See the Block Page Customization window and Common Customization window in this chapter for information on custom- izing the M86 block page. See Appendix B: Create a Custom Block Page for information on creating a customized block page using your own design.
NET USE script. NOTES: • Details about the Web-based Authentication option can be found in the M86 Web Filter Authentication User Guide. • For more information about the Override Account option, see information on the following windows in this user guide: •...
3. Click Apply to apply your settings. Block page When a user attempts to access Internet content set up to be blocked, the block page displays on the user’s screen: Fig. 2:1-4 Sample Block Page M86 S ECURITY UIDE...
Page 117
By default, the following standard links are included in the block page: • HELP - Clicking this link takes the user to M86’s Tech- nical Support page that explains why access to the site or service may have been denied.
For further options, click here. Fig. 2:1-5 Options page The following items previously described for the Block page display in the upper half of the Options page: • HELP link • User/Machine frame contents M86 S ECURITY UIDE...
Page 119
The frame beneath the User/Machine frame includes infor- mation for options (1, 2, and/or 3) based on settings made in this window and the Common Customization window. NOTE: Information about Option 1 is included in the M86 Web Filter Authentication User Guide. Option 2 Option 2 is included in the Options page, if “Override...
Page 120
• Try re-authenticating your user profile - This link displays if “Re-authentication” was selected at the Re- authentication Options field, and an entry was made in the Logon Script Path field. When the user clicks this link, a window opens: Fig. 2:1-7 Re-authentication option M86 S ECURITY UIDE...
Fig. 2:1-8 ShutDown window Shut Down the Server In the ShutDown frame, click ShutDown to power off the server. NOTE: See the WFR Overview for information about accessing the WFR user interface and logging back into the server. M86 S ECURITY UIDE...
After the server is rebooted, the Web Filter status message box closes, and the Web Filter ready alert box opens. M86 S ECURITY UIDE...
Page 123
NOTE: See the WFR Suite Overview and Chapter 4: Getting Started from the Introductory Section of the Web Filter portion of this user guide for information about accessing the WFR user interface and logging back into the server. M86 S ECURITY UIDE...
Block Page Route Table. LAN Settings window The LAN Settings window displays when LAN Settings is selected from the Network menu. This window is used for configuring network connection settings for the WFR. Fig. 2:1-10 LAN Settings window M86 S ECURITY UIDE...
3. Click Apply to apply your settings. NOTE: Whenever modifications are made in this window, the server must be restarted in order for the changes to take effect. M86 S ECURITY UIDE...
Web Filter will use the actual time from a clock at a specified IP address. NOTE: The System Time displays beneath the Details frame, using the YYYY/MM/DD HH:MM:SS Coordinated Universal Time (UTC) format for the current time zone. Fig. 2:1-11 NTP Servers window M86 S ECURITY UIDE...
3. Click Apply to apply your settings. Remove an NTP Server To remove an NTP server: 1. Select the IP address from the Servers list box. 2. Click Delete. 3. Click Apply to apply your settings. M86 S ECURITY UIDE...
If necessary, select a language set from the Language pull-down menu to specify that you wish to display that text in the console. 3. Click Apply to apply your settings, and to reboot the Web Filter. M86 S ECURITY UIDE...
Fig. 2:1-13 Block Page Route Table window NOTE: See the Block Page Authentication window for information on setting up block pages. M86 S ECURITY UIDE...
NOTE: Follow steps 1-4 for each router you wish to include in the routing table. Remove a Router To remove one or more routers from the IP/Mask list box: 1. Select the router(s) from the list box. 2. Click Delete. M86 S ECURITY UIDE...
WF Group Administrator Section for information on setting up and maintaining accounts for IP group administrators. See the M86 Web Filter Authentication User Guide for more information on setting up and maintaining LDAP Sub Admin group adminis- trator accounts. A help desk administrator will only see his/her account information and can only modify his/her password.
YSTEM SCREEN TIP: The default Username is admin and the Password is user3. M86 recommends that you retain this default account and pass- word in the event that the Web Filter unit cannot be accessed. An authorized M86 Security technical representative may need to use this username and password when troubleshooting the unit.
NOTE: A username cannot be modified, but can be deleted and added again. Delete an Administrator Account To delete an administrator account: 1. Select the username from the Current User list box. 2. Click Delete to remove the account. M86 S ECURITY UIDE...
IP address if an incorrect password is entered for a specified number of times within a defined timespan. NOTE: This window displays only on servers set up in the Stand- alone or Source mode. Fig. 2:1-15 Logon Settings window M86 S ECURITY UIDE...
LOGIN, a login dialog box opens: Fig. 2:1-16 New password entry This dialog box displays his/her Username and prompts him/her to enter a new password in the Password and Confirm Password fields. Upon clicking OK, the Web Filter user interface opens. M86 S ECURITY UIDE...
Lockout by IP address option(s) enabled— enter the number of times a user can enter an incorrect password during the interval defined in the Failed Password Attempts Timespan (in minutes) [1-1440] field before being locked out of the Web Filter. M86 S ECURITY UIDE...
Page 137
IP address on the third unsuccessful login attempt. But there would be no lockout for that IP address if the third failed attempt was made outside of the 10- minute timespan. 2. Click Apply to apply your settings. M86 S ECURITY UIDE...
Username/IP address feature is enabled in the Logon Settings window, and a user is unable to log into the Administrator console due to a password expiration, or having met the specified number of failed password attempts within the designated timespan. M86 S ECURITY UIDE...
YYYY-MM-DD format, based on the configuration in the Logon Settings window at the time the password was saved in that window) • lock symbol if the account is currently locked. TIP: This list can be resorted by clicking a specified column header. M86 S ECURITY UIDE...
TIP: Click No to close the dialog box. 3. Click Yes to display the alert box indicating the IP address was unlocked. 4. Click OK to close the alert box, and to remove the IP address from the list. M86 S ECURITY UIDE...
Click any of the available tabs (System, Policy, Library, Report, Help) to view menu topics, sub-topics, and branches of trees available to that administrator. 4. Click the “X” in the upper right corner of the window to close it. M86 S ECURITY UIDE...
Command is selected from the Diagnostics menu. This window is used for viewing server statistics and for performing diagnostic tests on the server. Fig. 2:1-19 System Command window WARNING: Diagnostics tools utilize system resources, impacting the WFR’s performance. M86 S ECURITY UIDE...
2. Click Execute to open a pop-up window containing the query results: Fig. 2:1-20 System Command, Results window 3. Click the “X” in the upper right corner of the pop-up window to close it. M86 S ECURITY UIDE...
When Execute is clicked, rows of processes display in the pop-up window, including the following information for each process: Process Identification Number, full device number of the controlling terminal, status code, amount of time it took to run the process, and command line. M86 S ECURITY UIDE...
Page 145
When Routing Table is selected and Execute is clicked, information about available routes and their statuses displays in the pop-up window. Each route consists of a destination host or network and a gateway to use in forwarding packets. M86 S ECURITY UIDE...
Page 146
The Recent Logins diagnostic tool is used for showing infor- mation on administrator login activity. When Execute is clicked, the pop-up window displays a row of data for each time an administrator logged on the WFR. M86 S ECURITY UIDE...
Page 147
When Execute is clicked, messages from the kernel ring buffer display in the Result pop-up window. These messages from system boot-up provide information about hardware and module initialization, useful for diagnosing system problems. M86 S ECURITY UIDE...
• “Software Update Log (patch.log)” - used for viewing the results of a software update application, such as which files were copied to the server, and whether the software update was successfully applied. M86 S ECURITY UIDE...
Page 149
“eDirectory Agent Debug Log (edirAgent.log)”, “eDirectory Agent Event Log (edirEvent.log)” and “Authentication Module Log (authmodule.log)” options, see the View log results section in the M86 Web Filter Authentication User Guide. 2. Choose the Last Number of Lines to view (100-500) from that file.
Disable to terminate your Troubleshooting Mode session. Once Disable is clicked, the Web Filter will resume filtering the network. NOTE: See the Operation Mode window for information about invisible, router, and firewall modes, and listening devices. M86 S ECURITY UIDE...
Web Filter; packets sent to or from port 20 or 21; packets sent to the Virtual IP address’s port 137 or 139, or Address Resolution Protocol (ARP). 7. Click Execute to display results in the Result list box. M86 S ECURITY UIDE...
NOTE: In order to use this diagnostic tool, IP groups and/or members must be set up in the Policy section of the Web Filter, and each IP group and/or member must have a filtering profile. MAC addresses are used in the mobile mode only. M86 S ECURITY UIDE...
• Rule name - if this profile uses a non-custom rule, the rule number displays • Profile Type - type of profile, greyed-out: • Regular profiles - IP group, sub-group, individual, or MAC profile M86 S ECURITY UIDE...
Page 154
• TAR profile - Threat Analysis Reporter lock out profile • Radius profile - Radius accounting server profile NOTE: See the M86 Web Filter Authentication User Guide for information that displays in these fields if the domain is an LDAP domain.
Page 155
• Blocked Ports (optional) - ports that have been set up to be blocked, if established. • Redirect URL (optional) - the URL that will be used for redirecting the user away from a page that is blocked, if established. M86 S ECURITY UIDE...
FTP server. The log of changes made on the server can be viewed in this window. Admin Audit Trail The Admin Audit Trail tab displays by default: Fig. 2:1-26 Admin Audit Trail window M86 S ECURITY UIDE...
6. Specify whether or not to Send Daily Log to FTP Server by clicking either the “on” or “off” radio button. 7. Click Apply to apply your settings. FTP the Log on Demand Click FTP Now to transfer the log on demand. M86 S ECURITY UIDE...
(Time), IP address of the machine used by the administrator, administrator's User- name, and a brief description of the Action performed on the server. M86 S ECURITY UIDE...
WFR alerts the administrator about the failed process, and that an attempt will be made to reload the necessary process. The last few lines of any pertinent logs are included in the message to assist the administrator in M86 S ECURITY UIDE...
Page 160
80 percent, an alert is sent to the administrator. This problem usually occurs if the Web Filter is unable to transfer log files to the M86 Security Reporter. Action should be taken to prevent the hard drive from reaching 100 percent utilization.
Delete key on your keyboard 2. After all edits have been made, click Apply to apply your settings. Disable the Alert Feature 1. Click the “Disable” radio button. 2. Click Apply to apply your settings. M86 S ECURITY UIDE...
3. By default, the Email queue size is 50. This can be changed to specify the maximum number of requests that can be placed into the queue awaiting an available outbound connection. M86 S ECURITY UIDE...
2. Enter the email address in the pop-up box. 3. Click OK to close the pop-up box and to process your request. If all SMTP Server Settings are accepted, the test email should be received at the specified address. M86 S ECURITY UIDE...
Availability (GA) release to be distributed to all WFRs. Fig. 2:1-31 Local Software Update window NOTE: Available software updates come from downloads made to the server via Traveler, M86’s executable program that can run on demand, or be set to run at a scheduled time. M86 S...
HAPTER YSTEM SCREEN TIP: Click the link (“here”) at the bottom of the window to go to the Web page at M86 Security’s public site (http:// www.m86security.com/support/wfr/documentation.asp) where release notes about software updates can be obtained. Read Information about a Software Update...
1. Go to the Available Software Updates frame and select the software update to be applied. 2. Click Apply to open the software update installation dialog box: Fig. 2:1-33 Software update installation dialog box 3. Click Yes to open the EULA dialog box: M86 S ECURITY UIDE...
Page 167
Log File window for more information. 5. Click OK to close the alert box and to proceed. This action opens the connection failure alert box, indicating that the connection to the WFR has been lost due to the software update application: M86 S ECURITY UIDE...
Page 168
8. Wait a few minutes, and then log back into the Web Filter console again. NOTE: M86 recommends performing a backup of configuration files after applying a software update. (See the Backup/Restore window in this chapter for information on performing a backup.)
Page 169
NOTE: If you do not have an installation key, click the link “click here” to go to the M86 Security Web site where you will need to log in and request an installation key.
Undo an Applied Software Update NOTE: Only the most recently applied software update can be uninstalled. WARNING: If a software update is uninstalled, configuration settings will revert to the previous settings, before the software update was applied. M86 S ECURITY UIDE...
Fig. 2:1-40 Software Update Log window View Log Contents Click View Log to display contents of the log in the frame below with the status of the software update. M86 S ECURITY UIDE...
4. After the file has successfully downloaded to your work- station, click OK to close the alert box asking you to verify that the software update log file was successfully saved. M86 S ECURITY UIDE...
1. Find the log file in the folder, and right-click on it to open the pop-up menu: Fig. 2:1-41 Folder containing downloaded file 2. Choose “Open With” and then select a zip file executable program such as “WinZip Executable” to launch that application: Fig. 2:1-42 WinZip Executable program M86 S ECURITY UIDE...
Page 174
“View” to open the View dialog box: Fig. 2:1-44 View dialog box 5. Select “Internal ASCII text viewer”, and then click View to open the View window containing the log file contents: Fig. 2:1-45 View window M86 S ECURITY UIDE...
Page 175
OK to close the dialog box. 2. Open Notepad—in Windows XP: Start > All Programs > Accessories > Notepad 3. Paste the contents from the clipboard into the Notepad file. The correctly formatted Notepad file can now be saved and/or printed. M86 S ECURITY UIDE...
Synchronizing Multiple Units, from the Web Filter Introductory Section. If synchronizing a WFR with a Web Filter, see http:// www.m86security.com/software/8e6/hlp/ifr/files/ 1system_sync_versions.html for software version compatibility. WARNING: This version of synchronization only supports the use of unique IP addresses throughout a network. M86 S ECURITY UIDE...
This indicates that all settings on the Web Filter that is currently being configured apply only to that Web Filter. For the Stand Alone mode setting: 1. In the Mode frame, click “Stand Alone”. 2. Click Apply. M86 S ECURITY UIDE...
This setup is required so that the source server can communicate with the target server(s). For the Source mode setting: 1. In the Mode frame, click “Source” to display the Source mode view: Fig. 2:1-47 Setup window, Source mode M86 S ECURITY UIDE...
Page 179
4. In the IP to Send frame, select either the LAN 1 or LAN 2 IP address from the IP to Send pull-down menu. This IP address will be used for sending profile/library setting changes to the target server(s). M86 S ECURITY UIDE...
Page 180
8. Click Apply after all settings have been made. Note that the CMC Management topic becomes available in the navigation panel for this source server when settings in this window are saved. M86 S ECURITY UIDE...
Page 181
NAT device between the target and source server, be sure that ports 26262 and 26268 are open on the target server. This setup is required so that the target server can communicate with the source server. M86 S ECURITY UIDE...
Page 182
4. Click OK to close the alert box, and make any adjust- ments, if necessary. 5. After validating the source IP address, click Change Source to display this IP address in the Current Source IP display field. M86 S ECURITY UIDE...
Fig. 2:1-49 Status window, Source mode If set up in the Target mode, this window is used for verifying that profile/library setting updates are being received from the source server. M86 S ECURITY UIDE...
To view items in the queue for a specified target server: 1. In the Current Queue column for that server, click Details to open the Queue of Target pop-up window: M86 S ECURITY UIDE...
(100, 200, 300, 400, 500) for the most recent synchronization history that you wish to view. 3. Click View to display lines of items in the History Log: Fig. 2:1-51 History of Target pop-up window 4. Click Close to close the pop-up window. M86 S ECURITY UIDE...
The Target Sync Status frame includes the following infor- mation: • Source IP - The IP address of the source server displays. • Connection Status - “OK” or “FAULT” displays, indi- cating whether or not there is a connection to the source server. M86 S ECURITY UIDE...
Page 187
• History Log - Click the Details button to open the History of Target pop-up window. See View Items Previ- ously Synced to the Server in this section for information on accessing and viewing the contents of this window. M86 S ECURITY UIDE...
Web Filter will solely filter workstations outside of the server location. In the ICAP mode, the Web Filter off- loads specific content normally handled by a Web Filter, such as filtering. Fig. 2:1-53 Operation Mode window M86 S ECURITY UIDE...
Web Filter, click the “Mobile” checkbox to use the mobile mode in conjunction with the selected filtering mode. WARNING: If using the router or firewall mode, M86 recommends contacting one of our solutions engineers if you need any assis- tance with setup procedures.
“Default Gateway” displays by default as the Block Page Route To selection. • “Alternate IP Address” - this option should be used if block pages are not being served. Enter the IP address of the router or device that will serve block pages. M86 S ECURITY UIDE...
This tag provides a way for ICAP servers to send a service- specific “cookie” to ICAP clients so that the ICAP server can communicate with the ICAP client. For example: "835nb0-20a5-3e52671" M86 S ECURITY UIDE...
Page 192
ICAP server. By default, this port number is 1344. NOTE: The port number must be the same one entered for the URI. WARNING: Go to http://www.m86security.com/software/8e6/ hlp/ifr/files/1system_opmode_icap.html to review a list of items to be considered when using the ICAP mode. M86 S ECURITY UIDE...
This window is used for specifying whether the WFR is in a proxy environment, if the default Web server port number 80 will be enabled, and if HTTPS traffic will be allowed to pass without being overblocked. Fig. 2:1-54 Proxy Environment Settings window M86 S ECURITY UIDE...
HTTPS traffic, and then click Add to include that IP address in the list box below. TIP: To remove an IP address from the list box, select it and then click Remove. 3. Click Apply to enable your settings. M86 S ECURITY UIDE...
Settings, and Authentication SSL Certificate. NOTES: Information about these sub-topics can be found in the M86 Web Filter Authentication User Guide. The Authentication topic and sub-topics do not display if the synchronization feature is used, and this server being configured is set up in the Target mode to synchronize both profile and library setting changes.
Backup Configurations grid in the Restore tab. The newly added row includes the following information: Date the backup was executed, Filename of the backup file, general information about the Content of the file, and a Comment about the file. M86 S ECURITY UIDE...
Backup Procedures M86 recommends performing backup procedures whenever changes are made to system configurations or to library configurations. By creating backup files and saving these files off the WFR server, prior server settings can later be...
6. Click OK to close the Message alert box, and to add a new row for that file to the Backup Configurations grid in the Restore tab. NOTE: Once the file is added to the grid, it can be downloaded and saved on another machine, if necessary. M86 S ECURITY UIDE...
7. Click OK to close the alert box. You can now set up a schedule for a backup in the Recur- rence Schedule section of the Scheduled Backup frame. M86 S ECURITY UIDE...
Indicate whether this time slot is “AM” or “PM”. c. Today’s date displays using the MM/DD/YY format. To choose another date, click the arrow in the date drop- down menu to open the calendar pop-up box: M86 S ECURITY UIDE...
Page 201
Tuesday, these settings indicate this profile will be used each Tuesday during the specified time period. If 2 is entered and “Wednesday” and “Friday” are selected, this profile will be used every two weeks on Wednesday and Friday. M86 S ECURITY UIDE...
Page 202
• The second option lets you make selections from the three pull-down menus for the following: - week of the month: “First” - “Fourth”, or “Last” - day of the month: “Sunday” - “Saturday”, “Day”, M86 S ECURITY UIDE...
Page 203
Restore window now shows the schedule in the Recur- rence Schedule section of the Scheduled Backup frame. Remove a Backup Schedule Click Remove to remove the schedule from the Recurrence Schedule section of the Scheduled Backup frame. M86 S ECURITY UIDE...
5. Select the folder in which to save the file, and then enter the File name, retaining the “.gz” file extension. Click Save to begin downloading the .gz file to your worksta- tion. M86 S ECURITY UIDE...
Software Update window for more information about software updates.) Upload a File to the Server To upload a .gzip file to the server: 1. Click Upload to open the Upload Backup GZIP File pop- up window: Fig. 2:1-59 Upload GZIP File pop-up window M86 S ECURITY UIDE...
1. Select the file from the Backup Configurations grid. 2. Click Restore to overwrite the current settings. Remove a Backup File To remove a file from the Backup Configurations grid: 1. Select the file. 2. Click Delete. M86 S ECURITY UIDE...
The following information displays for each row: the date and time a process was attempted to be executed, and a Message indicating whether that process succeeded or failed. 2. Click OK to close the pop-up box. M86 S ECURITY UIDE...
YSTEM SCREEN Reset Reset window The Reset window displays when Reset is selected from the navigation panel. This function, used for resetting the server to factory default settings, is not available in WFR. Fig. 2:1-61 Reset window M86 S ECURITY UIDE...
Depending on your network setup, there may be more than one accounting server. Also there may be a client (Network Access Server or proxy server) that sends accounting request packets to the external Radius accounting server. M86 S ECURITY UIDE...
• Check the box for Use Web Filter IP as Source IP, if the IP address of the Web Filter (LAN1 or LAN2) should be used when forwarding packets instead of the IP address of the NAS. M86 S ECURITY UIDE...
Apply Settings Click Apply to save your settings. Disable Radius To disable the Radius feature: 1. At the Radius Mode field, click the “Off” radio button. 2. Click Apply. M86 S ECURITY UIDE...
Enable SNMP The Monitoring mode is “Off” by default. To enable SNMP, click Enable in the Monitoring Mode frame. As a result, all elements in this window become activated. M86 S ECURITY UIDE...
Maintain the Access Control List 1. To remove one or more IP addresses from the list, select each IP address from the Access control list, using the Ctrl key for multiple selections. 2. Click Delete. 3. Click Save Changes. M86 S ECURITY UIDE...
Hardware Failure Detection is selected from the navigation panel. This feature shows the status of each drive on the RAID server. Fig. 2:1-64 Hardware Failure Detection window, 300 series model Fig. 2:1-65 Hardware Failure Detection window, 500 series model M86 S ECURITY UIDE...
2. Replace the failed drive with your spare replacement drive 3. Click on the “Rebuild” button on the GUI 4. To return a failed drive to M86 or to order additional replacement drives, please call M86 Technical Support NOTE: For information on troubleshooting RAID, refer to WFR Appendix II: RAID and Hardware Maintenance.
X Strikes Blocking settings are effective only for filtering profiles with the X Strikes Blocking filter option enabled. (See Filter Options in the Policy screen section for information on setting up the X Strikes Blocking filter option.) M86 S ECURITY UIDE...
6. Specify a Redirect URL to be used when the end user is locked out from his/her workstation. By default, “Default "Alternate" Locked Block Page” is selected, indicating that the standard lock out block page will display. M86 S ECURITY UIDE...
A user who receives the final strike that locks him/her out the workstation will see the following lock page display on the screen: Fig. 2:1-67 Sample lock page The text informs the user: “Your Internet privileges have been temporarily suspended. For assistance, contact your Administrator.” M86 S ECURITY UIDE...
• Maximum strikes = 5 • Time span for the maximum number of strikes = 5 minutes Within a five-minute period, if a user accesses five sites that contain blocked material, that user will be locked out of his/ M86 S ECURITY UIDE...
Page 220
If these configuration settings do not block users often enough • the time span for the maximum number of strikes may need to be reduced • the maximum number of strikes may need to be reduced M86 S ECURITY UIDE...
PM, and at midnight when the time interval is reset. To check the time(s) the email alert is scheduled to occur, click the Display Sending Time button to open The Daily Schedule pop-up window that shows the alert time schedule in the (HH:MM:SS) format: M86 S ECURITY UIDE...
2. Click Add to include the email address in the Current Email Alerts list box. NOTE: The maximum number of email alert recipients is 50. If more than 50 recipients need to be included, M86 recommends setting up an email alias list for group distribution. Remove Email Alert Recipients 1.
Users list box. NOTE: When an authorized staff member is added to this list, that username is automatically added to the Current Un-Accessible Users list box in the Logon Accounts tab of the Real Time Probe window. M86 S ECURITY UIDE...
Page 224
(See Chapter 4: Reporting screen, Real Time Probe for information on setting up and using real time probes.) M86 S ECURITY UIDE...
“No Strike” Categories list box. 3. Click Apply to apply your settings. NOTE: Library categories in the “Strike” Categories list box will only be effective for filtering profiles with the X Strikes Blocking Filter Option enabled. M86 S ECURITY UIDE...
The Re-login window opens if the user’s session needs to be validated: Fig. 2:1-72 Re-login window 1. Enter your Username. 2. Enter your Password. 3. Click OK to close the Re-login window and to re-access the Web Filter console. M86 S ECURITY UIDE...
“x.x.x.x” is the IP address of the Web Filter—to view locked workstation criteria. When using the aforementioned URL, the following occurs: • The Login window opens: M86 S ECURITY UIDE...
Page 228
X Strikes Unlock Workstation pop-up window (see Fig. 2:1- 70). • The Web Filter Introductory Window for X Strikes simultaneously opens with the Login window: Fig. 2:1-75 X Strikes introductory window This window must be left open during the entire session. M86 S ECURITY UIDE...
Page 229
1. Enter the email address in the Email Address to be Subscribed/Unsubscribed text box. 2. Click Unsubscribe. Close the Pop-up Window Click the “X” in the upper right corner of the pop-up window to close the window. M86 S ECURITY UIDE...
1. In the Warn Life Time (minutes) field, by default 10 displays. Enter the number of minutes (1-480) to be used in the interval for re-displaying the warning page for the end user. 2. Click Apply to enable your setting. M86 S ECURITY UIDE...
Target mode to synchronize both profile and library setting changes. Refer to the M86 Web Filter Authentication User Guide for infor- mation on using the Authentication Form Customization window. M86 S...
By default, in the Details frame all elements are selected to display in the HTML pages, the Help link points to the FAQs page on M86's public site that explains why access was denied, and a sample email address is included for adminis- trator contact information.
• Blocked URL Display - if enabled, displays “Blocked URL” followed by the blocked URL in block pages • Copyright Display - if enabled, displays M86 Web Filter copyright information at the footer of block and lock pages, and the authentication request form •...
Page 235
Enter the global administrator's email address. 2. Click Apply to save your entries. TIP: Click Restore Default and then click Apply to revert to the default settings in this window. M86 S ECURITY UIDE...
NOTE: See X Strikes Blocking window in this chapter for informa- tion on using the X Strikes Blocking feature. Fig. 2:1-78 Lock Page Customization window TIP: An entry in any of the fields in this window is optional. M86 S ECURITY UIDE...
Description field. Click “Off” to not have the explanatory text display in the lock page. 3. Click Apply. TIP: Click Restore Default and then click Apply to revert to the default settings in this window. M86 S ECURITY UIDE...
By default, the following standard links are included in the lock page: • HELP - Clicking this link takes the user to M86’s Tech- nical Support page that explains why access to the site or service may have been denied.
DMINISTRATOR ECTION HAPTER YSTEM SCREEN • M86 Security - Clicking this link takes the user to M86’s Web site. 2. Click the “X” in the upper right corner of the window to close the sample customized lock page. TIP: If necessary, make edits in the Lock Page Customization window or the Common Customization window, and then click Preview in this window again to view a sample lock page.
Any entries made in these fields will display centered in the customized block page, using the Arial font type. 2. Click Apply. TIP: Click Restore Default and then click Apply to revert to the default settings in this window. M86 S ECURITY UIDE...
URL displays. If the content the user attempted to access is blocked by an Exception URL, “Exception” displays instead of the library category name. • Blocked URL field - The URL the user attempted to access displays. M86 S ECURITY UIDE...
Page 242
By default, the following standard links are included in the block page: • HELP - Clicking this link takes the user to M86’s Tech- nical Support page that explains why access to the site or service may have been denied.
NOTE: See Warn Option Setting window in this chapter for more information about this feature. Fig. 2:1-82 Warn Page Customization window TIP: An entry in any of the fields in this window is optional. M86 S ECURITY UIDE...
Any entries made in these fields will display centered in the customized warning page, using the Arial font type. 2. Click Apply. TIP: Click Restore Default and then click Apply to revert to the default settings in this window. M86 S ECURITY UIDE...
• IP field - The user’s IP address displays. • Category field - The name of the library category that warned the user about accessing the URL displays. • Blocked URL field - The URL the user attempted to access displays. M86 S ECURITY UIDE...
Page 246
By default, the following standard links are included in the warning page: • HELP - Clicking this link takes the user to M86’s Tech- nical Support page that explains why access to the site or service may have been denied.
Common Customization window, and override accounts are set up for designated end users. NOTE: See Override Account window in the Policy section for more information about this feature. Fig. 2:1-84 Profile Control window M86 S ECURITY UIDE...
TIP: Click Restore Default and then click Apply to revert to the default settings in this window. NOTE: For a sample profile control pop-up window, see Option 3 from the Options page section of the Block Page Authentication window. M86 S ECURITY UIDE...
1. Make an entry in any of the following fields: • In the Header field, enter a static header to display at the top of the quota block page. • In the Description field, enter a static text message to be displayed beneath the header. M86 S ECURITY UIDE...
Fig. 2:1-86 Sample Customized Quota Block Page By default, the following data displays in the Category frame: • Category field - The name of the library category that blocked the user from accessing the URL displays. M86 S ECURITY UIDE...
Page 251
By default, the following standard links are included in the quota block page: • HELP - Clicking this link takes the user to M86’s Tech- nical Support page that explains why access to the site or service may have been denied.
1. Make an entry in any of the following fields: • In the Header field, enter a static header to display at the top of the quota notice page. • In the Description field, enter a static text message to be displayed beneath the header. M86 S ECURITY UIDE...
1. Click Preview to launch a separate browser window containing a sample customized quota notice page, based on entries saved in this window and in the Common Customization window: Fig. 2:1-88 Sample Customized Quota Notice Page M86 S ECURITY UIDE...
Page 254
By default, the following standard links are included in the quota notice page: • HELP - Clicking this link takes the user to M86’s Tech- nical Support page that explains why access to the site or service may have been denied.
Fig. 2:1-89 Software Update Management window View Software Update Information The Software Updates frame displays the software update statuses of the source and each target Web Filter: Host- name/Location (information entered in the LAN Settings M86 S ECURITY UIDE...
Page 256
Columns can be resized by mousing over the line in the header between two columns so that a double-ended arrow (<—>) displays, and then clicking and dragging the cursor to the left or right. M86 S ECURITY UIDE...
To undo a software update: 1. Select the row(s) corresponding to the server(s) that need(s) to have the last software update removed. 2. Clicking Undo to remove that software update from the server(s). M86 S ECURITY UIDE...
• Filtering Status - “OK” displays if the server is being filtered, or “FAIL” displays if the server is not being filtered NOTE: Filtering Status information will only display if the “Upstream Failover Detect” option is enabled in the Synchroniza- tion > Setup window. M86 S ECURITY UIDE...
Page 259
Columns can be resized by mousing over the line in the header between two columns so that a double-ended arrow (<—>) displays, and then clicking and dragging the cursor to the left or right. M86 S ECURITY UIDE...
NOTE: This field is greyed-out on a Web Filter set up as either a standalone server or as target server in the synchronization mode. TIP: After making all configuration settings in this window during this session, click Apply. M86 S ECURITY UIDE...
2. Click Add to include this reset time in the Current Reset Time(s) list box. TIP: Repeat steps 1 and 2 for each quota reset time to be sched- uled. After making all configuration settings in this window during this session, click Apply. M86 S ECURITY UIDE...
When the end user has spent 75 percent of time in a quota- restricted library group/category, the quota notice page displays: Fig. 2:1-92 Sample Quota Notice Page By default, the following fields display: • Category field - Name of the library category with the most hits. M86 S ECURITY UIDE...
Page 264
LDAP user. This field is blank for the IP group user. By default, the following standard links are included in the quota notice page: • HELP - Clicking this link takes the user to M86’s Tech- nical Support page that explains why access to the site may have been denied.
• Requested URL field - The URL the user attempted to access displays. • IP field - The user’s IP address displays. • User/Machine field - The username displays for the LDAP user. This field may be blank for the IP group user. M86 S ECURITY UIDE...
By default, the following standard links are included in the quota block page: • HELP - Clicking this link takes the user to M86’s Tech- nical Support page that explains why access to the site or service may have been denied.
At the root of this tree is Policy. The main branches of this tree include: Global Group and IP, followed by LDAP if authentication is enabled. M86 S ECURITY UIDE...
Page 268
Click an entity in the tree list to view a menu of topics or actions that can be performed for that entity. NOTES: Information on LDAP groups can be found in the M86 Web Filter Authentication User Guide. Information on creating filtering profiles for IP groups can be found in the WF Group Administrator Section of this user guide.
Web Filter in the invisible or router mode. Service ports that should be open—ignored by the Web Filter—are also defined in this window. Fig. 2:2-2 Range to Detect Settings window, main window M86 S ECURITY UIDE...
Fig. 2:2-3 Range to Detect Settings window, Node tab Add a Segment to the Network To add a segment to be detected on the network: 1. Click Add to go to the next page: M86 S ECURITY UIDE...
Page 271
• Advanced Settings - clicking this button takes you to the Range to Detect Advanced Settings window. Follow the instructions in the Range to Detect Advanced Settings sub-section to complete the addi- tion of the segment on the network. M86 S ECURITY UIDE...
1. Choose the appropriate option for entering the IP address(es): • IP / Netmask - use these fields to specify a range of IP addresses • Individual IP - use this field to enter a single IP address M86 S ECURITY UIDE...
Page 273
IP frames. This reduces the load on the Web Filter, thus enabling it to handle more traffic. Fig. 2:2-6 Range to Detect Setup Wizard window, Step 2 NOTE: For Steps 2-6, click Back to return to the previous page of the Wizard. M86 S ECURITY UIDE...
Page 274
NOTE: By making entries in Destination IP fields, traffic will be restricted to the range specified in the Source IP and Destination IP frames. This reduces the load on the Web Filter, thus enabling it to handle more traffic. M86 S ECURITY UIDE...
Page 275
Fig. 2:2-8 Range to Detect Setup Wizard window, Step 4 Step 5: Optional In this step you enter destination port numbers to be excluded from filtering. Fig. 2:2-9 Range to Detect Setup Wizard window, Step 5 M86 S ECURITY UIDE...
Page 276
• click the Modify button to the right of the list box if you need to make changes. This action takes you to that page of the Wizard where you make your edits. Click Next until you return to Step 6. M86 S ECURITY UIDE...
NOTE: Click Cancel to be given the option to return to the main Range to Detect Settings window without saving your settings. 2. Click Apply to accept your entries and to return to the main Range to Detect Settings window. M86 S ECURITY UIDE...
Detect Advanced Settings sub-section. Remove a Segment from the Network To remove a segment: 1. In the main Range to Detect Settings window (see Fig. 2:2-2), select the segment from the Current Ranges list box. 2. Click Remove. M86 S ECURITY UIDE...
Select the rule from the Current Rules pull-down menu to populate the Rule Details frame with settings made for that rule. If this rule is not an M86 pre-defined rule it can be modified or deleted. A rule that does not yet exist can be added using any rule in this list as a template, if necessary.
URL he/she requested can be accessed, but may be against the organization’s policies. The end user can view the URL after seeing a warning message and agreeing to its terms. • Block - URLs in this category will be blocked. M86 S ECURITY UIDE...
Page 281
NOTE: See the Quota Settings window in Chapter 1: System screen for more information on configuring quota settings and resetting quotas for end users currently blocked by quotas. M86 S ECURITY UIDE...
Rule Descrip- tion field. 3. Enter up to 20 characters for a unique Rule Description that describes the theme for that rule. 4. Modify settings for library groups and categories in the Rule Details frame. M86 S ECURITY UIDE...
Click the following tabs in this window: Category, Port, Default Redirect URL, and Filter Options. Entries in these tabs comprise the profile string for the global group. Fig. 2:2-13 Global Group Profile window, Category tab M86 S ECURITY UIDE...
• Warn - URLs in this category will warn the end user that the URL he/she requested can be accessed, but may be against the organization’s policies. The end user can view the URL after seeing a warning message and agreeing to its terms. M86 S ECURITY UIDE...
Page 285
URLs in that library group/category. TIP: If a quota entry is made for a category group, all library cate- gories in that group will show the same number of quota minutes. M86 S ECURITY UIDE...
4. Click Apply to apply your settings at the global level. Port Port displays when the Port tab is clicked. This tab is used for blocking access to specified ports for the global filtering profile. Fig. 2:2-14 Global Group Profile window, Port tab M86 S ECURITY UIDE...
URL tab is clicked. This tab is used for specifying the URL to be used for redirecting users who attempt to access a site or service set up to be blocked for the global filtering profile. Fig. 2:2-15 Global Group Profile window, Default Redirect URL tab M86 S ECURITY UIDE...
Fig. 2:2-16 Global Group Profile window, Filter Options tab Create, Edit the Filter Options 1. Click the checkbox(es) corresponding to the option(s) to be applied to the global group filtering profile: “X Strikes Blocking”, “Google/Bing/Yahoo!/Youtube/Ask/AOL Safe Search Enforcement”, “Search Engine Keyword Filter M86 S ECURITY UIDE...
Page 289
An inappropriate image will only be blocked if that image is included in M86’s library or is blocked by Google, Bing.com, Yahoo!, YouTube, Ask.com, or AOL. If this option is used in conjunction with the X Strikes Blocking feature and a user is performing an inappropriate Google, Bing.com, Yahoo!, YouTube, Ask.com, or AOL Image search, the...
Page 290
• M86 Supplied Categories - see Chapter 3: Library screen, Search Engine Keywords window in this section. • Custom Categories - see the WF Group Administrator Section, Chapter 2: Library screen, Search Engine Keywords window.
Page 291
NOTE: To set up URL keywords in a URL Keywords window, see the following sections of this user guide for the specified library type: • M86 Supplied Categories - see Chapter 3: Library screen, URL Keywords window, in this section. • Custom Category - see the WF Group Administrator Section, Chapter 2: Library screen, URL Keywords window.
IP group. See Appendix C: Override Pop-up Blockers for information on how a user with an override account can authenticate if a pop-up blocker is installed on his/her workstation. M86 S ECURITY UIDE...
(See Category Profile, Redirect URL, and Filter Options in this sub-section for information on the Rule, Redirect, and Filter Options tabs.) 6. Click Apply to activate the override account. 7. Click Close to close the pop-up window. M86 S ECURITY UIDE...
Page 295
URL that has not yet been categorized: “Pass”, “Warn”, or “Block”. 4. To use the quota feature to restrict the end user’s access to a passed library group/category, do the following: M86 S ECURITY UIDE...
Page 296
5. Click Apply to apply your settings to the override account profile. 6. Click another tab (Redirect or Filter Options) to continue creating the override account profile, or click Close to close the pop-up window and to return to the Override Account window. M86 S ECURITY UIDE...
Page 297
2. Click Apply to apply your settings to the override account profile. 3. Click the Filter Options tab to continue creating the over- ride account profile, or click Close to close the pop-up window and to return to the Override Account window. M86 S ECURITY UIDE...
Page 298
NOTE: See the X Strikes Blocking window in Chapter 1: System screen for information on setting up the X Strikes Blocking feature. M86 S ECURITY UIDE...
Page 299
NOTE: To set up search engine keywords in a Search Engine Keywords window, see the following sections of this user guide for the specified library type: • M86 Supplied Categories - see Chapter 3: Library screen, Search Engine Keywords window. • Custom Categories - see the WF Group Administrator Section, Chapter 2: Library screen, Search Engine Keywords window.
NOTE: To set up URL keywords in a URL Keywords window, see the following sections of this user guide for the specified library type: • M86 Supplied Categories - see Chapter 3: Library screen, URL Keywords window. • Custom Category - see the WF Group Administrator Section, Chapter 2: Library screen, URL Keywords window.
5. Click Apply. 6. Click Close to close the pop-up window. Delete an Override Account To delete an override account: 1. In the Current Accounts frame, select the username from the list box. 2. Click Remove. M86 S ECURITY UIDE...
VuSafe removes all outside content on sites such as YouTube.com, eliminating access to inappro- priate material. This free Web-based service requires no additional software or hardware setup. Enabling the M86 S ECURITY UIDE...
• Text editor tool such as Notepad or TextPad • MD5 checksum calculator tool Once you have access to the aforementioned items, follow the instructions in the M86 Approved Content Portal Setup document at http://www.m86security.com/software/8e6/ docs/ug/misc/wf.ac.4.1.00.pdf . As explained in the portal setup document, a passkey must be created for each video to be included in the portal.
Page 304
Passkeys list box will be avail- able for users set up in the Policy tree. Though these users can be set up to use the Approved Content feature, they will need to have passkeys entered and saved in their profiles. M86 S ECURITY UIDE...
Chapter 1 of the WF Group Administrator Section for more infor- mation about override accounts. Click the following tabs in this window: Category, Port, and Min. Filter Bypass. Entries in the Category and Port tabs comprise the profile string for the minimum filtering level. M86 S ECURITY UIDE...
Pass or Block column. TIP: In the Category Groups tree, double-click the group enve- lope to open that segment of the tree and to view library catego- ries belonging to that group. M86 S ECURITY UIDE...
Page 307
Shift key on your keyboard while clicking the last category, and then double- clicking in the appropriate column. 2. Click Apply to apply your settings for the minimum filtering level. M86 S ECURITY UIDE...
2. Click Add. Each port number you add displays in the Block Port(s) list box. 3. Click Apply to apply your settings at the minimum filtering level. To remove a port number from the list box: 1. Select the port number. 2. Click Remove. M86 S ECURITY UIDE...
Fig. 2:2-24 Minimum Filtering Level window, Min. Filter Bypass tab NOTE: See the Override Account window and Exception URL window of the Policy screen in the Group Administrator Section of this user guide for information on setting up an override account and exception URLs. M86 S ECURITY UIDE...
If authentication is enabled, when Refresh All is clicked, the LDAP branch of the tree displays. When authentication is disabled, when Refresh All is clicked only the IP branch of the tree displays. M86 S ECURITY UIDE...
Group Administrator Section of this user guide. Refresh Refresh IP Groups From the IP group menu, click Refresh whenever changes have been made in this branch of the tree. M86 S ECURITY UIDE...
Updates, Library Lookup, Customer Feedback Module, NNTP Newsgroup, and Pattern Detection Whitelist topics. Click Updates to display a menu of sub-topics: Configura- tion, Manual Update, Additional Language Support, Library Update Log, and Emergency Update Log. M86 S ECURITY UIDE...
Page 314
Groups to open the tree list. Double-click a category group envelope—any envelope except Custom Categories—to view M86 supplied library categories for that group. Click a library category topic to view a menu of sub-topics for that library category item: Library Details, URLs, URL Keywords, and Search Engine Keywords.
Configuration window The Configuration window displays when Configuration is selected from the Updates menu. This window is used for making settings to allow the Web Filter to receive M86 supplied library category updates on a daily basis. Fig. 2:3-2 Configuration window Set a Time for Updates to be Retrieved 1.
Log Level 1 includes a summary of library and software update activity. Log Level 2 includes detailed information on library and soft- ware update activity. 2. Click Apply to apply your settings. M86 S ECURITY UIDE...
The Manual Update to M86 Supplied Categories window displays when Manual Update is selected from the Updates menu. This window is used for updating specified M86 supplied library categories on demand from the update server, if the Web Filter has not received daily updates due to an occurrence such as a power outage.
Page 318
Local Software Update window in Chapter 1: System screen. For information on viewing the status of downloaded software updates, see the Software Update Log window in Chapter 1, and the Emergency Update Log window in this chapter. M86 S ECURITY UIDE...
Additional Language Support window The Additional Language Support window displays when Additional Language Support is selected from the Updates menu. This window is used for including additional M86- supported languages in library downloads. Fig. 2:3-4 Additional Language Support window Select Additional Languages 1.
View the Library Update Process When performing a manual (on demand) library update, click View Log to display contents from the log file with the status of the library update. Keep clicking this button to continue viewing log file data. M86 S ECURITY UIDE...
View the Contents of the Log Once the log file has been downloaded to your workstation, you can view its contents. 1. Find the log file in the folder, and right-click in it to open the pop-up menu: M86 S ECURITY UIDE...
Page 322
2. Choose “Open With” and then select a zip file executable program such as “WinZip Executable” to launch that application: Fig. 2:3-7 WinZip Executable program 3. If using WinZip, click I Agree to open the window containing the zip file: M86 S ECURITY UIDE...
Page 323
“View” to open the View dialog box: Fig. 2:2-9 View dialog box 5. Select “Internal ASCII text viewer”, and then click View to open the View window containing the log file contents: Fig. 2:3-10 View window M86 S ECURITY UIDE...
Page 324
2. Open Notepad—in Windows XP: Start > All Programs > Accessories > Notepad 3. Paste the contents from the clipboard into the Notepad file: Fig. 2:3-11 Notepad The correctly formatted Notepad file can now be saved and/or printed. M86 S ECURITY UIDE...
Fig. 2:3-12 Emergency Update Log window View the Emergency Software Update Process Click View Log to display contents from the emergency software update log file with the status of the software update. M86 S ECURITY UIDE...
OK to close the alert box asking you to verify that the software update log file was successfully saved. NOTE: See Library Update Log window for information on viewing the contents of the log file, and printing and/or saving the log file contents. M86 S ECURITY UIDE...
1. In the URL Lookup frame, enter the URL. For example, enter http://www.coors.com, coors.com, or use a wild- card by entering *.coors.com. A wildcard entry finds all URLs containing text that follows the period (.) after the asterisk (*). M86 S ECURITY UIDE...
Page 328
Result Category list box, showing the long name of the library category, followed by the URL. Remove a URL To remove the URL: 1. Select the item from the Result Category list box. 2. Click Remove. M86 S ECURITY UIDE...
Remove a Search Engine Keyword To remove a search engine keyword/phrase from library categories: 1. After performing the search engine keyword search, select the categories from the Result Category list box. 2. Click Remove. M86 S ECURITY UIDE...
Once all changes have been made to library windows, click Reload Library to refresh. NOTE: Since reloading the library utilizes system resources that impact the performance of the Web Filter, M86 recommends clicking Reload Library only after modifications to all library windows have been made.
Module feature, in which the most frequently visited non-categorized URLs in your Web Filter's filter log will be FTPed to M86 on a daily basis. The URLs collected by M86 will be reviewed and added to M86's standard library cate- gories, as appropriate, so they can be blocked.
1. At the Customer Feedback Module - Auto Learning Feature field, click “On” to indicate that you wish to enable the Customer Feedback Module. 2. Click Apply to open the Disclaimer dialog box: Fig. 2:3-15 Disclaimer box M86 S ECURITY UIDE...
Page 333
“M86 Security agrees to discuss the information collected by the Customer Feedback Module only with M86 Security’s employees who have a need to know and who have been informed of the confidential nature of the information and of their personal obligation not to disclose or use such information.
Page 334
HAPTER IBRARY SCREEN “Your agreement to activate the Customer Feedback Module will be transmitted back to M86 Security once you click the ‘Accept’ button.” 4. After reading this text, if you agree with the terms, click in the checkbox to activate the Accept button.
This feature lets you choose which category will be logged and reported for a URL request that exists in multiple cate- gories (possibly both M86 supplied and custom library cate- gories) with the same operational precedence. Fig. 2:3-17 Category Weight System window...
• “No Weight” Categories - Populated with M86 supplied categories • “Weight” Categories - Pre-populated by default with cate- gories M86 suggests you might want to use for this feature. The contents in each list box, combined with the end user’s profile, help to determine what will appear in the log for the end user’s Internet activity.
"weight" when ranked against other categories, based upon an end user’s URL request that appears in multiple library categories set up with the same operational precedence in the end user’s filtering profile. M86 S ECURITY UIDE...
Add a Newsgroup to the Library To add a newsgroup to the library: 1. In the Newsgroup frame, enter the Newsgroup address. 2. Click Add. If the newsgroup already exists, an alert box will open to inform you that it exists. M86 S ECURITY UIDE...
After all changes have been made to library windows, click Reload Library to refresh. NOTE: Since reloading the library utilizes system resources that impact the performance of the Web Filter, M86 recommends clicking Reload Library only after modifications to all library windows have been made.
Fig. 2:3-19 Pattern Detection Whitelist window NOTE: This feature can be used in conjunction with the Pattern Blocking feature, which, when enabled, blocks IP address patterns. (See the Filter window sub-section in Chapter 1: System screen.) M86 S ECURITY UIDE...
Shift key on the keyboard while simultaneously clicking the last IP address in the list. 3. After all IP addresses have been added and/or removed, click Apply. M86 S ECURITY UIDE...
Administrator Section for information on setting up customized category groups and library categories. WARNING: The maximum number of library categories that can be saved is 512. This figure includes both M86 supplied catego- ries and custom categories. Double-click Category Groups to open the tree and to display category groups.
Click the M86 supplied category link to view a menu of sub- topics: Library Details, URLs, URL Keywords, and Search Engine Keywords. (Menus for Instant Messaging library categories only include the sub-topics Library Details, and URLs).
(*) symbol followed by a period (.) can be entered in a format such as *.playboy.com, for example, to block access to all URLs ending in “.playboy.com”. A query string can be entered to block access to a specific URL. Fig. 2:3-22 URLs window, Action tab M86 S ECURITY UIDE...
2. Make a selection from the pull-down menu for “Addition List”, “Deletion List”, “Wildcard Addition List”, or “Wild- card Deletion List”. 3. Click View List to display the specified items in the Select List list box: Fig. 2:3-23 URLs window, View tab M86 S ECURITY UIDE...
NOTE: The pound sign (#) character is not allowed in this entry. 2. Click Add to display the associated URL(s) in the list box below. 3. Select the URL(s) that you wish to add to the category. M86 S ECURITY UIDE...
Page 347
*.cnn.com is added to a category set up to be blocked, the end user will be able to access http://www.cnn.com since it is a direct match, but will not be able to access http://www.sports.cnn.com, since direct URL entries take precedence over wildcard entries. M86 S ECURITY UIDE...
After all changes have been made to library windows, click Reload Library to refresh. NOTE: Since reloading the library utilizes system resources that impact the performance of the Web Filter, M86 recommends clicking Reload Library only after modifications to all library windows have been made.
URLs that are not even within blocked categories. For example, if all URL keywords containing “sex” are blocked, users will not be able to access a non-pornographic site such as http:// www.essex.com. M86 S ECURITY UIDE...
1. Enter the Keyword in the Edit Keyword List frame. 2. Click Add. Remove a URL Keyword from the Library To remove a URL keyword from the library category: 1. Enter the Keyword in the Edit Keyword List frame. 2. Click Remove. M86 S ECURITY UIDE...
4. Click Upload File to upload this file to the server. NOTE: A URL keyword text file must contain one URL keyword per line. WARNING: The text file uploaded to the server will overwrite the current file. M86 S ECURITY UIDE...
After all changes have been made to library windows, click Reload to refresh. NOTE: Since reloading the library utilizes system resources that impact the performance of the Web Filter, M86 recommends clicking Reload only after modifications to all library windows have been made.
Fig. 2:3-26 Search Engine Keywords window NOTES: Master lists cannot be uploaded to any M86 supplied library category. See the Custom Categories sub-section of the WF Group Administrator Section of this user guide for information on uploading a master list to the server.
Add a Search Engine Keyword to the Library To add a search engine keyword/phrase to the library cate- gory: 1. In the Edit Search Keyword List frame, enter up to 75 alphanumeric characters in the Keyword field. 2. Click Add. M86 S ECURITY UIDE...
3. Click Upload File to upload this file to the server. NOTE: A search engine keywords text file must contain one keyword/phrase per line. WARNING: The text file uploaded to the server will overwrite the current file. M86 S ECURITY UIDE...
After all changes have been made to library windows, click Reload to refresh. NOTE: Since reloading the library utilizes system resources that impact the performance of the Web Filter, M86 recommends clicking Reload only after modifications to all library windows have been made.
Click Usage Graphs to display the Usage Graphs window, used for analyzing reports on daily peaks and trends of Internet usage. Click Shadow Log Format to specify the format in which Web Filter logs will be sent to the SR. M86 S ECURITY UIDE...
SR. Fig. 2:4-2 Report Configuration window Execute Log Transfer Now In the Initiating Log Transfer frame, click Initiate to transfer the log on demand. M86 S ECURITY UIDE...
Fig. 2:4-3 Real Time Probe window, Configuration tab Configuration Enable Real Time Probes 1. On the Configuration tab, click “On”. 2. Click Save to enable the Real Time Probes feature. As a result, all elements in this window become activated. M86 S ECURITY UIDE...
Page 360
2. Click Add to add the IP address in the Current White list of IPs. Remove IPs from the White List 1. Select the IP address(es) from the Current White list of IPs list box. 2. Click Delete to remove the IP address(es) from the white list. M86 S ECURITY UIDE...
Format to be used for the file: “Plain Text” or “HTML”. By default, “HTML” is selected. 2. Select the Maximum File Size of an Email Report (MB) that can be sent, from 1MB increments up to 20MB. The default is 5 MB. 3. Click Save. M86 S ECURITY UIDE...
Completed Reports to be Emailed list box. NOTE: The maximum number of report recipients is 50. If more than 50 recipients need to be included, M86 recommends setting up an email alias list for group distribution. Remove Email Addresses 1.
Users list box. NOTE: When an authorized staff member is added to this list, that username is automatically added to the Current Un-Accessible Users list box in the Logon Accounts tab of the X Strikes Blocking window. M86 S ECURITY UIDE...
Page 364
(See Chapter 1: System screen, X Strikes Blocking for information on reseting strikes and unlocking workstations.) M86 S ECURITY UIDE...
The Re-login window opens if the user’s session needs to be validated: Fig. 2:4-6 Re-login window 1. Enter your Username. 2. Enter your Password. 3. Click OK to close the Re-login window and to re-access the Web Filter console. M86 S ECURITY UIDE...
Enter the Username and Password and click OK to open the Real Time Probe Reports pop-up window (see Fig. 2:4-8). • The Web Filter Introductory Window for Real Time Probes simultaneously opens with the Login window: M86 S ECURITY UIDE...
This window must be left open during the entire session. Create a Real Time Probe Click the Create tab to enter and specify criteria for the report you wish to generate: Fig. 2:4-9 Real Time Probe Reports, Create tab M86 S ECURITY UIDE...
Page 368
(*) character is not allowed. This selection generates a report with data for all URLs containing the consecutive characters you specified. In this example, if mail is entered, “http:// www.hotmail.com” and “http://loginnet.passport.com/ login.srf?id=2&svc=mail&cbid=24325&msppjph=1&tw =0&fs=1&fsa=1&fsat=1296000&lc=1033&_lang=EN” would be included in the report. M86 S ECURITY UIDE...
Page 369
A probe that is scheduled to run at a specified date and time can be scheduled to run on a daily basis by checking the “Daily” checkbox at the Recurrence field. 6. Enter the Total Run Time in Minutes. 7. Click Apply. M86 S ECURITY UIDE...
By selecting a probe, buttons for the probe become acti- vated, based on the state of the probe. The following options are available for each of the probe statuses: • Completed: View, Properties, Delete, Email • In Progress: View, Properties, Stop • Scheduled: Properties, Delete M86 S ECURITY UIDE...
Page 371
SE Keyword or a URL Keyword); URL in Libraries, and Requested URL. The following actions can be performed in this window: • Click a URL to open a window that accesses the desig- nated site. M86 S ECURITY UIDE...
Page 372
Display Name; Email Address to Mail the Completed Report; Search Option criteria; Start Date & Time; Run Time; and User ID of the creator of the probe (Created by). Click Close to close this pop-up box. M86 S ECURITY UIDE...
Page 373
Email option Clicking Email opens the Email Address box: Fig. 2:4-14 Email Address box Enter the Email Address to Mail the Completed Report and click Send to send the completed report to the desig- nated email address. M86 S ECURITY UIDE...
URLs accessed by end users, number of machine IP addresses accessing the Internet, and number of end users who have been authenticated (if using the authentication feature). Fig. 2:4-15 Usage Graphs window M86 S ECURITY UIDE...
The Recent Trend graph includes the following information: date range, and Number of Hits per Hour for a given date: Fig. 2:4-16 Recent Trend graph Click the “X” in the upper right corner to close this window. M86 S ECURITY UIDE...
The Daily Peaks graph includes the following information: date, and Number of Hits per Second at Peak Time for a given Time using the HH:MM format: Fig. 2:4-17 Daily Peaks graph Click the “X” in the upper right corner to close this window. M86 S ECURITY UIDE...
Post 2.0 log format (manual)”, “Post 1.9 log format (manual)”, and “Pre 1.9 log format (manual)”. NOTE: For the WFR Web Filter, the only selection that should be made in this window is “Auto-detect” or “Post 2.0.10 log format (manual)”. M86 S ECURITY UIDE...
Post 2.0.10 log format option If this Web Filter currently has the 2.0.10 or higher software version applied, the Post 2.0.10 log format option should be selected. Apply Setting Click Apply to apply the setting for the shadow log format. M86 S ECURITY UIDE...
URL setup • creates and maintains customized library categories • uses the lookup tool to remove URLs or search engine keywords from customized libraries M86 S ECURITY UIDE...
IP sub-groups and/or individual IP members previously set up in the tree list. Click an entity in the tree list to view a menu of topics or actions that can be performed for that entity. M86 S ECURITY UIDE...
ECTION HAPTER OLICY SCREEN Refresh Refresh the Master IP Group, Member Click Refresh whenever a change has been made to the master IP group or member level of the tree. Fig. 3:1-2 Policy screen, IP menu M86 S ECURITY UIDE...
This window is used for viewing the Group Name and for changing the password of the group administrator. Fig. 3:1-3 Group Details window Change the Group Administrator Password In the Group Administrator frame, the Group Name displays. M86 S ECURITY UIDE...
For the mobile mode, a member’s MAC address is used for obtaining the end user’s filtering profile. NOTE: See Appendix D: Mobile Client for information on adding members when using the mobile mode. Fig. 3:1-4 Members window M86 S ECURITY UIDE...
Host and Max Host fields. Click Close to exit. Remove a Member from the Group To remove an entry from the Current Members list box: 1. Select the member from the list box. 2. Click Remove. M86 S ECURITY UIDE...
A user can have only one override account. See the Override Account window in Chapter 2 of the WF Global Administrator Section for information on setting up a global group user’s over- ride account. M86 S ECURITY UIDE...
(See Category Profile, Redirect URL, and Filter Options in this sub-section for information on the Rule, Redirect, and Filter Options tabs.) 6. Click Apply to activate the override account. 7. Click Close to close the pop-up window. M86 S ECURITY UIDE...
Page 388
URL that has not yet been categorized: “Pass”, “Warn”, or “Block”. 4. To use the quota feature to restrict the end user’s access to a passed library group/category, do the following: M86 S ECURITY UIDE...
Page 389
5. Click Apply to apply your settings to the override account profile. 6. Click another tab (Redirect or Filter Options) to continue creating the override account profile, or click Close to close the pop-up window and to return to the Override Account window. M86 S ECURITY UIDE...
Page 390
Page”, “Authentication Request Form”, or “Custom URL”. If “Custom URL” is selected, enter the redirect URL in the corresponding text box. The user will be redirected to the designated page at this URL instead of the block page. M86 S ECURITY UIDE...
Page 391
WF Global Administrator Section for information on setting up the X Strikes Blocking feature. • “Google/Bing/Yahoo!/Youtube/Ask/AOL Safe Search Enforcement” - With the Google/Bing/Yahoo!/Youtube/ Ask/AOL Safe Search Enforcement option enabled, Google, Bing.com, Yahoo!, YouTube, Ask.com, and M86 S ECURITY UIDE...
Page 392
URL keywords are entered in the URL Keywords window of custom library categories. With the “Extend URL Keyword Filter Control” option enabled, a URL keyword search will be extended after the "?" character in a URL. M86 S ECURITY UIDE...
3. Click the tab in which to make modifications (Rule, Redi- rect, Filter Options). 4. Make your edits in this tab and in any other tab, if neces- sary. 5. Click Apply. 6. Click Close to close the pop-up window. M86 S ECURITY UIDE...
Category Profile displays by default when Group Profile is selected from the group menu, or when the Category tab is clicked. This tab is used for assigning filter settings to cate- gory groups/library categories for the group’s filtering profile. M86 S ECURITY UIDE...
Page 395
NOTE: By default, the Available Filter Levels pull-down menu also includes these five rule choices: Rule1 BYPASS”, “Rule2 BLOCK Porn”, “Rule3 Block IM and Porn”, “Rule4 M86 CIPA Compliance”, and “Rule5 Block All”. Create, Edit a List of Selected Categories To create the category profile: 1.
Page 396
3. Make a selection from the Uncategorized Sites pull- down menu to specify how to handle a URL that has not yet been categorized: “Pass”, “Warn”, or “Block”. M86 S ECURITY UIDE...
Page 397
5. Click Apply to apply your settings to the override account profile. 6. Click another tab (Redirect or Filter Options) to continue creating the override account profile, or click Close to close the pop-up window and to return to the Override Account window. M86 S ECURITY UIDE...
If “Custom URL” is selected, enter the redirect URL in the corresponding text box. Users will be redirected to the designated page at this URL instead of the block page. 2. Click Apply to apply your settings. M86 S ECURITY UIDE...
With the X Strikes Blocking option enabled, an end user who attempts to access inappropriate sites on the Internet will be locked out from his/her workstation after a specified number of tries within a fixed time period. M86 S ECURITY UIDE...
Page 400
An inappropriate image will only be blocked if that image is included in M86’s library or is blocked by Google, Bing.com, Yahoo!, YouTube, Ask.com, or AOL. If this option is used in conjunction with the X Strikes Blocking feature and a user is performing an inappropriate Google, Bing.com, Yahoo!, YouTube, Ask.com, or AOL Image search, the...
Page 401
URLs that are not even within blocked catego- ries. For example, if all URL keywords containing “sex” are blocked, users will not be able to access a non-pornographic site such as http://www.essex.com. M86 S ECURITY UIDE...
Minimum Filtering Bypass Options tab. (See the Override Account window in this section for informa- tion on setting up an override account to allow a user to bypass group settings and minimum filtering level settings, if allowed.) M86 S ECURITY UIDE...
(.) and then the URL, such as: *.coors.com TIP: The minimum number of levels that can be entered for a wildcard entry is three (e.g. *.yahoo.com) and the maximum number of levels is six (e.g. *.mail.attachments.message.yahoo .com). M86 S ECURITY UIDE...
See the subsequent Status column messages and icons sub- section for information regarding conflicting URLs found by the query. If a multi-level URL query was executed (as in http:// yahoo.com/mail), the Match case column contains an M86 S ECURITY UIDE...
Page 405
- Preceded by the yellow warning triangle icon containing an exclamation point, this type of conflict indi- cates the URL entry found by the query is already included in the other frame of the Exception URL window (ByPass URL or Block URL). M86 S ECURITY UIDE...
Page 406
URL cannot be added due to conflicts If a URL found by the query results is already included in the current list (see Fig. 3:1-13), it will not include a checkbox in the Add column since it cannot be added again. M86 S ECURITY UIDE...
URL you do not want to remove from your list. TIP: Clicking the “Check/Uncheck All” checkbox at the bottom of this window toggles between selecting or de-selecting all check- boxes in this window. M86 S ECURITY UIDE...
The Current Time Profiles list box displays the Name and Description of any time profiles previously set up for the entity that are currently active. NOTE: This window is similar to the one used for Sub Group and Individual IP profiles. M86 S ECURITY UIDE...
Time Profile pop-up window that displays the name of this profile at the top of the Time Profile frame: Fig. 3:1-18 Time Profile window Recurrence tab 4. In the Recurrence duration time frame, specify Start and End time range criteria: M86 S ECURITY UIDE...
Page 410
• Daily - If this selection is made, enter the interval for the number of days this time profile will be used. By default, “1” displays, indicating this profile will be used each day during the specified time period. M86 S ECURITY UIDE...
Page 411
Thursday (for example, May 1st), the third week day would be the following Monday (May 5th in this example). • Yearly - If this selection is made, the year(s), month, and day for this time profile’s interval must be speci- fied: M86 S ECURITY UIDE...
Page 412
MM/DD/YY format. To choose another date, click the arrow in the date drop-down menu to open the calendar pop-up box. (See the infor- mation on the previous pages on how to use the calendar box.) M86 S ECURITY UIDE...
Page 413
Name and Description of the time profile that was just added. WARNING: If there is an error in a time profile, the Description for that time profile displays in red text. Select that time profile and click View/Modify to make any necessary corrections. M86 S ECURITY UIDE...
Page 414
Fig. 3:1-19 Time Profile pop-up window, Rule tab NOTE: See the Override Account window, Category Profile sub- section in this chapter for information about entries that can be made for this component of the filtering profile. M86 S ECURITY UIDE...
Page 415
Fig. 3:1-20 Time Profile pop-up window, Redirect URL tab NOTE: See the Override Account window, Redirect URL sub- section in this chapter for information about entries that can be made for this component of the filtering profile. M86 S ECURITY UIDE...
Page 416
Fig. 3:1-21 Time Profile pop-up window, Filter Options tab NOTE: See the Override Account window, Filter Options sub- section in this chapter for information about entries that can be made for this component of the filtering profile. M86 S ECURITY UIDE...
Page 417
Minimum Filtering Bypass Options tab. (See the Override Account window in this section for information on setting up an override account to allow a user to bypass group settings and minimum filtering level settings, if allowed.) M86 S ECURITY UIDE...
Page 418
Fig. 3:1-23 Time Profile pop-up window, Approved Content tab NOTE: See the Approved Content Settings window sub-section in this chapter for information about entries that can be made for this component of the filtering profile. M86 S ECURITY UIDE...
6. Click Close to close the Modify Time Profiles pop-up window, and to return to the Time Profile window. Delete a Time Profile To delete a time profile: 1. Select the time profile from the Current Time Profiles list box. 2. Click Remove. M86 S ECURITY UIDE...
There are two parts to set up in order to use the Approved Content feature: • A portal for viewing videos must be created • The passkey of each approved video must be entered in the Approved Content Settings window for the user’s profile M86 S ECURITY UIDE...
Page 421
• Text editor tool such as Notepad or TextPad • MD5 checksum calculator tool NOTE: See the M86 Approved Content Portal Setup document at http://www.m86security.com/software/8e6/docs/ug/misc/ wf.ac.4.1.00.pdf for instructions on setting up a portal and pass- keys for users to view YouTube or SchoolTube videos.
Page 422
Enter the case-sensitive, eight to 20 character code in the Passkey field. b. Click Add. TIP: To remove a passkey from the list box, select it and then click Remove. 2. Click Apply to save your entries. M86 S ECURITY UIDE...
Fig. 3:1-25 IP Profile Management window Upload IP Profiles 1. Click Upload File to open both the refresh message page (see Fig. 3:1-27) and the Upload IP Profiles pop-up window: Fig. 3:1-26 Upload IP Profiles pop-up window M86 S ECURITY UIDE...
Page 424
4. Click the “X” in the upper right corner of the Upload IP Profiles pop-up window to close it. 5. Click Refresh in the refresh page to refresh the IP groups branch of the tree: Fig. 3:1-27 Upload IP Profiles refresh page M86 S ECURITY UIDE...
1. Click Download Profile to open a browser window containing the profiles: Fig. 3:1-28 Download IP Profiles window The contents of this window can viewed, printed, and/or saved. 2. Click the “X” in the upper right corner of the window to close it. M86 S ECURITY UIDE...
WARNING: When adding a sub-group to the tree list, sub-group users will be blocked from Internet access until the minimum filtering level profile is defined via the Minimum Filtering Level window. The minimum filtering level is established by the global administrator. M86 S ECURITY UIDE...
WARNING: When adding an Individual IP member to the tree list, the user will be blocked from Internet access until the minimum filtering level profile is defined via the Minimum Filtering Level window. The minimum filtering level is established by the global administrator. M86 S ECURITY UIDE...
Fig. 3:1-31 Paste Sub Group dialog box 2. In the Input sub group name field, enter the name of the sub-group. 3. Click OK to add the sub-group to the group in the Policy tree. M86 S ECURITY UIDE...
Fig. 3:1-32 Sub Group (IP Group) window View IP Sub-Group Details If the sub-group was previously defined, the fields in the Sub Group Details frame cannot be edited. The following infor- mation displays: • Sub Group Name M86 S ECURITY UIDE...
TIP: Use the IP Range pull-down menu to view the IP address(es) that can be entered in these fields. 2. Corresponding to the selected radio button: • enter the IP address and specify the netmask, or M86 S ECURITY UIDE...
If using the mobile mode, MAC address(es) can be selected for inclusion in the sub-group. NOTE: See Appendix D: Mobile Client for information on modi- fying members when using the mobile mode. Fig. 3:1-34 Members window M86 S ECURITY UIDE...
NOTE: See the Group Profile window in this chapter for informa- tion about entries that can be made for the following components of the filtering profile: Category Profile, Redirect URL, Filter Options. M86 S ECURITY UIDE...
NOTE: See the Time Profile window in the Master IP Group sub- section of this chapter for information on entries that can be made for the following components of the filtering profile: Category Profile, Redirect URL, Filter Options, Exception URL, Approved Content. M86 S ECURITY UIDE...
WF Global Administrator Section of this user guide for information about the Approved Content feature and VuSafe. See the M86 Approved Content Portal Setup document at http:// www.m86security.com/software/8e6/docs/ug/misc/ wf.ac.4.1.00.pdf for information on setting up a portal and pass- keys for viewing online YouTube and/or SchoolTube videos.
2. Select the group from the tree and choose Paste Sub Group from the group menu to paste the sub-group to the group. (See Paste Sub Group dialog box in the Group section of this chapter.) M86 S ECURITY UIDE...
If using the mobile mode, the member’s MAC address can be selected for inclusion in the sub-group. NOTE: See Appendix D: Mobile Client for information on modi- fying members when using the mobile mode. Fig. 3:1-35 Member window M86 S ECURITY UIDE...
Time Profile window The Time Profile window displays when Time Profile is selected from the individual IP member menu. This window is used for setting up or modifying a filtering profile to be activated at a specified time. M86 S ECURITY UIDE...
WF Global Administrator Section of this user guide for information about the Approved Content feature and VuSafe. See the M86 Approved Content Portal Setup document at http:// www.m86security.com/software/8e6/docs/ug/misc/ wf.ac.4.1.00.pdf for information on setting up a portal and pass- keys for viewing online YouTube and/or SchoolTube videos.
Library Lookup and Category Groups, the latter topic containing the Custom Categories sub-topic. NOTE: If the synchronization feature is used, a server set up in the Target mode will only have the Library Lookup topic available. M86 S ECURITY UIDE...
Fig. 3:2-2 Library Lookup window NOTE: This window is also used by global administrators, except their permissions let them remove URLs and search engine keywords/phrases. The reload library function is used after making changes to the library. M86 S ECURITY UIDE...
3. Click OK to close the alert box and to display any results in the Result Category list box, showing the long name of the library category, followed by the URL. M86 S ECURITY UIDE...
Custom Categories link to view a menu of topics: Add Cate- gory, and Refresh. Fig. 3:2-3 Custom Categories menu NOTE: Since custom categories are not created by M86, updates cannot be provided. Maintaining the list of URLs and keywords is the responsibility of the global or group administrator.
ECTION HAPTER IBRARY SCREEN WARNING: The maximum number of categories that can be saved is 512. This figure includes both M86 supplied categories and custom categories. Add Category A unique custom library category should be created only if it does not exist in the Category Groups tree, and if any sub- group needs to use that library category.
NOTE: The category must have URLs, URL keywords, and/or search keywords added to its profile in order for it to be effective. Refresh Refresh the Library Click Refresh after uploading a file to a customized library category. M86 S ECURITY UIDE...
Delete Category. Fig. 3:2-5 Library screen, custom library category menu NOTE: Since custom categories are not created by M86, updates cannot be provided. Maintaining the list of URLs and keywords is the responsibility of the global or group administrator.
The following display and cannot be edited: Custom Cate- gories Group Name and library category Short Name. 1. The long Description name displays and can be edited. 2. After modifying the description for the library category, click Apply to save your entry. M86 S ECURITY UIDE...
(*) symbol followed by a period (.) can be entered in a format such as *.playboy.com, for example, to block access to all URLs ending in “.playboy.com”. A query string can be entered to block access to a specific URL. Fig. 3:2-7 URLs window, Action tab M86 S ECURITY UIDE...
2. Make a selection from the pull-down menu for “Master List”, or “Wild Card Master List”. 3. Click View List to display the specified items in the Select List list box: Fig. 3:2-8 URLs window, View tab M86 S ECURITY UIDE...
NOTE: The pound sign (#) character is not allowed in this entry. 2. Click Add to display the associated URL(s) in the list box below. 3. Select the URL(s) that you wish to add to the category. M86 S ECURITY UIDE...
Page 450
*.cnn.com is added to a category set up to be blocked, the end user will be able to access http://www.cnn.com since it is a direct match, but will not be able to access http://www.sports.cnn.com, since direct URL entries take precedence over wildcard entries. M86 S ECURITY UIDE...
1. Click Upload Master to open the Upload Custom Library URL pop-up window: Fig. 3:2-9 Upload Custom Library URL window 2. Click Browse... to open the Choose file pop-up window. 3. Select the file to be uploaded. M86 S ECURITY UIDE...
Page 452
5. If the file contains invalid URLs, click Back to return to the Upload URL window. Another attempt to validate the file can be made after corrections have been made to the file. If the file contains valid URLs: M86 S ECURITY UIDE...
To upload a master file with wildcard URL additions: 1. Click Upload Wildcard Master to open the Upload Custom Library WildCard URL pop-up window: Fig. 3:2-11 Upload Custom Library WildCard URL window 2. Click Browse... to open the Choose file pop-up window. M86 S ECURITY UIDE...
Page 454
Upload WildCard URL window. Another attempt to validate the file can be made after corrections have been made to the file. If the file contains valid wildcard URLs, click Upload to open the Upload Successful pop-up window. M86 S ECURITY UIDE...
After all changes have been made to library windows, click Reload Library to refresh. NOTE: Since reloading the library utilizes system resources that impact the performance of the Web Filter, M86 recommends clicking Reload Library only after modifications to all library windows have been made.
1. Enter the Keyword in the Edit Keyword List frame. 2. Click Add. Remove a URL Keyword from the Library To remove a URL keyword from the library category: 1. Enter the Keyword. 2. Click Remove. M86 S ECURITY UIDE...
After all changes have been made to library windows, in the Reload URL Keywords frame, click Reload to refresh. NOTE: Since reloading the library utilizes system resources that impact the performance of the Web Filter, M86 recommends clicking Reload only after modifications to all library windows have been made.
Remove a Search Engine Keyword To remove a search engine keyword or keyword phrase from a library category: 1. In the Edit Search Keyword List frame, enter up to 75 alphanumeric characters in the Keyword field. 2. Click Remove. M86 S ECURITY UIDE...
After all changes have been made to library windows, in the Reload Search Keywords frame, click Reload to refresh. NOTE: Since reloading the library utilizes system resources that impact the performance of the Web Filter, M86 recommends clicking Reload only after modifications to all library windows have been made.
5. Filter Options (optional). For IP profiles, the code 0x1 should be placed at the end with all filter options disabled. 6. Quotas (optional). NOTE: Each filtering profile should be entered on a separate line in the file. M86 S ECURITY UIDE...
FTP (File Transfer Protocol) 80 = HTTP (Hyper Text Transfer Protocol) 119 = NNTP (Network News Transfer Protocol) 443 = HTTPS (Secured HTTP Transmission) Other • Filter Mode Values: Default, Block Mode Monitoring Mode Bypassing Mode M86 S ECURITY UIDE...
Page 463
NOTE: The list of library category codes and corresponding descriptions is subject to change due to the addition of new cate- gories and modification of current categories. For explanations and examples of category items, go to http:// www.m86security.com/resources/database-categories.asp M86 S ECURITY UIDE...
Page 464
Quota minutes, a comma ( , ), the first library category code, a colon ( : ), the number of quota minutes, and a comma between each quota. For example: ;10, EMPL:30, FINAN:30, GENBUS:30, TRADING:30, ESTATE:30 NOTES: See http://www.m86security.com/software/8e6/hlp/ ifr/files/2group_ipprofiles.html for examples of filtering profile entries. M86 S ECURITY UIDE...
PPENDIX Appendix B Create a Custom Block Page M86 offers ways for you to customize the block page so that the page can have a different look while retaining the infor- mation/functionality provided in M86’s default block page. NOTE: The solutions provided in this appendix will only let you customize the Block page, not the Options page.
A Web server must be set up to hold the customized block page. 2. Create a customized block page The customized block page must be accessible via this link: http://<server for block_page>[:<port for block page>]/ <blockpage> M86 S ECURITY UIDE...
Page 467
User Name that accessed the blocked URL: (see URL) Implement the “further option” (optional) The “further option” is included in M86’s default block page. If used, the <block page> needs to provide a link back to Web Filter’s Options page and post the required hidden...
NOTE: Don’t forget to replace <Web Filter IP> with the real IP in the HTML/CGI before using these samples. Part III: Restart the Web Filter You must restart the Web Filter to make your changes effec- tive. M86 S ECURITY UIDE...
* Replace <Web Filter IP> with real IP and recompile before using * Revision: 1 * Date: 03/08/2004 #include <stdio.h> struct { char *name; char *val; } entries[20]; char szIP[16]; char szURL[1024]; char szUserName[1024]; char szCategory[8]; /*function prototypes*/ M86 S ECURITY UIDE...
Page 474
(strcmp(paramn, "CAT") == 0) strcpy(szCategory, paramv); else if (strcmp(paramn, "USER") == 0) strcpy(szUserName, paramv); getnextquery(¶mv); free(paramd); else /*==================================================== Read stdin and convert form data into an array; set a variety of global variables to be used by other M86 S ECURITY UIDE...
This appendix provides instructions on how to use an over- ride account if typical pop-up blocking software is installed, as in the following products: Yahoo! Toolbar, Google Toolbar, AdwareSafe, Mozilla Firefox, and Windows XP Service Pack 2 (SP2). M86 S ECURITY UIDE...
1. Go to the Yahoo! Toolbar and click the pop-up icon to open the pop-up menu: Fig. C-2 Select menu option Always Allow Pop-Ups From 2. Choose Always Allow Pop-Ups From to open the Yahoo! Pop-Up Blocker dialog box: M86 S ECURITY UIDE...
Page 481
Pop-Ups list box to activate the Allow button. 4. Click Allow to move the selected source to the Always Allow Pop-Ups From These Sources list box. 5. Click Close to save your changes and to close the dialog box. M86 S ECURITY UIDE...
Pop-up blocker button: Fig. C-4 Pop-up blocker button enabled Clicking this button toggles to the Pop-ups okay button, adding the override account window to your white list: Fig. C-5 Pop-ups okay button enabled M86 S ECURITY UIDE...
3. Click the Override button to open the override account pop-up window. 4. Go back to the SearchSafe toolbar and click the icon for Popup protection off to toggle back to # popups blocked. This action turns on pop-up blocking again. M86 S ECURITY UIDE...
2. Click the Content tab at the top of this box to open the Content section: Fig. C-6 Mozilla Firefox Pop-up Windows Options 3. With the “Block pop-up windows” checkbox checked, click the Exceptions... button at right to open the Allowed Sites - Pop-ups box: M86 S ECURITY UIDE...
Page 485
5. Click Allow to add the URL to the list box section below. 6. Click Close to close the Allowed Sites - Pop-ups box. 7. Click OK to close the Options dialog box. M86 S ECURITY UIDE...
Internet Options to open the Internet Options dialog box. 2. Click the Privacy tab: Fig. C-8 Enable pop-up blocking 3. In the Pop-up Blocker frame, check “Turn on Pop-up Blocker”. 4. Click Apply and then click OK to close the dialog box. M86 S ECURITY UIDE...
1. In the Options page (see Fig. C-1), enter your Username and Password. 2. Press and hold the Ctrl key on your keyboard while simultaneously clicking the Override button—this action opens the override account pop-up window. M86 S ECURITY UIDE...
Close to close the dialog box. The override account window has now been added to your white list. 3. In the Options page (see Fig. C-1), enter your Username and Password. 4. Click the Override button to open the override account pop-up window. M86 S ECURITY UIDE...
Password. 2. Click the Override button. This action displays the following message in the Information Bar: “Pop-up blocked. To see this pop-up or additional options click here...”: Fig. C-11 Information Bar showing blocked pop-up status M86 S ECURITY UIDE...
Page 490
NOTE: To view your white list, go to the Pop-up Blocker Settings dialog box (see Fig. C-10) and see the entries in the Allowed sites list box. 6. Go back to the Options page and click Override to open the override account window. M86 S ECURITY UIDE...
Internet security threats, and possible legal problems that can result from the misuse of Internet resources on an unfiltered, remote, laptop computer. M86 S ECURITY UIDE...
• Macintosh OS X Version 10.4, 10.5, or 10.6 running: • Safari 4.0 • Firefox 3.5 or 3.6 WARNING: The filtered end user must be set up with standard user rights only—these users should not have Power User, Administrator, or root level access. M86 S ECURITY UIDE...
3. If the end user comes into the organization, logs into his/ her workstation and is authenticated on the internal network, the end user’s profile now comes from the Web Filter, and not the Mobile Client. M86 S ECURITY UIDE...
2. The Mobile Client installed on the end user’s workstation sends a parallel request to the Web Filter. 3. The Web Filter searches its M86 database for a match to the request. If a match to the requested URL is found and the site is disallowed, the Mobile Client software blocks the connection to the Web server.
More information about using this feature is provided in subsequent pages in this section of the user guide. The following features are not available when using the mobile mode: Minimum Filtering Level, Time Profile, Override Account, M86 S ECURITY UIDE...
, master IP group with MAC addresses Fig. D-2 Members window 1. In the New Members frame, select “Source MAC”. 2. Enter the member’s MAC address. 3. Click Add to include the MAC address entry in the Current Members list box. M86 S ECURITY UIDE...
• To add MAC addresses to the sub-group, select each sub-group by highlighting it in the Available MAC(s) list box, and then clicking the left arrow to move the item(s) to the Member MAC(s) list box. M86 S ECURITY UIDE...
MAC addresses previously added in the sub-group’s Members window. , view MAC Addresses Fig. D-4 Sub Group (IP Group) window MAC addresses display in the Member MAC(s) list box in the MAC Address frame. M86 S ECURITY UIDE...
MAC address for inclusion in the sub-group. Fig. D-5 Member window with MAC Address 1. In the Modify Individual Group Member frame, select the member’s MAC Address from the pull-down menu. 2. Click Modify to apply your changes. M86 S ECURITY UIDE...
IP group’s profile file: tlind,150.100.30.2,A,J CHAT R GPORN M I,1, ,0x103 tlind, 00:04:21:AF:33:E1,A,J CHAT R GPORN M I,1, ,0x103 NOTE: For other examples of entries to include in the profile file, go to http://www.m86security.com/software/8e6/hlp/ifr/files/ 2group_ipprofiles.html. M86 S ECURITY UIDE...
"source" Web Filter. Fig. D-7 Active Profile Lookup window with MAC Address NOTE: See Active Profile Lookup window in Chapter 1: System screen from the WF Global Administrator Section for information on using the Active Profile Lookup window. M86 S ECURITY UIDE...
• The optional Mobile Client Updater (MCU) component that updates Mobile Client binaries from your Mobile Server running M86 Web Filter software version 4.0 or higher, or from your own Web server (the “updater,” 8e6winmcu.msi for Windows, and 8e6osxmcu.pkg.tar for Macintosh OS X) •...
To download the Mobile Client Deployment Kit to your machine: 1. Launch the M86 Mobile Client Web page, and then find and click the link for the Mobile Client Deployment Kit Installer (.msi file) you wish to download to your machine.
Page 504
Windows and Macintosh packages for the Mobile Client will be installed for distribution to user workstations. When your machine is ready to install the Deployment Kit, the page that confirms the installation process is ready to begin displays: M86 S ECURITY UIDE...
Page 505
Fig. D-11 Installation process ready to begin 6. Click Install to begin the installation process. The following page displays when the installation process is complete: Fig. D-12 Installation complete 7. Click Finish to close the wizard dialog box. M86 S ECURITY UIDE...
Help link in the Mobile Client Deployment Tool for instructions on using these windows. The Mobile Client Deployment Tool window is accessible via Start > All Programs > M86 Security Mobile Client Deployment Kit > Package Editor: Fig. D-13 Mobile Client Deployment Tool window The Mobile Client Deployment Tool’s package editor log...
2. Select the Mobile Client software version from the avail- able choices, and then click OK to close the Choose Product Version dialog box and to open the Package Configuration window: Fig. D-15 Package Configuration window M86 S ECURITY UIDE...
Page 508
NOTE: To edit the default settings, from the Mobile Client Deploy- ment Tool window select Tools > Edit default configuration... (see Edit a Package Configuration: Edit default configuration settings for information about making edits to default settings). M86 S ECURITY UIDE...
Page 509
Mobile filter host(s) field of the Package Configuration window. NOTE: To remove a mobile filter from the list, select the entry from the Hosts list box, click Delete, and then click OK. M86 S ECURITY UIDE...
Page 510
Internal filter host(s) field of the Package Configuration window. NOTE: To remove an internal filter from the list, select the entry from the Hosts list box, click Delete, and then click OK. M86 S ECURITY UIDE...
Page 511
Internet access when the mobile filter host server is unavailable. WARNING: By deselecting this option, technically savvy end users may be able to bypass filtering permanently by disrupting communications between the workstation and the mobile filter host server. M86 S ECURITY UIDE...
Page 512
(e.g. “http”), the port number (if a port other than port 80 is used), the host name, and directory name. For example: http://www.mycompany.com/ mobile_client_updates NOTE: Only the HTTP protocol is supported at this time. M86 S ECURITY UIDE...
Page 513
• There are specific applications you would like to perma- nently and unconditionally block from accessing the Internet • You wish to enable special log-verbosity settings for one or more applications—i.e. to troubleshoot possible conflicts between the Mobile Client and other network applications. M86 S ECURITY UIDE...
Page 514
Step 2: Identify the name and path of the application Determine the name and path of the executable program for which network access should be blocked or granted unre- stricted network access. For example: Program Files\Mozilla Firefox\Firefox.exe M86 S ECURITY UIDE...
Page 515
The -c option specifies a partial command line match. You could, therefore, just specify “Firefox.exe” instead of listing the entire path. However, doing so could also make it easier for a sophisti- cated end user to exploit a bypass setting. M86 S ECURITY UIDE...
Page 516
It is also possible to encrypt the Application Options Settings if you wish to obfuscate them from your users. NOTE: Contact M86 Technical Support for advanced information about Applications Options Settings. To encrypt or decrypt commands to be included in the Appli-...
Page 517
Package Configuration window is automati- cally incremented to the next sequential number, and the Mobile Client Package Contents local Web page launches, providing a summary of package contents with links to various components generated in the package: M86 S ECURITY UIDE...
Page 518
ILTER PPENDICES ECTION PPENDIX Fig. D-20 Mobile Client Package Contents page M86 S ECURITY UIDE...
Page 519
Mobile Client files, uncompress and extract files to the designated update server NOTE: More information about these tools is provided in subse- quent pages in this section of the user guide. M86 S ECURITY UIDE...
Page 520
NOTE: If you need to find the Mobile Client Package Contents page after you close it, from the Mobile Client Deployment Tool window, go to File > Explore Packages... and then locate “Pack- ages-View.html” inside the directory for the corresponding package. M86 S ECURITY UIDE...
Package Configuration window displaying the last saved edits made for the package. NOTE: The “Configuration revision” is incremented to the next sequential revision number. 4. After making your edits, choose a Save option for saving the configuration package. M86 S ECURITY UIDE...
Page 522
• a different Path is used with the filename “cfg- defaults.mccfg” specified • “Save as defaults” is greyed-out • Mobile Client and MCU components for Windows and Macintosh OS X show "All" instead of software version numbers. M86 S ECURITY UIDE...
Package window (see Fig. D-21) by clicking the Explore Pack- ages... button. 2. Double-click the selected package to display its contents. 3. When you are finished, click the “X” in the upper right corner of the window to close it. M86 S ECURITY UIDE...
2. Install the installer as you would any other program. No configuration is required for the MCU component. NOTE: This is a one time operation; after this procedure the MCU will update itself when a new version is deployed. M86 S ECURITY UIDE...
Page 525
(unless you have modi- fied the Mobile Server configuration to specify otherwise). When a new Mobile Client version is detected, the MCU immediately attempts to download it. Because the clients do M86 S ECURITY UIDE...
Page 526
NOTE: A full Mobile Client update file size is about 1.5 MB for Windows and 1.4 MB for Macintosh OS X (as of software version 3.0.5). M86 S ECURITY UIDE...
Page 527
System > Mode > Operation Mode (see Fig. D1). 2. In the Mobile Client Control frame, at the Mobile Client Software Update field click Upload to open the Upload Mobile Client Software Package pop-up window: Fig. D-24 Upload Mobile Client Software Package window M86 S ECURITY UIDE...
Page 528
MCU finds no new software available, it checks to see if a new configuration is available. If the latter is available, that is downloaded and applied. Such updates are much smaller in size than updating an entire new version of the Mobile Client. M86 S ECURITY UIDE...
Forest > Domains > {domain name} > Group Policy Objects. b. Right-click and choose "New", then create a name for the policy (suggested name: "M86 Mobile Client Deployment"). Click OK. c. In the Group Policy Object Editor, open the {policy name} >...
Page 530
Click OK. To create a WMI filter: WMI filters are capable of applying very sophisticated selection criteria to set the scope of a policy. See Microsoft Knowledgebase article #555253 for details on creating WMI filters: http://support.microsoft.com/kb/ 555253 M86 S ECURITY UIDE...
Page 531
NOTE: In some cases involving Windows XP workstations, it may be necessary to reboot twice for Group Policy processing to occur. c. Verify the Mobile Client is blocking access to unautho- rized Web sites, and is allowing access to other sites. M86 S ECURITY UIDE...
Apple Computer provides a product called Apple Remote Desktop (http://www.apple.com/remotedesktop/) that can be used to deploy Macintosh OS X Mobile Client software version in bulk to many users simultaneously. Contact Apple for additional information about this product. M86 S ECURITY UIDE...
You will probably want to change the name of the policy (e.g. "Remove M86 Mobile Client"). Once the new policy has been processed on all target machines and the Mobile Client has been removed, you can delete or unlink the removal policy with GPMC.
Page 534
• Windows XP: Start > Control Panel > Add or Remove Programs 2. Find the Mobile Client program and click Remove to open the M86 Mobile Client - Uninstall dialog box: Fig. D-27 Mobile Client Uninstall dialog box 3. Copy the eight-digit number displayed in the Machine ID field.
Page 535
Copy this Uninstall key. In this example: f0d34d NOTE: Click Close to close the Create Uninstall Key pop-up window. 6. Access the M86 Mobile Client - Uninstall dialog box again, and enter the generated password key in the Key field. In this example: f0d34d Fig.
- A Web Filter set up in the firewall mode will filter all requests. If the request is appropriate, the original packet will pass unchanged. If the request is inappropriate, the original packet will be blocked from being routed through. M86 S ECURITY UIDE...
Page 537
“essex”. library category - A list of URLs, URL keywords, and search engine keywords set up to be blocked. LDAP - One of two authentication method protocols used by the Web Filter. Lightweight Directory Access Protocol M86 S ECURITY UIDE...
Page 538
(Distinguished Names). M86 supplied category - A library category that was created by M86, and includes a list of URLs, URL keywords, and search engine keywords to be blocked. machine name - Pertains to the name of the user’s work- station machine (computer).
Page 539
P2P services specified in the library category. profile string - The string of characters that define a filtering profile. A profile string can consist of the following components: category codes, service port numbers, and redirect URL. M86 S ECURITY UIDE...
Page 540
Each rule created by the global administrator is assigned a number and a name that should be indicative of its theme. Rules are used when creating filtering profiles for entities on the network. M86 S ECURITY UIDE...
Page 541
Internet running Network Time Protocol (NTP) software. time profile - A customized filtering profile set up to be effective at a specified time period for designated users. Traveler - M86’s executable program that downloads updates to your Web Filter on demand or at a scheduled time.
Page 542
URL from that library category or an uncategorized URL is requested. white list - A list of approved library categories for a speci- fied entity’s filtering profile. M86 S ECURITY UIDE...
System Configuration administrator console and Report Manager. Using System Configuration screens, the global adminis- trator configures the SR to accept log files from the M86 Web Filter—and the M86 Secure Web Gateway, if this filtering device is added to the device registry—“normalize”...
• SR Security Reports Section - Refer to this section for security report configuration and usage, if using a Secure Web Gateway appliance with the SR application in this WFR. NOTE: See the M86 Secure Web Gateway User Guide at http:// www.m86security.com/support/Secure-Web-Gateway/Docu- mentation.asp for information on the SWG. M86 S...
Page 545
Appendix B provides details on setting up and using the System Tray feature for real time gauge alerts. Appendix C features a glossary of technical terminology used in this portion of the user guide. M86 S ECURITY UIDE...
(such as “Yes” or “No”, or “Next” or “Cancel”) to execute your command. As dictated by this box, you also might need to make one or more entries or selections prior to clicking a button. M86 S ECURITY UIDE...
Page 547
• panel - the central portion of a screen that is replaced by a different view when clicking a pertinent link or button. A sub- panel is a boxed-in section within a panel. M86 S ECURITY UIDE...
Page 548
• screen - a main object of an applica- tion that displays across your monitor. A screen can contain panels, sub-panels, windows, frames, fields, tables, text boxes, list boxes, icons, buttons, and radio buttons. M86 S ECURITY UIDE...
Page 549
• window - can contain frames, fields, text boxes, list boxes, icons, buttons, and radio buttons. Types of windows include ones from the system such as the Save As window, pop-up windows, or login windows. M86 S ECURITY UIDE...
Fig. 1:1-1 Security Reporter icon in WFR Welcome window NOTE: If pop-up blocking software is installed on the workstation, it must be disabled. Information about disabling pop-up blocking software can be found in WFR Appendix I: Disable Pop-up Blocking Software. M86 S ECURITY UIDE...
In order to accept the security certificate, follow the instructions at: http://www.m86security.com/ software/8e6/docs/ig/misc/sec-cert-sr3.1.10.pdf 3. After accepting the security certificate, click Go to open the Security Reporter Login window (see Fig. 1:1-2). M86 S ECURITY UIDE...
If you are logging in as a group administrator, enter the password set up for you by the global administrator. TIP: M86 Security recommends administrators who access this application for the first time should change their account pass- word. Administrator usernames and passwords are modified in Administration >...
Page 553
Page Count Summary Report displays instead of Top 20 Users by Blocked Requests. A maximum of eight users can use the SR user interface simulta- neously. However, for optimum results, M86 Security recom- mends no more than four users generate reports at the same time.
To log in again, click OK to close the alert box; this action displays the Security Reporter login window where you will need to log in again. M86 S ECURITY UIDE...
The password is case sensitive. 3. Click Save to close the pop-up window. 4. In the Security Reporter login window (see Fig. 1:1-2), enter your Username and new Password, and then click Login to access the user interface. M86 S ECURITY UIDE...
Reporter password reset” message. NOTE: The action of clicking “OK” displays the original login window. 4. Click the link in the email message to launch the Reset Your Password login window; the Username field displays your username greyed-out: M86 S ECURITY UIDE...
Page 557
5. Enter a password comprised of eight to 20 characters (using at least one alpha, one numeric, and one symbol character) In the New Password and Confirm Pass- word fields. 6. Click Submit to access the Security Reporter user inter- face. M86 S ECURITY UIDE...
A link to Web Filter is also available via a menu link. Clicking “Security Reporter” or the M86 Security logo in the banner accesses the M86 Security Web site. NOTE: See Appendix A: Evaluation Mode for information about using the Security Reporter in evaluation mode and/or converting the application to registered mode.
Page 559
Version, and hardware Serial number of the M86 WFR appliance. This criteria can be copied and pasted into an email or online form to be submitted to M86 Secu- rity for troubleshooting purposes. Click “Close” to close the pop-up window.
Page 560
• View tooltip information - To view information about any object that has a circled “i” icon beside it, hover over the icon to display tooltips that explain how to use that button or field. M86 S ECURITY UIDE...
(in the .pdf format) for this application. • Logout - Click this link to log out of the SR (see Log Out for details on log out procedures). M86 S ECURITY UIDE...
ShutDown window sub-section from the WF Global Administrator Section of the Web Filter portion of this user guide. Failure to properly shut down the server can result in data being lost or corrupted. M86 S ECURITY UIDE...
• sets up administrators for receiving automatic alerts • analyzes SR statistics • utilizes diagnostics for monitoring the SR status to ensure optimum functioning of the SR • establishes and implements backup and restoration procedures for the SR M86 S ECURITY UIDE...
If using this product in the evaluation mode the SR Status pop-up window opens when accessing this screen. Please see Appendix A: Evaluation Mode for information about the evaluation mode. M86 S ECURITY UIDE...
SR and maintaining the Report Manager. TIP: When making a complete configuration in the System Configuration administrator console, M86 Security recommends you navigate from left to right (Network to Server to Database) in choosing your menu options.
Once your server is configured and the server is set in the “live” mode, it will receive and process real time data from the Web Filter. The Report Manager can then be used to capture data and create views. M86 S ECURITY UIDE...
2. Click the radio button corresponding to Live or Archive to specify the mode in which the server should function: • choose Live if you wish the server to function in the “live” mode, receiving and processing real time data from the Web Filter. M86 S ECURITY UIDE...
(see Optional Features screen in this chapter), and a user is unable to log into the SR user interface due to an expired pass- word, or having met the specified number of failed password attempts within the designated timespan. M86 S ECURITY UIDE...
• IP: ‘x.x.x.x’ has been successfully unlocked. NOTE: In the text above, ‘xxx’ and ‘x.x.x.x’ represents the unlocked username/IP address. 3. Click OK to return to the Locked-out Accounts and IPs screen that no longer shows the accounts/IPs that have been unlocked. M86 S ECURITY UIDE...
Server menu. This screen is used for setting up the password for the remote server’s FTP account, for executing an immediate backup on the SR, and for performing a restoration to the database from the previous backup run. Fig. 2:2-4 Backup screen M86 S ECURITY UIDE...
ONFIGURING THE ERVER Backup and Recovery Procedures IMPORTANT: M86 Security recommends establishing backup and recovery procedures when you first begin using the SR. Please follow the advice in this section to ensure your SR is prop- erly maintained in the event that data is lost and back up proce- dures need to be performed to recover data.
SR will be down. • Expiration about to occur - If a data expiration is about to occur, you might want to back up your data before M86 S ECURITY UIDE...
From the remote server, the backup database can be retrieved via FTP, and then stored off site. TIP: M86 Security recommends executing an on demand backup during the lightest period of system usage, so the server will perform at maximum capacity.
NOTE: The amount of time it will take to restore data to the SR depends on the combined size of all database tables being restored. M86 Security recommends that you do not perform other functions on the SR until the restoration is complete.
As the administrator of the SR, you have the option to either activate or deactivate this feature. When the self-monitoring feature is activated, an automated e-mail message is dispatched to designated recipients if the SR identifies a failed process during its hourly check for new data. M86 S ECURITY UIDE...
The Master Administrator and any remaining e-mail addresses in the list will continue receiving notifications. Deactivate Self-Monitoring 1. Click the radio button corresponding to NO. 2. Click the Save button to deactivate self-monitoring. M86 S ECURITY UIDE...
Server menu. This screen, which automatically refreshes itself every 10 seconds, displays the statuses of processes currently running on the SR, and provides information on the amount of space and memory used by each process. Fig. 2:2-6 Server Status screen M86 S ECURITY UIDE...
• Disk drives status - provides data on the status of each drive of the operating system • NETSTAT - displays the status of a local IP address M86 S ECURITY UIDE...
The Secure Access screen displays when the Secure Access option is selected from the Server menu. This screen is primarily used by M86 Security technical support representatives to perform maintenance on your server, if your system is behind a firewall that denies access to your server.
Terminate All Port Connections If more than one port is currently active on the customer’s server and you need to terminate all port connections, click the Stop All button. This action removes all port numbers from the list box. M86 S ECURITY UIDE...
MySQL database is rebooted. • Shut Down the SR’s Software - The Shutdown Soft- ware option should be selected if the MySQL database needs to be shut off and no files FTPed to the server. M86 S ECURITY UIDE...
Shut Down screen. NOTE: When the Restart Software option is selected, the SR will take five to 10 minutes to reboot. After this time, you can go to another screen or log off. M86 S ECURITY UIDE...
Report Manager application. As a result of this action, a screen displays with the following message: “The Report Manager will restart in a few minutes.” 2. Click OK to return to the Report Manager screen. M86 S ECURITY UIDE...
• “ON” - Choose this option to let the Report Manager automatically run scheduled reports. • “OFF” - Choose this option if you do not want the Report Manager to run scheduled reports. 2. Click Apply. 3. Click Restart to restart the Report Manager application. M86 S ECURITY UIDE...
SR to identify users based on the IP addresses of their machines, their usernames, and/or their machine names. Information set up on this screen is used by the Report Manager when logging a user’s Internet activity. M86 S ECURITY UIDE...
Page 586
Fig. 2:2-11 User Name Identification screen with IP.ID activated As the administrator of the SR, you have the option to either enable or disable this feature for logging users’ activities by usernames, machine names, and/or IP addresses of machines. M86 S ECURITY UIDE...
Page 587
The second user logs on the same machine for 11 minutes and then logs off. The first user logs back on that machine for 16 minutes. All 30 minutes are logged as the first user’s activity. M86 S ECURITY UIDE...
IP addresses and machine names. After this table is created, the message screen displays to confirm the successful execution of this task. b. Click the Back button to return to the User Name Identification screen. M86 S ECURITY UIDE...
Establish the Unit of Elapsed Time for Page Views 1. In the Elapse Time field, enter the number of seconds that will be used as the value when tracking a user’s visit to a Web site. 2. Click the Save button. M86 S ECURITY UIDE...
Web site, then exits, then returns to the same site for another 15 seconds, the user will have two sessions or three visits to that site logged for him/her (5 seconds = 1 visit, 15 seconds = 2 visits, for a total of 3 visits). M86 S ECURITY UIDE...
Page searches. Fig. 2:2-13 Page Definition screen View the Current Page Types The Current page types list box contains the extensions of page types to be included in the detail report. M86 S ECURITY UIDE...
Add a Page Type To add a page type in the detail report: 1. Enter the New Page Type extension. 2. Click Add to include the extension in the Current page types list box. 3. Click Apply. M86 S ECURITY UIDE...
Report Manager application. Fig. 2:2-14 Tools screen The following options are available on this screen: • View Diagnostic Reports • View Database Status Logs • Technical Support Report Package M86 S ECURITY UIDE...
• db Backup - This log provides information about the MySQL backup/restore operation. • db Control - This log shows a list of actions performed by the SR process when processing log files. M86 S ECURITY UIDE...
Page 595
• File Watch Log - This log shows a list of records that were imported from one machine to another. • MYSQL Log - This log provides information pertaining to the MySQL server. • Partitioner - This log displays results of server parti- tioning for database expiration. M86 S ECURITY UIDE...
Generate to begin generating the report package. 2. After the package has generated, the “Successfully generated tech support log” pop-up window opens with the message: “Please download the file to email to M86 tech support.” Click Download to download the .tgz package to your machine.
SR.) See the Server Information panel in the Report Manager Admin- istration Section for more information about expired data. See also Appendix A: Evaluation Mode for information about using the SR in the evaluation mode. M86 S ECURITY UIDE...
Saturday period) stored on the server is expired— i.e. deleted from the database. Once data expires, it cannot be recovered. WARNING: Storage capacity maintenance is performed each evening between 11:30 p.m. and midnight. During this period, the database will be locked. M86 S ECURITY UIDE...
• Last 8 weeks hits/day average - The average number of end user hits per day, based on the last eight weeks of data stored on the server. NOTE: If the server has not yet expired any data, a “0” (zero) displays in this field. M86 S ECURITY UIDE...
Count. This screen also is used for enabling and configuring the password security feature to be used for the System Configuration administrator console and Report Manager (see Fig. 2-2:16). NOTE: Optional features can be enabled or disabled at any time. M86 S ECURITY UIDE...
Page 601
SR S 2: C YSTEM ONFIGURATION ECTION HAPTER ONFIGURING THE ERVER Fig. 2:2-16 Optional Features screen M86 S ECURITY UIDE...
1. Click the radio button corresponding to “ON” to make the Top 20 Users by Blocked Requests report selection avail- able in an administrator’s Summary Reports menu. 2. Click Apply to apply your setting. WARNING: Applying this setting restarts the Report Manager. M86 S ECURITY UIDE...
(“0”) will display for object activity in generated reports. 1. Select one of two radio buttons to specify the type of hits to be included in drill down, Time Usage reports, and scheduled custom reports: M86 S ECURITY UIDE...
If a user’s password has expired, when he/she enters his/her Username and Password in the login screen and clicks Login, he/ she will be prompted to re-enter his/her Username and enter a new password in the Password and Confirm Password fields. M86 S ECURITY UIDE...
Page 605
Failed Password Attempts Timespan (in minutes) field before being locked out of the SR user interface. NOTE: The maximum number of failed attempts that can be entered is 10. M86 S ECURITY UIDE...
Page 606
Allowable Number of Failed Password Attempts field— before being locked out of the SR user interface. NOTE: The maximum number of minutes that can be entered is 1440. 2. Click Apply to apply your settings. M86 S ECURITY UIDE...
This screen is used for specifying the Web Filter(s) to send LDAP user group membership information to this SR, for performing a user group import on demand, and for viewing on demand user group import criteria. Fig. 2:2-17 User Group Import screen M86 S ECURITY UIDE...
Current Status for User Group Import box that opens at the bottom of this screen when the Import Now button is clicked. NOTE: User groups will be imported in the exact format defined on the Web Filter. M86 S ECURITY UIDE...
Report Manager processes; analyze data storage on the server; and remove all profiles and configuration settings in the Report Manager. M86 S ECURITY UIDE...
Page 610
SR R EPORT ANAGER DMINISTRATION ECTION NTRODUCTION • Chapter 3: Report Configuration - This chapter explains how to create and manage Custom Category Groups used for monitoring end user Internet activity, and configure general report settings. M86 S ECURITY UIDE...
2. Click User Groups to display the User Groups panel, which is comprised of User Groups sub-panel to the left and its Group Members target sub-panel to the right: Fig. 3:1-1 User Groups panel M86 S ECURITY UIDE...
Page 612
From this panel you can view information about an existing user group, or click a button to add a user group, modify or delete an existing user group, rebuild a user group on demand, or refresh the display of the current list. M86 S ECURITY UIDE...
Page 613
• Open Directory For the Web Filter: • Active Directory Mixed Mode and Active Directory Native Mode are supported. • Open LDAP usernames will be included in user profiles only if those users generate network traffic. M86 S ECURITY UIDE...
New, Edit, Delete, Rebuild All, and Refresh buttons. • If the selected user group was imported and cannot be rebuilt on demand, this action activates the New, Rebuild All, and Refresh buttons only. M86 S ECURITY UIDE...
Page 615
Fig. 3:1-2 View user group information, Single Users accordion NOTE: If using the LDAP user authentication method, user names display in the User Name column. If using IP groups, IP addresses of user machines display instead of user names. M86 S ECURITY UIDE...
3. Enter at least three characters for the Group Name to be used for the new user group; this action activates the Save button. 4. Click the checkbox(es) to activate the pertinent corre- sponding box(es) below: Patterns, IP Ranges, Single Users/Exclude. M86 S ECURITY UIDE...
”200.10.100.3” as part of the IP address. 2. Click Add Pattern to include the pattern in the Assigned Patterns list box below. TIP: Follow steps 1 and 2 above to include additional patterns for the new user group. M86 S ECURITY UIDE...
Page 618
To remove a pattern in the Assigned Patterns list box: 1. In the Patterns box, select the pattern from the Assigned Patterns list box to highlight it. 2. Click Remove Pattern to remove that pattern from the list box. M86 S ECURITY UIDE...
To set up the first parent user group to include an IP range, “All” user groups must be used as the base group. Fig. 3:1-5 Add user group, IP Ranges sub-panel M86 S ECURITY UIDE...
Page 620
Range button. d. Click Calculate IP Range to display the Starting IP and Ending IP in the fields above. 2. Click Add IP Range to include that IP range in the Assigned Ranges list box below: M86 S ECURITY UIDE...
Page 621
1. Click the row to highlight and select it; this action acti- vates the Remove IP Range button below. 2. Click Remove IP Range to remove the IP address range from the list box. M86 S ECURITY UIDE...
A user name preceded by an asterisk ( * ) indicates an auto- assigned user that can only be removed by adjusting the pattern or IP range for that user’s group. Fig. 3:1-7 Add user group, Single Users sub-panel M86 S ECURITY UIDE...
Page 623
NOTE: Users added to the Add tab will still be listed in the Avail- able Users list. After saving the entries in the New User Group panel, the users added to the Add tab display in the Assigned tab. M86 S ECURITY UIDE...
Page 624
1. Select the user(s) from the Add tab; this action activates the [-] Remove button: Fig. 3:1-8 Add user group, remove user from Add tab 2. Click [-] Remove to remove the user(s) from the Add tab. M86 S ECURITY UIDE...
Delete tab. • If necessary, edit the name of the user group in the Group Name field. 4. Click Save to save your edits and to return to the User Groups panel. M86 S ECURITY UIDE...
User Groups list as well as your User Groups list. TIP: Click No to close the dialog box and to return to the User Groups panel. 3. Click Yes to close the dialog box, and to remove the user group from the User Groups list. M86 S ECURITY UIDE...
NOTES: Any administrator groups previously set up display in the Group Names list box in the Administrator Groups sub-panel. In this panel, you can add an administrator group, view information for an existing administrator group, and modify or delete that group, as necessary. M86 S ECURITY UIDE...
• Admins - This privilege lets the administrator create another administrator account with equal or lesser privileges as that administrator. • System Administration - This privilege gives the administrator access to the Device Registry and System Configuration administrator console. M86 S ECURITY UIDE...
Page 629
TIP: To remove a checkmark from any active checkbox containing a checkmark, click the checkbox. 4. Click Save Group to save your entries and to add the new administrator group name in the Group Names list box. M86 S ECURITY UIDE...
Group Privileges sub-panel with previously-saved settings: Fig. 3:1-11 Administrator Groups group selections With the Group Privileges sub-panel populated, you can now make edits as described in the following sub-section. M86 S ECURITY UIDE...
3. Click Yes to close the dialog box and to remove the administrator group from the Group Names list box. NOTE: Clicking Cancel closes the dialog box without removing the administrator group. M86 S ECURITY UIDE...
At the right side of this panel is the Admin Detail sub-panel, used for adding a group administrator profile, viewing an M86 S ECURITY UIDE...
Page 633
If logged in as a group administrator without privileges to create other administrator profiles, only the Admin Detail sub-panel displays, as in the sample screen below: Fig. 3:1-13 Admin Profiles panel, group administrator view M86 S ECURITY UIDE...
• Optional: Select another report color scheme from the available Graph Colors choices. • Type in the Username the group administrator will use to access the SR user interface. This entry will display in the Admin list when the record is saved. M86 S ECURITY UIDE...
Page 635
System Tray feature.) • Optional: Type in the group administrator’s Work Phone number, without entering special characters such as parentheses ( ), a hyphen (-), a period (.), or a left slash (/). M86 S ECURITY UIDE...
Page 636
Remove Group to remove the user group(s). 4. After selecting each user group to be assigned to the group administrator, click Save Admin to add the User- name for the new administrator to the Admin list box. M86 S ECURITY UIDE...
For an account without permission to create other user profiles, the Admin Detail sub-panel displays at minimum that user’s Email address, Graph Colors selection, User- name, Language selection, Username Format selection, and Assigned User Groups selection(s) greyed-out: M86 S ECURITY UIDE...
• An administrator account with permissions to create other user accounts also has the ability to modify the Administrator Group selection, and User Groups selections for user accounts he/she set up. 2. After making any modifications, click Update Admin to save your edits. M86 S ECURITY UIDE...
TIP: Clicking Cancel closes the dialog box without removing the group administrator profile. 3. Click Yes to close the dialog box and to remove the administrator’s username from the list. M86 S ECURITY UIDE...
HTTPS Configuration to open the HTTPS Configuration panel, comprised of Self-Signed, Trusted, and Download/Delete Certificate tabs used for creating, uploading, downloading, and/or deleting self- signed or third party SSL certificates: Fig. 3:2-1 HTTPS Configuration panel, Self-Signed tab M86 S ECURITY UIDE...
SR, and to restart the Report Manager. Hereafter, group administrators must accept the security certificate on their workstations in order for their machines to communicate with the Report Manager and/or System Configuration administrator console. M86 S ECURITY UIDE...
1. Click the Trusted tab: Fig. 3:2-2 HTTPS Configuration panel, Trusted tab 2. Make entries in these fields: a. Common Name (Full DNS Name) - Hostname of the SR server, such as logo.com. M86 S ECURITY UIDE...
2. Click Save CSR to save the CSR to your machine. TIP: Click Delete CSR to remove the CSR you created on your machine. 3. Submit the CSR to a trusted third party agency autho- rized to sign SSL certificates. M86 S ECURITY UIDE...
Browse to find the .cer file you just saved. 5. Click Upload to load the certificate on the SR. NOTE: Do not click this button until performing the actions in the following steps. TIP: Click Cancel in the dialog box to cancel the procedure. M86 S ECURITY UIDE...
The certificate can now be distributed to group administrator workstations. Delete the SSL Certificate To delete the third party certificate from the SR, go to the Download/Delete Certificate tab and click Delete to remove the certificate from the SR. M86 S ECURITY UIDE...
Fig. 3:2-4 User Profiles panel By default, this panel is comprised of rows of end user records, sorted in ascending order by Username (IP address). For each username in the list, the corresponding end user IP Address displays. M86 S ECURITY UIDE...
2. Click User Summary to open the User Summary panel, and perform any of the actions described for this panel in the Real Time Reports Section. M86 S ECURITY UIDE...
Fig. 3:2-5 Activity View panel The Activities sub-panel displays to the left and the empty target sub-panel displays to the right. Below these sub- panels is the Date Range field, the administrator usernames menu, and Search button. M86 S ECURITY UIDE...
5. Click the ending date to select it and to close the calendar pop-up window. This action populates the field to the left of the calendar icon with the selected date. 6. To view the activity of a specified administrator, select the username from the pull-down menu. M86 S ECURITY UIDE...
The Target field displays information only as applicable for any of the following actions executed by the administrator (Admin Name), such as: • administrator name for Add/Edit/Delete Admin • group name for Add/Edit/Delete Admin Group M86 S ECURITY UIDE...
Page 651
SR R 2: D EPORT ANAGER DMINISTRATION ECTION HAPTER ATABASE ANAGEMENT • alert name for Add/Edit/Delete Alert • gauge name for Add/Edit/Delete URL/Bandwidth Gauge. M86 S ECURITY UIDE...
SR, synchronizing the SR with user groups and libraries from the source Web Filter, editing M86 appliance criteria, and adding/deleting an addi- tional Web Filter, or adding/deleting an SWG or LDAP server to/from the registry.
Page 653
SWG policy server to the device registry. • New LDAP Server (enabled only if an SWG has been added to the device registry) - Click this button to add an LDAP server to the device registry. M86 S ECURITY UIDE...
WARNING: For any scenario specified above that would result in data being purged from the Security Reporter, M86 recommends backing up and saving current SR data off the server before adding or removing the designated device from the device registry.
Web Filter device you added now displays. View, edit Web Filter device criteria 1. Go to the Web Filter server icon in the Device Registry panel and click Edit to open the Web Filter pop-up window: M86 S ECURITY UIDE...
NOTE: Click No to close the dialog box. 2. Click Yes to delete the Web Filter device from the registry, and to remove the Web Filter server icon from the Device Registry panel. M86 S ECURITY UIDE...
Range IP Address and Subnet Mask fields, and buttons for adding or removing a range of IP addresses the SR application will monitor for network traffic. Any IP Address and Subnet Mask previously entered in this window displays in the list box. M86 S ECURITY UIDE...
SMTP, Patch Server, NTP Server, and Proxy Server. View SMTP device criteria 1. Go to the image of the SMTP server in the Device Registry panel and click View to open the SMTP Server pop-up window: M86 S ECURITY UIDE...
Registry panel and click View to open the Proxy Server pop-up window. The following information displays: Name of server (Proxy Server), Device Type (Proxy Server), IP address, Port number, Username (if appli- cable), Password (if applicable, asterisks display), Proxy Switch ("on" or "off"). M86 S ECURITY UIDE...
2. Check the checkbox(es) pertaining to information to be synchronized between the Web Filter and SR devices, and to activate the Synchronize button: • Categories - Make this selection to synchronize M86 supplied library category updates and custom library categories from the source Web Filter to the SR.
SR Wizard installation process—nor subsequently added to this device registry—click New SWG Policy Server at the bottom of the Device Registry panel to open the New SWG Policy Server pop-up window: Fig. 3:2-13 Add New SWG Policy Server M86 S ECURITY UIDE...
New SWG Policy Server at the bottom of the Device Registry panel to open the New SWG Policy Server pop-up window: Fig. 3:2-14 Add another New SWG Policy Server The following information displays and cannot be edited: Device Type (SWG), ID, Username. M86 S ECURITY UIDE...
2. The following actions can be performed in this window: • Make entries or edits in the following fields: • Name - Name for the device. • Description - Description of the device. TIP: Click Cancel to close this pop-up window. M86 S ECURITY UIDE...
Page 664
TIP: Click Cancel to close this pop-up window. c) Click Change Password to save your entries, close this pop-up window, and return to the Edit SWG Policy Server pop-up window. 3. Click Save to save your edits and to close the pop-up window. M86 S ECURITY UIDE...
Add an LDAP Server to the device registry 1. At the bottom of the Device Registry panel, click New LDAP Server to open the LDAP server pop-up window: Fig. 3:2-17 Add LDAP server The Device Type image displays. M86 S ECURITY UIDE...
Page 666
TIP: Click Cancel to close this pop-up window. 3. Click Save to save and process your information, and to return to the Device Registry panel where an icon repre- senting the LDAP server device you added now displays. M86 S ECURITY UIDE...
Edit to open the pop-up window: Fig. 3:2-18 LDAP Server pop-up window The Device Type image for the LDAP server displays, along with entries previously made and saved in this window. 2. Edit any of the fields in this pop-up window. M86 S ECURITY UIDE...
NOTE: Click No to close the dialog box. 2. Click Yes to delete the LDAP server device from the registry, and to remove the LDAP server icon from the Device Registry panel. M86 S ECURITY UIDE...
In the navigation toolbar, hover over the Administration menu link and select Database Processes List to display the Database Processes List panel: Fig. 3:2-19 Database Processes List window M86 S ECURITY UIDE...
At the end of each row is the Terminate option. TIP: Click the Refresh button to refresh the list of records. Terminate a Process Select the process to be terminated and click Terminate. WARNING: Be sure that you do not terminate the wrong process. M86 S ECURITY UIDE...
Activity, and Expiration Info. NOTE: If the WFR unit is newly installed, server statistics will be available after they are initially correlated for the SR, immediately after midnight. If this problem persists, please contact your system administrator. M86 S ECURITY UIDE...
‘X’ WEEKS”—in which ‘X’ represents the number of weeks). Registered mode pertains to an SR that has been activated online and registered by M86 Security. An SR in registered mode will store as much data as allocated for data storage on its hard drive—and on its attached storage device, if...
Server Info The Server Info section contains the following WFR server information: Software Version number and Database Server IP address—or the label “localhost” that designates the SR administration module as the host server for the Report Manager. M86 S ECURITY UIDE...
HH:MM AM/PM format), the login ID of the person who generated the chart (Generated by) and the Page number and page range. The chart image includes a graph illustrating the general Number of Hits (in purple) and Number of IPs that gener- M86 S ECURITY UIDE...
Page 675
Number of IPs that generated those hits (in blue) for a specified Week (YYYY-WW). Weeks are numbered 01-52. For example, 2011-05 indicates the fifth week in the year 2011—or the first week of February 2011, which included days 1-5. M86 S ECURITY UIDE...
Page 676
The summary shows the general Number of Hits (in purple) and Number of IPs that generated those hits (in blue) for a specified Month (Month ’YY). Month names are abbreviated. Fig. 3:2-23 Hits Per Month chart M86 S ECURITY UIDE...
Page 677
Save a Copy dialog box, and proceed with standard save procedures. • Close the chart window - Click the “X” in the upper right corner to close the chart window. • Generate a new chart - Make new entries in the Server Information panel. M86 S ECURITY UIDE...
TERED)” is included in the label to indicate the number of weeks of data that would be stored on the SR if the SR was activated and running in registered mode. (See Registered Mode and Eval- uation Mode in this sub-section.) M86 S ECURITY UIDE...
WARNING: When using this option, all settings made on the SR—including administrator, group, and real time gauge configu- ration settings and alerts—will be purged and cannot be restored. The SR will also be set to evaluation mode. M86 S ECURITY UIDE...
WFR’s End User License Agree- ment window: Fig. 3:2-25 End User License Agreement 4. After reading the contents of the EULA, click Yes to accept it and to go to the Wizard Login window: Fig. 3:2-26 Wizard Login window M86 S ECURITY UIDE...
1. In the Wizard Login window, type in the Username created during the wizard hardware installation process. 2. Type in the Password created for the Username during the wizard hardware installation process. 3. Click Login to display the wizard panel: Fig. 3:2-27 Wizard panel M86 S ECURITY UIDE...
2. In the Web Filter Setup section, by default the first row in the table is populated with an “X” in the Source column and the Server Name and Server IP address of the Local Web Filter. M86 S ECURITY UIDE...
SWGs can send logs to this SR. NOTE: The password entered in this field must be added in the user interface of each SWG that will send logs to this SR, as explained in the SWG’s Management Console Reference Guide. M86 S ECURITY UIDE...
SR R 2: D EPORT ANAGER DMINISTRATION ECTION HAPTER ATABASE ANAGEMENT Save Entries Click Save to save your entries and to go to the SR login window: Fig. 3:2-28 SR Login window M86 S ECURITY UIDE...
In the navigation toolbar, hover over the Administration menu link and select Default Report Settings to display the Default Report Settings panel: Fig. 3:3-1 Default Report Settings panel M86 S ECURITY UIDE...
If you wish to include uncategorized sites in drill down reports, click in the checkbox to remove the check mark. 6. If using one or more SWG policy servers with this SR being configured, make a selection from the Combine Duplicate Names pull-down menu: M86 S ECURITY UIDE...
Page 687
SWGs collectively will remain as separate record entries in the generated report. TIP: Click Cancel to exit without saving your entries. 7. Click the Save button to save your settings in the Default Report Settings panel. M86 S ECURITY UIDE...
Custom Category Groups panel: Fig. 3:3-2 Custom Category Groups panel The Custom Category Groups panel is comprised of two sub-panels used for setting up and maintaining category groups: Custom Category Group, and Custom Category Group Detail. M86 S ECURITY UIDE...
Assigned Categories/Ports list box, make your selection(s), and then click Remove to remove the selection(s). 5. Click Save to save your settings and to include the name of the group you added in the Custom Category Group list. M86 S ECURITY UIDE...
Delete a Category Group 1. Select the Custom Category Group name from the list box by clicking on your choice to highlight it. 2. Click Delete to remove the Custom Category Group name from the list box. M86 S ECURITY UIDE...
Report Schedule for running reports on a regular basis. • Chapter 4: Specialized Reports - This chapter informs you of three specialized types of reports you can generate: Executive Internet Usage Summary Reports, Blocked Request Reports, and Time Usage Reports. M86 S ECURITY UIDE...
Fig. 4:1-1 Dashboard panel NOTE: If using an SWG with the Web Filter, only Web Filter log results display. At the top of the panel, the following information displays for the current period: Total Web Requests, Total Blocked M86 S ECURITY UIDE...
Page 693
Once you have a high level overview of end user produc- tivity report activity on the network, you can use productivity reports to obtain more information about specific end user trends and activity. M86 S ECURITY UIDE...
“No Data to display.” displays in the panel. If the Blocked Requests Report feature is disabled in System Configuration > Database > Optional Features > Blocked Request Count frame, yesterday’s Top 20 Categories report view displays by default instead. M86 S ECURITY UIDE...
• Top 20 Users by Malware Hit Count - Bar chart report depicting each top end user’s total “Blocked” and “Permitted” Hit Count from the following categories in the Security, Internet Productivity, and Internet Communica- tion (Instant Messaging) category groups: BotNet, Mali- M86 S ECURITY UIDE...
Page 696
Code/Virus, Bad Reputation Domains, Spyware, Adware, and IRC. NOTE: For SWG users, results that display in the Top 20 Users by Malware report reflect library contents mapped to the M86 Supplied Categories. • Top 20 Sites by Page Count - Bar chart report depicting the total Page Count for the most popular sites accessed by end users.
• Report type thumbnails - Click one of the report type thumbnails beneath the Date Scope to display that report view. TIP: Click the left arrows or right arrows at the edges of the dash- board to display thumbnail images that are currently hidden. M86 S ECURITY UIDE...
The footer of the report includes the date and time the report was generated (M/D/YY, HH:MM:SS AM/PM), administrator login ID (Generated by), and Page number and page range. The body of the first page of the report includes the following information: M86 S ECURITY UIDE...
Page 699
• All other reports - Count columns and corresponding totals for all reports. Grand Total and Count display at the end of the report. The report can be exported by printing it or saving it to your machine. M86 S ECURITY UIDE...
The footer of the report includes the date, time, and time zone in which the report was generated (MM/D/YYYY HH:MM:SS AM/PM, time zone code), product name, Filter specifications, and the login ID of the user who generated the report (Generated by). M86 S ECURITY UIDE...
15 categories or user groups. Any categories or user groups with page counts totalling less than one percent are grouped together under the “Others Combined” label. The report can be exported by printing it or saving it to your machine. M86 S ECURITY UIDE...
These types of reports are accessible by navigating to Reports > Sample Reports and clicking one of the thumb- nails in the panel: Fig. 4:1-7 Sample Reports M86 S ECURITY UIDE...
• By Category/Site/IP - For each library category, the sites end users accessed, and IP address of each end user • By Category/User/Site - For each library category, the end users with activity in that library category, and the sites each end user accessed M86 S ECURITY UIDE...
Total counts display at the end of each section. The Grand Total and total Count for all sections display at the end of the report. The footer on each page contains the following information: today’s date (M/D/YYYY), time (HH:MM:SS AM/PM), and M86 S ECURITY UIDE...
• Save the report - Navigate to the Save (Page) As... selection to open the Save As window, and proceed with standard save procedures. 2. Click the “X” in the upper right corner of the tab to close it. M86 S ECURITY UIDE...
Page Count or Object Count column corresponding to a specific record displayed in the current summary drill down report view. 3. The drill down view can be exported, saved, modified and re-run, and/or scheduled to run at a specified time. M86 S ECURITY UIDE...
The bottom portion of the report view panel includes tools for modifying the current report view, exporting or saving the report, and/or scheduling the report to run at a specified time. Fig. 4:2-1 Default Summary Drill Down Report view M86 S ECURITY UIDE...
Navigation and Usage). Report view option icons Click the following report view icon to change the report view display: • Click this icon to display only the top six bars: Fig. 4:2-2 Sample top six bars view M86 S ECURITY UIDE...
It is possible for a site to be listed in more than one category, so even if a user has visited only one site, this column may count the user’s visit in two or three categories. M86 S ECURITY UIDE...
Page 711
However, if an advertisement or banner ad (an object on the page) is actually a page from another site, this item would not be classified as an object but as a page, since it comes from a different server. M86 S ECURITY UIDE...
10 to 30 seconds, a user could show an incredibly high page count and many minutes, even though only one page was opened by that user. M86 S ECURITY UIDE...
Export Selected to open the Export pop-up window (see Export a Productivity Report). Other navigation tips See Report View Navigation and Usage for information about navigating the current report view using breadcrumb trails and the Go to page ‘x’ of ‘x’ total pages field. M86 S ECURITY UIDE...
Search String. Any of these columns can be hidden by unchecking the corresponding title in the Column Visibility checkbox. The bottom portion of the report view panel includes tools for modifying the current report view, exporting, and/or saving the report. M86 S ECURITY UIDE...
TIP: After making your modifications, click Close to close the Column visibility pop-up window. • Date - Displays the date in the M/D/YYYY H:M:S AM/PM format • Category - Displays the category name (e.g. “Alcohol”). M86 S ECURITY UIDE...
Page 716
Google, Bing, Yahoo!, MSN, AOL, Ask.com, YouTube.com, and MySpace.com—if the Search Engine Reporting option is enabled in the Optional Features screen of the System Configuration administrator console user interface. M86 S ECURITY UIDE...
Truncated data viewing tip To view the entire text that displays truncated in a detail report view column, hover over the column to view the entire string of data in the column for a given record: M86 S ECURITY UIDE...
(see Export a Productivity Report). Other navigation tips See Report Navigation and Usage for information about navigating the current report view using breadcrumb trails and the Go to page ‘x’ of ‘x’ total pages field. M86 S ECURITY UIDE...
If more than one page of records displays for the total pages returned, enter a page number within that range to navigate to that page of records, or use the up/down arrow(s) to specify the page you want displayed. M86 S ECURITY UIDE...
- Clicking this selection in a summary drill down report opens the Limit Detail Result pop-up box that lets you specify the default number of records to include in the report view for detail drill down reports. M86 S ECURITY UIDE...
Page 721
If the summary drill down report view is currently grouped by more than one report type (e.g. Category/Site), choosing the Run option opens a Run Report pop-up box that does not include the Type and Date Scope selections: M86 S ECURITY UIDE...
Page 722
Basic Options requirements include a report Save Name, Description, Date Scope, Email and Output Type and Format criteria, and whether unidentified IPs should be included. M86 S ECURITY UIDE...
Page 723
Group By sorting options, and pie and bar chart criteria. Fig. 4:2-9 Save Report, Advanced Options tab for summary reports For a detail drill down report, Advanced Options include Group By, column selection, and record type criteria. M86 S ECURITY UIDE...
Page 724
Fig. 4:2-11 Save Report, Schedule Report option • Save and Email to save the report in the specified format and then email it to the designated email address(es). • Save Only to save the report. M86 S ECURITY UIDE...
Page 725
If generating a detail drill down report, the number of records specified in this box will display in the Run Report and Export pop-up boxes and in the generated report view. M86 S ECURITY UIDE...
Fig. 4:2-13 Summary drill down Export pop-up box For detail drill down reports, you have the option to specify the quantity of records, and whether blocked records or all returned records—both blocked and non-blocked—will be included. M86 S ECURITY UIDE...
Page 727
Email option to email a report. • See View and Print Options in this chapter for information about using the View option to view and print a generated report, and for sample reports. M86 S ECURITY UIDE...
Custom Category Groups option from the Administration menu. • User Groups - This option performs a query on Internet activity of User Groups. User Groups are set up using the User Groups option from the Administration menu. M86 S ECURITY UIDE...
• Yesterday - This option generates the report view for yesterday only. • Month to Yesterday - This option generates the report view for the range of days that includes the first day of the current month through yesterday. M86 S ECURITY UIDE...
Page 730
In the from and to fields, use the calendar icons to make selections for the date range. In the time fields, specify the hour (1-24) and minute (0-59) time ranges. M86 S ECURITY UIDE...
For summary drill down reports, at the Sort By field, make a selection from the pull-down menu for one of the available sort options: “Category Count”, “IP Count”, “User Count”, “Site Count”, “Page Count”, “Object Count”, “Time”, “Hit M86 S ECURITY UIDE...
• Show blocked records only - Click this radio button to only include records for URLs that were blocked. The Show top ‘x’ records checkbox is included with the “Show both blocked and non-blocked records” and “Show M86 S ECURITY UIDE...
The Format field is used for specifying the manner in which text from the report view will be outputted. At the Format pull-down menu, choose the format for the report: “MS-DOS Text”, “PDF”, “Rich Text Format”, “HTML”, “Comma-Delimited Text”, “Excel (Chinese)”, “Excel (English)”. M86 S ECURITY UIDE...
For summary drill down reports, at the Sort By field, make a selection from the pull-down menu for one of the available sort options: “Category Count”, “IP Count”, “User Count”, “Site Count”, “Page Count”, “Object Count”, “Time”, “Hit Count”. M86 S ECURITY UIDE...
Chapter 3 of the Report Manager Administration Section for more information about the Hide Unidentified IPs option. To change the selection in this field, click the Hide Uniden- tified IPs checkbox to remove—or add—a check mark in M86 S ECURITY UIDE...
• Bcc (optional) - Enter the email address of each intended recipient of a blind carbon copy of this message, sepa- rating each address by a comma (,) and a space. • Body - Type in text pertaining to the report. M86 S ECURITY UIDE...
Engine Keyword), “URL KW” (URL Keyword), “URL”, “Wildcard”, “Https High” (HTTPS Filtering Level set at High), “X-strike” (X Strikes Blocking), “Pattern” (Proxy Pattern Blocking), or “N/A” if the content was unclassified at the time the log file was created. M86 S ECURITY UIDE...
Page 738
Engine Reporting option is enabled in the Optional Features screen of the System Configuration adminis- trator console user interface. NOTE: Refer to the Optional Features screen sub-section of the System Configuration Section for information about the Search String feature. M86 S ECURITY UIDE...
WARNING: Large reports might not be sent due to email size restrictions on your mail server. The maximum size of an email message is often two or three MB. Please consult your mail server administrator for more information about email size restric- tions. M86 S ECURITY UIDE...
• Select All - Highlight the entire text (Ctrl+A), and then Copy (Ctrl+C) and Paste (Ctrl+V) this text in an open file • Perform a search for text > Find - Search for specific text in the file (Ctrl+F) M86 S ECURITY UIDE...
MS-DOS Text, PDF, Rich Text Format, HTML, Comma-Delimited Text, Excel (Chinese), Excel (English). NOTES: M86 Security recommends using the PDF and HTML file formats over other file format selections—in particular for detail reports—since these files display and print in a format that is easiest to read.
Fig. 4:2-15 Category Groups detail report, MS-DOS Text file format This is a sample of the Category Groups detail report in the PDF format, saved with a .pdf file extension: Fig. 4:2-16 Category Groups detail report, PDF format M86 S ECURITY UIDE...
HAPTER RILL EPORTS Rich Text Format This is a sample of the Category Groups detail report in the Rich Text file Format, saved with a .rtf file extension: Fig. 4:2-17 Category Groups detail report, RTF format M86 S ECURITY UIDE...
Fig. 4:2-18 Category Groups detail report, HTML file format Comma-Delimited Text This is a sample of the Category Groups detail report in the Comma-Delimited Text format, saved with a .csv file exten- sion: Fig. 4:2-19 Category Groups detail report, Comma-Delimited Text file M86 S ECURITY UIDE...
Fig. 4:2-20 Category Groups detail report, Excel (English) file format NOTES: The Excel (English) option supports up to 65,000 rows of exported data. If exporting more than 65,000 rows of data, M86 Security recommends using another format. The Excel (Chinese) option supports up to 10,000 rows of exported data.
In the navigation toolbar, hover over the Reports menu link and navigate to Drill Down Reports > Report Wizard to display the Drill Down Report Wizard panel: Fig. 4:3-1 Drill Down Report Wizard panel for summary reports M86 S ECURITY UIDE...
Web page or Web object access for a specified time period. The fields that display in this panel depend upon whether a summary report or a detail report is selected. Fig. 4:3-2 Drill Down Report Wizard panel for detail reports M86 S ECURITY UIDE...
‘%’ wildcard to return multiple IP addresses—and then click Search to display query results in the list box below. TIP: Click Reset to remove the IP address(es) from the list box. M86 S ECURITY UIDE...
Page 749
• By Keyword - This selection is available for detail drill down reports only. If selecting this filter, enter a keyword from three to 255 characters to filter your results, and then click Add to include your keyword term in the list M86 S ECURITY UIDE...
• Limit Detail Result - For a detail drill down report, specify the number of records to be returned in the results, and if these records will only include records of blocked end user queries, or also records of non-blocked end user queries. M86 S ECURITY UIDE...
• Run - Click this button to generate and view the drill down report now in the specified report view format. Fig. 4:3-3 Summary drill down report Fig. 4:3-4 Detail by page drill down report M86 S ECURITY UIDE...
Reports > Saved Reports list box. TIP: The Copy (Ctrl+C) and Paste (Ctrl+V) functions can be used in the fields in this screen. 3. In the Description field, enter the report description. 4. Specify Email criteria: M86 S ECURITY UIDE...
Page 753
• Detailed Info - Uncheck any checkbox corresponding to a column that should not be included in the report. • Limit Detail Result - Indicate the maximum number of records to be included in the report, and M86 S ECURITY UIDE...
Page 754
If Monthly, specify the Day of the Month from the pull-down menu (1 - 31). d. Select the Start Time for the report: 1 - 12 for the hour, 0 - 59 for the minutes, and AM or PM. M86 S ECURITY UIDE...
Page 755
Report Wizard for a detail report, the Save and Email button is greyed-out. • Save Only - Click this button to save your entries and to go to the Saved Reports panel where you can delete, edit, or run this report or another report. M86 S ECURITY UIDE...
TIP: On the Save Report panel discussed in this sub-section, click Back to return to the Saved Reports panel without saving your edits or performing any other action. M86 S ECURITY UIDE...
2. After making your selections and entries on the Basic Options tab and Advanced Options tab (as described in Save Report panel in this chapter, and for the Save button option in Chapter 2), click Save Only. M86 S ECURITY UIDE...
2. After making your selections and entries in the Report Details, Users, and Email Settings sub-panels—and Filters panel, if available for use—(as described in Chapter 2: Security Report Wizard from the Security Reports Section), click Save. M86 S ECURITY UIDE...
1. In the Saved Reports panel, select the report from the list. 2. Click Duplicate to display the panel for the specified report: • Save Report panel for a drill down report: Fig. 4:3-11 Save Report, duplicate report M86 S ECURITY UIDE...
• Click Save in the Security Report Wizard panel. Run a Saved Report 1. In the Saved Reports panel (see Fig. 4:3-8), select the report from the list. 2. Click Run to generate the report view and email the report to the specified recipient(s). M86 S ECURITY UIDE...
3. Click Yes to close the dialog box and delete the report. TIP: Click No to close the dialog box without deleting the report. NOTE: If a report is scheduled to run via the Report Schedule option, deleting the report removes it from the Report Schedule list. M86 S ECURITY UIDE...
NOTES: Records in this panel may include drill down reports and security reports. Security reports are scheduled to run via the Schedule Settings option in the Security Report Wizard (see the Security Reports Section for more information about the Security Report Wizard). M86 S ECURITY UIDE...
To view additional information on a scheduled report run event, select the record from the list to display the report schedule details sub-panel to the right of the table of report records: Fig. 4:3-14 View report schedule details M86 S ECURITY UIDE...
• change the Start Time for running the report TIP: Click Cancel if you wish to return to the Report Schedule panel without saving your edits. 2. Click Save to display the updated criteria in the Report Schedule panel. M86 S ECURITY UIDE...
If Monthly, specify the Day of the Month from the pull- down menu (1 - 31). 5. Select the Start Time for the report: 1 - 12 for the hour, 0 - 59 for the minutes, and AM or PM. M86 S ECURITY UIDE...
2. Click Yes to close the dialog box and remove the record from the list. TIP: Click Cancel to return to the Report Schedule panel without deleting the record from the list of reports scheduled to run. M86 S ECURITY UIDE...
Executive Internet Usage Summary to display the Executive Internet Usage Summary panel: Fig. 4:4-1 Executive Internet Usage Summary panel This panel contains the Reports sub-panel listing saved report names, and the Report Details sub-panel used for configuring reports. M86 S ECURITY UIDE...
Report Name, Email Subject criteria, Deliver report in email as... selection, Hide Unidentified IPs choice, Email Recipients list and report delivery schedule, and Category Groups and/or User Groups selection(s). 2. Click Save to update any modifications made to these report settings. M86 S ECURITY UIDE...
“Users.” IP hit counts will be included for all other sections of the report, such as those labeled “Categories”, “Category Groups”, etc. 6. In the Email Recipients accordion, specify the user(s) to receive the report and the frequency of delivery. M86 S ECURITY UIDE...
Page 770
• In the Category Groups accordion, select the category group(s) from the Available M86 Category Groups and Custom Category Groups, and then click Add Cate- gory Group to move the selection(s) to the Selected list box.
Total Blocked Requests are given for the following library categories: Malicious Code/Virus, Botnets/Malicious Code Command, Spyware, Bad Reputation Domains, Adult Content, Blended Threats, Phishing, Web-based Proxies/ Anonymizers, Hacking. NOTE: Blended Threats is not currently used and displays “N/A.” M86 S ECURITY UIDE...
Page 772
Fig. 4:4-3 Executive Internet Usage Summary monthly report, page 1 The second page includes a pie chart depicting Total Web Requests for M86 Category Groups. Each category group in the chart is represented by a pie slice and shows the number of requests and overall percentage for that pie slice.
Page 773
The range of Requests is shown beneath the chart. For Weekly and Monthly reports, the bottom half of the third page includes a line chart for Top Daily Web Requests by M86 S ECURITY UIDE...
Page 774
‘X’ represents the name of the category group. The top 10 Users are listed in this chart, along with each user’s corresponding Page Count, IP Count, Site Count, Category Count, Time HH:MM:SS, and Hit Count. M86 S ECURITY UIDE...
Page 775
Fig. 4:4-6 Executive Internet Usage Summary monthly report, page 4 The balance of the report is comprised of statistics for each of the remaining category groups, represented by report page 3, and page 4 for Weekly and Monthly reports. M86 S ECURITY UIDE...
Block Request Count feature. In the navigation toolbar, hover over the Reports menu link and select Blocked Request Reports to display the Blocked Request Reports panel: Fig. 4:4-7 Blocked Request Reports panel M86 S ECURITY UIDE...
• Top 20 Users by Blocked Requests - If choosing this option, make a selection from the Date Scope field to display the date range for that time period: Yesterday, Last Week, Last Month, Week to Yesterday, Month to Yesterday. M86 S ECURITY UIDE...
Page 778
If a new user group with new users was added, by the next day only the “Yesterday” viewing option will contain data available for viewing. All other viewing options will not be available until the full length of time indicated by the viewing option has transpired. M86 S ECURITY UIDE...
The footer of the report includes the Date and Time the report was generated, and Page number. The Total Count for all blocked requests displays at the end of the report. Fig. 4:4-8 Blocked Request Report for Top 20 Users M86 S ECURITY UIDE...
Time Usage feature. In the navigation toolbar, hover over the Reports menu link and select Time Usage Reports to display the Time Usage Reports panel: Fig. 4:4-9 Time Usage Reports panel M86 S ECURITY UIDE...
• Top 20 Users by Time Usage - If choosing this option, make a selection from the Date Scope field to display the date range for that time period: Yesterday, Last Week, Last Month, Week to Yesterday, Month to Yesterday. M86 S ECURITY UIDE...
Page 782
If a new user group with new users was added, by the next day only the “Yesterday” viewing option will contain data available for viewing. All other viewing options will not be available until the full length of time indicated by the viewing option has transpired. M86 S ECURITY UIDE...
The footer of the report includes the Date and Time the report was generated, and Page number. The Total Time for this Date Scope in days, hours, and minutes displays at the end of the report. Fig. 4:4-10 Sample Time Usage Report for Top 20 Users M86 S ECURITY UIDE...
12:09:04 www.nbc.com The total for this end user is based on a nine-minute time span that includes 17 entries in the log, and seven unique minute entries: 00, 01, 02, 05, 07, 08, and 09. M86 S ECURITY UIDE...
Internet/network activity. • Chapter 5: Identify Users, Categories - This chapter explains how to perform a custom search on Internet/ network usage by a specified user, or for a specified category or category group. M86 S ECURITY UIDE...
URLs in a specified library category. When clicking Gauges in the navigation toolbar, the URL gauges Dashboard panel displays showing overall activity in URL gauges: Fig. 5:1-1 URL gauges Dashboard M86 S ECURITY UIDE...
(page count plus blocked object count) for all library categories the gauge monitors. • Bandwidth gauge - score includes the total number of bytes (kB, MB, GB) of inbound/outbound end user traffic for all protocols/ports the gauge monitors. M86 S ECURITY UIDE...
Page 789
For bandwidth gauges, if the total byte score reaches the threshold limit, the score displays in red text and the triangle flashes. M86 S ECURITY UIDE...
• SMTP - Simple Mail Transfer Protocol gauge monitors the protocol used for transferring email messages from one server to another. This protocol gauge is comprised of gauges for moni- toring the following ports by default: M86 S ECURITY UIDE...
Page 791
• 1863 - TCP/UDP port for MSN Messenger • 5050 - TCP/UDP port for Yahoo! Messenger • 5190 - TCP/UDP port for ICQ and AOL Instant Messenger (AIM) • 5222 - TCP/UDP port for Google Talk, XMPP/Jabber client connection M86 S ECURITY UIDE...
Trend Chart for this particular gauge that lets you analyze the gauge’s activity. (See View Trend Charts in Chapter 4.) M86 S ECURITY UIDE...
Page 793
This is a shortcut to use instead of going to Dashboard Settings, selecting the gauge from the list, and then clicking the Delete Gauge icon. (See Hide, Disable, Delete, Rear- range Gauges in Chapter 2.) M86 S ECURITY UIDE...
2. Do the following to view the contents in the tab to be used: • Click URL Gauges if this tab currently does not display. By default, this tab includes the following list of Gauge Names: Shopping, Security, Illegal, Bandwidth, Adult Content. M86 S ECURITY UIDE...
Page 795
3. Select a Gauge Name to display a list of its library cate- gories/protocols/ports in the Gauge Components sub- panel: Fig. 5:2-2 Gauge Components sub-panel populated M86 S ECURITY UIDE...
Page 796
(see Specify Gauge Information). • Select the library categories/protocols/ports for the gauge to monitor (see Define Gauge Components). • Assign user groups whose end users’ Internet/network activity will be monitored by the gauge (see Assign User Groups). M86 S ECURITY UIDE...
• For a URL gauge - All (default), Others (all gauge methods, not including Keywords or URLs), Pattern, Search Engine Keyword, URL Keyword, URL, HTTPS Filtering - High, HTTPS Filtering - Medium, Wildcard, X Strike. • For a bandwidth gauge - Inbound, Outbound, Both (default). M86 S ECURITY UIDE...
Super Category Group is available to him/her via the User Summary Panel. Thus, he/she will have the ability to lock out all users (assigned to him/her) who are currently using FTP, HTTP, IM, P2P and SMTP protocols. (See Monitor, Restrict End User Activity.) M86 S ECURITY UIDE...
This group consists of all end users whose network activities are set up to be monitored by the desig- nated group administrator. 2. From the Available User Groups list, select the user group to highlight it. M86 S ECURITY UIDE...
Available User Groups list. Save gauge settings After adding users, click Save to return to the Add/Edit Gauges panel that now includes the name of the gauge you just added: Fig. 5:2-5 New gauge added M86 S ECURITY UIDE...
3. Click Edit Gauge to display the URL Gauge or Band- width Gauge panel showing the Gauge Information sub- panel to the left and the Gauge Components sub-panel to the right, populated with settings previously saved for the gauge: M86 S ECURITY UIDE...
Page 802
Timespan in minutes, Gauge Method (see Specify Gauge Information). • Gauge Components (see Define Gauge Components). • User Membership (see Assign user groups). 5. Click Save to save your edits and return to the Add/Edit Gauges panel. M86 S ECURITY UIDE...
Fig. 5:2-8 Dashboard Settings panel This panel shows the URL Gauges tab to the left and the Bandwidth Gauges tab to the right. In each of these tabs, a list of gauges displays with the following information: M86 S ECURITY UIDE...
Page 804
2. After making all necessary Dashboard Settings modifica- tions—hide, disable, show, rearrange, or delete a gauge—defined in the following sub-sections, click Save Changes to save your edits. M86 S ECURITY UIDE...
Rearrange the gauge display in the dashboard To rearrange the order in which gauges display in the dash- board: 1. Select the gauge in the URL Gauges or Bandwidth Gauges tab. 2. In the Actions column, perform any of the following actions: M86 S ECURITY UIDE...
TIP: Clicking Cancel closes the dialog box without removing the gauge. 3. Click Yes to close the dialog box and to remove both the Gauge Name from the tab and the gauge from the dash- board. M86 S ECURITY UIDE...
View Overall Ranking 1. In the navigation toolbar, hover over the Gauges menu link and select Overall Ranking to open the Overall Ranking panel: Fig. 5:2-9 Overall Ranking panel M86 S ECURITY UIDE...
Internet/network. View a Gauge Ranking table 1. In the gauges dashboard, click a gauge to open the Gauge Ranking panel: Fig. 5:2-10 Gauge Ranking table M86 S ECURITY UIDE...
Page 809
• Access the Category View User panel by clicking a user’s score for a gauge (see Monitor, Restrict End User Activity: Access the Category View User panel). In the Category View User panel, you view current details for the gauge. M86 S ECURITY UIDE...
Fig. 5:2-11 User Summary panel In this panel you can perform the following actions: • Access the Category View User panel to see which of the gauge’s library categories/ports the end user accessed M86 S ECURITY UIDE...
The target URLs sub- panel displays to the right. 1. Select a category from the list, which populates the URLs sub-panel with URLs accessed by that end user for that category: M86 S ECURITY UIDE...
Page 812
For each URL included in the list, the Timestamp displays using military time in the YYYY-MM-DD HH:MM:SS format. 2. Click a URL from the list to open a separate browser window or tab displaying the contents of that URL. M86 S ECURITY UIDE...
Inbound/Outbound bandwidth usage by the end user for that port, and the combined Total inbound and outbound bandwidth usage by the end user for that port: Fig. 5:2-13 Category View User panel for Bandwidth tab selection M86 S ECURITY UIDE...
(see Low severity lockout). • Medium - This selection locks out the end user from access to the World Wide Web (see Medium and High severity lockout). M86 S ECURITY UIDE...
“All Categories” selection for URL gauges, nor see the “All Protocols” selection available for bandwidth gauges. In order to lock out end users using either of these selec- tions, a “Medium” severity lockout should be used. M86 S ECURITY UIDE...
Fig. 5:2-15 Low, medium level URL, medium bandwidth lockout page M86 S ECURITY UIDE...
Page 817
To submit this blocked site for review, click here. NOTE: Please refer to the Global Administrator Section of the M86 Web Filter User Guide or M86 IR Web Filter User Guide for information about fields in the block page and how to use them.
Alerts to open the Alerts panel: Fig. 5:3-1 Alerts panel This panel includes a sub-panel to the left that contains the URL Gauges and Bandwidth Gauges tabs, and the empty, target Alerts sub-panel to the right. M86 S ECURITY UIDE...
Page 819
By default, this tab includes the following list of Gauge Names: FTP, HTTP, IM, P2P, SMTP. For each Gauge Name in this list, the following infor- mation displays: Group Threshold (20 MB—64 MB for “HTTP”), Timespan (minutes)—15 by default. M86 S ECURITY UIDE...
NOTE: An alert is triggered for any end user whose current score for a gauge matches the designated threshold limit. (See How to Read a Gauge in Chapter 1 for information on how scoring is defined.) M86 S ECURITY UIDE...
2. Type in the Email Address. 3. Click Add Email to include the address in the Email Addresses list box. Follow steps 2 and 3 for each email address to be sent an alert. M86 S ECURITY UIDE...
Appendix D: System Tray Alerts: Setup, Usage. NOTE: In order to use this feature, the LDAP User Name and Domain set up in the administrator’s profile account must be the same ones he/she uses when logging into his/her workstation. M86 S ECURITY UIDE...
TCP connection if he/she reaches the threshold limit set up for the gauge. 3. Specify the Duration (minutes) of the lockout (the default is “15” minutes), or click the “Unlimited” checkbox. M86 S ECURITY UIDE...
3. Select the alert to be viewed or modified by clicking on it to highlight it; this action activates all buttons below the Alerts sub-panel (Add Alert, Edit Alert, Delete Alert, View Alert): Fig. 5:3-3 Alert added M86 S ECURITY UIDE...
NOTE: The System Tray alert feature is only available if using Active Directory LDAP, and is not available if using IP groups. 2. Click the “X” in the upper right corner of the alert viewer pop-up window to close it. M86 S ECURITY UIDE...
NOTE: Clicking No closes the dialog box without removing the alert, and returns you to the main Alerts panel. 4. Click Yes to close the Confirm dialog box and to remove the alert from the list. M86 S ECURITY UIDE...
NOTE: If an alert was deleted during the most recent 24-hour time period, any records associated with that alert will be removed from the alert log. 3. To view details on an alert, select the alert record in the list to highlight it. M86 S ECURITY UIDE...
Page 829
Lockout Components accordions display. Click an accor- dion to expand it, and view the contents—if any—within that accordion. 5. Click the “X” in the upper right corner of alert viewer pop- up window to close it. M86 S ECURITY UIDE...
Username (or IP address); IP address; Duration (minutes); Severity of the lockout (Low, Medium, High); Cause of the lockout (Manual, Automatic); Source of the lockout (username of the administrator who locked out the end user in a M86 S ECURITY UIDE...
4. Click the ending date to select it and to close the calendar pop-up window. This action populates the field with the selected date. M86 S ECURITY UIDE...
2. Next, click User Summary to display the User Summary panel where you can monitor that end user’s online activity and lock him/her out of designated areas of the Internet/network. (See Monitor, Restrict End User Activity for details about using the User Summary panel.) M86 S ECURITY UIDE...
If more information is required in your analysis, the Web Filter application, Report Manager tools, and System Configuration administrator console should be consulted so you can generate customized reports to run for a time period of your specifications. M86 S ECURITY UIDE...
3. Find the gauge for which the trend chart will be gener- ated, and then click the Trend Charts icon at the bottom middle of that gauge: M86 S ECURITY UIDE...
Page 835
100 percent. The top and bottom sections of this panel contain tabs. Information about all actions that can be performed in this panel appears in the Navigate a trend chart sub-section. M86 S ECURITY UIDE...
100 percent. The top and bottom sections of this panel contains tabs. For the bandwidth trend chart, buttons display above this panel. M86 S ECURITY UIDE...
24- hour time period • 1 Week - This selection displays the gauge URL/byte average score in 12 hour increments for the past seven- day time period M86 S ECURITY UIDE...
1. To view a line chart showing activity for a slice of the pie chart, do either of the following: • Click that slice of the pie chart • Click the specified tab beneath the pie chart Either action displays the line Trend Chart: M86 S ECURITY UIDE...
Page 839
TIP: Click a populated checkbox to remove the check mark and the line showing activity for that gauge. • To view information about a specific point in the line chart, hover over that point in the chart: M86 S ECURITY UIDE...
Print a trend chart from an IE browser window A trend chart can be printed from an IE browser window by using the browser window’s toolbar and going to File > Print and proceeding with the print commands. M86 S ECURITY UIDE...
This panel displays the Search Criteria sub-panel to the left with the open Users accordion and closed Available Cate- gories/Groups accordion, Timespan and Top Results sliders, Search button; and to the right, the empty Results target sub-panel. M86 S ECURITY UIDE...
Users accordion, the Top Results slide becomes activated and you can make a selection for the maximum number of records to return in the results for that user: top 10, 20, 30, 40, 50, 60, 70, 80, 90, 100 records. M86 S ECURITY UIDE...
Page 843
Total score for that record. For a URL search, you can drill down even further by selecting a user’s record and then viewing the URLs that user accessed (see View URLs within the accessed category). M86 S ECURITY UIDE...
TIP: Click Back to results to return to the previous page where you can perform another query. You can now print the results displayed in this window if using an IE browser window, or access another selected URL. M86 S ECURITY UIDE...
SR’s source email address in your email client. The source email address can be found in System Configuration > Server > SMTP Server Setting, in the “From Email Address” field. M86 S ECURITY UIDE...
Report Wizard to customize your view, save the view, export the view, and/or schedule the report to run at a designated time. The Report Wizard feature for secu- rity reports is discussed in detail in Chapter 2: Security Report Wizard. M86 S ECURITY UIDE...
Fig. 6:1-1 Sample Blocked Viruses report view The bottom portion of the report view panel includes tools for modifying and exporting the report view, and/or saving or scheduling the report to run at a specified time. M86 S ECURITY UIDE...
Page 848
The bottom portion of this panel only includes tools for hiding columns and exporting all records. TIP: To refresh the report view displayed in the panel, select Reports > Security Reports and choose the report type again. M86 S ECURITY UIDE...
(see Drill Down into a Security Report). Security Policy Violations report view The Security Policy Violations report view is accessible via Reports > Security Reports > Security Policy Violations: Fig. 6:1-3 Security Policy Violations report view M86 S ECURITY UIDE...
Bandwidth used in all occurrences of accessing this object. Click a link in any of these columns to drill down into the specified record and create a new report view (see Drill Down into a Security Report). M86 S ECURITY UIDE...
Hit Count of all user encounters for that record. Click a link in any of the Count columns to drill down into the specified record and create a new report view (see Drill Down into a Security Report). M86 S ECURITY UIDE...
Date (M/D/YYYY H:MM:SS AM/PM format), User IP, User name path, Site name, Bandwidth, and URL. • Clicking a User Count column link displays a report view with columns for Users, IP Count, and Bandwidth. M86 S ECURITY UIDE...
NOTE: The Report Settings menu is not available for second and third level report views. Report view icons Click the following report view icon to change the report view display: • Click this icon to display only the top six bars: M86 S ECURITY UIDE...
Page 854
Note that the graph only report view footer does not include the Export Selected button and page navigation field. • Click this icon to display the top six bars and table of records: Fig. 6:1-7 Sample top six bars and report records view (default view) M86 S ECURITY UIDE...
If more than one page of records displays for the total pages returned, enter a page number within that range to navigate to that page of records, or use the up/down arrow(s) to specify the page you want displayed. M86 S ECURITY UIDE...
• Bandwidth (for Bandwidth detail results only) - Displays the amount of bandwidth (in MB or GB) used by the end user. • URL - Displays the link for the item accessed by the end user. M86 S ECURITY UIDE...
Click another column header to sort records by that speci- fied column. URL viewing tip In a URL column, click the URL for a specified record to view the item currently indexed in the SR’s memory. M86 S ECURITY UIDE...
(default), “Month to Date”, “Year to Date”, “Yesterday”, “Month to Yesterday”, “Year to Yesterday”, “Last Week”, “Last Weekend”, “Current Week”, “Last Month”. • Date Range (default) - If selecting this option, use the calendar icons to set the date range. M86 S ECURITY UIDE...
Page 859
Preview Users to display query results in the list box below. For a Traffic Analysis or Rule Transactions report, you can narrow your search result by including filters: a. Click Filters at the bottom right of the panel to display the filter results panel: M86 S ECURITY UIDE...
Page 860
Remove. • Click the “Assign All” checkbox to select all records and grey-out the panel. c. Click Back to return to the Security Report Wizard panel. 4. Click Run to generate the security report view: M86 S ECURITY UIDE...
Page 861
1: S ECURITY EPORTS ECTION HAPTER ECURITY EPORTS Fig. 6:1-11 Generated Security Report view The report can now be exported by selecting one of the export options (see Export a Security Report). M86 S ECURITY UIDE...
(default), “Month to Date”, “Year to Date”, “Yesterday”, “Month to Yesterday”, “Year to Yesterday”, “Last Week”, “Last Weekend”, “Current Week”, “Last Month”. • Date Range - If selecting this default option, use the calendar icons to set the date range. M86 S ECURITY UIDE...
Page 863
Click Filters at the bottom right of the panel to display the filter results panel (see Fig. 6:1-10). TIP: At the bottom left of the panel, click Back at any time to return to the Security Report Wizard panel. M86 S ECURITY UIDE...
Page 864
Specify the Output Type to be used for the PDF report file in the email: “Email As Attachment” or “Email As Link”. NOTE: The report will be generated in the PDF Format and emailed to the address(es) provided. M86 S ECURITY UIDE...
Fig. 6:1-13 Report Settings Schedule option 2. After specifying criteria for saving the report, go to the lower right corner of the panel and click Schedule Settings to open the Schedule Settings pop-up window: M86 S ECURITY UIDE...
Page 866
6. Click Save at the bottom of the Security Report Wizard panel to save your settings and to add the report to the schedule to be run (see Report Schedule in Chapter 3 of the Productivity Reports Section). M86 S ECURITY UIDE...
“All”. NOTE: “All” records may take a long time for the report to generate, depending on the number of records to be included. M86 S ECURITY UIDE...
Page 868
If you wish, enter text to be included in the Body of the message. e. Specify the Output Type to be used for the PDF report file in the email: “Email As Attachment” or “Email As Link”. M86 S ECURITY UIDE...
Following the bar chart is a list of records, with the corre- sponding Item Count for each record. For Rule Transaction reports, Actions and Policies column data precede Item Count column data. M86 S ECURITY UIDE...
Page 870
IP, User name path, Site, bandwidth Size (e.g. kB), and URL, as in the sample below: Fig. 6:1-17 Sample PDF for detail Security Report At the end of the report, the Total Items display for all records. M86 S ECURITY UIDE...
In the Report Details sub-panel, specify general information for the security report to be generated: 1. Type in the Report Name. 2. Choose the Report Type from the pull-down menu (“Blocked Viruses”, “Security Policy Violations”, “Traffic M86 S ECURITY UIDE...
Page 872
URLs to save: • All URLs - Check this checkbox to save all URLs • Top - Specify the number of top URLs to be saved M86 S ECURITY UIDE...
For a Traffic Analysis or Rule Transactions report, you can narrow your search result by including filters: a. Click Filters at the bottom right of the panel to display the filter results panel: Fig. 6:2-2 Security Report Wizard Filters option M86 S ECURITY UIDE...
Page 874
To remove the record(s), select the record(s) from the Assigned list box and click Remove. • Click the “Assign All” checkbox to select all records and grey-out the panel. c. Click Back to return to the Security Report Wizard panel. M86 S ECURITY UIDE...
4. If you wish, enter text to be included in the Body of the message. 5. Specify the Output Type to be used for the PDF report file in the email: “Email As Attachment” or “Email As Link”. M86 S ECURITY UIDE...
Export a Security Report in Chapter 1), and a PDF of the report downloaded to your machine. • Saved by going to the Report Settings menu and selecting the Save option (see Report Settings Options: Save a Security Report in Chapter 1). M86 S ECURITY UIDE...
Fig. A-1 Server Information panel in evaluation mode Hover over the ‘EVALUATION MODE’ link to display a defi- nition of ‘Evaluation Mode’. Click this link to launch the SR Server Status screen of the System Configuration adminis- M86 S ECURITY UIDE...
STORAGE ‘X’ WEEKS” also displays at the top of the Expiration screen in the System Configuration console. Refer to the Expira- tion screen sub-section in Chapter 2 of the System Configuration Section for more information about data storage and expiration. M86 S ECURITY UIDE...
‘X’ represents the maximum number of weeks in the SR’s data storage scope). This message is followed by a line stating: “Please click here to activate the box.” Clicking the link “here” is used for activating the SR to func- tion in registered mode. M86 S ECURITY UIDE...
• in the Evaluation screen, click the link (“here”) in the message at the top of the screen: “Please click here to activate the box”. By clicking the button or link, the Activation Page pop-up box opens: Fig. A-4 Activation Page pop-up box M86 S ECURITY UIDE...
Page 881
Choose the Activation Type: "Evaluation Extension" or "Full Activation." 4. Click Send Information. After M86 obtains your informa- tion, a technical support representative will issue you an activation code. 5. Return to the Activation Page (see Fig. A-4) and enter the activation code in the Activation Code field.
LDAP server for authenticating administrators. 1. From the taskbar of the LDAP server, go to: Start > Run to open the Run dialog box: Fig. B-1 Run dialog box M86 S ECURITY UIDE...
Page 883
2. In the Run dialog box, type in the path to the scripts folder: C:\WINDOWS\sysvol\domain\scripts. 3. Click OK to open the scripts folder: Fig. B-2 C:\WINDOWS\sysvol\domain\scripts window 4. Right-click in this Windows folder to open the pop-up menu. M86 S ECURITY UIDE...
Page 884
6. Type the following text in the blank document file: @echo off start “” “\\X.X.X.X\win\tartrayw32.exe” ta[X.X.X.X] in which “X.X.X.X” represents the IP address of the SR server, and “\win\tartrayw32.exe” refers to the location of the SR Tray Alert executable file on the SR server. M86 S ECURITY UIDE...
Page 885
8. In the File name field, type in the name for the file using the “filename.bat” format. For example: tartray21.bat. NOTE: Be sure that the Save as type field has “All Files” selected. 9. Click Save to save your file and to close the window. M86 S ECURITY UIDE...
Fig. B-5 Programs > Administrative Tools > Active Directory Users 2. In the Active Directory Users and Computers folder, double-click the administrator’s Name in the Users list to open the Properties dialog box for his/her profile: M86 S ECURITY UIDE...
Page 887
4. In the Login script field, type in the “.bat” filename. For example: tartray21.bat. 5. Click Apply to save your entry. 6. Click OK to close the dialog box. 7. Click the “X” in the upper right corner of the folder to close the window. M86 S ECURITY UIDE...
System Tray Alert icon’s connection to the SR, reset- ting the status of the System Tray Alert icon to the stan- dard setting. • Exit - clicking this menu selection removes the System Tray Alert icon from the System Tray. M86 S ECURITY UIDE...
Alert”. If more than one alert is triggered for the administrator, the message reads: “New M86 SR Alert! (X Total)”, in which “X” represents the total number of new alerts. The following message displays whenever hovering over this icon: “X New M86 SR Alerts”, in which “X”...
SR Alert. Each time the Next >> button is clicked, the number of remaining alerts to be viewed decreases by one. The Next >> button no longer displays after the last alert is viewed. 3. Click Close to close the SR Alert box. M86 S ECURITY UIDE...
SR, sets up user groups, administrator groups and group administrators, and performs routine maintenance on the server. group administrator - An authorized administrator of the SR who maintains user group, administrator groups, group administrator profiles, and gauges. M86 S ECURITY UIDE...
Page 892
- P2P involves communication between computing devices—desktops, servers, and other smart devices—that are linked directly to each other. protocol - A type of format for transmitting data between two devices. LDAP is a type of authentication method protocol. M86 S ECURITY UIDE...
Page 893
Traveler - M86 Security’s executable program that down- loads updates to the SR at a scheduled time. UDP - An abbreviation for User Data Protocol, one of the core protocols of the Internet protocol suite.
Page 894
The second part specifies the IP address or the domain name where the resource is located (such as “203.15.47.23” or "m86security.com"). Web access logging device - The device feeding logs to the SR—e.g. M86 Web Filter or M86 Secure Web Gateway (SWG). M86 S ECURITY...
If you wish to block all pop-ups except those from URLs you choose to whitelist, enable Turn On Pop-up Blocker and then navigate to Pop-up Blocker Settings, adding the SR's URL in the Allowed sites list box. M86 S ECURITY UIDE...
• Do not allow any site to show pop-ups (recom- mended) > Exceptions..., adding the SR's URL to the Pop-up Exceptions box. Safari 5.1 In the Safari toolbar, navigate to the Safari menu and de- select “Block Pop-Up Windows” to disable pop-up blocking. M86 S ECURITY UIDE...
To do this: 1. Go to the Yahoo! Toolbar and click the pop-up icon to open the pop-up menu: Fig. I-1 Select menu option Always Allow Pop-Ups From M86 S ECURITY UIDE...
Page 898
Pop-Ups list box to activate the Allow button. 4. Click Allow to move the selected source to the Always Allow Pop-Ups From These Sources list box. 5. Click Close to save your changes and to close the dialog box. M86 S ECURITY UIDE...
Google Toolbar and click the Pop- up blocker button: Fig. I-3 Pop-up blocker button enabled Clicking this icon toggles to the Pop-ups okay button, adding the Client to your white list: Fig. I-4 Pop-ups okay button enabled M86 S ECURITY UIDE...
2. After you are finished using the Client, go back to the SearchSafe toolbar and click the icon for Popup protec- tion off to toggle back to # popups blocked. This action turns on pop-up blocking again. M86 S ECURITY UIDE...
2. Click the Content tab at the top of this box to open the Content section: Fig. I-5 Mozilla Firefox Pop-up Windows Options 3. With the “Block pop-up windows” checkbox checked, click the Exceptions... button at right to open the Allowed Sites - Pop-ups box: M86 S ECURITY UIDE...
Page 902
4. Enter the Address of the web site to let the client pass. 5. Click Allow to add the URL to the list box section below. 6. Click Close to close the Allowed Sites - Pop-ups box. 7. Click OK to close the Options dialog box. M86 S ECURITY UIDE...
1. From the IE browser, go to the toolbar and select Tools > Internet Options to open the Internet Options dialog box. 2. Click the Privacy tab: Fig. I-7 Enable pop-up blocking 3. In the Pop-up Blocker frame, check “Turn on Pop-up Blocker”. M86 S ECURITY UIDE...
When you click Turn On Pop-up Blocker, this menu selec- tion changes to Turn Off Pop-up Blocker and activates the Pop-up Blocker Settings menu item. You can toggle between the On and Off settings to enable or disable pop-up blocking. M86 S ECURITY UIDE...
Use the Information Bar With pop-up blocking enabled, the Information Bar can be set up and used for viewing information about blocked pop- ups or allowing pop-ups from a specified site. M86 S ECURITY UIDE...
3. Click Yes to add the Client to your white list and to close the dialog box. NOTE: To view your white list, go to the Pop-up Blocker Settings dialog box (see Fig. I-9) and see the entries in the Allowed sites list box. M86 S ECURITY UIDE...
NOTE: As part of the ongoing maintenance procedure for your RAID server, M86 recommends that you always have a spare drive and spare power supply on hand. Contact M86 Technical Support for replacement hard drives and power supplies.
500 series model front panel. The buttons let you perform a function on the unit, while an LED indicator corresponding to an icon alerts you to the status of that feature on the unit. 500 series model chassis front panel M86 S ECURITY UIDE...
Page 909
A steady green LED indicates power is being supplied to the unit’s power supplies. (See also Rear of chassis.) (See Power supply failure in the Troubleshooting sub-section for information on detecting a power supply failure and resolving this problem.) M86 S ECURITY UIDE...
Step 2: Verify the failed drive in the Admin console The Hardware Failure Detection window in the Web Filter Administrator console is accessible via the System > Hard- ware Failure Detection menu selection: M86 S ECURITY UIDE...
Page 911
RAID Array Status for all the hard drives (HD) at the right side of the window. Normally, when all hard drives are functioning without failure, the text “OK” displays to the right of the hard drive number, and no other text displays in the window. M86 S ECURITY UIDE...
Page 912
Pull out the failed drive and replace it with your spare replacement drive. Push the drive into its slot, and press the carrier back in place. NOTE: Contact Technical Support if you have any questions about replacing a failed hard drive. M86 S ECURITY UIDE...
Step 2: Contact Technical Support Contact Technical Support for assistance with installing the replacement power supply, or to order a new replacement power supply, or for instructions on returning your failed power supply to M86. M86 S ECURITY UIDE...
If this displays on your unit, contact Technical Support for an RMA (Return Merchandise Authorization) number and for instructions on returning the unit to M86. A steady red LED (on and not flashing) on a 500 series model indicates an overheating condition, which may be caused by cables obstructing the airflow in the system or the ambient room temperature being too warm.
Page 915
Approved Content Settings window 274 Approved Content, definition 508 authentication 167 Authentication menu 167 back up SR data internal on demand backup 544 to remote server 545 backup SR procedures 543 backup procedures 169 Backup screen 542 M86 S ECURITY UIDE...
Page 917
Date Scope 701 Expiration screen 569 Server Information 645 username or keyword entries 722 Default Report Settings panel 657 Default Top ’N’ Value in reports 658 delete a gauge 775 detail drill down report, definition 863 M86 S ECURITY UIDE...
Page 918
Exception URL window 374 Executive Internet Usage Summary 739 expand or contract a column 531 expiration 570 Expiration Info 650 Expiration screen 569 expire data from server 569 passwords 576 export reports 685 Export button 698 M86 S ECURITY UIDE...
Page 919
Forgot Your Password 528 Format field 705 frame, terminology 14 From Date field 701 bandwidth gauge 762 CFM 303 Change Log FTP Setup 129 definition 863 proxy setting 288 FTP (File Transfer Protocol) 544 General Availability 136 M86 S ECURITY UIDE...
Page 920
IP 283 types of R3000 groups 25 group administrator 11 definition 509 group administrator, definition 515 Group By field 705 group by report, definition 864 Group Profile window 366 hardware 4 Hardware Failure Detection window 186 M86 S ECURITY UIDE...
Page 921
694 save a Security Report 834 schedule a report to run 737 schedule a Security Report to run 837 schedule or run a report in the Security Report Wizard 848 set up a custom category 414 M86 S ECURITY UIDE...
Page 922
Time Profile 388 set up Quotas 232 set up Real Time Probes 331 set up Search Engine Keywords Custom Categories 430 M86 Supplied Categories 325 set up URL Keywords Custom Categories 427 M86 Supplied Categories 321 set up URLs in categories...
Page 923
Internet Explorer 5 invisible mode 20 definition 509 IP group 26 authentication method 854 create 283 delete 400 IP Profile Management window 395 IP.ID 557 Java Plug-in 6 Java Virtual Machine 6 JavaScript 6 keyword definition 509 M86 S ECURITY UIDE...
Page 925
Web Filter 76 Logon Management window 110 logon script path block page authentication 88 Logon Settings window 106 lookup library 299 M86 supplied category 32 definition 510 M86 Web Filter and Reporter (WFR) server 7 M86 S ECURITY UIDE...
Page 926
NDEX machine name, definition 510 Macintosh 6 mail server 711 Manual Backup button 544 Manual Update to M86 Supplied Categories 289 Manual Update window 289 master IP group 26 definition 510 filtering profile 29 setup 283 master list 325 definition 510...
Page 927
511 global group 264 Google Toolbar popup blocking 454 Mozilla Firefox popup blocking 456 override popup blockers 451 profile type 30 Windows XP SP2 popup blocking 458 Yahoo! Toolbar popup blocking 452 Override Account window 264 M86 S ECURITY UIDE...
Page 928
Print Kernel Ring Buffer diagnostic tool 119 Print report 712 Process list diagnostic tool 116 profile global group 255 group 366 individual IP member 409 minimum filtering level 277 sub-group 404 Profile Control window 219 profile string definition 511 elements 434 M86 S ECURITY UIDE...
Page 929
120 rearrange the gauge display 775 re-authentication block page authentication 87 Reboot window 94 Recent Logins diagnostic tool 118 Recent Trend usage report graph 347 records exportation 685 sort by another column 685 redirect URL M86 S ECURITY UIDE...
Page 930
Reporting screen 62 reports diagnostic 566 Reset to Factory Defaults panel 651 Reset window 180 resize button, terminology 520 restore download a file 176 perform a restoration 177 settings 168 restore data from previous SR backup 546 M86 S ECURITY UIDE...
Page 932
Sort By field 703 sort records 532 Source mode 44 spam filter 711 perform manual backup 544 SSL Certificate window 238 Stand Alone mode 44 static filtering profiles 29 Status window 155 Status window, CMC Management 230 M86 S ECURITY UIDE...
Page 933
624 user list update 618 Synchronization menu 148 synchronization setup 45 System Command window 114 System Performance diagnostic tool 118 system requirements 5 System screen 62 System Tray 854 System uptime diagnostic tool 119 M86 S ECURITY UIDE...
Page 934
To Date field 701 tolerance timer 191 Tools screen 565 tooltip information 532 tooltips in R3000 65 TOP CPU processes diagnostic tool 117 topic terminology 16 Trace Route 116 Traffic Analysis report view 822 Traveler 314 definition 513 M86 S ECURITY UIDE...
Page 935
URL Keyword Filter Control global group filter option 263 URL keyword filtering 263 URL Keywords window 321 custom category 427 M86 supplied category 321 URL, definition 513 URL, same URL in multiple categories 307 URLs window 316 custom category 419...
Page 936
87 white list definition 514 wildcard 299 wildcard searches 533 window, terminology 17 Windows 7 5 Windows Vista 5 Windows XP 5 wizard 7 installation procedures 524 Wizard panel 653 workstation requirements 5 M86 S ECURITY UIDE...
Page 937
NDEX Mobile Client 464 X Strikes Blocking global group filter option 261 X Strikes Blocking window 188 M86 S ECURITY UIDE...