M86 Security Web Filter HL User Manual

Table of Contents

Quick Links

Download this manual

M86 Web Filter

USER GUIDE

Models: HL, SL, MSA / Software Version: 5.0.00

Document Version: 02.01.12

Table of Contents

Troubleshooting

Summary of Contents for M86 Security Web Filter HL

Page 1: User Guide
M86 Web Filter USER GUIDE Models: HL, SL, MSA / Software Version: 5.0.00 Document Version: 02.01.12...
Page 2 M86 Security shall not be liable for any error or for incidental or consequential damages in connection with the furnishing, performance, or use of this manual or the examples herein.
Page 3: Table Of Contents
ONTENTS ..........1 NTRODUCTORY ECTION Web Filter ..................1 About this User Guide ..............1 How to Use this User Guide ............3 Conventions ..................3 Terminology ..................4 Overview ..................9 Environment Requirements ............. 10 Workstation Requirements .............. 10 Administrator ................
Page 4 ONTENTS M86 Supplied Categories............ 25 Custom Categories ............. 25 Service Ports ................26 Rules ..................26 Minimum Filtering Level ............26 Filter Settings ................27 Filtering Rules ................. 28 Filtering Levels Applied ............28 Chapter 2: Logging and Blocking ..........31 Web Access Logging ..............
Page 5 ONTENTS Non-synchronized Items ............. 45 Server Maintenance Procedures ............. 47 Source Server Failure Scenarios ..........47 Establish Backup Procedures ........... 47 Use a Backup File to Set up a Source Server ......48 Set up a Target Server as a Source Server ......48 Set up a Replacement Target Server .........
Page 6 ONTENTS Control ..................... 72 Filter window ................72 Local Filtering..............73 Disable Local Filtering Options ........73 Enable Local Filtering Options........74 HTTP Filtering ..............74 Enable HTTP Packet Splitting Detection ...... 74 Disable HTTP Packet Splitting Detection ..... 74 HTTPS Filtering ..............
Page 7 ONTENTS Edit an Administrator Account ..........97 Delete an Administrator Account......... 97 Secure Logon .................. 98 Logon Settings window ............. 98 Enable, Disable Password Expiration ......... 99 Enable, Disable Account Lockout ........100 Logon Management ..............102 View User Account Status, Unlock Username ....103 View Account Status...........
Page 8 ONTENTS FTP the Log on Demand ..........121 View ................. 122 View the Log of Administrator Changes ..... 122 Alert ....................123 Alert Settings window ............. 123 Enable the Alert Feature ..........125 Modify Alert Settings ............125 Disable the Alert Feature ..........125 SMTP Server Settings window .
Page 9 ONTENTS Specify the Listening Device ..........153 Specify the Block Page Device ......... 153 Invisible Option: Specify the Block Page Delivery..... 154 ICAP Option: Specify ICAP Server Settings ..... 155 Apply Operation Mode Settings ........156 Proxy Environment Settings window ........157 Use a Local Proxy Server ..........
Page 10 ONTENTS Hardware Failure Detection window ........177 View the Status of the Hard Drives ........177 X Strikes Blocking ................. 179 X Strikes Blocking window ............179 Configuration..............180 Set up Blocking Criteria ..........180 Reset All Workstations..........181 Lock Page..............181 Overblocking or Underblocking........
Page 11 ONTENTS Profile Control window ............210 Edit Entries................ 211 Quota Block Page Customization window ......212 Add, Edit Entries ............... 212 Preview Sample Quota Block Page ........213 Quota Notice Page Customization window ......215 Add, Edit Entries ............... 215 Preview Sample Quota Notice Page.........
Page 12 ONTENTS Global Group Profile window ..........247 Category Profile ............... 248 Create, Edit a List of Selected Categories....248 Port..................250 Create, Edit a List of Service Ports......251 Default Redirect URL ............251 Create, Edit the Redirect URL ........252 Filter Options..............
Page 13 ONTENTS Set a Time for Updates to be Retrieved......279 Optional: Specify a Proxy Server ........280 Select the Log Level............280 Manual Update window ............281 Specify the Type of On Demand Update ......281 Additional Language Support window ........283 Select Additional Languages..........
Page 14 Report Configuration ..............321 Report Configuration window ..........321 Specify the Reporting Device..........321 M86 Security Reporter or Enterprise Reporter ....322 Edit SR, ER Server Information ........322 Execute Log Transfer Now ......... 323 View Transfer Activity to the SR, ER ......323 Other Device ..............
Page 15 ONTENTS Real Time Probe ................326 Real Time Probe window ............326 Configuration..............326 Enable Real Time Probes........... 326 Set up Real Time Probes..........327 Exclude an IP Address from Real Time Probing ..327 Remove IPs from the White List ......... 327 Report Recipients .............
Page 16 ONTENTS Members window ..............347 Add the IP Address of the Member ........348 Remove a Member from the Group ........348 Override Account window ............349 Add an Override Account ..........350 Category Profile ............351 Redirect URL .............. 354 Filter Options ..............
Page 17 ONTENTS Add Sub Group ............... 390 Add an IP Sub Group ............390 Add Individual IP ..............391 Add an Individual IP Member ..........391 Delete Group ................392 Delete a Master IP Group Profile ........392 Paste Sub Group ..............392 Paste a Copied IP Sub Group...........
Page 18 ONTENTS Refresh the Library............408 Custom library category ..............409 Library Details window ............409 View, Edit Library Details ..........410 URLs window ................411 View a List of URLs in the Library Category ....412 Add or Remove URLs or Wildcard URLs ......413 Add a URL to the Library Category......
Page 19 ONTENTS Set up for each sub-group .......... 429 2. Exclude filtering <server for block page> IP....430 Part II: Customize the Block Page .......... 430 1. Set up a Web server ............. 430 2. Create a customized block page........430 Show M86’s information in the block page (optional) .
Page 20 ONTENTS Configure the Web Filter for Reporting ......... 456 Entries in the Web Filter Administrator console ...... 456 Entries in the SR, ER Administrator console ......458 Appendix E ................459 RAID and Hardware Maintenance ..........459 Part 1: Hardware Components ..........459 Part 2: Server Interface ............
Page 21: Introductory Section
NTRODUCTORY ECTION Web Filter M86 Security’s Web Filter tracks each user’s online activity, and can be configured to block specific Web sites, service ports, and pattern and file types, and lock out an end user from Internet access, thereby protecting your organization...
Page 22 Web Filter, and provides information on how to contact M86 Security technical support. • Global Administrator Section - This section includes information for the global administrator—who has all rights and permissions on the Web Filter—to create...
Page 23: How To Use This User Guide
NTRODUCTORY ECTION OW TO SE THIS UIDE How to Use this User Guide Conventions The following icons are used throughout this user guide: NOTE: The “note” icon is followed by italicized text providing additional information about the current subject. TIP: The “tip” icon is followed by italicized text giving you hints on how to execute a task more efficiently.
Page 24: Terminology
NTRODUCTORY ECTION OW TO SE THIS UIDE Terminology The following terms are used throughout this user guide. Sample images (not to scale) are included for each item. • alert box - a message box that opens in response to an entry you made in a dialog box, window, or screen.
Page 25 NTRODUCTORY ECTION OW TO SE THIS UIDE • frame - a boxed-in area in a dialog box, window, or screen that includes a group of objects such as fields, text boxes, list boxes, buttons, radio buttons, check- boxes, and/or tables. Objects within a frame belong to a specific function or group.
Page 26 NTRODUCTORY ECTION OW TO SE THIS UIDE • pop-up box or pop-up window - a box or window that opens after you click a button in a dialog box, window, or screen. This box or window may display infor- mation, or may require you to make one or more entries.
Page 27 NTRODUCTORY ECTION OW TO SE THIS UIDE • sub-topic - a subset of a main topic that displays as a menu item for the topic. The menu of sub-topics opens when a perti- nent topic link in the left panel—the navigation panel—of a screen is clicked.
Page 28 NTRODUCTORY ECTION OW TO SE THIS UIDE • tree - a tree displays in the naviga- tion panel of a screen, and is comprised of a hierarchical list of items. An entity associated with a branch of the tree is preceded by a plus (+) sign when the branch is collapsed.
Page 29: Overview
NTRODUCTORY ECTION VERVIEW Overview The Web Filter’s Administrator console is used by the global administrator—and group administrator, as required—to configure the Web Filter server to perform the following basic functions: • filter URLs (Web addresses) on the Internet • log traffic on the Internet and, if applicable for your organization: •...
Page 30: Environment Requirements
NTRODUCTORY ECTION NVIRONMENT EQUIREMENTS Environment Requirements Workstation Requirements Administrator System requirements for the administrator include the following: • Windows XP, Vista, or 7 operating system running: • Internet Explorer (IE) 8 or 9 • Firefox 9 or 10 • Google Chrome 16 or 17 •...
Page 31: End User
NTRODUCTORY ECTION NVIRONMENT EQUIREMENTS End User System requirements for the end user include the following: • Windows XP, Vista, or 7 operating system running: • Internet Explorer (IE) 8 or 9 • Firefox 9 or 10 • Google Chrome 16 or 17 •...
Page 32: Chapter 1: Filtering Operations
1: F NTRODUCTORY ECTION HAPTER ILTERING PERATIONS Chapter 1: Filtering Operations Operational Modes Based on the setup of your network, the Web Filter can be configured to use one of these operational modes for filtering the network: • invisible mode •...
Page 33: Invisible Mode
1: F NTRODUCTORY ECTION HAPTER ILTERING PERATIONS Invisible Mode If the Web Filter is set up in the invisible mode, the unit will filter all connections on the Ethernet between client PCs and the Internet, without stopping each IP packet on the same Ethernet segment.
Page 34 1: F NTRODUCTORY ECTION HAPTER ILTERING PERATIONS When users (Client PCs) make Internet requests, the traffic flows (1) through the network path without interruption. The Web Filter captures the request as the user’s request (2) leaves the network. The Web Filter then determines the action (3) to either block or pass the request.
Page 35: Router Mode
1: F NTRODUCTORY ECTION HAPTER ILTERING PERATIONS Router Mode If the Web Filter is set up in the router mode, the unit will act as an Ethernet router, filtering IP packets as they pass from one card to another. While all original packets from client PCs are allowed to pass, if the Web Filter determines that a request is inappropriate, a block page is returned to the client to replace the actual requested Web page or service.
Page 36: Firewall Mode
1: F NTRODUCTORY ECTION HAPTER ILTERING PERATIONS WARNING: M86 recommends contacting one of our solutions engineers if you need assistance with router mode setup proce- dures. Firewall Mode The firewall mode is a modification of the router mode. With the Web Filter set up in this mode, the unit will filter all requests.
Page 37 Web Filter. WARNING: Contact a solutions engineer at M86 Security for setup procedures if you wish to use the firewall mode. Fig. 1:1-5 Firewall mode diagram, with filtering and cache setup...
Page 38: Group Types
1: F NTRODUCTORY ECTION HAPTER ILTERING PERATIONS Group Types After the operational filtering mode is configured on the Web Filter, the group type(s) that will be used on the Web Filter must be set up so that filtering can take place. In the Policy section of the Administrator console, group types are structured in a tree format in the navigation panel.
Page 39: Ip Groups
1: F NTRODUCTORY ECTION HAPTER ILTERING PERATIONS IP Groups The IP group type is represented in the tree by the IP icon . A master IP group is comprised of sub-group members and/or individual IP members The global administrator adds master IP groups, adds and maintains override accounts at the global level, and estab- lishes and maintains the minimum filtering level.
Page 40: Filtering Profile Types
1: F NTRODUCTORY ECTION HAPTER ILTERING PERATIONS Filtering Profile Types A filtering profile is used by all users who are set up to be filtered on the network. This profile consists of rules that dictate whether a user has access to a specified Web site or service on the Internet.
Page 41 1: F NTRODUCTORY ECTION HAPTER ILTERING PERATIONS • override account profile - set up in either the Global Group section or the master IP group section of the console. • lock profile - set up under X Strikes Blocking in the Filter Options section of the profile.
Page 42: Static Filtering Profiles
1: F NTRODUCTORY ECTION HAPTER ILTERING PERATIONS Static Filtering Profiles Static filtering profiles are based on fixed IP addresses and include profiles for master IP groups and their members. Master IP Group Filtering Profile The master IP group filtering profile is created by the global administrator and is maintained by the group administrator.
Page 43: Active Filtering Profiles
1: F NTRODUCTORY ECTION HAPTER ILTERING PERATIONS Active Filtering Profiles Active filtering profiles include the Global Group Profile, Override Account profile, Time Profile, and Lock profile. NOTE: For information about authentication filtering profiles, see the M86 Web Filter Authentication User Guide. Global Filtering Profile The global filtering profile is created by the global adminis- trator.
Page 44: Filtering Profile Components
1: F NTRODUCTORY ECTION HAPTER ILTERING PERATIONS Filtering Profile Components Filtering profiles are comprised of the following compo- nents: • library categories - used when creating a rule, minimum filtering level, or filtering profile for the global group or any entity •...
Page 45: Library Categories
1: F NTRODUCTORY ECTION HAPTER ILTERING PERATIONS Library Categories A library category contains a list of Web site addresses and keywords for search engines and URLs that have been set up to be blocked or white listed. Library categories are used when creating a rule, the minimum filtering level, or a filtering profile.
Page 46: Service Ports
1: F NTRODUCTORY ECTION HAPTER ILTERING PERATIONS Service Ports Service ports are used when setting up filter segments on the network (the range of IP addresses/netmasks to be detected by the Web Filter), the global (default) filtering profile, and the minimum filtering level. When setting up the range of IP addresses/netmasks to be detected, service ports can be set up to be open (ignored).
Page 47: Filter Settings
1: F NTRODUCTORY ECTION HAPTER ILTERING PERATIONS NOTE: If the minimum filtering level is not set up, global (default) filtering settings will apply instead. If an override account is established at the IP group level for a member of a master IP group, filtering settings made for that end user will override the minimum filtering level if the global administrator sets the option to allow the minimum filtering level to be bypassed.
Page 48: Filtering Rules
1: F NTRODUCTORY ECTION HAPTER ILTERING PERATIONS • filter - if a service port is given a filter setting, that port will use filter settings created for library categories (block or open settings) to determine whether users should be denied or allowed access to that port •...
Page 49 1: F NTRODUCTORY ECTION HAPTER ILTERING PERATIONS b. An individual IP member time profile takes precedence over the individual IP member profile. 6. An authentication (LDAP) profile—this includes a work- station profile—takes precedence over an individual IP member’s time profile. NOTE: A Radius profile is another type of authentication profile and is weighted the same as LDAP authentication profiles in the precedence hierarchy.
Page 50 1: F NTRODUCTORY ECTION HAPTER ILTERING PERATIONS Fig. 1:1-7 Sample filtering hierarchy diagram M86 S ECURITY UIDE...
Page 51: Chapter 2: Logging And Blocking
PC monitor or output to a printer. M86 recommends using the M86 Security Reporter (SR) or M86 Enterprise Reporter (ER) for generating reports. When the SR or ER server application is connected to the Web Filter server, log files from the Web Filter are transferred to that reporting server application where they are “normal-...
Page 52: P2P Blocking
2: L NTRODUCTORY ECTION HAPTER OGGING AND LOCKING feature of the Web Filter, groups and/or individual client machines can be set up to block the use of IM services specified in the library category. When the IM module is loaded on the server, the Web Filter compares packets on the network with IM libraries stored on the Web Filter.
Page 53: Setting Up Im And P2P
2: L NTRODUCTORY ECTION HAPTER OGGING AND LOCKING Setting up IM and P2P IM and P2P are set up in the System and Library sections of the Administrator console. 1. In the System section, activate Pattern Blocking in the Filter window. 2.
Page 54: Block Im, P2P For All Users
2: L NTRODUCTORY ECTION HAPTER OGGING AND LOCKING Block IM, P2P for All Users Block IM for All Users To block IM for all users on the network: • the Pattern Blocking option in the Filter window must be activated •...
Page 55: Block P2P For A Specific Entity
2: L NTRODUCTORY ECTION HAPTER OGGING AND LOCKING • the CHAT and specified individual Instant Messaging library categories must both be set up to be blocked for that entity • the global filtering profile should not have IM blocked, unless blocking all IM traffic with the Range to Detect feature is desired •...
Page 56: Chapter 3: Synchronizing Multiple Units
3: S NTRODUCTORY ECTION HAPTER YNCHRONIZING ULTIPLE NITS Chapter 3: Synchronizing Multiple Units Web Filter Synchronization The Web Filter can function in one of three modes—“Stand Alone” mode, “Source” mode, or “Target” mode—based on the setup within your organization. In a multi-Web Filter environment, all Web Filters should be set up with the same user profile data, so that no matter which Web Filter a user’s PC accesses on the network, that user’s Internet usage is...
Page 57 3: S NTRODUCTORY ECTION HAPTER YNCHRONIZING ULTIPLE NITS UNCTIONAL ODES Stand Alone Mode In the Stand Alone mode, the Web Filter functions as the only Internet filter on the network. This mode is used if there is only one Web Filter on the network. Synchronization does not occur in this mode.
Page 58: Synchronization Setup
3: S NTRODUCTORY ECTION HAPTER YNCHRONIZING ULTIPLE NITS Synchronization Setup To set up synchronization on a Web Filter, a selection must be made in Setup window from the System section of the Web Filter console to specify whether the Web Filter will function as a source server or as a target server.
Page 59: Types Of Synchronization Processes
3: S NTRODUCTORY ECTION HAPTER YNCHRONIZING ULTIPLE NITS should receive its running filter configuration in the event of a reboot. WARNING: If a Web Filter server is set up in the Target mode with a NAT device between the target and source server, be sure that ports 26262 and 26268 are open on the target server.
Page 60: Library Synchronization Process
3: S NTRODUCTORY ECTION HAPTER YNCHRONIZING ULTIPLE NITS If the target server is rebooted for any reason (loss of power etc.) upon bootup, the target server will actively download and apply the current running configuration from the source server. It will then also receive future changes made on the source server.
Page 61: Delays In Synchronization
3: S NTRODUCTORY ECTION HAPTER YNCHRONIZING ULTIPLE NITS Delays in Synchronization When a filtering profile is applied to the source server, there is a slight delay in the time it takes to apply the profile to the target server. This delay is caused by the amount of time it takes the source server to process the change, prepare the update for submission, send the update, and finally to acti- vate the update on the target server.
Page 62: Synchronized, Non-Synchronized Items
3: S NTRODUCTORY ECTION HAPTER YNCHRONIZING ULTIPLE NITS Synchronized, Non-Synchronized Items It is important to note that while some items are synchro- nized to the target Web Filters, they do not become perma- nent configurations on the target Web Filter. These items are in essence functionally synchronized, since they are configurations that the target Web Filters will read from the source Web Filter upon load.
Page 63: Synchronize All Items
3: S NTRODUCTORY ECTION HAPTER YNCHRONIZING ULTIPLE NITS Synchronize All Items The following lists show which items will be synchronized when the option to synchronize all items is selected. Synchronized Items (All) • M86 Library additions/deletions • Custom library creations •...
Page 64: Non-Synchronized Items
3: S NTRODUCTORY ECTION HAPTER YNCHRONIZING ULTIPLE NITS • Quota Setting Non-synchronized Items • Filter control settings • Virtual IP and Authentication IP addresses • IP addresses • Default routes • Software Update application • Synchronization settings • Filter Mode •...
Page 65: Synchronize Only Library Items
3: S NTRODUCTORY ECTION HAPTER YNCHRONIZING ULTIPLE NITS Synchronize Only Library Items The following lists show which items will be synchronized when the option to synchronize only library items is selected. Synchronized Items (Library Only) • M86 Library additions/deletions • Custom library creations •...
Page 66 3: S NTRODUCTORY ECTION HAPTER YNCHRONIZING ULTIPLE NITS • LDAP User/Group: additions/deletions, changes, filter changes, profile activation/deactivation • Filter control settings • Virtual IP and Authentication IP addresses • IP addresses • Default routes • Software Update application • Synchronization settings •...
Page 67: Server Maintenance Procedures
3: S NTRODUCTORY ECTION HAPTER YNCHRONIZING ULTIPLE NITS Server Maintenance Procedures Source Server Failure Scenarios In the event that the source Web Filter unit should fail, the target servers will continue to run using the last known configuration loaded from the source server. However, all dynamic authentication-based profiles will eventually time- out, since the source Web Filter server can no longer verify user credentials.
Page 68: Use A Backup File To Set Up A Source Server
3: S NTRODUCTORY ECTION HAPTER YNCHRONIZING ULTIPLE NITS Use a Backup File to Set up a Source Server In the event of a source server failure, the global adminis- trator should designate a target server as the new source server. Set up a Target Server as a Source Server 1.
Page 69: Set Up A Replacement Target Server
3: S NTRODUCTORY ECTION HAPTER YNCHRONIZING ULTIPLE NITS Set up a Replacement Target Server Once the original source server is replaced or repaired, it can then be configured to replace the empty spot created by the movement of the target server to the position of source server.
Page 70: Chapter 4: Getting Started
SSL certificate for the Web Filter generated to ensure a secure network connection. NOTE: If you do not have the M86 Web Filter Installation Guide, contact M86 Security immediately to have a copy sent to you. Access the Administrator Console Log On 1.
Page 71 4: G NTRODUCTORY ECTION HAPTER ETTING TARTED 3. After accepting the security certificate, click Go to open the Web Filter login window: Fig. 1:4-1 Login window 4. Enter your Username and Password. TIP: The default Username is admin and the Password is user3. To change this username and password, go to the Administrator window (see the Administrator window of the System screen in the Global Administrator Section) and create a global adminis-...
Page 72: Last Library Update Message
4: G NTRODUCTORY ECTION HAPTER ETTING TARTED On this screen, the Web Filter Version Number displays in the Product frame, and dates for the Last Software Update and Last Library Update display in the Web Filter Status frame. The following information displays at the bottom of the Administrator console: Host Name, LAN IP address used for sending block pages, and software Version number.
Page 73 4: G NTRODUCTORY ECTION HAPTER ETTING TARTED , Last Library Update text Fig. 1:4-3 Welcome screen Click the checkbox “Do not show “Old Library Warning” dialog box in future” to disable the Last Library Update message box. After the libraries are updated, the welcome screen will appear as in Fig.
Page 74: Navigation Tips
4: G NTRODUCTORY ECTION HAPTER ETTING TARTED Navigation Tips Access Main Sections The Administrator console is organized into six sections, each accessible by clicking the corresponding link in the navigation toolbar at the top of the screen: • Home - clicking this link displays the Welcome screen of the Administrator console.
Page 75 4: G NTRODUCTORY ECTION HAPTER ETTING TARTED • Help - clicking this link displays the Help screen that includes navigation tips. Links in the left panel provide access to software and appliance information, and a page for downloading the latest documentation (in the .pdf format): Fig.
Page 76: Help Features
4: G NTRODUCTORY ECTION HAPTER ETTING TARTED Help Features Help features provide information about how to use windows in the Administrator console. Such features include help topics and tooltips. Access Help Topics Each of the main section screens contains a link beneath the banner.
Page 77: Tooltips
4: G NTRODUCTORY ECTION HAPTER ETTING TARTED Tooltips In any window that features the icon in the navigation path bar beneath the banner, additional information about that window can be obtained by hovering over that icon with your mouse, or by pressing the F1 key on your keyboard. •...
Page 78 4: G NTRODUCTORY ECTION HAPTER ETTING TARTED • Help pop-up box The Help pop-up box opens when you press the F1 key on your keyboard: Fig. 1:4-7 Help pop-up box Click OK to close the pop-up box. M86 S ECURITY UIDE...
Page 79: Screen And Window Navigation
4: G NTRODUCTORY ECTION HAPTER ETTING TARTED Screen and Window Navigation All screens are divided into two panels: a navigation panel to the left, and a window in the panel to the right. Windows display in response to a selection made in the navigation panel.
Page 80: Select Sub-Topics
4: G NTRODUCTORY ECTION HAPTER ETTING TARTED Select Sub-topics Some topics in Library and System screens consist of more than one window. For these topics, clicking a topic link opens a menu of sub-topics: Fig. 1:4-9 Sub-topics menu When a sub-topic from this menu is selected, the window for that sub-topic displays in the right panel of the screen.
Page 81: Navigate A Tree List
4: G NTRODUCTORY ECTION HAPTER ETTING TARTED Navigate a Tree List Tree lists are included in the navigation panel of Policy and Library screens. Fig. 1:4-10 Tree menu A tree is comprised of a hierarchical list of items. An entity associated with a branch of the tree is preceded by a plus (+) sign, when that branch of the tree is collapsed.
Page 82: Tree List Topics And Sub-Topics
4: G NTRODUCTORY ECTION HAPTER ETTING TARTED Tree List Topics and Sub-topics Policy and Library tree lists possess a menu of topics and sub-topics. Topics in the tree list display by default when the tree is opened. Examples of tree list topics are circled in Fig. 1:4- When a tree list topic is selected and clicked, a menu of sub- topics opens: Fig.
Page 83: Navigate A Window With Tabs
4: G NTRODUCTORY ECTION HAPTER ETTING TARTED Navigate a Window with Tabs In each section of the console, there are windows with tabs. When selecting a window with tabs from the navigation panel, the main tab for that window displays. Entries made in a tab must be saved on that tab, if the tab includes the Apply button.
Page 84: Console Tips And Shortcuts
4: G NTRODUCTORY ECTION HAPTER ETTING TARTED Console Tips and Shortcuts The following list of tips and shortcuts is provided to help you use windows in the Administrator console with greater efficiency. Navigation Path The navigation path displays at the top of each window: Fig.
Page 85: Select Multiple Items
4: G NTRODUCTORY ECTION HAPTER ETTING TARTED Select Multiple Items When moving several items from one list box to another, or when deleting several items, the Ctrl and Shift keys can be used to expedite this task. • Ctrl Key To select multiple items from a list box, click each item while pressing the Ctrl key on your keyboard.
Page 86: Calculate Ip Ranges Without Overlaps
4: G NTRODUCTORY ECTION HAPTER ETTING TARTED Calculate IP Ranges without Overlaps The Calculator button displays on windows in which IP ranges are entered. These windows include: Range to Detect and Members windows from the Policy section, and Block Page Route Table window from the System section. Fig.
Page 87: Re-Size The User Interface
4: G NTRODUCTORY ECTION HAPTER ETTING TARTED 2. After making a note of the information in this window, click Close to close the IP Calculator. Re-size the User Interface For greater ease in viewing content in any screen, re-size the browser window by placing your cursor at any edge or corner of the user interface, left clicking, and then dragging the cursor to the left or right, or inward or outward.
Page 88: Log Off
4: G NTRODUCTORY ECTION HAPTER ETTING TARTED Log Off To log off the Administrator console: 1. Click the Logout button in the navigation toolbar at the top of the screen. This action opens the Quit dialog box: Fig. 1:4-15 Quit dialog box 2.
Page 89: Global Administrator Section
LOBAL DMINISTRATOR ECTION NTRODUCTION LOBAL DMINISTRATOR ECTION Introduction The Global Administrator Section of this user guide is comprised of four chapters, based on the layout of the Administrator console. This section is used by the autho- rized global administrator of the Web Filter for configuring and maintaining the Web Filter server.
Page 90: Chapter 1: System Screen
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Chapter 1: System screen The System screen is comprised of windows used for configuring and maintaining the server to authenticate users, and to filter, log, or block specified Internet content for each user based on an applied filtering profile. Fig.
Page 91 1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN NOTES: If the synchronization feature is used and a Web Filter is set up in the Source mode, the CMC Management topic and associated sub-topics are also available. If the synchronization feature is used and a Web Filter is set up in the Target mode to synchronize both profile and library setting changes, settings in the Filter window and Customization windows cannot be edited, and the following topics and any asso-...
Page 92: Control
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Control Control includes options for controlling basic Web Filter server functions. Click the Control link to view a menu of sub-topics: Filter, Block Page Authentication, ShutDown, and Reboot. Filter window The Filter window displays when Filter is selected from the Control menu.
Page 93: Local Filtering
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN clients such as Google Web Accelerator and proxy patterns that bypass filtering (see http://www.m86security.com/ software/8e6/hlp/r3000/files/1system_proxy_block .html for a list of proxy pattern types set up to be blocked. When using this feature, the Pattern Detection Whitelist window can be used for setting up IP addresses to bypass pattern filtering (see Pattern Detection Whitelist window in Chapter 3: Library screen).
Page 94: Enable Local Filtering Options
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Enable Local Filtering Options To enable Local Filtering, click “On”. The server will filter the specified Range to Detect on the network. To enable the detection of VLAN traffic on the network, at VLAN Detection, click “On”.
Page 95: Https Filtering
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN HTTPS Filtering Specify your preference for filtering HTTPS sites in the HTTPS Filtering frame. Select from the following settings for the HTTPS Filtering Level: • “None” - if you do not want the Web Filter to filter HTTPS sites •...
Page 96: Service Control
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN NOTE: After making all entries in this window, click Apply. Service Control In the Service Control frame, indicate whether or not Pattern Blocking with be enabled or disabled. Enable Pattern Blocking By default, Pattern Blocking is disabled. Click “On” to block the usage of clients such as Google Web Accelerator and various proxy pattern types on end user workstations that bypass filtering, and to log IM and P2P activity of end users...
Page 97: Disable Pattern Blocking
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN To create a whitelist of pattern IP addresses, see the Pattern Detection Whitelist window in Chapter 3: Library screen. Disable Pattern Blocking Click “Off” to disable Pattern Blocking. NOTE: After making all entries in this window, click Apply. Target(s) Filtering The Target(s) Filtering frame only displays if the Web Filter currently being configured is set up in the Source mode for...
Page 98: Block Page Authentication Window
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Block Page Authentication window The Block Page Authentication window displays when Block Page Authentication is selected from the Control menu. This feature is used for entering criteria the Web Filter will use when validating a user’s account.
Page 99: Enter, Edit Block Page Options
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Enter, Edit Block Page Options NOTE: If you are not using authentication, and/or if your users do not have override accounts set up, you do not need to select any option at the Re-authentication Options field. TIP: Multiple options can be selected by clicking each option while pressing the Ctrl key on your keyboard.
Page 100: Block Page
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN 2. If the Re-authentication option was selected, in the Logon Script Path field, \\PDCSHARE\scripts displays by default. In this field, enter the path of the logon script that the Web Filter will use when re-authenticating users on the network, in the event that a user's machine loses its connection with the server, or if the server is rebooted.
Page 101 Support page that explains why access to the site or service may have been denied. • M86 Security - Clicking this link takes the user to M86’s Web site. By default, these links are included in the block page under the following conditions: •...
Page 102: Options Page
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Email Address field populates the “To” field. The user’s message is submitted to the global administrator. Options page The Options page displays when the user clicks the following link in the block page: For further options, click here.
Page 103: Option 2
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN The frame beneath the User/Machine frame includes infor- mation for options (1, 2, and/or 3) based on settings made in this window and the Common Customization window. NOTE: Information about Option 1 is included in the M86 Web Filter Authentication User Guide.
Page 104: Option 3
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN NOTES: See Profile Control window for information on custom- izing the content in the Profile Control pop-up window. See Appendix C: Override Pop-up Blockers for information on how a user with an override account can authenticate if a pop-up blocker is installed on his/her workstation.
Page 105: Shutdown Window
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN The user should click the logon.bat icon to run a script that will re-authenticate his/her profile on the network. NOTE: If the end user is using a non-IE browser type (i.e. Firefox, Safari, or Chrome) he/she will see a message specifying that IE is the only browser type supported for re-authentication.
Page 106: Reboot Window
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Reboot window The Reboot window displays when Reboot is selected from the Control menu. This window is used for reconnecting the server on the network. Fig. 2:1-9 Reboot window Reboot the Server 1.
Page 107 1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN The Server connected alert box also opens, informing you that the server is connected, and that you must restart the server. 3. Click OK to close the Web Filter ready alert box. 4.
Page 108: Network
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Network Network includes options for configuring the Web Filter on the network. Click the Network link to view a menu of sub- topics: LAN Settings, NTP Servers, Regional Setting, and Block Page Route Table. LAN Settings window The LAN Settings window displays when LAN Settings is selected from the Network menu.
Page 109: Specify Lan Settings
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Specify LAN Settings 1. In the Host Name field, enter up to 50 alphanumeric characters for the name of the host for this server, such as wf.logo.com. 2. Specify the following information, as necessary: •...
Page 110: Ntp Servers Window
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN NTP Servers window The NTP Servers window displays when NTP Servers is selected from the Network menu. This window is used for specifying IP addresses of servers running Network Time Protocol (NTP) software. NTP is a time synchronization system for computer clocks throughout the Internet.
Page 111: Specify Network Time Protocol Servers
2. Click Delete. 3. Click Apply to apply your settings. WARNING: If using the Web Filter with the M86 Security Reporter or M86 Enterprise Reporter unit, be sure that device is connected to the same NTP servers as the Web Filter.
Page 112: Regional Setting Window
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Regional Setting window The Regional Setting window displays when Regional Setting is selected from the Network menu. This window is used for specifying the time zone to be used by the Web Filter and the language set type, if necessary.
Page 113: Block Page Route Table Window
HAPTER YSTEM SCREEN WARNING: If using the Web Filter with an M86 Security Reporter or M86 Enterprise Reporter unit, be sure each Web Filter used by the SR or ER is set up in the same time zone as the SR or ER.
Page 114: Add A Router
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Add a Router In the Route Table frame: 1. Enter the IP address. 2. Select the network subnet Mask from the pull-down menu. 3. In the Gateway field, enter the IP address of the portal to which packets will be transferred to and from the Internet.
Page 115: Administrator
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Administrator Administrator window The Administrator window displays when Administrator is selected from the navigation panel. This window is used for adding and maintaining global administrator (Admin), group administrator (Sub Admin), and help desk administrator (Help Desk) accounts.
Page 116: View Administrator Accounts
M86 recommends that you retain this default account and pass- word in the event that the Web Filter cannot be accessed. An authorized M86 Security technical representative may need to use this username and password when troubleshooting the unit. WARNING: Always be sure that at least one account is listed in this window at all times.
Page 117: Edit An Administrator Account
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Edit an Administrator Account To change an administrator’s password and/or account type: 1. Select the username from the Current User list box; this action populates the Account Details frame with data. 2. In the Password field, enter eight to 20 characters for a new password—including at least one alpha character, one numeric character, and one special character.
Page 118: Secure Logon
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Secure Logon Secure Logon includes options for setting user passwords to expire after a designated number of days, and/or locking out users from the Web Filter after unsuccessfully attempting to log in for the specified number of attempts within the defined timespan.
Page 119: Enable, Disable Password Expiration
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Enable, Disable Password Expiration In the Logon Expiration frame, at the Number of days prior to expiration [1-365] field, specify the number of days logon passwords will be effective by doing one of the following: •...
Page 120: Enable, Disable Account Lockout
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Enable, Disable Account Lockout 1. In the Logon Options frame, enable any of the following options: • At the Lockout by Username field, click the radio button corresponding to either of the following options: •...
Page 121 1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN • At the Failed Password Attempts Timespan (in minutes) [1-1440] field—with the Lockout by User- name and/or Lockout by IP address option(s) enabled—enter the number of minutes that defines the interval in which a user can enter an incorrect pass- word—as specified in the Allowable Number of Failed Password Attempts [1-10] field—before being locked out of the Web Filter.
Page 122: Logon Management
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Logon Management The Logon Management window displays when Logon Management is selected from the Secure Logon menu. This window is used for viewing the status of user accounts— including the date passwords will expire, and which user- names/IP addresses are currently locked out of the Web Filter user interface—and for unlocking usernames and IPs currently locked out of the Web Filter.
Page 123: View User Account Status, Unlock Username
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN View User Account Status, Unlock Username View Account Status The All Accounts Status frame displays password statuses of current login accounts set up in this Web Filter being configured, including: • Account Name - username •...
Page 124: Unlock A Username
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Unlock a Username To unlock a username: 1. Select the Account Name from the All Accounts Status frame by clicking on it to highlight it. 2. Click Unlock to open the dialog box asking if you wish to proceed with this action.
Page 125: View Admin, Sub Admin User Interface Access
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN View Admin, Sub Admin User Interface Access To view the areas of the user interface accessible by a global administrator, LDAP group administrator, or help desk administrator: 1. Select the Admin, Sub Admin, or Help Desk username from the list.
Page 126: Diagnostics
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Diagnostics Diagnostics includes options for setting up or running processes for maintaining the server. Click the Diagnostics link to view a menu of sub-topics: System Command, View Log File, Troubleshooting Mode, Active Profile Lookup, and Admin Audit Trail.
Page 127: Perform A Diagnostic Test, View Data
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Perform a Diagnostic Test, View Data 1. Select a diagnostic tool from the Command pull-down menu: ping(Ping), traceroute(Trace Route), ps(Process list), top(TOP CPU processes), ifconfig(NIC configura- tion), netstat(active connections), netstat(routing table), free(current memory usage), iostat(CPU usage), sar(system performance), recent logins, uptime(system uptime), df(disk usage), and dmesg(print kernel ring buffer).
Page 128: Command Selections
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Command Selections Ping The Ping diagnostic tool is used for verifying whether the Web Filter can communicate with a machine at a given IP address within the network, and the speed of the network connection.
Page 129: Top Cpu Processes
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN TOP CPU processes The TOP CPU processes diagnostic tool is used for analyzing how much memory and CPU power is being consumed by which processes. When Execute is clicked, the window displays the following information: the load average, number of processes that can run, current utiliza- tion by CPUs on the system, and memory and swap file space currently being used and currently available.
Page 130: Current Memory Usage
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Current memory usage When Current Memory Usage is selected and Execute is clicked, the window shows the amount of memory being used, and the amount of memory available for three inter- vals of one second each. CPU usage The CPU Usage diagnostic tool shows information on disk usage.
Page 131: System Uptime
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN System uptime The System uptime diagnostic tool is used for showing the amount of time the Web Filter has been "up" and running. When Execute is clicked, the window displays a row of data showing the current time, the amount of time the Web Filter has been up, the number of users, and the load averages for the past 1, 5 and 15 minute intervals.
Page 132: View Log File Window
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN View Log File window The View Log File window displays when View Log File is selected from the Diagnostics menu. This window is used for viewing the most recent log file results of various activi- ties and for troubleshooting.
Page 133 1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN • “Error Log (error.log)” - used only if an Alternate IP Address is being used in the Block Page Route frame of the Operation Mode window. This log only displays information if the IP address used for sending block pages is not being reconciled with the MAC address of the NIC card.
Page 134: Troubleshooting Mode Window
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Troubleshooting Mode window The Troubleshooting Mode window displays when Trouble- shooting is selected from the Diagnostics menu. This window is used if the server is not sending or receiving packets as normal. Fig.
Page 135: Use The Troubleshooting Mode
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Use the Troubleshooting Mode 1. Click Enable to begin working in the troubleshooting mode. 2. In the Packet Logging frame, select the Packet Logging Time from the available selections (10 seconds, 30 seconds, 60 seconds).
Page 136: Active Profile Lookup Window
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN 8. After performing the fixes on the Web Filter, return to this window and click Disable to resume filtering the network. Active Profile Lookup window The Active Profile Lookup window displays when Active Profile Lookup is selected from the Diagnostics menu.
Page 137: Verify Whether A Profile Is Active
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Verify Whether a Profile is Active 1. In the User IP Address field, enter the IP address of the end user. 2. Click Lookup to verify whether or not a profile is active for that IP address.
Page 138 1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN • Global profile - Global Group Profile • Override profiles - Override Account profile • Lock profiles - X Strikes Blocking lock out profile • Time profiles - Time Profile • TAR profile - Threat Analysis Reporter lock out profile •...
Page 139 1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN message and agreeing to its terms. • Block - URLs in this category will be blocked. • Quota - If a number displays in this column, the corresponding category group/library category was set up as passed but with a time limit, as defined by the number of minutes in that column.
Page 140: Admin Audit Trail Window
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN • Filter Options (optional) - filter options to be used in the user’s profile: “X Strikes Blocking”, “Google/Bing/ Yahoo!/Youtube/Ask/AOL Safe Search Enforcement”, “Search Engine Keyword Filter Control”, and/or “URL Keyword Filter Control” with/without the “Extend URL Keyword Filter Control”...
Page 141: Specify Ftp Criteria
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Specify FTP Criteria 1. Enter the IP address of the FTP Server. 2. The log will be sent to the current default directory, unless a Remote Directory is specified. 3. At the Transfer Mode field, “Passive” is selected by default, indicating that transfers will be made via unre- stricted outgoing network connections.
Page 142: View
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN View View the Log of Administrator Changes To view the log, click the View tab: Fig. 2:1-27 Admin Audit Trail window, View tab Click View Log to display data on recent activity. For each change made on the server, the log will contain the date and time the change was made (Time), IP address of the machine used by the administrator, administrator's User-...
Page 143: Alert
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Alert Alert includes options for setting up alert emails that notify designated individuals of problems on the network. Click the Alert link to view a menu of sub-topics: Alert Settings, and SMTP Server Settings. Alert Settings window The Alert Settings window displays when Alert Settings is selected from the Alert menu.
Page 144 This problem usually occurs if the Web Filter is unable to transfer log files to the reporting application—an M86 Security Reporter (SR), M86 Enter- prise Reporter (ER) server, or a designated third party FTP server. Action should be taken to prevent the hard drive from reaching 100 percent utilization.
Page 145: Enable The Alert Feature
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Enable the Alert Feature By default, the “Disable” radio button is selected. To enable the feature for sending automated email notifications: 1. Click the “Enable” radio button to activate all elements in the Emergency Email Notification frame.
Page 146: Smtp Server Settings Window
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN SMTP Server Settings window The SMTP Server Settings window displays when SMTP Server Settings is selected from the Alert menu. This window is used for entering settings for the Simple Mail Transfer Protocol that will be used for sending email alert messages to specified administrators.
Page 147: Verify Smtp Settings
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN 4. By default, Authentication is disabled. Click “Enable” if a username and password are required for logging into the SMTP server. This action activates the fields below. Make the following entries: a. Enter the Username. b.
Page 148: Software Update
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Software Update Software Update includes options for uploading software updates. Click the Software Update link to view a menu of sub-topics: Local Software Update, and Software Update Log. Local Software Update window The Local Software Update window displays when Local Software Update is selected from the Software Update menu.
Page 149: Read Information About A Software Update
HAPTER YSTEM SCREEN TIP: Click the link (“here”) at the bottom of the window to go to the Web page at M86 Security’s public site (http:// www.m86security.com/support/r3000/documentation.asp) where release notes about software updates can be obtained. Read Information about a Software Update...
Page 150: Select And Apply A Software Update
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Select and Apply a Software Update NOTES: Software updates must be applied to the server in sequential order. Be sure port 8082 is open on your network. General Software Installation Procedures These instructions pertain to the installation of GA software updates, or LA/Beta software updates—if the download and installation of LA/Beta software updates has been enabled in the Enable/Disable Software Update Type Download...
Page 151 1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Fig. 2:1-34 EULA dialog box 4. After reading the contents of the End User License Agreement, click Yes if you agree to its terms. This action closes the EULA dialog box and opens the alert box veri- fying the software update application process: Fig.
Page 152: Enable/Disable Software Update Type Downloads
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Fig. 2:1-36 Connection failure alert box 6. Click OK to close the alert box. 7. In the navigation toolbar, click Quit to exit the Web Filter console. 8. Wait a few minutes, and then log back into the Web Filter console again.
Page 153: First Time La/Beta Software Install Procedures
NOTE: If you do not have an installation key, click the link “click here” to go to the M86 Security Web site where you will need to log in and request an installation key.
Page 154: Undo An Applied Software Update
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Fig. 2:1-38 LA software acceptance box Fig. 2:1-39 Beta software acceptance box 4. Read the description for the software type to be installed (LA or Beta), and then click Yes to close the software acceptance dialog box and to open the End User License Agreement dialog (see Fig.
Page 155: Software Update Log Window
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN To unapply a software update: 1. Go to the History of Software Updates frame and select the software update to be unapplied. 2. Click Undo. Software Update Log window The Software Update Log window displays when Software Update Log is selected from the Software Update menu.
Page 156: Download Log, View, Print Contents
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Download Log, View, Print Contents Download the Log 1. Click Download Log to open the alert box containing a message on how to download the log file to your worksta- tion, if using Windows Explorer. 2.
Page 157: View The Contents Of The Log
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN View the Contents of the Log Once the software update log file has been downloaded to your workstation, you can view its contents. 1. Find the log file in the folder, and right-click on it to open the menu: Fig.
Page 158 1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN 3. If using WinZip, click I Agree to open the window containing the zip file: Fig. 2:1-43 WinZip window 4. Right-click the zip file to open the menu, and choose “View” to open the View dialog box: Fig.
Page 159: Save, Print The Log File Contents
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Save, Print the Log File Contents With the log file displaying correctly formatted in WinZip’s View window, if you wish to save or print the contents of this file: 1. Click Clipboard Copy, wait for the dialog box to open and confirm that the text has been copied to the clip- board, and then click OK to close the dialog box.
Page 160: Synchronization
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Synchronization By default, the Synchronization menu includes the Setup option that lets you specify the Web Filter server’s function on the network: whether it will be a stand alone box, or whether it will send profile/library setting changes to—or receive such setting changes from—another Web Filter.
Page 161: Setup Window
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Setup window The Setup window displays when Setup is selected from the Synchronization menu. This window is used for establishing the function of the Web Filter, especially if there is more than one Web Filter on the network.
Page 162: Using More Than One Web Filter On The Network
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Using More than One Web Filter on the Network Using the synchronization process, all target servers are updated with profile/library setting changes, so that no matter which Web Filter the user’s client PC accesses, the user’s Internet session will be appropriately filtered and blocked.
Page 163 1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN 2. At the Selective Synchronization field, by default “All” is selected. This choice includes both profile and library setting changes. Choose “Library” if only library category additions/deletions (including search engine keywords and URL keywords additions/deletions)—and not profiles—should be synced to target servers.
Page 164 1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN NOTE: LAN 1 and LAN 2 IP addresses that display in this menu were previously entered in the LAN Settings window on this server. 5. In the Target IPs frame, enter the Target IP address of the Web Filter that will receive profile/library setting changes from this server being configured.
Page 165: Sync All Target Servers With The Same Settings
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Sync All Target Servers with the Same Settings If all target servers have been configured and now need to be set with the same settings, click Sync All from the source server. This action should only be performed if all target servers need to have the same user filtering profile/ library settings as the source server.
Page 166 1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN For the Target mode setting: 1. In the Mode frame, click “Target” to display the Target mode view: Fig. 2:1-48 Setup window, Target mode In the IP to Send frame, the LAN1 and LAN2 IP addresses set up in the LAN Settings window on this server display in the IP to Send pull-down menu.
Page 167: Status Window
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN 6. Click Apply after all settings have been made. NOTE: This test only verifies whether this server can contact the source server. In order for synchronization to be operable on the network, the source server must also be able to contact this target server being configured.
Page 168: View The Sync Status Of Targets From The Source
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN View the Sync Status of Targets from the Source If the server is set up in the Source mode, the Web Filter System Time displays at the top of the Target(s) Status frame.
Page 169: View Items Previously Synced To The Server
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Fig. 2:1-50 Queue of Target window 2. Click Close to close the window. View Items Previously Synced to the Server To view items previously synced to a specified target server: 1. In the History column for that server, click Details to open the History of Target window.
Page 170: Place Items In Queue For Syncing
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Place Items in Queue for Syncing To place new sync items in queue for the target server(s), click Test Sync. View the Sync Status of the Target Server If the server is set up in the Target mode, the Web Filter System Time displays above the Target Sync Status frame.
Page 171 1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN • Last Successful Sync - The date and time of the last successful synchronization displays, using the YYYY/ MM/DD and HH:MM:SS format. • History Log - Click the Details button to open the History of Target window.
Page 172: Mode
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Mode Mode includes options for configuring the Web Filter to filter the network. Click the Mode link to view a menu of sub- topics: Operation Mode and Proxy Environment Settings. Operation Mode window The Operation Mode window displays when Operation Mode is selected from the Mode menu.
Page 173: Set The Operation Mode
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Set the Operation Mode The default Mode setting is “Invisible”. To change this setting, click the radio button corresponding to “Router”, “Firewall”, “ICAP”, or “Mobile”. Selecting ICAP would make the Web Filter function in a capacity other than filtering users on the network.
Page 174: Invisible Option: Specify The Block Page Delivery
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN If using the router or firewall mode, at the Device to send block page pull-down menu, you may need to choose the network card that will be used to send the block page to client PCs.
Page 175: Icap Option: Specify Icap Server Settings
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN NOTES: The Current MAC Address displays if there is a resolu- tion between the IP address and the MAC address of the router or device used for serving block pages. If an Alternate IP Address is used, that address must be resolved with the MAC address in order for block pages to be served to client PCs.
Page 176: Apply Operation Mode Settings
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN 2. In the URI field, enter the Uniform Resource Identifier that must specify the complete hostname and path of the resource being requested. For example: icap:// icap.logo.com:1344/services/icap-services NOTE: This string must match what is set up on the ICAP server in order for the ICAP client's request to be accepted by the ICAP server.
Page 177: Proxy Environment Settings Window
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Proxy Environment Settings window The Proxy Environment Settings window displays when Proxy Environment Settings is selected from the Mode menu. This window is used for specifying whether the Web Filter is in a proxy environment, if the default Web server port number 80 will be enabled, and if HTTPS traffic will be allowed to pass without being overblocked.
Page 178: Use Proxy Port 80
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Use Proxy Port 80 In the Proxy Port 80 Setting frame, the default setting is “Disable”. To specify that the public proxy server will channel “https” traffic through Port 80: 1. Click the radio button corresponding to “Enable”. 2.
Page 179: Backup/Restore
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Backup/Restore Backup/Restore window The Backup/Restore window displays when Backup/ Restore is selected from the navigation panel. This window is used for saving configuration settings and/or custom library additions/deletions on or off the server, and for restoring these settings/modifications later, if necessary.
Page 180: Backup Procedures
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN TIPS: The order in which columns display in the grid can be changed by clicking the column header and sliding the column to another position in the grid. To change the sort order, click the header of a column. All rows will sort in order by that column.
Page 181: Perform A Backup On Demand
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Perform a Backup on Demand 1. In the Manual Backup frame on the Backup tab, click Backup to open the Web Filter Backup dialog box: Fig. 2:1-56 Web Filter Backup dialog box 2.
Page 182: Schedule A Backup
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Schedule a Backup Configure FTP Server Settings 1. In the Server Configuration section of the Scheduled Backup frame, enter the IP address of the Remote Server. 2. In the FTP Directory field, enter the path where log files will be stored.
Page 183: Create A Backup Schedule
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Create a Backup Schedule 1. In the Recurrence Schedule section of the Scheduled Backup frame, click Schedule to open the Scheduled Backup box: Fig. 2:1-57 Scheduled Backup box 2. In the Recurrence duration time frame, specify Start and End time range criteria: a.
Page 184 1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN In this pop-up box you can do the following: • Click the left or right arrow at the top of this box to navigate to the prior month or the next month. •...
Page 185 1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN • Monthly - If this selection is made, first enter the interval for the months this time profile will be used, and next specify which day of the month: • If Day is chosen, select from “1” - “31”. •...
Page 186: Remove A Backup Schedule
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN “Weekday”, “Weekend” - month: “January” - “December”. By default, the “First” “Sunday” of “January” are selected. If 2 is entered and the “First” “Monday” of “June” are selected, this profile will be used every two years on the first Monday in June.
Page 187: Download A File
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Download a File To download a file to your machine: 1. In the Restore tab, select the file from the Backup Config- urations grid: Fig. 2:1-58 Backup/Restore window, Restore tab 2. Click Download to open the alert box containing a message on how to download the log file to your worksta- tion, if using Windows Explorer.
Page 188: Perform A Restoration
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Perform a Restoration To restore backup data to the server, the backup file must be listed in the Backup Configurations grid in the Restore tab, and the restoration function must be executed. If the backup file is not included in the Backup Configurations grid, you must upload it to the server.
Page 189: Restore Configurations To The Server
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN 2. Click Browse... to open the Choose file window. 3. Select the file to be uploaded. After the file is selected, the Choose file window closes. 4. In the window, type in a Comment about the file. 5.
Page 190: View Backup And Restoration Details
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN View Backup and Restoration Details To view details on backup and/or restoration activities: 1. Click Log to open the Backup/Restore Log box: Fig. 2:1-60 Backup/Restore box The box includes rows of data about backup and restore processes performed via the Backup/Restore window.
Page 191: Reset
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Reset Reset window The Reset window displays when Reset is selected from the navigation panel. This window is used for resetting the server back to the default settings when the box was first acquired.
Page 192: Radius Authentication Settings
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Radius Authentication Settings Radius Authentication Settings window The Radius Authentication Settings window displays when Radius Authentication Settings is selected from the naviga- tion panel. This window is used for controlling filtering levels of dial-up users.
Page 193: Enable Radius
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Access Server or proxy server) that sends accounting request packets to the external Radius accounting server. Enable Radius The Radius Mode is “Off” by default. To use Radius, click the “On” radio button. This action displays the Radius Authentication Settings frame.
Page 194: Apply Settings
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN • Check the box for Use Web Filter IP as Source IP, if the IP address of the Web Filter (LAN1 or LAN2) should be used when forwarding packets instead of the IP address of the NAS. To disable the Forward Mode option, click the “Off”...
Page 195: Snmp
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN SNMP SNMP window The SNMP window displays when SNMP is selected from the navigation panel. This feature lets the global adminis- trator use a third party Simple Network Management Protocol (SNMP) product for monitoring and managing the working status of the Web Filter's filtering on a network.
Page 196: Specify Monitoring Settings
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Specify Monitoring Settings Set up Community Token for Public Access Enter the password to be used as the Community token for public access. This is the password that the manage- ment Web Filter console would use when requesting access.
Page 197: Hardware Failure Detection
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Hardware Failure Detection Hardware Failure Detection window The Hardware Failure Detection window displays when Hardware Failure Detection is selected from the navigation panel. This feature shows the status of each drive on the RAID server.
Page 198 1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN 2. Replace the failed drive with your spare replacement drive 3. Click on the “Rebuild” button on the GUI 4. To return a failed drive to M86 or to order additional replacement drives, please call M86 Technical Support NOTE: For information on troubleshooting RAID, refer to Appendix E: RAID and Hardware Maintenance.
Page 199: Strikes Blocking
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN X Strikes Blocking X Strikes Blocking window The X Strikes Blocking window displays when X Strikes Blocking is selected from the navigation panel. This feature lets a global administrator set criteria for blocking a user's access to “unacceptable”...
Page 200: Configuration
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Configuration Set up Blocking Criteria 1. At Reset the X-Strike count upon authentication, “Off” is selected by default. To have all strikes reset before an end user is authenticated, click “On”. 2. Enter the Maximum Strikes Before “Locking” the Workstation.
Page 201: Reset All Workstations
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN To specify a different page, click “Custom URL” and enter the URL in the text box. 7. Click Save to save your configuration settings. Reset All Workstations The following buttons can be clicked to reset workstations: •...
Page 202: Overblocking Or Underblocking
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN The following information might also display in the lock page: “You have been denied access according to your organization's Internet Usage Policy. As a result, your Internet privileges were temporarily suspended for a total of ‘X’...
Page 203: Email Alert
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN her workstation for five minutes. However, since the toler- ance timer is set at four seconds, a user could potentially receive five strikes within 16 seconds if he/she accesses a page with multiple, inappropriate images and/or links that load on each page within four seconds.
Page 204: Set Up Email Alert Criteria
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Fig. 2:1-67 X Strikes Blocking window, Email Alert tab Set up Email Alert Criteria 1. In the Minutes Past Midnight Before Starting Time Interval (0-59) field, enter the number of minutes past midnight that a locked workstation email alert will first be sent to the specified recipient(s).
Page 205: Set Up Email Alert Recipients
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Fig. 2:1-68 The Daily Schedule window Click Close to close the window. 3. Click Save to save the field entries. Set up Email Alert Recipients 1. Enter the Email Address of an individual who will receive locked workstation email alerts.
Page 206: Logon Accounts
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Logon Accounts Click the Logon Accounts tab to display Logon Accounts: Fig. 2:1-69 X Strikes Blocking window, Logon Accounts tab Set up Users Authorized to Unlock Workstations 1. Enter the Username of a staff member who is authorized to unlock workstations.
Page 207: Deactivate An Authorized Logon Account
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Deactivate an Authorized Logon Account To deactivate an authorized user’s account: 1. Select the username from the Current Accessible Users list box. 2. Click Disable to move the username to the Current Un- Accessible Users list box.
Page 208: Categories
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Categories Click the Categories tab to display Categories: Fig. 2:1-70 X Strikes Blocking window, Categories tab Set up Categories to Receive Strikes or No Strikes 1. Select library categories from the “No Strike” Categories list box.
Page 209: Go To X Strikes Unlock Workstation Gui
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Go to X Strikes Unlock Workstation GUI When any administrator clicks the X Strikes Blocking icon or Go to X Strikes Unlock Workstation GUI, either the Re-login window or the X Strikes Unlock Workstation window opens.
Page 210: Strikes Unlock Workstation
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN X Strikes Unlock Workstation The following information displays in the X Strikes Unlock Workstation window: IP Address, User Name, and Expire Date/Time of currently locked workstations. Fig. 2:1-72 X Strikes Unlock Workstation window Unlock a Workstation To unlock a specified workstation: 1.
Page 211 1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Fig. 2:1-73 Login window Enter the Username and Password and click OK to open the X Strikes Unlock Workstation window (see Fig. 2:1-69). • The Web Filter Introductory Window for X Strikes simultaneously opens with the Login window: Fig.
Page 212: Set Up An Email Address To Receive Alerts
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Set up an Email Address to Receive Alerts To send locked workstation information to a designated administrator: 1. Enter the email address in the Email Address to be Subscribed/Unsubscribed text box. 2. Click Subscribe. Remove an Email Address from the Alert List To remove an administrator's email address from the notifi- cation list:...
Page 213: Warn Option Setting
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Warn Option Setting Warn Option Setting window The Warn Option Setting window displays when Warn Option Setting is selected from the navigation panel. This feature lets a global administrator specify the number of minutes for the interval of time in which a warning page will redisplay for the end user who accesses a URL in a library category with a Warn setting for his/her profile.
Page 214: Specify Interval For Re-Displaying The Warn Page
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN NOTES: If using the synchronization feature, the Warn Option Setting window is available in the Stand Alone and Source mode. This topic does not display if this server being configured is set up in the Target mode to synchronize both profile and library setting changes.
Page 215: Customization
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Customization Customization includes options to customize settings for HTML pages that display for end users who execute a command that triggers the associated window to open. Click the Customization link to view a menu of sub-topics: Common Customization, Authentication Form, Lock Page, Block Page, Warn Page, Profile Control, Quota Block Page, Quota Notice Page.
Page 216: Common Customization Window
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Common Customization window The Common Customization window displays when Common Customization is selected from the Customization menu. This window is used for specifying elements to be included in block, lock, profile, and warning pages, and/or the authentication request form the end user will see.
Page 217: Enable, Disable Features
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Enable, Disable Features 1. Click “On” or “Off” to enable or disable the following elements in the HTML pages, and make entries in fields to display customized text, if necessary: • Username Display - if enabled, displays “User/ Machine”...
Page 218 1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN • Help Link URL - By default, http:// www.m86security.com/support/r3000/accessde- nied.asp displays as the help link URL. Enter the URL to be used when the end user clicks the help link text (specified in the Help Link Text field). •...
Page 219: Lock Page Customization Window
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Lock Page Customization window The Lock Page Customization displays when Lock Page is selected from the Customization menu. This window is used with the X Strikes Blocking feature, and lets you customize text in the lock page end users will see when attempting to access Internet content blocked for their profiles, and their workstations are currently locked.
Page 220: Edit Entries, Setting
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Edit Entries, Setting 1. Make an entry in any of the following fields: • In the Header field, enter a static header to be displayed at the top of the lock page. •...
Page 221: Preview Sample Lock Page
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Preview Sample Lock Page 1. Click Preview to launch a separate browser window containing a sample customized lock page, based on entries saved in this window and in the Common Customization window: Fig.
Page 222: Block Page Customization Window
DMINISTRATOR ECTION HAPTER YSTEM SCREEN • M86 Security - Clicking this link takes the user to M86’s Web site. 2. Click the “X” in the upper right corner of the window to close the sample customized lock page. TIP: If necessary, make edits in the Lock Page Customization window or the Common Customization window, and then click Preview in this window again to view a sample lock page.
Page 223: Add, Edit Entries
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN TIP: An entry in any of the fields in this window is optional, but if an entry is made in the Link Text field, a corresponding entry must also be made in the Link URL field. Add, Edit Entries 1.
Page 224: Preview Sample Block Page
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Preview Sample Block Page 1. Click Preview to launch a separate browser window containing a sample customized block page, based on entries saved in this window and in the Common Customization window: Fig.
Page 225 Support page that explains why access to the site or service may have been denied. • M86 Security - Clicking this link takes the user to M86’s Web site. By default, these links are included in the block page under the following conditions: •...
Page 226: Warn Page Customization Window
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Warn Page Customization window The Warn Page Customization window displays when Warn Page is selected from the Customization menu. This window is used with the Warn Option Setting feature, and lets you customize text in the window end users will see if attempting to access a URL in a library category set up with a Warn setting for his/her profile.
Page 227: Add, Edit Entries
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Add, Edit Entries 1. Make an entry in any of the following fields: • In the Header field, enter a static header to be displayed at the top of the warning page. •...
Page 228: Preview Sample Warning Page
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Preview Sample Warning Page 1. Click Preview to launch a separate browser window containing a sample customized warning page, based on entries saved in this window and in the Common Customization window: Fig.
Page 229 • HELP - Clicking this link takes the user to M86’s Tech- nical Support page that explains why access to the site or service may have been denied. • M86 Security - Clicking this link takes the user to M86’s Web site. The following buttons are included in the warning page: •...
Page 230: Profile Control Window
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN 2. Click the “X” in the upper right corner of the window to close the sample customized warning page. TIP: If necessary, make edits in the Warn Page Customization window or the Common Customization window, and then click Preview in this window again to view a sample warning page.
Page 231: Edit Entries
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Edit Entries 1. Make an entry in any of the following fields: • In the Header field, enter a static header to be displayed at the top of the profile control pop-up window.
Page 232: Quota Block Page Customization Window
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Quota Block Page Customization window The Quota Block Page Customization window displays when Quota Block Page is selected from the Customization menu. This window is used for making customizations to the quota block page the end user will see if he/she has a quota time limit set for a passed category in his/her profile and has attained or exceeded that limit.
Page 233: Preview Sample Quota Block Page
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN • In the Link Text field, enter text for the link's URL, and in the Link URL field, enter the corresponding hyper- link in plain text using the http:// or https:// syntax. Any entries made in these fields will display centered in the customized quota block page, using the Arial font type.
Page 234 Support page that explains why access to the site or service may have been denied. • M86 Security - Clicking this link takes the user to M86’s Web site. 2. Click the “X” in the upper right corner of the window to close the sample customized quota block page.
Page 235: Quota Notice Page Customization Window
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Quota Notice Page Customization window The Quota Notice Page Customization window displays when Quota Notice Page is selected from the Customiza- tion menu. This window is used for making customizations to the quota notice page the end user will see if he/she has a quota time limit set for a passed category in his/her profile and has used 75 percent of the allotted time in that category.
Page 236: Preview Sample Quota Notice Page
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN • In the Link Text field, enter text for the link's URL, and in the Link URL field, enter the corresponding hyper- link in plain text using the http:// or https:// syntax. Any entries made in these fields will display centered in the customized quota notice page, using the Arial font type.
Page 237 Support page that explains why access to the site or service may have been denied. • M86 Security - Clicking this link takes the user to M86’s Web site. The following button is included in the quota notice page: •...
Page 238: Cmc Management
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN CMC Management CMC Management displays on a Web Filter set up in the Source mode, and includes Centralized Management Console options for viewing the filtering statuses of this source server and its target server(s), and managing soft- ware updates on these servers.
Page 239 1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN window for the source server's hostname, or the information entered for the target server in the Target Location field in the Setup window); Applied Date (date the software update was applied to the server, using the YYYY/MM/DD format); Current Version (software update build name and number);...
Page 240: Apply Or Undo A Software Update
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Apply or Undo a Software Update To apply a software update: 1. Click to select the row(s) corresponding to the servers to be updated. 2. Click Apply. NOTES: If the source server is selected for a software update, the EULA displays when the software update is about to be applied.
Page 241: Status Window
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Status window The Status window displays when Status is selected from the CMC Management menu. This window is used for viewing the filtering status of the source and target server(s) for troubleshooting purposes. Fig.
Page 242 1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN • Last Library Update - most recent date the library was updated on the server, using the YYYY/MM/DD format, if this information is available. TIPS: The order in which columns display in the grid can be changed by clicking the column header and sliding the column to another position in the grid.
Page 243: Quota Setting
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Quota Setting Quota Setting window The Quota Setting window displays when Quota Setting is selected from the navigation panel. This window lets a global administrator configure URL hits that—along with quotas specified in filtering profiles—determine when a user will be blocked from further accessing URLs in a library group/category.
Page 244: Configure Quota Hit Settings
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Configure Quota Hit Settings 1. Enter the number of Seconds Per Hit to indicate how much time will be applied towards a “hit” (URL access) in any category with a quota. The default is 10 seconds per hit.
Page 245: Reset Quotas
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Reset Quotas Quotas are automatically reset at midnight, but also can be manually reset on demand or scheduled to be reset at specific times each day. Reset Quotas Now Click Reset Now to reset all quotas to zero (“0”). Users currently blocked from accessing URLs because of a quota time limit will now be able to access URLs in any library/ group category with a quota.
Page 246: Delete A Quota Reset Time From The Schedule
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Delete a Quota Reset Time from the Schedule 1. Select the quota reset time from the Current Reset Time(s) list box. 2. Click Remove to remove the quota reset time from the list box.
Page 247 • HELP - Clicking this link takes the user to M86’s Tech- nical Support page that explains why access to the site may have been denied. • M86 Security - Clicking this link takes the user to M86’s Web site. The end user can decide whether or not to access the requested URL.
Page 248: Quota Block Page
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Quota Block page When the end user has spent 100 percent of time in a quota-restricted library group/category, the quota block page displays: Fig. 2:1-92 Sample Quota Block Page Once receiving a quota block page, the end user will not be able to access content in that library group/category until the quota is reset.
Page 249: Ui Ssl Certificate
• HELP - Clicking this link takes the user to M86’s Tech- nical Support page that explains why access to the site or service may have been denied. • M86 Security - Clicking this link takes the user to M86’s Web site. UI SSL Certificate...
Page 250: Generate An Ssl Certificate For The Web Filter
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Generate an SSL Certificate for the Web Filter 1. Click Generate Certificate to open the box that asks if you wish to continue, which would restart your server. TIP: Click No to close the window and to return to SSL Certificate window.
Page 251: Chapter 2: Policy Screen
2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN Chapter 2: Policy screen The Policy screen is comprised of windows and dialog boxes used for adding IP groups and/or LDAP domains, and for creating filtering profiles for IP/LDAP groups and their members.
Page 252 2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN Double-click the branch of your selection to display the list of groups/domains previously added to that branch. Keep double-clicking items in the tree list to view additional items. Click an entity in the tree list to view a menu of topics or actions that can be performed for that entity.
Page 253: Global Group
2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN Global Group Global Group includes options for creating and maintaining groups. Click the Global Group link to view a menu of sub- topics: Range to Detect, Rules, Global Group Profile, Over- ride Account, Approved Content (incl. VuSafe), Minimum Filtering Level, and Refresh All.
Page 254: Add A Segment To The Network
2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN NOTE: Segments of network traffic should not be defined if using the firewall mode. The main window (Fig. 2:2-2) lets you add segments to the network, or modify or remove existing segments. The Current Ranges list box includes a list of segments previ- ously added using this feature.
Page 255 2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN Fig. 2:2-4 Range to Detect Settings, second window 2. Click one of the following buttons to select the procedure for adding the segment: • Start the Setup Wizard - clicking this button takes you to the Range to Detect Setup Wizard.
Page 256: Range To Detect Setup Wizard
2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN Range to Detect Setup Wizard Click the Start the Setup Wizard button to display Step 1 of the Range to Detect Setup Wizard. The Wizard is comprised of six steps. An entry is required in Step 1, but not in Steps 2 - 5.
Page 257 2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN 2. Click Add to include the segment in the list box above. NOTE: To modify the segment, select it from the list box and click Modify to move the segment to the field(s) below for editing. To remove the segment, select it from the list box and click Remove.
Page 258 2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN Step 3: Optional In this step you define the source IP address(es) to be excluded from filtering. Fig. 2:2-7 Range to Detect Setup Wizard window, Step 3 Step 4: Optional In this step you define the destination IP address(es) to be excluded from filtering.
Page 259 2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN Fig. 2:2-8 Range to Detect Setup Wizard window, Step 4 Step 5: Optional In this step you enter destination port numbers to be excluded from filtering. Fig. 2:2-9 Range to Detect Setup Wizard window, Step 5 M86 S ECURITY UIDE...
Page 260 2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN 1. In the Individual Port field, enter the port number to be excluded from filtering. 2. Click Add to include the entry in the list box above. NOTE: To remove the port number, select it from the list box and click Remove.
Page 261: Range To Detect Advanced Settings
2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN • click Finish to accept all your entries. This action takes you to the main Range to Detect Settings window where the segment you entered now displays in the Current Ranges list box. Range to Detect Advanced Settings Click the Advanced Settings button to display the Range to Detect Advanced Settings window:...
Page 262: Modify A Segment Of The Network
2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN Modify a Segment of the Network To modify a segment: 1. In the main Range to Detect Settings window (see Fig. 2:2-2), select the segment from the Current Ranges list box. 2. Click Modify to go to the second page (see Fig. 2:2-4). 3.
Page 263: Rules Window
2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN Rules window The Rules window displays when Rules is selected from the Global Group menu. This window is used for adding a filtering rule when creating a filtering profile for an entity. Fig.
Page 264: Add A Rule
2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN Add a Rule To create a new rule: 1. Click New Rule to populate the Rule # field with the next consecutive rule number available. 2. Enter up to 20 characters for a unique Rule Description that describes the theme for that rule.
Page 265 2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN NOTE: If a category group does not display any filter setting (i.e. the check mark does not display in any column for the category group), one or more library categories within that group has a filter setting in a column other than the filter setting designated for all collective library categories within that group.
Page 266: Modify A Rule
2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN • The Overall Quota field becomes enabled if a quota is entered for any library group/category. By default, the enabled Overall Quota is turned “Off”. If turned “On”, enter the number of minutes in the Min field to indicate when the end user’s access to passed library groups/ categories with quotas will be blocked.
Page 267: Remove A Rule
2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN 5. Click Save Rule. Remove a Rule To delete a rule: 1. Select the rule from the Current Rules pull-down menu. 2. Click Delete Rule. Global Group Profile window The Global Group Profile window displays when Global Group Profile is selected from the Global Group menu.
Page 268: Category Profile
2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN Category Profile Category Profile displays by default when Global Group Profile is selected from the Global Group menu, or when the Category tab is clicked. This tab is used for assigning filter settings to category groups/library categories for the global group profile.
Page 269 2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN • Block - URLs in this category will be blocked. NOTE: If a category group does not display any filter setting (i.e. the check mark does not display in any column for the category group), one or more library categories within that group has a filter setting in a column other than the filter setting designated for all collective library categories within that group.
Page 270: Port
2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN NOTE: See the Quota Settings window in Chapter 1: System screen for more information on configuring quota settings and resetting quotas for end users currently blocked by quotas. • The Overall Quota field becomes enabled if a quota is entered for any library group/category.
Page 271: Create, Edit A List Of Service Ports
2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN Create, Edit a List of Service Ports All service ports are filtered by default. To block a service port from being accessed by global filtering profile users: 1. Enter the port number in the Port field. 2.
Page 272: Create, Edit The Redirect Url
2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN Create, Edit the Redirect URL 1. Specify the type of redirect URL to be used: “Default Block Page”, “Authentication Request Form”, or “Custom URL”. If “Custom URL” is selected, enter the redirect URL in the corresponding text box.
Page 273 2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN Control”, “URL Keyword Filter Control”. If URL Keyword Filter Control is selected, the “Extend URL Keyword Filter Control” option can be selected. 2. Click Apply to apply your settings. X Strikes Blocking With the X Strikes Blocking option enabled, an end user who attempts to access inappropriate sites on the Internet will be locked out from his/her workstation after a specified number...
Page 274 2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN Search Engine Keyword Filter Control With the Search Engine Keyword Filter Control option enabled, search engine keywords can be set up to be blocked. When a user enters a keyword in the search engine, if that keyword has been set up to be blocked, the search will not be performed.
Page 275 2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN URL Keyword Filter Control With the URL Keyword Filter Control option enabled, URL keywords can be set up to be blocked. When a user enters a keyword in the address line of a browser window, if that keyword has been set up to be blocked, the user will be denied access to that site or service.
Page 276: Override Account Window
2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN Override Account window The Override Account window displays when Override Account is selected from the Global Group menu. This window is used for creating an override account that allows an IP group user to bypass settings at the minimum filtering level.
Page 277: Add An Override Account
2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN Add an Override Account To create an Override Account profile: 1. In the Account Details frame, enter the username in the Name field. 2. Enter the Password. 3. Make the same entry again in the Confirm Password field.
Page 278: Category Profile
2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN Category Profile The Rule tab is used for creating the categories portion of the override account profile. Fig. 2:2-18 Override Account window, Rule tab To create the category profile: 1. Select a filtering rule from the available choices in the Available Filter Levels pull-down menu.
Page 279 2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN in the Adult Content category group some of the library catego- ries have a block setting and other library categories have a warn setting, there would be no category group filter setting, since all library categories do not have the same filter setting.
Page 280 2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN • In the Quota column, enter the number of minutes the user will be able to access the library group/category. The minimum number of minutes is “1” and the maximum is “1439” (one day minus one minute). The number of minutes entered here combines with the seconds per hit (minimum one second to maximum 3600 seconds) defined in the Quota Settings window...
Page 281: Redirect Url
2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN Redirect URL The Redirect tab is used for specifying the URL to be used for redirecting the user if he/she attempts to access a site or service set up to be blocked. Fig.
Page 282: Filter Options
2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN Filter Options The Filter Options tab is used for specifying which filter option(s) will be applied to the override account profile. Fig. 2:2-20 Override Account window, Filter Options tab 1. Click the checkbox(es) corresponding to the option(s) to be applied to the override account filtering profile: •...
Page 283 2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN • “Google/Bing/Yahoo!/Youtube/Ask/AOL Safe Search Enforcement” - With the Google/Yahoo!/Youtube/Ask/ AOL Safe Search Enforcement option enabled, Google, Bing.com, Yahoo!, YouTube, Ask.com, and AOL’s “strict” SafeSearch Filtering option will be used whenever the end user performs a Google, Bing.com, Yahoo!, YouTube, Ask.com, or AOL Web search or Image search.
Page 284: Edit An Override Account
2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN • “URL Keyword Filter Control” - With the URL Keyword Filter Control option enabled, URL keywords can be set up to be blocked. When the user enters a keyword in the address line of a browser window, if that keyword has been set up to be blocked, the user will be denied access to that site or service.
Page 285: Modify An Override Account
2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN 4. Make the same entry again in the Confirm Password field. 5. Click View/Modify to open the window. 6. Click Apply. 7. Click Close to close the window. Modify an Override Account To modify an override account: 1.
Page 286: Approved Content Settings Window
2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN Approved Content Settings window The Approved Content Settings window displays when Approved Content (incl. VuSafe) is selected from the Global Group menu. This window is used for granting designated users access to a specified set of approved online videos posted to YouTube or SchoolTube via a portal managed by someone within your organization.
Page 287: Approved Content Setup And Configuration
2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN Approved Content feature in a user’s profile gives that user access to videos posted to VuSafe. Approved Content setup and configuration There are two parts to set up in order to use the Approved Content feature: •...
Page 288: Approved Content Settings Entries
2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN Approved Content Settings entries Once you have passkeys created for the approved videos, you can begin making entries in the Approved Content Settings window. Step 1: Enable Global Group Passkey inheritance To allow any user to inherit a set of passkeys if the Approved Content feature is enabled in his/her profile, click the “Enable Approved Content (incl.
Page 289: Minimum Filtering Level Window
2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN Minimum Filtering Level window The Minimum Filtering Level window displays when Minimum Filtering Level is selected from the Global Group menu. This window is used for establishing the minimum filtering level that will apply to all users who belong to a group, and to any group using a filtering profile other than the global (default) filtering profile.
Page 290: Minimum Filtering Categories
2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN Minimum Filtering Categories Minimum Filtering Categories displays by default when Minimum Filtering Level is selected from the Global Group menu, or when the Category tab is clicked. This tab is used for making selections from the list of library categories, and specifying whether each of these selected categories will be opened or blocked at the minimum filtering level.
Page 291: Create, Edit Minimum Filtering Categories
2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN Create, Edit Minimum Filtering Categories To create the categories portion of the minimum filtering level profile: 1. Double-click the column (Pass, Block) in the row corre- sponding to that category group/library category to move the check mark to that column: •...
Page 292: Port
2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN Port Port displays when the Port tab is clicked. This tab is used for blocking access to specified ports at the minimum filtering level. Fig. 2:2-23 Minimum Filtering Level window, Port tab Create, Edit a List of Service Ports All service ports are filtered by default.
Page 293: Minimum Filtering Bypass Options
2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN 3. Click Apply to apply your settings at the minimum filtering level. Minimum Filtering Bypass Options Minimum Filtering Bypass Options displays when the Min. Filter Bypass tab is clicked. This tab is used for specifying whether users in a master IP group will be allowed to bypass the minimum filtering level with an override account or an exception URL.
Page 294: Specify Minimum Filtering Bypass Options
2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN Specify Minimum Filtering Bypass Options To allow a user to override settings made at the minimum filtering level: 1. In the Override Account frame, click the “On” checkbox. Any user who has an override account will be able to access content blocked at the minimum filtering level.
Page 295: Add Group
2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN IP includes options for adding a master IP group and to refresh the tree list. Click the IP link to view a menu of sub- topics: Add Group, and Refresh. Add Group Add a Master IP Group From the IP group menu: 1.
Page 296: Refresh
2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN 3. Enter the Password, and re-enter it in the Confirm Password field, using eight to 20 characters and at least one alpha character, one numeric character, and one special character. The password is case sensitive. 4.
Page 297: Chapter 3: Library Screen
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN Chapter 3: Library screen The Library screen is comprised of windows and dialog boxes used for adding and maintaining library categories. Library categories are used when creating or modifying filtering profiles. Fig. 2:3-1 Library screen A list of main topics displays in the navigation panel at the left of the screen: Updates, Library Lookup, Customer Feed- back Module, Category Weight System, NNTP Newsgroup,...
Page 298 3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN Click Library Lookup, Customer Feedback Module, Cate- gory Weight System, NNTP Newsgroup, or Pattern Detec- tion Whitelist to select that topic. To view the list of category groups, double-click Category Groups to open the tree list. Double-click a category group envelope—any envelope except Custom Categories—to view M86 supplied library categories for that group.
Page 299: Updates
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN Updates Updates includes options for making configurations for library category activities. Click the Updates link to view a menu of sub-topics: Configuration, Manual Update, Addi- tional Language Support, Library Update Log, and Emer- gency Update Log.
Page 300: Optional: Specify A Proxy Server
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN Optional: Specify a Proxy Server 1. In the FTP Proxy Setting frame, by default “Disable” is selected. Click “Enable” if the server is in a proxy server environment. This selection activates the fields in this frame.
Page 301: Manual Update Window
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN Manual Update window The Manual Update to M86 Supplied Categories window displays when Manual Update is selected from the Updates menu. This window is used for updating specified M86 supplied library categories on demand from the update server, if the Web Filter has not received daily updates due to an occurrence such as a power outage.
Page 302 3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN • Full URL Library Update - Select this option to update URL library categories with core library files, and to update search engine keywords, newsgroup libraries, and IM/P2P pattern files. Choose this option to replace the core library files.
Page 303: Additional Language Support Window
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN Additional Language Support window The Additional Language Support window displays when Additional Language Support is selected from the Updates menu. This window is used for including additional M86- supported languages in library downloads. Fig.
Page 304: Library Update Log Window
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN 3. Click Apply to have URLs from the selected language(s) included in the library categories. Library Update Log window The Library Update Log window displays when Library Update Log is selected from the Updates menu. This window is used for viewing transfer activity of library updates from the update server to your Web Filter, and for downloading the activity log.
Page 305: Download Log, View, Print Contents
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN Download Log, View, Print Contents Download the Log 1. Click Download Log to open the alert box containing a message on how to download the log file to your worksta- tion, if using Windows Explorer. 2.
Page 306 3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN Fig. 2:3-6 Folder containing downloaded file 2. Choose “Open With” and then select a zip file executable program such as “WinZip Executable” to launch that application: Fig. 2:3-7 WinZip Executable program 3. If using WinZip, click I Agree to open the window containing the zip file: M86 S ECURITY...
Page 307 3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN Fig. 2:3-8 WinZip window 4. Right-click the zip file to open the menu, and choose “View” to open the View dialog box: Fig. 2:2-9 View dialog box 5. Select “Internal ASCII text viewer”, and then click View to open the View window containing the log file contents: Fig.
Page 308: Save, Print The Log File Contents
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN Save, Print the Log File Contents With the log file displaying correctly formatted in WinZip’s View window, if you wish to save or print the contents of this file: 1. Click Clipboard Copy, wait for the dialog box to open and confirm that the text has been copied to the clip- board, and then click OK to close the dialog box.
Page 309: Emergency Update Log Window
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN Emergency Update Log window The Emergency Update Log window displays when Emer- gency Update Log is selected from the Updates menu. This window is used for viewing transfer activity of emergency software updates from the update server to your Web Filter, and for downloading the activity log.
Page 310: Download The Software Update Log File
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN Download the Software Update Log File NOTE: See Library Update Log window for screen shots pertaining to downloading the software update log file. 1. Click Download Log to open the alert box containing a message on how to download the log file to your worksta- tion, if using Windows Explorer.
Page 311: Library Lookup
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN Library Lookup Library Lookup window The Library Lookup window displays when Library Lookup is selected from the navigation panel. This window is used for verifying whether a URL or search engine keyword or keyword phrase exists in a library category, and to remove it, if necessary.
Page 312: Remove A Url
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN The following types of URL formats also can be entered in this field: • IP address - e.g. "209.247.228.221" in http:// 209.247.228.221 • octal format - e.g. http://0106.0125.0226.0322 • hexadecimal short format - e.g. http://0x465596d2 •...
Page 313: Submit An Email To The Administrator
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN Submit an Email to the Administrator If using a non-Web based email client such as Outlook, you can send an email to the administrator at your organization regarding a URL or search engine keyword that appears to be incorrectly categorized.
Page 314: Reload The Library
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN Reload the Library Once all changes have been made to library windows, click Reload Library to refresh. NOTE: Since reloading the library utilizes system resources that impact the performance of the Web Filter, M86 recommends clicking Reload Library only after modifications to all library windows have been made.
Page 315: Disable Customer Feedback Module
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN WARNING: This feature is enabled by default. Please refer to the sub-section Enable Customer Feedback Module to review the contents of the disclaimer that applies when this feature is enabled. NOTE: For optimum results when using this feature, M86 recom- mends enabling Alert Settings and entering at least one email address that an M86 technical suppport representative can use to contact you for assistance.
Page 316 “M86 Security agrees to discuss the information collected by the Customer Feedback Module only with M86 Security’s employees who have a need to know and who have been informed of the confidential nature of the information and of their personal obligation not to disclose or use such information.
Page 317 HAPTER IBRARY SCREEN “Your agreement to activate the Customer Feedback Module will be transmitted back to M86 Security once you click the ‘Accept’ button.” 4. After reading this text, if you agree with the terms, click in the checkbox to activate the Accept button.
Page 318: Category Weight System
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN Category Weight System Category Weight System window The Category Weight System window displays when Cate- gory Weight System is selected from the navigation panel. This feature lets you choose which category will be logged and reported for a URL request that exists in multiple cate- gories (possibly both M86 supplied and custom library cate- gories) with the same operational precedence.
Page 319: View The Current Selections
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN View the Current Selections This window contains two list boxes: • “No Weight” Categories - Populated with M86 supplied categories • “Weight” Categories - Pre-populated by default with cate- gories M86 suggests you might want to use for this feature.
Page 320: Weighting Library Categories
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN Weighting Library Categories 1. Select the category from the "No Weight" Categories list box. TIP: Multiple categories can be selected by clicking each cate- gory while pressing the Ctrl key on your keyboard. Blocks of cate- gories can be selected by clicking the first category, and then pressing the Shift key on your keyboard while clicking the last category.
Page 321: Nntp Newsgroup
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN NNTP Newsgroup NNTP Newsgroup window The NNTP Newsgroup window displays when NNTP News- group is selected from the navigation panel. This window is used for adding or removing a newsgroup from the libraries. Fig.
Page 322: Remove A Newsgroup From The Library
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN Remove a Newsgroup from the Library To remove a newsgroup from the library: 1. In the Newsgroup frame, enter the Newsgroup address. 2. Click Remove. After all changes have been made to library windows, click Reload Library to refresh.
Page 323: Pattern Detection Whitelist
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN Pattern Detection Whitelist Pattern Detection Whitelist window The Pattern Detection Whitelist window displays when Pattern Detection Whitelist is selected from the navigation panel. This window is used for creating a list of IP addresses always allowed to bypass pattern detection filtering.
Page 324: Create, Maintain A Whitelist Of Ip Addresses
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN Create, Maintain a Whitelist of IP Addresses 1. Enter the IP address to bypass pattern detection filtering. 2. Click Add to include the IP address in the IPs list box. TIP: To remove an IP address from the list, select the IP address from the IPs list box, and then click Remove.
Page 325: Category Groups
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN Category Groups Category Groups is represented by a tree of library category groups, with each group comprised of M86 supplied library categories. M86 supplied library categories are updated regularly with new URLs via Traveler, M86’s executable program that supplies updates to the Web Filter.
Page 326: Library Details Window
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN Double-click a category group’s envelope to open that segment of the tree and to view library categories belonging to that group. Click the M86 supplied category link to view a menu of sub- topics: Library Details, URLs, URL Keywords, and Search Engine Keywords.
Page 327: Urls Window
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN URLs window The URLs window displays when URLs is selected from the library category’s menu of sub-topics. This window is used for viewing, or adding and/or removing a URL from a library category.
Page 328: View A List Of Urls In The Library Category
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN View a List of URLs in the Library Category To view a list of all URLs that either have been added or deleted: 1. Click the View tab. 2. Make a selection from the pull-down menu for “Addition List”, “Deletion List”, “Wildcard Addition List”, or “Wild- card Deletion List”.
Page 329: Add Or Remove Urls, Reload The Library
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN Add or Remove URLs, Reload the Library The Action tab is used for making entries in the URLs window for adding or removing a URL, or reloading the library. Add a URL to the Library Category To add a URL to the library category: 1.
Page 330: Add A Wildcard Url To The Library Category
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN TIP: Multiple URLs can be selected by clicking each URL while pressing the Ctrl key on your keyboard. Blocks of URLs can be selected by clicking the first URL, and then pressing the Shift key on your keyboard while clicking the last URL.
Page 331: Remove A Url From The Library Category
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN Remove a URL from the Library Category To remove a URL or wildcard URL from the library category: 1. Click the Action tab. 2. Enter the URL in the Edit URL List frame or Edit Wild- Card URL List frame, as pertinent.
Page 332: Url Keywords Window
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN URL Keywords window The URL Keywords window displays when URL Keywords is selected from the library category’s menu of sub-topics. This window is used for adding and removing URL keywords from a library category. A library category uses URL keywords to block a user’s access to Internet addresses containing keywords included in its list.
Page 333: View A List Of Url Keywords
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN View a List of URL Keywords To view a list of all URL keywords that either have been added or deleted: 1. In the View Keyword Addition/Deletion List frame, make a selection from the pull-down menu for “Addition List”, or “Deletion List”.
Page 334: Upload A List Of Url Keywords To The Library
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN Upload a List of URL Keywords to the Library Before uploading a text file with URL keyword additions or deletions, in the Upload URL Keyword File frame, specify whether the contents of this file will add to the current file, or overwrite the current file on the server, by clicking the “Append”...
Page 335: Upload A List Of Url Keyword Deletions
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN Upload a List of URL Keyword Deletions To upload a text file with URL keyword deletions: 1. Click Upload To Deletion File to open the Upload Library Keyword window (see Fig. 2:3-25). 2.
Page 336: Search Engine Keywords Window
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN Search Engine Keywords window The Search Engine Keywords window displays when Search Engine Keywords is selected from the library cate- gory’s menu of sub-topics. This window is used for adding and removing search engine keywords/phrases to and from a library category.
Page 337: View A List Of Search Engine Keywords
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN WARNING: Use extreme caution when setting up search engine keywords for filtering. If a non-offending keyword contains the same consecutive characters as a keyword set up to be blocked, users will be denied the ability to perform a search using keywords that are not even in blocked categories.
Page 338: Remove A Search Engine Keyword From The Library
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN Remove a Search Engine Keyword from the Library To remove a search engine keyword/phrase from the library category: 1. In the Edit Search Keyword List frame, enter up to 75 alphanumeric characters in the Keyword field. 2.
Page 339: Upload A List Of Search Engine Keyword Deletions
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN Upload a List of Search Engine Keyword Deletions To upload a text file with search engine keyword/phrase deletions: 1. Click Upload To Deletion to open the Upload Library Keyword window (see Fig. 2:3-25). 2.
Page 340: Chapter 4: Reporting Screen
4: R LOBAL DMINISTRATOR ECTION HAPTER EPORTING SCREEN Chapter 4: Reporting screen The Reporting screen contains options for transferring and/ or reviewing Internet usage data collected by the Web Filter. Fig. 2:4-1 Reporting screen From the navigation panel at the left of the screen, click Report Configuration to display the Report Configuration window, used if the Web Filter's log files will be transferred to a reporting application.
Page 341: Report Configuration
By default, no option is selected at the Export field. If Web Filter logs will be exported to a reporting application: 1. Click the checkbox corresponding to the reporter to be used for transferring logs: “M86 Security Reporter / Enterprise Reporter”, or “Other Device”. 2. Click Save.
Page 342: M86 Security Reporter Or Enterprise Reporter
HAPTER EPORTING SCREEN M86 Security Reporter or Enterprise Reporter If “M86 Security Reporter / M86 Enterprise Reporter” was selected, the M86 Security Reporter / M86 Enterprise Reporter tab displays by default. On this tab, you need to specify criteria for the SR or ER server that will receive logs from the Web Filter.
Page 343: Execute Log Transfer Now
4: R LOBAL DMINISTRATOR ECTION HAPTER EPORTING SCREEN Execute Log Transfer Now In the Initiating Log Transfer frame, click Initiate to transfer the log on demand. View Transfer Activity to the SR, ER After the SR / ER has been configured and logs have been transferred from the Web Filter to the SR / ER, you can view transfer activity.
Page 344: Enter Or Edit Server Information
4: R LOBAL DMINISTRATOR ECTION HAPTER EPORTING SCREEN Fig. 2:4-5 Report Configuration window, Other Device option and tab Enter or Edit Server Information In the Server Configuration frame: 1. In the Remote Server field, enter the IP address of the remote server.
Page 345: View Transfer Activity To The Reporting Device
4: R LOBAL DMINISTRATOR ECTION HAPTER EPORTING SCREEN 6. Click Save. In the FTP Log Update frame: 1. At the Hour field, make a selection from the pull-down menu (1, 2, 3, 4, 6, 8, 12, 24) to specify the interval between hours—in military time—when the update should occur: 1 = updates occur each hour.
Page 346: Real Time Probe
4: R LOBAL DMINISTRATOR ECTION HAPTER EPORTING SCREEN Real Time Probe Real Time Probe window The Real Time Probe window displays when Real Time Probe is selected from the navigation panel. This feature lets the probe administrator monitor a user's Internet usage in real time to see if that user is using the Internet appropri- ately.
Page 347: Set Up Real Time Probes
4: R LOBAL DMINISTRATOR ECTION HAPTER EPORTING SCREEN Set up Real Time Probes 1. Enter the Maximum Probes to Run/Schedule Simulta- neously, up to 99 probes. The default setting is 10 probes. 2. Enter the Maximum Probes that can be Scheduled, equal to or less than the maximum probes that can run at the same time.
Page 348: Report Recipients
4: R LOBAL DMINISTRATOR ECTION HAPTER EPORTING SCREEN Report Recipients Click the Report Recipients tab to display Email Report: Fig. 2:4-7 Real Time Probe window, Report Recipients tab Specify Email File Criteria 1. Click the radio button corresponding the to the Email Format to be used for the file: “Plain Text”...
Page 349: Remove Email Addresses
4: R LOBAL DMINISTRATOR ECTION HAPTER EPORTING SCREEN NOTE: The maximum number of report recipients is 50. If more than 50 recipients need to be included, M86 recommends setting up an email alias list for group distribution. Remove Email Addresses 1.
Page 350: Deactivate An Authorized Logon Account
4: R LOBAL DMINISTRATOR ECTION HAPTER EPORTING SCREEN 3. Click Add to include the username in the Current Acces- sible Users list box. NOTE: When an authorized staff member is added to this list, that username is automatically added to the Current Un-Accessible Users list box in the Logon Accounts tab of the X Strikes Blocking window.
Page 351: Go To Real Time Probe Reports Gui
4: R LOBAL DMINISTRATOR ECTION HAPTER EPORTING SCREEN Go to Real Time Probe Reports GUI When any administrator clicks the Real Time Probe icon or Go to Real Time Probe Reports GUI, either the Re-login window or the Real Time Probe Reports window opens. Re-login window The Re-login window opens if the user’s session needs to be validated:...
Page 352: Real Time Probe Reports
4: R LOBAL DMINISTRATOR ECTION HAPTER EPORTING SCREEN Real Time Probe Reports The Real Time Probe Reports window is comprised of the View and Create tabs. The View tab displays by default (see Fig. 2:4-11), showing the global administrator information on all active probes.
Page 353: Create A Real Time Probe
4: R LOBAL DMINISTRATOR ECTION HAPTER EPORTING SCREEN Fig. 2:4-11 Real Time Probes introductory window This window must be left open during the entire session. Create a Real Time Probe Click the Create tab to enter and specify criteria for the report you wish to generate: Fig.
Page 354 4: R LOBAL DMINISTRATOR ECTION HAPTER EPORTING SCREEN The Current Probe Count displays the Total number of active probes, and the number of probes Created Under This Account. The Maximum Probes to Run/Schedule Simultaneously entered on the Configuration tab displays. 1.
Page 355 4: R LOBAL DMINISTRATOR ECTION HAPTER EPORTING SCREEN • “Category”: Select the library category to be probed. This selection generates a report with data for the specified library category. TIP: Select “Approved Content” from the drop-down menu to probe instances of the Approved Content online video viewing feature.
Page 356: View Real Time Probe Details
4: R LOBAL DMINISTRATOR ECTION HAPTER EPORTING SCREEN View Real Time Probe Details Click the View tab to view details about active probes: Fig. 2:4-13 Real Time Probe Reports, View tab The Display Name shows the name assigned to the probe on the Create tab.
Page 357 4: R LOBAL DMINISTRATOR ECTION HAPTER EPORTING SCREEN View option If a probe is Completed or In Progress, clicking View opens the Real Time Information window: Fig. 2:4-14 Real Time Information window This window displays the number of minutes left for the probe to run (Run Time Left), and user details for each record in the grid: Date &...
Page 358 4: R LOBAL DMINISTRATOR ECTION HAPTER EPORTING SCREEN • If the probe is currently in progress, clicking Stop halts the real time probe and changes this button to “Email”. • After the probe is completed, the Email button is avail- able instead of the Stop button.
Page 359 4: R LOBAL DMINISTRATOR ECTION HAPTER EPORTING SCREEN Stop, Delete options Clicking Stop halts the probe and gives it a Completed status. This option is also available in the Real Time Infor- mation box via the “Stop” button. Clicking Delete opens the following dialog box, asking if you want to delete the probe: Fig.
Page 360: Shadow Log Format
4: R LOBAL DMINISTRATOR ECTION HAPTER EPORTING SCREEN Shadow Log Format Shadow Log Format window The Shadow Log Format window displays when Shadow Log Format is selected from the navigation panel. If the Web Filter's reporting device is the M86 Enterprise Reporter (ER), this window is used for specifying the log format the Web Filter will use for sending logs to the ER.
Page 361: Auto-Detect Option
4: R LOBAL DMINISTRATOR ECTION HAPTER EPORTING SCREEN Auto-detect option By default, “Auto-detect” is selected. Using this option, the Web Filter will search for a connection to an ER and identify the software version of the software update applied to that appliance.
Page 362: Post 2.0 Log Format Option
4: R LOBAL DMINISTRATOR ECTION HAPTER EPORTING SCREEN Post 2.0 log format option If this Web Filter currently has the 2.0 or higher software update applied, the Post 2.0 log option should be selected, since the ER 4.1 or higher software update uses the new log structure.
Page 363: Group Administrator Section
ROUP DMINISTRATOR ECTION NTRODUCTION ROUP DMINISTRATOR ECTION Introduction The Group Administrator Section of this user guide is comprised of two chapters that include information on func- tions performed by the group administrator. Chapter 1 includes information on setting up and main- taining master IP groups and group members.
Page 364: Chapter 1: Policy Screen
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Chapter 1: Policy screen Group administrators use Policy screen windows to add members to a master IP group, create sub-groups and/or individual IP members, and define and maintain members’ filtering profiles. A member is associated with an IP address and may contain a netmask within a valid IP address range.
Page 365: Refresh
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Refresh Refresh the Master IP Group, Member Click Refresh whenever a change has been made to the master IP group or member level of the tree. Fig. 3:1-2 Policy screen, IP menu M86 S ECURITY UIDE...
Page 366: Master Ip Group
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Master IP Group Master IP group includes options for defining and main- taining group accounts, setting up an override account and/ or exception URLs to bypass global settings, and uploading or downloading IP profiles. Click the master IP group’s link to view a menu of sub-topics: Group Details, Members, Override Account, Group Profile, Exception URL, Time Profile, Approved Content (incl.
Page 367: Members Window
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN To change the password for this group: 1. Enter the password in the Password and Confirm Pass- word fields, using eight to 20 characters and at least one alpha character, one numeric character, and one special character.
Page 368: Add The Ip Address Of The Member
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Add the IP Address of the Member If using the invisible or router mode: 1. Specify whether to add an IP address range with or without a netmask by selecting either “Source IP” or “Source IP Start / End”.
Page 369: Override Account Window
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Override Account window The Override Account window displays when Override Account is selected from the menu. This window is used for creating an override account that allows an end user from a master IP group to bypass settings at the minimum filtering level.
Page 370: Add An Override Account
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN See Appendix C: Override Pop-up Blockers for information on how a user with an override account can authenticate if a pop-up blocker is installed on his/her workstation. Add an Override Account To create an Override Account profile: 1.
Page 371: Category Profile
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Category Profile The Rule tab is used for creating the categories portion of the override account profile. Fig. 3:1-6 Override Account window, Rule tab To create the category profile: 1. Select a filtering rule from the available choices in the Available Filter Levels pull-down menu.
Page 372 1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN in the Adult Content category group some of the library catego- ries have a block setting and other library categories have a warn setting, there would be no category group filter setting, since all library categories do not have the same filter setting.
Page 373 1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN • In the Quota column, enter the number of minutes the user will be able to access the library group/category. The minimum number of minutes is “1” and the maximum is “1439” (one day minus one minute). The number of minutes entered here combines with the seconds per hit (minimum one second to maximum 3600 seconds) defined in the Quota Settings window...
Page 374: Redirect Url
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Redirect URL The Redirect tab is used for specifying the URL to be used for redirecting the user if he/she attempts to access a site or service set up to be blocked. Fig.
Page 375: Filter Options
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Filter Options The Filter Options tab is used for specifying which filter option(s) will be applied to the override account profile. Fig. 3:1-8 Override Account window, Filter Options tab Click the checkbox(es) corresponding to the option(s) to be applied to the override account filtering profile: •...
Page 376 1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN AOL’s “strict” SafeSearch Filtering option will be used whenever the end user performs a Google, Bing.com, Yahoo!, YouTube, Ask.com, or AOL Web search or Image search. WARNING: If this option is used in conjunction with the X Strikes Blocking feature and the user is performing an inappropriate Google, Bing.com, Yahoo!, YouTube, Ask.com, or AOL Image search, the number of strikes that user will receive is based upon...
Page 377: Edit An Override Account
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN NOTE: To set up URL keywords in a URL Keywords window, see the URL Keywords window in Chapter 2. Edit an Override Account Change the Password To change an override account’s password: 1.
Page 378: Delete An Override Account
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Delete an Override Account To delete an override account: 1. In the Current Accounts frame, select the username from the list box. 2. Click Remove. Group Profile window The Group Profile window displays when Group Profile is selected from the group menu.
Page 379: Create, Edit A List Of Selected Categories
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Fig. 3:1-9 Group Profile window, Profile tab NOTE: In order to use this tab, filtering rules profiles must already have been set up by the global administrator. By default, “Rule0 Minimum Filtering Level” displays in the Available Filter Levels pull-down menu, and the Minimum Filtering Level box displays “Child Pornography”...
Page 380 1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN TIP: In the Category Groups tree, double-click the group enve- lope to open that segment of the tree and to view library catego- ries belonging to that group. NOTE: If a category group does not display any filter setting (i.e. the check mark does not display in any column for the category group), one or more library categories within that group has a setting in a column other than the filter setting designated for all...
Page 381 1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN 4. To use the quota feature to restrict the end user’s access to a passed library group/category, do the following: • In the Quota column, enter the number of minutes the user will be able to access the library group/category. The minimum number of minutes is “1”...
Page 382: Redirect Url
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Redirect URL Redirect URL displays when the Redirect URL tab is clicked. This tab is used for specifying the URL to be used for redirecting users who attempt to access a site or service set up to be blocked at the group level.
Page 383: Filter Options
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Filter Options Filter Options displays when the Filter Options tab is clicked. This tab is used for specifying which filter option(s) will be applied to the group’s filtering profile. Fig. 3:1-11 Group Profile window, Filter Options tab Create, Edit the Filter Options 1.
Page 384 1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN NOTE: See the X Strikes Blocking window in Chapter 1: System screen of the Global Administrator Section for information on setting up the X Strikes Blocking feature. Google/Bing/Yahoo!/Youtube/Ask/AOL Safe Search Enforcement With the Google/Bing/Yahoo!/Youtube/Ask/AOL Safe Search Enforcement option enabled, Google, Bing.com, Yahoo!, YouTube, Ask.com, and AOL’s “strict”...
Page 385 1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN NOTES: Search engine keyword filtering relies on an exact keyword match. For example, if the word “sex” is set up to be blocked, but “sexes” is not set up to be blocked, a search will be allowed on “sexes”...
Page 386: Exception Url Window
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Exception URL window The Exception URL window displays when Exception URL is selected from the group menu. This window is used for blocking group members’ access to specified URLs and/or for letting group members access specified URLs blocked at the minimum filtering level.
Page 387: Valid Url Entries
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Valid URL entries The following types of URL entries are accepted in this window: • formats such as: http://www.coors.com, www.coors.com, or coors.com • IP address - e.g. "209.247.228.221" in http:// 209.247.228.221 • octal format - e.g. http://0106.0125.0226.0322 •...
Page 388: Add Urls To Block Url Or Bypass Url Frame
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Add URLs to Block URL or ByPass URL frame To block or bypass specified URLs, in the Block URL or the ByPass URL frame: 1. Type the URL to be blocked in the Block URLs field, or the URL to be bypassed in the ByPass URLs field.
Page 389: Status Column Messages And Icons
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN empty checkbox for each entry in the table. Check the checkbox corresponding to a URL entry you want to designate as being case-specific. The URL entry made by the end user must exactly match this entry in order for the URL to be blocked or bypassed, as set up in this window.
Page 390 1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN • “URL cannot be added due to conflicts” - Preceded by the red circle icon with a line through it, this type of conflict indicates the URL is already included in the Exception URL list.
Page 391: Remove Urls From Block Url Or Bypass Url Frame
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Remove URLs from Block URL or ByPass URL frame To remove URLs from the Block URL or the ByPass URL frame: 1. Select a URL to be removed from the Block URL / ByPass URL list box;...
Page 392: Apply Settings
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN 3. Click Remove Selected to close the window and to remove your selection(s) from the appropriate URL list box. Apply Settings Click Apply to apply your settings after adding or removing any URLs. Time Profile window The Time Profile window displays when Time Profile is selected from the group menu.
Page 393: Add A Time Profile
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Add a Time Profile To create a time profile: 1. Click Add to open the Adding Time Profile box: Fig. 3:1-17 Adding Time Profile 2. Type in three to 20 alphanumeric characters—the under- score ( _ ) character can be used—for the profile name.
Page 394 1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN a. Select from a list of time slots incremented by 15 minutes: “12:00” to “11:45”. By default, the Start field displays the closest 15-minute future time, and the End field displays a time that is one hour ahead of that time. For example, if the time is currently 11:12, “11:15”...
Page 395 1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN If 5 is entered, this profile will be used every five days at the specified time. • Weekly - If this selection is made, enter the interval for the weeks this time profile will be used, and specify the day(s) of the week (“Sunday”...
Page 396 1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN First enter the year(s) for the interval. By default “1” displays, indicating this time profile will be used each year. Next, choose from one of two options to specify the day of the month for the interval: •...
Page 397 1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN 7. Click each of the tabs (Rule, Redirect, Filter Options, Exception) and specify criteria to complete the time profile. (See Category Profile, Redirect URL, Filter Options, and Exception URL in this sub-section for infor- mation on the Rule, Redirect, Filter Options, and Excep- tion tabs.) 8.
Page 398: Category Profile
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Category Profile The Rule tab is used for creating the categories portion of the time profile. Fig. 3:1-19 Time Profile window, Rule tab NOTE: See the Override Account window, Category Profile sub- section in this chapter for information about entries that can be made for this component of the filtering profile.
Page 399: Redirect Url
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Redirect URL The Redirect tab is used for specifying the URL to be used for redirecting users who attempt to access a site or service set up to be blocked. Fig. 3:1-20 Time Profile window, Redirect URL tab NOTE: See the Override Account window, Redirect URL sub- section in this chapter for information about entries that can be made for this component of the filtering profile.
Page 400: Filter Options
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Filter Options The Filter Options tab is used for specifying which filter option(s) will be applied to the time profile. Fig. 3:1-21 Time Profile window, Filter Options tab NOTE: See the Override Account window, Filter Options sub- section in this chapter for information about entries that can be made for this component of the filtering profile.
Page 401: Exception Url
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Exception URL The Exception tab is used for allowing users to be blocked from accessing specified URLs and/or to be allowed to access specified URLs blocked at the minimum filtering level. Fig. 3:1-22 Time Profile window, Exception tab NOTES: See the Exception URL window sub-section in this chapter for information about entries that can be made for this component of the filtering profile.
Page 402: Approved Content
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Approved Content The Approved Content tab is used for enabling/disabling the Approved Content feature for users to view specific YouTube or SchoolTube videos from a designated portal or from VuSafe. If this feature is enabled for this profile, pass- keys for approved videos are entered in the Passkey list box.
Page 403: Modify A Time Profile
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Modify a Time Profile To modify an existing time profile: 1. Select the time profile from the Current Time Profiles list box. 2. Click View/Modify to open the Modify Time Profiles window. 3.
Page 404: Approved Content Settings Window
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Approved Content Settings window The Approved Content Settings window displays when Approved Content (incl. VuSafe) is selected from the group menu. This window is used for granting users access to a specified set of approved YouTube or SchoolTube videos— via a portal managed by someone within the organization—...
Page 405: Approved Content Portal Setup
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN NOTE: If Pattern Blocking is enabled (System > Control > Filter > Service Control frame), then the filtering profile must "Allow" the Flash Video (FLV) pattern (Category Groups > Bandwidth > Streaming Media > Flash Video). Approved Content portal setup To create a portal for users to view approved YouTube and/ or SchoolTube videos, you will need the following:...
Page 406 1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN If the Global Group has the “Enable Approved Content (incl. VuSafe)” option disabled, the message “Pass- keys are currently disabled” displays, and any pass- keys listed for the Global Group will not be inherited by this profile.
Page 407: Upload/Download Ip Profile Window
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Upload/Download IP Profile window The IP Profile Management window displays when Upload/ Download IP Profile is selected from the group menu. This window is used for uploading or downloading a text file containing filtering profiles of multiple users or sub-groups.
Page 408 1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN NOTE: Leave the refresh page open until the file containing the profile has been uploaded. 2. Click Browse... to open the Choose file window in which you find and select the file containing the IP profiles to be uploaded.
Page 409: Download Profile
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Download Profile If profiles have been created and/or uploaded to the server: 1. Click Download Profile to open a browser window containing the profiles: Fig. 3:1-28 Download IP Profiles window The contents of this window can viewed, printed, and/or saved.
Page 410: Add Sub Group
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Add Sub Group Add an IP Sub Group From the group menu: 1. Click Add Sub Group to open the Create Sub Group dialog box: Fig. 3:1-29 Create Sub Group box 2. Enter the Group Name for the sub-group. NOTES: The name of the sub-group must be less than 20 char- acters;...
Page 411: Add Individual Ip
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Add Individual IP Add an Individual IP Member From the group menu: 1. Click Add Individual IP to open the Create Individual IP dialog box: Fig. 3:1-30 Create Individual IP box 2. Enter the Member Name for the Individual IP address. NOTES: The name of the individual IP address must be less than 20 characters;...
Page 412: Delete Group
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Delete Group Delete a Master IP Group Profile To delete a group profile, choose Delete Group from the group menu. This action removes the master IP group from the tree. Paste Sub Group The Paste Sub Group function is used for expediting the process of creating sub-groups, if the sub-group to be added has the same configuration settings as one that...
Page 413: Sub Group
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Sub Group Sub Group includes options for creating and maintaining the filtering profile for the sub-group. Click the sub-group’s link to view a menu of sub-topics: Sub Group Details, Members, Sub Group Profile, Exception URL, Time Profile, Approved Content (incl.
Page 414: Add Ip Sub-Group Details
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN • IP Range • Member IP address and netmask or IP address range Add IP Sub-Group Details If the sub-group was not previously defined, the fields in the IP Address frame and the Apply button remain activated. , fields activated Fig.
Page 415: Members Window
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Members window The Members window displays when Members is selected from the menu. This window is used for modifying the sub- group’s Member IP address, if using the invisible or router mode. Fig.
Page 416: Modify Sub-Group Members
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Modify Sub-Group Members The Modify Sub Group Member frame is comprised of the IP Address frame. 1. Specify whether to add or edit an IP address range with or without a netmask by selecting either “Member IP” or “Member IP Start / End”.
Page 417: Exception Url Window
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Exception URL window The Exception URL window displays when Exception URL is selected from the sub-group menu. This window is used for blocking sub-group members’ access to specified URLs and/or for letting sub-group members access specified URLs blocked at the minimum filtering level.
Page 418: Approved Content Settings Window
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Approved Content Settings window The Approved Content Settings window displays when Approved Content (incl. VuSafe) is selected from the sub- group menu. This window is used for granting access to a specified set of approved online videos posted to YouTube or SchoolTube—via a portal managed by someone within the organization—or videos posted to VuSafe.
Page 419: Delete Sub Group
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Delete Sub Group Delete an IP Sub-Group To delete a sub-group, choose Delete Sub Group from the sub-group menu. This action removes the sub-group from the tree. Copy Sub Group The Copy Sub Group function is used for expediting the process of creating sub-groups, if the sub-group to be added has the same configuration settings as one that already exists.
Page 420: Individual Ip
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Individual IP Individual IP includes options for creating and maintaining the filtering profile for the Individual IP member. Click the individual IP member’s link to view a menu of sub-topics: Members, Individual IP Profile, Exception URL, Time Profile, Approved Content (incl.
Page 421: Enter The Ip Address Of The Member
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Enter the IP Address of the Member In the Modify Individual Group Member frame: 1. Enter the IP address in the Member field. 2. Click Modify to apply your changes. Individual IP Profile window The Individual IP Profile window displays when Individual IP Profile is selected from the individual IP member menu.
Page 422: Approved Content Settings Window
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN NOTE: See the Time Profile window in the Master IP Group sub- section of this chapter for information on entries that can be made for the following components of the filtering profile: Category Profile, Redirect URL, Filter Options, Exception URL, Approved Content.
Page 423: Chapter 2: Library Screen
2: L ROUP DMINISTRATOR ECTION HAPTER IBRARY SCREEN Chapter 2: Library screen Group administrators use windows and dialog boxes in the Library screen to look up URLs and to add and maintain custom library categories for a group. Library categories are used when creating or modifying filtering profiles.
Page 424: Library Lookup
2: L ROUP DMINISTRATOR ECTION HAPTER IBRARY SCREEN Library Lookup Library Lookup window The Library Lookup window displays when Library Lookup is selected from the navigation panel. This window is used for verifying whether or not a URL or search engine keyword or keyword phrase exists in a library category.
Page 425: Look Up A Url
2: L ROUP DMINISTRATOR ECTION HAPTER IBRARY SCREEN Look up a URL 1. In the URL Lookup frame, enter the URL. For example, enter http://www.coors.com, coors.com, or use a wild- card by entering *.coors.com. A wildcard entry finds all URLs containing text that follows the period (.) after the asterisk (*).
Page 426: Look Up A Search Engine Keyword
2: L ROUP DMINISTRATOR ECTION HAPTER IBRARY SCREEN Look up a Search Engine Keyword To see if a search engine keyword or keyword phrase has been included in any library category: 1. In the Search Engine Keyword Lookup frame, enter the Search Engine Keyword or keyword phrase, up to 75 alphanumeric characters.
Page 427: Add Category
2: L ROUP DMINISTRATOR ECTION HAPTER IBRARY SCREEN WARNING: The maximum number of categories that can be saved is 512. This figure includes both M86 supplied categories and custom categories. Add Category A unique custom library category should be created only if it does not exist in the Category Groups tree, and if any sub- group needs to use that library category.
Page 428: Refresh
2: L ROUP DMINISTRATOR ECTION HAPTER IBRARY SCREEN new custom category, the group name displays in paren- theses after the long name. TIP: If this is the first custom category you are adding, you may need to double-click “Custom Categories” to open the tree list. NOTE: The category must have URLs, URL keywords, and/or search keywords added to its profile in order for it to be effective.
Page 429: Custom Library Category
2: L ROUP DMINISTRATOR ECTION HAPTER IBRARY SCREEN Custom library category When a custom library category is created, its long name displays in the Custom Categories tree list. Click the custom library category link to view a menu of sub-topics: Library Details, URLs, URL Keywords, Search Engine Keywords, and Delete Category.
Page 430: View, Edit Library Details
2: L ROUP DMINISTRATOR ECTION HAPTER IBRARY SCREEN Fig. 3:2-6 Library Details window View, Edit Library Details The following display and cannot be edited: Custom Cate- gories Group Name and library category Short Name. 1. The long Description name displays and can be edited. 2.
Page 431: Urls Window
2: L ROUP DMINISTRATOR ECTION HAPTER IBRARY SCREEN URLs window The URLs window displays when URLs is selected from the custom library category’s menu of sub-topics. This window is used for viewing, adding and/or removing a URL from a custom library category’s master URL list or master wildcard URL list.
Page 432: View A List Of Urls In The Library Category
2: L ROUP DMINISTRATOR ECTION HAPTER IBRARY SCREEN View a List of URLs in the Library Category To view a list of all URLs that either have been added or deleted from the master URL list or master wildcard URL list: 1.
Page 433: Add Or Remove Urls Or Wildcard Urls
2: L ROUP DMINISTRATOR ECTION HAPTER IBRARY SCREEN Add or Remove URLs or Wildcard URLs The Action tab is used for making entries in the URLs window for adding or removing a URL or wildcard URL, uploading a master URL list or master wildcard URL list, or reloading the library.
Page 434: Add A Wildcard Url To The Library Category
2: L ROUP DMINISTRATOR ECTION HAPTER IBRARY SCREEN TIP: Multiple URLs can be selected by clicking each URL while pressing the Ctrl key on your keyboard. Blocks of URLs can be selected by clicking the first URL, and then pressing the Shift key on your keyboard while clicking the last URL.
Page 435: Remove A Url From The Library Category
2: L ROUP DMINISTRATOR ECTION HAPTER IBRARY SCREEN Remove a URL from the Library Category To remove a URL or wildcard URL from the library category: 1. Click the Action tab. 2. Enter the URL in the Edit URL List frame or Edit Wild- Card URL List frame, as pertinent.
Page 436 2: L ROUP DMINISTRATOR ECTION HAPTER IBRARY SCREEN TIP: A URL text file must contain one URL per line. WARNING: The text file uploaded to the server will overwrite the current file. NOTE: Before the file is uploaded to the server, it will first be vali- dated 4.
Page 437: Upload A Master List Of Wildcard Urls
2: L ROUP DMINISTRATOR ECTION HAPTER IBRARY SCREEN a. Go to the IP Lookup Options section and click the radio button corresponding to the option to be used when uploading the file: • “Upload the file with IP Lookup” - If this option is selected, IP addresses that correspond to URLs in the uploaded file will be blocked along with the URLs.
Page 438 2: L ROUP DMINISTRATOR ECTION HAPTER IBRARY SCREEN 3. Select the file to be uploaded. TIP: A wildcard URL text file must contain one wildcard URL per line. WARNING: The text file uploaded to the server will overwrite the current file. NOTE: Before the file is uploaded to the server, it will first be vali- dated 4.
Page 439: Reload The Library
2: L ROUP DMINISTRATOR ECTION HAPTER IBRARY SCREEN NOTE: In order for the URLs to take effect, library categories must be reloaded. Reload the Library After all changes have been made to library windows, click Reload Library to refresh. NOTE: Since reloading the library utilizes system resources that impact the performance of the Web Filter, M86 recommends clicking Reload Library only after modifications to all library windows have been made.
Page 440: View A List Of Url Keywords
2: L ROUP DMINISTRATOR ECTION HAPTER IBRARY SCREEN NOTE: If the feature for URL keyword filtering is not enabled in a filtering profile, URL keywords can be added in this window but URL keyword filtering will not be in effect for the user(s). (See the Filter Options tab in the Policy screen section for information about enabling URL keyword filtering.) WARNING: Use extreme caution when setting up URL keywords...
Page 441: Upload A List Of Url Keywords To The Library
2: L ROUP DMINISTRATOR ECTION HAPTER IBRARY SCREEN Upload a List of URL Keywords to the Library To upload a text file containing URL keyword additions: 1. In the Upload Master URL Keyword File frame, click Upload Master to open the Upload Library Keyword window: Fig.
Page 442: Search Engine Keywords Window
2: L ROUP DMINISTRATOR ECTION HAPTER IBRARY SCREEN Search Engine Keywords window The Search Engine Keywords window displays when Search Engine Keywords is selected from the custom library category’s menu of sub-topics. This window is used for adding and removing search engine keywords and phrases to and from a custom library category’s master list.
Page 443: View A List Of Search Engine Keywords
2: L ROUP DMINISTRATOR ECTION HAPTER IBRARY SCREEN able to run a search on a subject such as “cotton gin”. However, if the word “sex” is set up to be blocked, a search will be allowed on “sexes” but not “sex” since a search engine keyword must exactly match a word set up to be blocked.
Page 444: Upload A Master List Of Search Engine Keywords
2: L ROUP DMINISTRATOR ECTION HAPTER IBRARY SCREEN Upload a Master List of Search Engine Keywords To upload a master list containing search engine keyword/ phrase additions: 1. In the Upload Search Keywords File frame, click Upload Master to open the Upload Library Keyword window (see Fig.
Page 445: Appendices Section
PPENDICES ECTION PPENDIX PPENDICES ECTION Appendix A Filtering Profile Format and Rules A filtering profile must be set up in a specified format, containing the following items: 1. The username or group name 2. IP address 3. Filtering profile criteria: •...
Page 446: Rule Criteria
PPENDICES ECTION PPENDIX Rule Criteria Rule criteria consists of selections made from the following lists of codes that are used in profile strings: • Port command codes: Filter all ports Filter the defined port number(s) Open all ports Open the defined port number(s) Set the defined port number(s) to trigger a warn message Block all ports...
Page 447 PPENDICES ECTION PPENDIX • Category command codes: Category command codes must be entered in the following order: J, R, M, I. “PASSED” should either be entered after J, R, or M, or after a string of category codes following J, R, or M. J = Positioned before the category/categories defined as "always allowed."...
Page 448 PPENDICES ECTION PPENDIX • Filter Option codes: • 0x1 Exception URL Query (always enabled) • 0x2 X Strikes Blocking • 0x4 Google/Bing/Yahoo!/Youtube/Ask/AOL Safe Search Enforcement • 0x100 = Search Engine Keyword • 0x200 = URL Keyword • 0x1000= Extend URL Keyword Filter Control NOTE: To enable multiple filter codes, add the codes together.
Page 449: Create A Custom Block Page
PPENDICES ECTION PPENDIX Appendix B Create a Custom Block Page M86 offers ways for you to customize the block page so that the page can have a different look while retaining the infor- mation/functionality provided in M86’s default block page. NOTE: The solutions provided in this appendix will only let you customize the Block page, not the Options page.
Page 450: Exclude Filtering Ip
PPENDICES ECTION PPENDIX http://<server for block_page>[:<port for block page>]/ <blockpage>?URL=<blocked url>&IP=<client IP>&CAT=<URL category>&USER=<client User Name> 2. Exclude filtering <server for block page> IP 1. Go to: GUI: Policy > Global Group > Range to Detect 2. Input the IP address under “Destination IP” > ”Exclude IP”...
Page 451: Show M86'S Information In The Block Page (Optional)
PPENDICES ECTION PPENDIX Show M86’s information in the block page (optional) The following information is passed to the <blockpage> through the query string: Name Description: Value Blocked URL: From the query string of the block page URL IP that accessed the blocked URL: (see URL) Category of the blocked URL: (see URL) USER User Name that accessed the blocked URL: (see URL)
Page 452: Customized Block Page Examples
PPENDICES ECTION PPENDIX Customized block page examples The examples in the Reference portion of this appendix illustrate how form data is parsed and posted in the custom- ized block page. Examples include: 1. HTML (using Java Script to parse/post form data) 2.
Page 453: Reference
PPENDICES ECTION PPENDIX Reference HTML     <html> <head> <script language=javascript> function parseData(str, start, end) result = "";...
Page 454 PPENDICES ECTION PPENDIX user = parseData(query, "USER=", "&"); document.block.USER.value = user; function showData(){ document.write("URL:" + document.block.URL.value + "<br>"); document.write("IP:" + document.block.IP.value + "<br>"); document.write("CAT:" + document.block.CAT.value + "<br>"); document.write("USER:" + document.block.USER.value + "<br>"); function do_options(){ document.block.action="http://<Web Filter IP>:81/cgi/ block.cgi" document.block.submit(); </script>...
Page 455: Cgi Written In Perl
PPENDICES ECTION PPENDIX CGI written in Perl There are two methods for CGI written in Perl: One lets you embed data in the query string to pass data to the Options CGI, and the other lets you use Java Script to post form data to the Options CGI.
Page 456: Use Java Script To Post Form Data
PPENDICES ECTION PPENDIX print "<br>For further options, <a href=\"http://<Web Filter IP>:81/ cgi/ block.cgi?URL=$url&IP=$ip&CAT=$cat&USER=$user&STEP=STEP2\">click here</a><br>\n"; print "</body>\n"; print "</html>\n"; Use Java Script to post form data #!/usr/bin/perl # Original Filename: cusp_block2.cgi # File Type: # Description: Sample Perl script for Web Filter customized block page # Replace the <Web Filter IP>...
Page 457 PPENDICES ECTION PPENDIX print "<body>\n"; print "<form method=post name=block>\n"; print "<input type=hidden name=\"SITE\" value=\"_BLOCK_SITE_\">\n"; print "<input type=hidden name=\"IP\" value=\"$ip\">\n"; print "<input type=hidden name=\"URL\" value=\"$url\">\n"; print "<input type=hidden name=\"CAT\" value=\"$cat\">\n"; print "<input type=hidden name=\"USER\" value=\"$user\">\n"; print "<input type=hidden name=\"STEP\" value=\"STEP2\">\n"; print "<br>Web Filter Customized Block Page (CGI written with Perl using Java Script to post form data)<br>\n";...
Page 458: Cgi Written In C
PPENDICES ECTION PPENDIX CGI written in C * cusc_block.c * Description: sample C source code of CGI for customized block page * Replace <Web Filter IP> with real IP and recompile before using * Revision: 1 * Date: 03/08/2004 #include <stdio.h> struct { char *name;...
Page 459 PPENDICES ECTION PPENDIX unescape_url(paramv); paramn = (char *)makeword(paramv, '='); to_upper(paramn); if (strcmp(paramn, "IP") == 0) strcpy(szIP, paramv); else if (strcmp(paramn, "URL") == 0) strcpy(szURL, paramv); else if (strcmp(paramn, "CAT") == 0) strcpy(szCategory, paramv); else if (strcmp(paramn, "USER") == 0) strcpy(szUserName, paramv); getnextquery(&paramv);...
Page 460 PPENDICES ECTION PPENDIX printf("<html>\n"); printf("<head>\n"); printf("<script language=\"JavaScript\">\n"); printf("function do_options()\n"); printf("{\n"); printf("document.block.action=\"http://<Web Filter IP>:81/cgi/ block.cgi\"\n"); printf("document.block.submit()\n"); printf("}\n"); printf("</script>\n"); printf("</head>\n"); printf("<form method=post name=block >\n"); printf("<input type=hidden name=\"SITE\" value=\"_BLOCK_SITE_\">\n"); printf("<input type=hidden name=\"IP\" value=\"%s\">\n", szIP); printf("<input type=hidden name=\"URL\" value=\"%s\">\n", szURL); printf("<input type=hidden name=\"CAT\" value=\"%s\">\n", szCategory);...
Page 461 PPENDICES ECTION PPENDIX url[x] = x2c(&url[y+1]); y+=2; url[x] = '\0'; char x2c(char *what) register char digit; digit = (what[0] >= 'A' ? ((what[0] & 0xdf) - 'A')+10 : (what[0] - '0')); digit *= 16; digit += (what[1] >= 'A' ? ((what[1] & 0xdf) - 'A')+10 : (what[1] - '0'));...
Page 462 PPENDICES ECTION PPENDIX char *word; int ll; wsize = 102400; ll=0; word = (char *) malloc(sizeof(char) * (wsize + 1)); while(1) word[ll] = (char)fgetc(f); if(ll==wsize) word[ll+1] = '\0'; wsize+=102400; word = (char *)realloc(word,sizeof(char)*(wsize+1)); --(*cl); if((word[ll] == stop) || (feof(f)) || (!(*cl))) if(word[ll] != stop) ll++;...
Page 463 PPENDICES ECTION PPENDIX void getquery(char *paramd, char **paramv) if (paramd == NULL) *paramv = NULL; else *paramv = (char *)strtok(paramd, "&"); void getnextquery(char **paramv) *paramv = (char *)strtok(NULL, "&"); M86 S ECURITY UIDE...
Page 464: Override Pop-Up Blockers
PPENDICES ECTION PPENDIX Appendix C Override Pop-up Blockers An override account user with pop-up blocking software installed on his/her workstation will need to temporarily disable pop-up blocking in order to authenticate him/herself via the Options page: Fig. C-1 Options page This appendix provides instructions on how to use an over- ride account if typical pop-up blocking software is installed, as in the following products: Yahoo! Toolbar, Google...
Page 465: Yahoo! Toolbar Pop-Up Blocker
PPENDICES ECTION PPENDIX Yahoo! Toolbar Pop-up Blocker If Pop-up Blocking is Enabled 1. In the Options page (see Fig. C-1), enter your Username and Password. 2. Press and hold the Ctrl key on your keyboard while simultaneously clicking the Override button—this action opens the override account pop-up window.
Page 466 PPENDICES ECTION PPENDIX Fig. C-3 Allow pop-ups from source 3. Select the source from the Sources of Recently Blocked Pop-Ups list box to activate the Allow button. 4. Click Allow to move the selected source to the Always Allow Pop-Ups From These Sources list box. 5.
Page 467: Google Toolbar Pop-Up Blocker
PPENDICES ECTION PPENDIX Google Toolbar Pop-up Blocker If Pop-up Blocking is Enabled 1. In the Options page (see Fig. C-1), enter your Username and Password. 2. Press and hold the Ctrl key on your keyboard while simultaneously clicking the Override button—this action opens the override account pop-up window.
Page 468: Adwaresafe Pop-Up Blocker
PPENDICES ECTION PPENDIX AdwareSafe Pop-up Blocker If Pop-up Blocking is Enabled 1. In the Options page (see Fig. C-1), enter your Username and Password. 2. Press and hold the Ctrl key on your keyboard while simultaneously clicking the Override button—this action opens the override account pop-up window.
Page 469: Mozilla Firefox Pop-Up Blocker
PPENDICES ECTION PPENDIX Mozilla Firefox Pop-up Blocker Add Override Account to the White List 1. From the Firefox browser, go to the toolbar and select Tools > Options to open the Options dialog box. 2. Click the Content tab at the top of this box to open the Content section: Fig.
Page 470 PPENDICES ECTION PPENDIX Fig. C-7 Mozilla Firefox Pop-up Window Exceptions 4. Enter the Address of the web site to let the override account window pass. 5. Click Allow to add the URL to the list box section below. 6. Click Close to close the Allowed Sites - Pop-ups box. 7.
Page 471: Windows Xp Sp2 Pop-Up Blocker
PPENDICES ECTION PPENDIX Windows XP SP2 Pop-up Blocker Set up Pop-up Blocking There are two ways to enable the pop-up blocking feature in the IE browser. Use the Internet Options dialog box 1. From the IE browser, go to the toolbar and select Tools > Internet Options to open the Internet Options dialog box.
Page 472: Use The Ie Toolbar
PPENDICES ECTION PPENDIX Use the IE Toolbar In the IE browser, go to the toolbar and select Tools > Pop- up Blocker > Turn On Pop-up Blocker: Fig. C-9 Toolbar setup When you click Turn On Pop-up Blocker, this menu selec- tion changes to Turn Off Pop-up Blocker and activates the Pop-up Blocker Settings menu item.
Page 473: Add Override Account To The White List
PPENDICES ECTION PPENDIX Add Override Account to the White List There are two ways to disable pop-up blocking for the over- ride account and to add the override account to your white list. Use the IE Toolbar 1. With pop-up blocking enabled, go to the toolbar and select Tools >...
Page 474: Use The Information Bar
PPENDICES ECTION PPENDIX Use the Information Bar With pop-up blocking enabled, the Information Bar can be set up and used for viewing information about blocked pop- ups or allowing pop-ups from a specified site. Set up the Information Bar 1. Go to the toolbar and select Tools > Pop-up Blocker > Pop-up Blocker Settings to open the Pop-up Blocker Settings dialog box (see Fig.
Page 475 PPENDICES ECTION PPENDIX 3. Click the Information Bar for settings options: Fig. C-12 Information Bar menu options 4. Select Always Allow Pop-ups from This Site—this action opens the Allow pop-ups from this site? dialog box: Fig. C-13 Allow pop-ups dialog box 5.
Page 476: Configure The Web Filter For Reporting
Entries in the Web Filter Administrator console 1. Choose Reporting > Report Configuration to display the Report Configuration window. 2. Click the “M86 Security Reporter / M86 Enterprise Reporter” checkbox to display the M86 Security Reporter / M86 Enterprise Reporter tab: Fig.
Page 477 PPENDICES ECTION PPENDIX NOTE: To remove an IP address from the list box, select it and click Remove. 4. After the SR / ER has been configured, and logs have been transferred from the Web Filter to the SR / ER, click the Log tab to view transfer activity.
Page 478: Entries In The Sr, Er Administrator Console
PPENDICES ECTION PPENDIX Entries in the SR, ER Administrator console To see if log files have transferred: 1. Access the SR / ER’s Administrator console. 2. From the Database pull-down menu, choose Tools to display the Tools screen. 3. From the Database Status menu, choose File Watch Log.
Page 479: Raid And Hardware Maintenance
PPENDICES ECTION PPENDIX Appendix E RAID and Hardware Maintenance This appendix is divided into three parts: Hardware Compo- nents, Server Interface, and Troubleshooting—in the event of a failure in one of the drives, power supplies, or fans. NOTE: As part of the ongoing maintenance procedure for your RAID server, M86 recommends that you always have a spare drive and spare power supply on hand.
Page 480 PPENDICES ECTION PPENDIX • FLTR = Filtering Status • LIBR = Library Update Status • RAID = Hard Drive Status • UPDT = Software Update Status LED Indicator Chart Below is a chart of LED indicators in the “SL” and “HL” unit: Color Condition Description...
Page 481: Front Control Panels On Sl And Hl Units
PPENDICES ECTION PPENDIX Front control panels on SL and HL units Control panel buttons, icons, and LED indicators display on the right side of the front panel. The buttons let you perform a function on the unit, while an LED indicator corresponding to an icon alerts you to the status of that feature on the unit.
Page 482 PPENDICES ECTION PPENDIX NIC2 (icon) – A flashing green LED indicates net- work activity on LAN2. The LED is a steady green with link connectivity, and unlit if there with no link connectivity. NIC1 (icon) – A flashing green LED indicates net- work activity on LAN1.
Page 483: Rear Panels On Hl Units
PPENDICES ECTION PPENDIX Rear panels on HL units UID (LED indicator) – On the rear of the “HL” chassis, to the left of the power supplies, a steady blue UID LED indicator displays when the UID button on the control panel is pressed.
Page 484: Part 3: Troubleshooting
PPENDICES ECTION PPENDIX Part 3: Troubleshooting The text in this section explains how the server alerts the administrator to a failed component, and what to do in the event of a failure. Hard drive failure Step 1: Review the notification email If a hard drive fails, a notification email is sent to the admin- istrator of the server.
Page 485: Step 2: Verify The Failed Drive In The Admin Console
PPENDICES ECTION PPENDIX Step 2: Verify the failed drive in the Admin console The Hardware Failure Detection window in the Adminis- trator console is accessible via the System > Hardware Failure Detection menu selection: Fig. E-1 Hardware Failure Detection window The Hardware Failure Detection window displays the current RAID Array Status for the two hard drives (HD 1 and HD 2) at the right side of the window.
Page 486: Step 3: Replace The Failed Hard Drive
PPENDICES ECTION PPENDIX Step 3: Replace the failed hard drive After verifying the failed hard drive in the Administrator console, go to the server to replace the drive. Press the red release button to release the handle on the carrier, and then extend the handle fully and pull the carrier out towards you.
Page 487: Step 4: Rebuild The Hard Drive
PPENDICES ECTION PPENDIX Step 4: Rebuild the hard drive Once the failed hard drive has been replaced, return to the Hardware Failure Detection window in the Administrator console, and click Rebuild to proceed with the rebuild process. WARNING: When the RAID array reconstruction process begins, the Administrator console will close and the hard drive will become inaccessible.
Page 488: Step 3: Replace The Failed Power Supply
PPENDICES ECTION PPENDIX Step 3: Replace the failed power supply Remove the failed power supply by locating the red release tab (1) and pushing it to the right (2), then lifting the curved metal handle and pulling the power supply module towards you (3).
Page 489: Fan Failure
PPENDICES ECTION PPENDIX Fan failure Identify a fan failure A flashing red LED indicates a fan failure. If this displays on your unit, contact Technical Support for an RMA (Return Merchandise Authorization) number and for instructions on returning the unit to M86. A steady red LED (on and not flashing) indicates an over- heating condition, which may be caused by cables obstructing the airflow in the system or the ambient room...
Page 490: Glossary
PPENDICES ECTION PPENDIX Appendix F Glossary This glossary includes definitions for terminology used in this user guide. always allowed - A filter category or port given this desig- nation in a profile will be included in the white list. However, this setting in a library category is overridden if the minimum filtering level is set up to block that category.
Page 491 PPENDICES ECTION PPENDIX global administrator - An authorized administrator of the network who maintains all aspects of the Web Filter, except for managing master IP groups and their members, and their associated filtering profiles. The global administrator configures the Web Filter, sets up master IP groups, and performs routine maintenance on the server.
Page 492 PPENDICES ECTION PPENDIX (LDAP) is a directory service protocol based on entries (Distinguished Names). M86 supplied category - A library category that was created by M86, and includes a list of URLs, URL keywords, and search engine keywords to be blocked. machine name - Pertains to the name of the user’s work- station machine (computer).
Page 493 PPENDICES ECTION PPENDIX net use - A command that is used for connecting a computer to—or disconnecting a computer from—a shared resource, or displaying information about computer connec- tions. The command also controls persistent net connec- tions. NetBIOS - Network Basic Input Output System is an appli- cation programming interface (API) that augments the DOS BIOS by adding special functions to local-area networks (LANs).
Page 494 PPENDICES ECTION PPENDIX protocol - A type of format for transmitting data between two devices. LDAP and SMB are types of authentication method protocols. proxy server - An appliance or software that accesses the Internet for the user’s client PC. When a client PC submits a request for a Web page, the proxy server accesses the page from the Internet and sends it to the client.
Page 495 PPENDICES ECTION PPENDIX search engine - A program that searches Web pages for specified keywords and returns a list of the pages or services where the keywords were found. service port - Service ports can be set up to blocked. Examples of these ports include File Transfer Protocol (FTP), Hyper Text Transfer Protocol (HTTP), Network News Transfer Protocol (NNTP), Secured HTTP Transmission...
Page 496 PPENDICES ECTION PPENDIX virtual IP address - The IP address used for communi- cating with all users who log on the network. VLAN - Virtual Local Area Network is a network of computers that may be located on different segments of a LAN but communicate as if they were on the same physical LAN segment.
Page 497: Index
NDEX account password security 98 setup 95 Active connections diagnostic tool 109 active filtering profiles 23 Active Profile Lookup window 116 Additional Language Support window 283 Admin Audit Trail window 120 Administrator menu 95 Administrator window 95 alert box, terminology 4 Alert menu 123 Alert Settings window 123 always allowed 27...
Page 498 NDEX Block Page Device 153 Block Page Route Table window 93 block setting 27 definition 470 button, terminology 4 calculator 66 category codes 427 custom categories 406 custom category 25 library 25 M86 supplied category 306 category codes 427 Category Groups menu 305 category profile global 248 IP group 358...
Page 499 NDEX Customer Feedback Module window 294 Customization menu 195 Diagnostics menu 106 dialog box, terminology 4 Disk Usage diagnostic tool 111 Emergency Update Log window 289 Enterprise Reporter 322 environment requirements 10 EULA 220 Exception URL 381 exception URL 81 Exception URL window 366 field, terminology 4 filter option codes 428...
Page 500 NDEX frame, terminology 5 CFM 294 Change Log FTP Setup 121 proxy setting 280 report configuration 325 General Availability 128 global administrator 1 add account 95 definition 471 global filtering profile 23 global group 18 category profile 248 default redirect URL 251 filter options 252 menu 233 override account 256...
Page 501 NDEX Help screen 55 Help Topics 56 How to configure filtering 72 configure the Minimum Filtering Level 269 Bypass Options 273 configure the Warn Option Setting 193 customize pages 195 set up a custom category 406 set up a Time Profile 372 set up an Override Account Global Group 256 Group profile 349...
Page 502 NDEX proxy environment 157 HTTPS Filtering 75 Individual IP 400 individual IP member add to group 391 definition 471 delete 402 profile type 22 Individual IP Profile window 401 Installation Guide 50 instant messaging 31 definition 471 Internet Explorer 10 invisible mode 13 definition 471 diagram 13...
Page 503 NDEX LAN Settings window 88 LDAP definition 471 LED indicators 459 library full URL update 282 lookup 291 manual updates 281 search engine keywords, custom category 422 search engine keywords, M86 supplied category 316 software update 282 update categories 281 update logs 284 URL keywords, custom category 419 URL keywords, M86 supplied category 312...
Page 504 NDEX ER 456 library update 284 out of the R3000 55 R3000 log transfer 321 realtime traffic, usage 112 software updates 135 log off Administrator GUI 68 log on Administrator GUI 50 Logon Management window 102 logon script path block page authentication 80 Logon Settings window 98 lookup library 291 M86 supplied category 25...
Page 505 NDEX mobile mode definition 472 Mode menu 152 name resolution, definition 472 NAT 38 definition 473 navigation panel 59 terminology 5 navigation tips 54 net use definition 473 NetBIOS definition 473 Network Address Translation (NAT), definition 473 Network menu 88 network requirements 11 Network Time Protocol (NTP) 90 NIC Configuration diagnostic tool 109...
Page 506 NDEX Yahoo! Toolbar popup blocking 445 Override Account window 256 definition 473 password expiration 51 override account 349 unlock IP address 104 unlock username 103 Pattern Detection Whitelist menu 303 Pattern Detection Whitelist window 303 peer-to-peer 31 definition 473 Ping 108 Policy screen 54 pop-up blocking, disable 444 pop-up box/window, terminology 6...
Page 507 NDEX quota definition 474 format 428 Quota Block Page Customization window 212 Quota Notice Page Customization window 215 Quota Setting menu 223 Quota Setting window 223 radio button, terminology 6 Radius definition 474 Radius Authentication Settings menu 172 Radius Authentication Settings window 172 Radius profile 21 RAID 177 Range to Detect Settings window 143...
Page 508 NDEX router mode 15 definition 474 diagram 15 Routing table diagnostic tool 109 rule 26 definition 474 Rules window 243 Safari 10 screen, terminology 6 search engine definition 475 search engine keyword custom category 422 M86 supplied category 316 Search Engine Keyword Filter Control global group filter option 254 search engine keyword filtering 254 Search Engine Keywords window 316...
Page 509 NDEX Software Update Log window 135 Software Update Management window 218 Software Update menu 128 software updates 128 Source mode 37 Stand Alone mode 37 static filtering profiles 22 Status window 147 Status window, CMC Management 221 Sub Group (IP Group) window 393 Sub Group Profile window 396 sub-group 344 add to master IP group 390...
Page 510 NDEX Threat Analysis Reporter 29 time profile add 373 definition 475 delete 383 modify 383 profile type 23 Time Profile window 372 time-based profile 79 tolerance timer 182 tooltips 57 TOP CPU processes diagnostic tool 109 topic 59 terminology 7 Trace Route 108 Traveler 305 definition 475...
Page 511 NDEX URL, same URL in multiple categories 298 URLs window 307 custom category 411 M86 supplied category 307 usage logs 112 View Log File window 112 virtual IP address, definition 476 VLAN 476 VuSafe 266 Warn Option Setting window 193 Warn Page Customization window 206 warn setting 27 definition 476...
Page 512 NDEX M86 S ECURITY UIDE...

This manual is also suitable for:

Web filter sl Web filter msa

M86 Security Web Filter HL User Manual

Introductory Section

Web Filter

About this User Guide

How to Use this User Guide

Overview

Environment Requirements

Chapter 1: Filtering Operations

Chapter 2: Logging and Blocking

Chapter 3: Synchronizing Multiple Units

Chapter 4: Getting Started

Global Administrator Section

Introduction

Quick Links

USER GUIDE

Troubleshooting

Related Manuals for M86 Security Web Filter HL

Summary of Contents for M86 Security Web Filter HL