1. Manuals
  2. Brands
  3. GROM Audio Manuals
  4. Firewall
  5. NetSpective
  6. User manual

GROM Audio NetSpective User Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
NetSpective User Guide

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the NetSpective and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Summary of Contents for GROM Audio NetSpective

  • Page 1 NetSpective User Guide...
  • Page 2 Copyright © 2002-2018 by Grom Educatooaa ervices, Ioc. Aaa rights reserved Aathough the author aod pubaisher have made every efort to eosure that the ioformatoo io this documeot was correct at press tme, the author aod pubaisher do oot assume aod hereby discaaim aoy aiabiaity to aoy party for aoy aoss, damage, or disruptoo caused by errors or omissioos, whether such errors or omissioos resuat from oegaigeoce, accideot, or aoy other cause.

  • Page 4: Deployment Options

    Deployment Options Hardware Scalability Net pectvee’s 15R chassis is equipped with ao octa-core Iotea processor aod cao scaae to 10,000 users. We cao provide further scaaabiaity through our 15Hi chassis, which cao scaae to 10 Gbps aod ao uoaimited oumber of users. The 15Hi is equipped with a hexa-core Iotea processor aod a reduodaot power suppay. Solutions Number of Concurrent Bandwidth...
  • Page 5 HTTP Eocrypted trafc is seaectveay decrypted by Group aod Category. HTTP trafc is mooitored aod fiatered passiveay by Group aod Category. Net pectve User Guide...

  • Page 6: Mobile Proxy Deployment

    Mobile Proxy Deployment As a Web Proxy, io additoo to web fiateriog, Net pectve trafc shapiog optmizes service for high priority appaicatoos whiae providiog fexibae cootroa over oooesseotaa, resource-ioteosive aod uodesirabae trafc. Trafc shapiog scheduaes commuoicatoo streams ioto difereot caasses of service with baodwidth aimits aod priorites.

  • Page 7: Setup Checklist

    ETH0 seods baockiog/redirectoo commaods such as Baock Pages aod Portaa redirects. ETH1 mooitors aaa oetwork trafc as it passes by. Setup Checklist This sectoo outaioes the steps to take for a basic iostaaaatoo aod coofiguratoo of the Net pectve. These steps assume the appaiaoce is aaready racked, giveo ao IP address, aod has a aiceose fiae appaied, as outaioed io the Quick tart Guide.
  • Page 8 get eveo more graouaar with their fiateriog poaicy, you cao “Override” the categorizatoo of specific sites to fit your oeeds. Autheotcate Users – Eveo though we have a group popuaated with users, the Net pectve is oot aware of which IP address is assigoed to each user. The physicaa appaiaoce ooay sees packets associated with IP addresses aod the directory does oot teaa us which IP addresses the users are assigoed to.
  • Page 9 Joio the Net pectve to your Momaio – imiaar to ooioiog a workstatoo to the domaio. Net pectve wiaa oeed to be ooioed for Wiodows NTLM autheotcatoo. et Autheotcatoo Ruaes – This wiaa aaaow the Net pectve Mobiae Proxy to catch aoy IP address beiog directed to it aod prompt for autheotcatoo.

  • Page 10: The Public Group

    The Public Group The Pubaic Group is the poaicy aaa uoautheotcated users wiaa receive. By defauat it ooay baocks Poroography. This group is ioteoded to be a firewaaa for aaa users to hit before beiog paaced io their proper autheotcated group, associated by LMAP or IP raoge. The reasoo for this is caoseay ted to our autheotcatoo methods.

  • Page 11: Netspective Public Communication And Ports

    The resuat is a seamaess eod user experieoce whiae staa providiog graouaar fiateriog. NetSpective Public Communication and Ports Net pectve cootacts our ooaioe services to receive sofware aod categorizatoo updates frequeotay. The Net pectve aaso commuoicates to various services aod ageot through difereot ports.
  • Page 12 Io additoo to maiotaioiog performaoce, this method aaso reduces the rest of a mao-io- the-middae atack as the trafc is oever modified ooce it aeaves the workstatoo. Deployini the NetSpective Remote Aient Client (Inline/Passive) Before the Remote Ageot cao be used, it must koow how to coooect to your Net pectve Appaiaoces.
  • Page 13 Autheotcatoo Ageots Coooectoo etogs IP Addresses are exampaes ooay. The caieot iostaaa coosists of two steps: iostaaaiog ao M I (Microsof Iostaaaer) package aod appayiog the ioitaa coofiguratoo fiae. Afer you appay the ioitaa coofiguratoo fiae, each caieot wiaa get coofiguratoo updates automatcaaay from the appaiaoce.
  • Page 14 The easiest way to appay the coofiguratoo fiae is to opeo it io Wiodows Expaorer. The iostaaa maps its fiaeoame exteosioo (.oscoofig) to ooe of our program fiaes (N Remote etup.exe). Aoy user without admioistratve access cao appay the coofiguratoo update. If oeeded, you couad emaia ao .oscoofig fiae to your users or iostruct them to dowoaoad it from a web site aod appay it.
  • Page 15 10. Proceed through the iostaaaatoo wizard. Wheo you are fioished, the wizard wiaa ask you to reboot io order to compaete the iostaaaatoo. Net pectve User Guide...
  • Page 16 11. Wheo your computer has fioish rebootog, opeo the Remote Ageot Coofiguratoo Fiae. This wiaa update the Remote Ageot sofware. If you wish you uoiostaaa the Mac Remote Ageot, you cao ruo the RemoteAgeotUoiostaaa.pkg. You wiaa oeed Admioistratve priviaeges to proceed. Verifyini Remote Aient Connectivity If you wish to verify that the Remote Ageot has beeo iostaaaed correctay aod has coooectvity, there is ao easy way to determioe that ioformatoo.

  • Page 17: Netspective Inline Ssl Inspection

    Certficate Authority. If a device does oot trust your CA Certficate, they wiaa oot be abae to visit aoy HTTP webpages. Buildini and Downloadini the CA Certifcate from NetSpective Uoder etogs Certficates Certficate Authority, you must first buiad a CA Certficate. The requiremeots for a CA Certficate are as foaaows.
  • Page 18 Country The Couotry where the Orgaoizatoo exists. Use the two-aeter code without puoctuatoo for couotry, for exampae: U or CA. Email Ao emaia address to be iocauded io the certficate. Common Name The Commoo Name is the ooay required fiead. The commoo oame is your oame or your servere's hostoame (eg.
  • Page 19 You cao aaso dowoaoad the source code for ao uosupported utaity from Moziaaa aod theo buiad the .exe aod .daae’s for the utaity. Theo you wouad oeed to distribute it to aaa the workstatoos oo your oetwork. Theo you wouad have to create a batch fiae or script to fiod aaa the Firefox profiae directories aod theo ruo the utaity to iostaaa the certficate ioto each certficate store.
  • Page 20 10. You wiaa be preseoted with the Group Poaicy Editor. 11. Go to Computer Coofiguratoo Wiodows etogs ecurity etogs Pubaic Key Poaicies Trust Root Certficatoo Authorites. 12. Right caick aod seaect Import to aauoch Certficate Import Wizard. 13. eaect Locaa Machioe aod caick Next. Net pectve User Guide...
  • Page 21 14. eaect browse. 15. eaect aaa fiaes. 16. eaect the dowoaoaded CA Certficate fiae. 17. Ooce you are back to the Import screeo caick Opeo, theo Next. 18. Certficate tore shouad be set to Trusted Root Certficatoo Authorites. 19. eaect Next. Net pectve User Guide...
  • Page 22 20. ummary screeo wiaa appear. eaect Fioish. Import CA Certifcate in Chrome Admin Console igo ioto Googae Admio Maoagemeot Coosoae. Net pectve User Guide...
  • Page 23 eaect Mevice Maoagemeot. eaect Network. Net pectve User Guide...
  • Page 24 eaect Certficates. eaect Add Certficate Choose Fiae. Net pectve User Guide...
  • Page 25 6. We recommeod the PEM fiae exteosioo for Googae Admio Coosoae eaect the certficate fiae aod caick Opeo . 8. Check the box to Use this certficate as ao HTTP certficate authority eaect ave. 10. Certficate wiaa show as Certficate Authority. Net pectve User Guide...
  • Page 26 Deployini the CA Certifcate Manually Import CA Certifcate in Windows 7 and 8 7. Eosure that you are aogged io as ao Admioistrator before proceediog. 8. Moubae caick the dowoaoaded certficate. eaect Iostaaa Certficate. 10. This briogs up certficate import wizard. eaect Next. Net pectve User Guide...
  • Page 27 11. eaect “Paace aaa certficates io the foaaowiog store”. 12. eaect browse. 13. eaect “Trusted Root Certficatoo Authorites”. Net pectve User Guide...
  • Page 28 14. eaect Next to cootoue. 15. eaect fioish to ruo the import. Net pectve User Guide...
  • Page 29 Import CA Certifcate in macOS  From Appaicatoos Utaites seaect Keychaio Access. Net pectve User Guide...
  • Page 30 eaect the Lock to uoaock system keychaio. Eoter the keychaio password. Go to Fiae import items. eaect the dowoaoaded root CA with the destoatoo ystem. Eoter the password to modify keychaio access. Net pectve User Guide...
  • Page 31 The certficate wiaa be dispaayed. eaect “Aaways Trust”. Eoter the password ooce agaio. eaect the aock to caose access to system keychaio. You shouad see the oeway added certficate. Net pectve User Guide...
  • Page 32 Deployini the CA Certifcate on Mobile Devices Uoder etogs Customizatoo Poaicy Remioder, you cao customize the poaicy remioder page. You cao oow aaso eoabae a aiok to “ how CA Certficate Mowoaoad aod Iostaaa Iostructoos”. By eoabaiog the Poaicy Remioder page io the Groups sectoo, users wiaa have to agree to your orgaoizatooe’s poaicy before surfiog the ioteroet.
  • Page 33 This Certficate Mowoaoad aod Iostaaaatoo page wiaa aaso aist simpae iostructoos for Aodroid, iO , aod Chromebook. The certficate oo this page is io MER format with the .crt exteosioo. This has beeo tested to be the preferred certficate for aaa three device types. Import CA Certifcate from Policy Reminder –...
  • Page 34 Ioside the Certifcate Manaier go to the Authorities tab aod caick oo the "Import..." butoo at  the botom of the maoager. eaect Gooile Drive Downloads to fiod the certficate fiae.  IMPORTANT: If the fiae does oot show up io either aist chaoge the fiae type fiater at the botom of ...

  • Page 35: The Netspective Webfilter Extension For Chrome

    The NetSpective WebFilter Extension for Chrome The Net pectve WebFiater Exteosioo for Chrome was desigoed to fiater Chromebooks both oo or of campus. This suits the most commoo Chromebook depaoymeots which are ooe-to-ooe ioitatves, aod oo campus depaoymeots where muatpae users may use a siogae Chromebook.
  • Page 36 coooectvity to a tmeserver. A vaaid test wiaa dispaay "NTP erver Test OK." If you do oot receive this message, coosider chaogiog the server IP address to a aocaa NTP server or check your firewaaa ruaes. 6. You must have access to the Googae Admio Coosoae, htps://admio.googae.com, for your domaio. 7.
  • Page 37 Imaie Replacement – If images oo a page are beiog baocked aod fiatered, checkiog this optoo wiaa repaace the baocked image with the Net pectve baock icoo. Exceptions – Exteosioo for Chrome, you cao add URLs for websites that are aaaowed here. These exceptoos wiaa oot be processed by the Chrome Exteosioo aod wiaa go through the browser uotouched.
  • Page 38 Io the Oris sectoo oo the aef, caick the orgaoizatooaa uoit where you waot to force-iostaaa the item. To iostaaa items for everyooe your orgaoizatoo, seaect the top-aevea orgaoizatooaa uoit. Uoder Force Installation, caick to turo the setog oo Note: If youe're force-iostaaaiog ao item for a chiad orgaoizatoo, the force iostaaa setog might be ioherited from the top-aevea orgaoizatoo.
  • Page 39 Deployini the NetSpective Terminal Server Aient (Inline/Passive) The Net pectve Termioaa erver Ageot cao be fouod oo the Net pectve appaiaoce uoder Utaites. The Termioaa erver Ageot coosists of a coofiguratoo utaity aod a Wiosock Layered ervice Provider (L P) moduae.
  • Page 40 Net pectve processes the ioformatoo with mioimaa overhead, the oetwork wiaa oot be burdeoed with the trafc geoerated by the appaicatoo. Method 1 - Deployini the NetSpective Loion Aient for Windows 7 Workstations and Later The steps beaow outaioe the process for coofiguriog Microsof Actve Mirectory to store the Logoo Ageot oo the usere’s aocaa machioe.
  • Page 41 2. Opeo Group Poaicy Maoagemeot aod caick oo your Logoo Ageot GPO. Io this exampae, the GPO is oamed ‘Net pectve 3. Right caick your Logoo Ageot GPO aod caick Edit Net pectve User Guide...
  • Page 42  Io the Group Poaicy Maoagemeot Editor, oavigate to: User Coofiguratoo Prefereoces Wiodows etogs Fiaes Net pectve User Guide...
  • Page 43  Io the right paoe eottaed Fiaes, right caick aod seaect New Fiae 1. From the Actoo meou, seaect Repaace Io the fiead for ource Fiaes, seaect the fuaa path of the Logoo Ageot oo your server. Io the fiead for Mestoatoo Fiae, seaect the path you waot the Logoo Ageot to ruo from oo the Locaa Machioe.
  • Page 44 Exampae Logoo Ageot fiae oame is WFLogoo-v3.0.11.exe. Your Logoo Ageot fiae oame may be difereot aod must be specified io this fiead. Wheo you are fioished, caick the OK butoo. 2. Navigate to: User Coofiguratoo Poaicies Admioistratve Tempaates ystem Logoo Net pectve User Guide...
  • Page 45 1. Io the right paoe, right caick “Ruo these programs at user aogoo” aod seaect Edit. 3. Io the oew wiodows, seaect Eoabae. Uoder Optoos, caick the how butoo Net pectve User Guide...
  • Page 46 If the Logoo Ageot is oot ruooiog oo some machioes, see the Troubaeshootog sectoo of this guide. Method 2 - Deployini the NetSpective Loion Aient usini WFCall.bat Actve Mirectory reaies oo the Momaio Name ervice (MN ) to provide Group Poaicy access. This may require iostaaaiog MN oo the domaio cootroaaer aod coofiguriog the caieot systems so that they use the cootroaaer as their MN server.
  • Page 47 Momaio Cootroaaers (LogooAgeot.zip). Ooce dowoaoaded, uozip the cooteots of the zipped ‘LogooAgeote’ foader to a aocatoo that is accessibae from the Wiodows server. The LogooAgeot foader cootaios severaa fiaes. WFLogoo.exe is the Net pectve appaicatoo used to associates domaio user oames to machioe IP addresses. WFLogoo.exe has severaa commaod aioe parameters that may be used to taiaor how the appaicatoo executes aod seaectveay defioe defauat vaaues.
  • Page 48 1. Right caick oo the ‘Group Poaicy Oboectse’ (GPO) aod seaect ‘Newe’. 1. Oo the New GPO diaaog eoter ‘Net pectvee’ or a descriptve oame represeotog your ioteroaa oamiog cooveotoos. ‘ ource tarter GPOe’ shouad remaio as (oooe). Net pectve User Guide...
  • Page 49 eaect the Group Poaicy Oboect tree items aod oavigate to the e’Net pectvee’ group poaicy oboect.  Right caick aod seaect ‘Edite’. Upoo seaectog Edit, the Group Poaicy Maoagemeot Editor wiaa opeo for the Net pectve GPO.  Navigate to ‘User Coofiguratooe’, ‘Wiodows etogse’, ‘ cripts (Logoo/Logof)e’. eaect ‘Logooe’ script io the right paio of the editor.
  • Page 50 eaect the Logoo script. Right caick or doubae caick to dispaay the aogoo script propertes aod  seaect the Add butoo. Net pectve User Guide...
  • Page 51  From the ‘Add a cripte’ Miaaog, seaect Browse. Next access the foader you uozipped the LogooAgeot.zip ioto from tep 1. eaect aod Copy both the WFLogoo.exe aod WFCaaa.bat ioto the defauat foader the Browse opeos to. This foader is the foader for the Net pectve GPO. ...

  • Page 52: Troubleshootini

     Now aaa users accessiog the oetwork wiaa automatcaaay execute the Net pectve aogoo cript executed based oo the parameters provided. Troubleshootini 1. Verify that the EXE is beiog copied to the correct aocaa foader. a. If oot, atempt to verify that the curreot GPO setogs have beeo appaied to that machioe, that the GPO is actuaaay beiog appaied to the test accouot, that it cao read from the source foader, that it cao write to the destoatoo foader, etc.
  • Page 53 The Momaio fag is ao optooaa setog used as a mechaoism to ask the O for the domaio oame. Deployini the NetSpective Loion Aient for macOS 5. From the Mowoaoads page oo your Net pectve appaiaoce, dowoaoad the aatest Net pectve Logoo Ageot disk image LogooAgeot.dmg to your aocaa Maciotosh operatog system.
  • Page 54 6. Mouot aod opeo the dowoaoaded disk image fiae. Withio LogooAgeot.dmg is the Iostaaa Package, LogooAgeotPrefereoces, aod LogooAgeotUoiostaaa. eaect the Iostaaa Package to execute the iostaaaatoo process. Paease oote iostaaaatoo requires admioistratve credeotaas. Net pectve User Guide...
  • Page 55 7. The iostaaaatoo cootaios a Read Me sectoo. Beaow is the fuaa text from the Read Me. This outaioes the format you wiaa see useroames io Net pectve. You wiaa be abae to taiaor the ageote’s setogs afer the iostaaaatoo usiog the LogooAgeotPrefereoces. If this is a oew iostaaaatoo, make sure to set the address of your Net pectve appaiaoce usiog the suppaied LogooAgeotPrefereoces appaicatoo.
  • Page 56 9. To coofigure the Logoo Ageot, ruo the LogooAgeotPrefereoces fiae. 10. The LogooAgeotPrefereoces program is used to coofigure the LogooAgeot for seodiog aogoo eveots to the Net pectve. Io our exampae, we have added the admio IP addresses of our two Net pectve appaiaoces to the coofiguratoo.
  • Page 57 Net pectve as ‘hostoameeuseroamee’. Wheo you are fioished, simpay caose the utaity to save the coofiguratoo. 11. The package aaso cootaios the LogooAgeotUoiostaaa fiae. This is used to remove the LogooAgeot from the workstatoo. This process aaso requires admioistratve priviaeges. Net pectve User Guide...
  • Page 58 NetSpective Wi-Fi Aient Overview The Wi-Fi Ageot is ioteoded to soave the oeeds of I Ms aod schooa districts usiog muatpae wireaess zooes with a oeed for traospareot autheotcatoo. If users aaready are autheotcatog through RAMIU , aod are receiviog ao IP address through the MHCP server, theo the Wi-Fi Ageot cao be impaemeoted. We cao use these sources to autheotcate users io Net pectve for a traospareot aod secure aogio.
  • Page 59 This service is provided for free to a customer with ao uoaimited aiceose. Ooce depaoyed, the ageot ruos quietay io the eoviroomeot with oo oecessary customer ioteractoo. Deployini the NetSpective Mobile Portal for BYOD Initiatives (Inline/Passive) The Net pectve Mobiae Portaa was desigoed with HTML5 to be web browser aod operatog system iodepeodeot, makiog it efectve at fiateriog mobiae devices.
  • Page 60 Fiater etogs Autheotcatoo IP Addresses are exampaes ooay. 13. From the Autheotcatoo Ruae wiodow, you wiaa see fieads for Name, Mode, aod Method. Each fiead is required for portaa autheotcatoo. Wheo you have created a ruae, caick the save icoo. a.
  • Page 61 15. Eoter your IP address raoge io the Raoge fiead. eaect the Ruae you created io the previous step. Wheo you are fioished, caick the save icoo. Confiurini the Mobile Portal for Windows NTLM Authentication Coofiguriog the Mobiae Portaa for Wiodows NTLM Autheotcatoo requires aaa of the same steps as LMAP Autheotcatoo did.
  • Page 62 IP Addresses are exampaes ooay. 9. Uoder Autheotcatoo Wiodows Iotegratoo, fiaa out the fieads reaatve to your oetworke’s domaio, theo caick the Joio butoo. This wiaa set up a trusted reaatooship betweeo the Net pectve device aod your domaio. Wheo you are fioished, caick the save icoo io the upper aef haod coroer.
  • Page 63 Wheo Wiodows NTLM is seaected, some userse' browsers may require additooaa coofiguratoo or the user may staa be prompted for autheotcatoo. Io Ioteroet Expaorer, the Net pectve device wiaa oeed to be added to the e'Locaa Iotraoet itese'. Io IE 7, to add a aocaa iotraoet site go to Tooas - Ioteroet Optoos, theo seaect the ecurity tab, seaect Locaa Iotraoet, caick ites aod theo seaect Advaoced.
  • Page 64 request. The portaa page wiaa dispaay a diaaog box where the user cao eoter io aoy text they waot to ideotfy who they are. 11. Ooce you have seaected ‘Pairiog by Requeste’, you wiaa aaso be abae to seaect Temporary Access as weaa.

  • Page 65: Netspective Mobile Proxy Deployment

    You wiaa oeed to setup a pubaic MN so that the hostoame resoaves to ao IP address io the caoud. Confiurini NetSpective for Mobile Proxy Restrict Admin Access You may waot to coosider restrictog admio access to your Mobiae Proxy appaiaoces, sioce they cao be accessed from outside your oetwork.
  • Page 66 Networkini Uoder etogs Network we cao see the IP address of the appaiaoce, as weaa as the Mefauat Gateway. If your appaiaoce is io a siogae NIC coofiguratoo, theo the siogae IP address oo the Admio port is aaa you oeed.
  • Page 67 To add a seaf-sigoed certficate, caick oo the Add Certficate butoo. Eoter your desired hostoame io the L Hostoame fiead. Wheo you are fioished, caick OK. Net pectve User Guide...
  • Page 68 The hostoame dispaayed is ao exampae ooay. The web server wiaa restart aod the Certficate screeo wiaa be updated with the oew hostoame ioformatoo, as seeo io the Commoo Name aod Hostoame Areas. DNS setnis on the Domain Controller etog up a MN oo your domaio cootroaaer wiaa vary depeodiog oo the server you are usiog. We simpay oeed to set up a Forward Lookup Zooe to match the hostoame we gave the Net pectve.
  • Page 69 WAN address coofigured for the Net pectve appaiaoce oo your firewaaa, which wiaa aaaow commuoicatoo ioto your oetwork to the appaiaoce. Join the NetSpective to your Domain Next we wiaa ooio the Net pectve to your domaio to eoabae Wiodows NTLM autheotcatoo. Wiodows iotegratoo sets up a trusted reaatooship betweeo the Net pectve aod your domaio to aaaow users to be autheotcated for the Mobiae Proxy service.
  • Page 70 Image depicts exampaes ooay. Set Authentication Rules For Net pectve to fiater users gaobaaay, we wiaa oeed to coofigure Autheotcatoo Ruaes for the eotre ioteroet. Navigate to the Autheotcatoo Autheotcatoo Ruaes. First we wiaa create ao Autheotcatoo Ruae for mobiae users. A typicaa depaoymeot wiaa utaize Cached essioo Based Autheotcatoo aod Wiodows NTLM.
  • Page 71 Proxy Confiuration Mevices cao be coofigured io the traditooaa proxy way by poiotog your device to the hostoame we coofigured. As you cao see io the exampaes beaow, devices show the fuaa hostoame as weaa as Port 3128. This is the port Net pectve Mobiae Proxy aisteos oo for user trafc. Exampae: Wiodows Proxy etogs Exampae: iPad maouaa proxy setogs.
  • Page 72 Mobile Proxy Confiuration with PAC fle The preferred method to coofigure devices wouad be with a Proxy Auto-Coofiguratoo (PAC) fiae. This cao be used to coofigure muatpae devices at the same tme with Mobiae Proxy setogs. Navigate to Autheotcatoo Proxy oo the appaiaoce. Uoder the Auto-Coofig (PAC) headiog, caick the dowoaoad butoo to obtaio a PAC fiae.
  • Page 73 If you have a mix of Ioaioe aod Proxy appaiaoces, you shouad geoeraaay make the Ioaioe appaiaoce the pareot io the repaicatoo tree. Wheo repaicatog io this sceoario, you may repaicate aaa setogs except for Autheotcatoo. The goaa is for the Ioaioe appaiaoce to haodae BYOM autheotcatoo, whiae the Proxye’s autheotcatoo is set for Mobiae Proxy autheotcatoo.
  • Page 74 Confiure the Proxy Mode Type (Fail Over or Load Balanced) Load Balance Io this mode, muatpae Net pectve proxy appaiaoces are coofigured with the same Ioteroaa IP address (Virtuaa hared IP). The appaiaoces coordioate so that ooay ooe of them is actve aod wiaa repay to ARP requests for the shared Ioteroaa IP.

  • Page 75: Limitations With Global Proxies

    This is the hostoame we created earaier io this documeot. Oo your domaio cootroaaer, create a MN A record for this hostoame. As you cao see the IP Address we are usiog for this hostoame is the Ioteroaa (Virtuaa hared IP) of our proxy appaiaoces.

  • Page 76: Netspective Web Interface Help

    “ ofware Update Uoavaiaabae – ofware update oot avaiaabae at this tme, try agaio aater”. The Appae Coofigurator however, cao staa be used to update a device to the aatest sofware reaease. NetSpective Web Interface Help Admin Manaier Setnis Here you cao chaoge the password for the maio Admioistrator maoager accouot. You shouad aaso coosider addiog ao emaia address aod eoabaiog the ootficatoos at the botom of the wiodow.
  • Page 77 wiaa returo the defauat categorizatoo io the Net pectve fiateriog database. This shouad heap io determioiog how you shouad coofigure Group Poaicies. Category Lookup cao aaso be used to determioe how a group is beiog fiatered. You cao seaect a group of users aod determioe how a website is beiog categorized for them.

  • Page 78: Automatic Updates

    The Net pectve device commuoicates with the Net pectve Ooaioe ervice to receive updates aod to seod Adaptve Fiateriog, registratoo, aod diagoostc ioformatoo. The device may receive categorizatoo chaoges, aiceose reoewaas or chaoges, aod system sofware updates. Aaa commuoicatoo is dooe via FTP aod seositve data is eocrypted.

  • Page 79: Version Information

    Version Information Field Version Information Filterini Mode Mispaays the devicee's aiceosed mode of fiateriog. Optoos are Ioaioe, Passive, Proxy. System Version Mispaays the devicee's sofware versioo. Go to the Updates sectoo to check for oew updates that may be iostaaaed maouaaay or to eoabae automatc updates. Library Version Mispaays the devicee's aibrary (categorizatoo aist) versioo.
  • Page 80 Subscription Information Field Subscription Information Subscription Name Mispaays the devicee's uoique ideotfier. Aaa aog fiaes geoerated by the device wiaa have this hostoame embedded io the fiae oame. Your hostoame is uoique to your appaiaoce aod is ofeo required wheo cootactog customer support. Subscription Start Mispaays the date that your subscriptoo to the Net pectve Ooaioe ervice begao.
  • Page 81 This report shows receot ioteroet actvity baocked or mooitored by Net pectve. Use the search fiead to fiod specific hostoames, users, IP addresses, or categories. Icoos are showo if the request was baocked, ao abusive category, or from a remote ageot. You may use the search bar at the top of the report to search for specific actvity.
  • Page 82 Activity (Inline/Remote) This report shows receot ioteroet actvity baocked or mooitored by Net pectve. Use the search fiead to fiod specific hostoames, users, IP addresses, or categories. Icoos are showo if the request was baocked, ao abusive category, or from a remote ageot. You may use the search bar at the top of the report to search for specific actvity.
  • Page 83 Proxy Statistics Proxy Overview This report shows Net pectvee's curreot baodwidth aod user aoad. Baodwidth, actve user, aod actve coooectoo couots are showo for each priority aevea aod as a graod totaa. "Caieot Coooectoos" shows the totaa oumber of actve aod idae caieot coooectoos. "Coocurreot Users" shows the oumber of uoique autheotcated aod uoautheotcated users.
  • Page 84 This report shows aaa curreotay actve or idae caieot coooectoos. Idae coooectoos show the user oame or IP address, the tme the coooectoo has beeo idae, aod the ioteroaa aod exteroaa addresses aod ports curreotay io use by Net pectve. Actve coooectoos additooaaay show the host aod domaio, path, totaa bytes received aod seot, the priority, quota usage, group oame, aod category oame.
  • Page 85 Miscellaneous Appliance Statistics This report shows the CPU usage io reaa tme, both utaizatoo aod idae. The right side shows oetwork utaizatoo io Mbps. Abuse Lock-downs This report shows users who are curreotay aocked dowo by Net pectvee's abuse detectoo. Each eotry io the report dispaays the usere's oame or IP address, the expiratoo tme of the aock dowo, aod the usere's totaa oumber of atempted accesses to abusive categories for the day.
  • Page 86 Manaiement All Assiined Users The Aaa Assigoed Users page provides a aistog of users by group membership. You cao maouaaay add users, assigo users ioto groups, deaete users, aod search for users. You may aaso import or export a aist of users.
  • Page 87 Paired Mobile Devices Mobiae Pairiogs are associatoos betweeo users aod mobiae devices, such as smartphooes aod tabaets. They are ideaa for devices that do oot typicaaay aeod themseaves to easy ideotficatoo aod associatoo with a user. Wheo a mobiae device is paired, a tokeo is stored oo the device that aaaows Net pectve to ideotfy the device aod associate it with a user.
  • Page 88 Note: A chaoge to the paired user wiaa oot be saved uota you caick the OK butoo aod save aaa the chaoges. Unpair Mobile Devices Uopairiog a mobiae device removes the user associatoo. To uopair mobiae devices seaect the check box oext to each devicee's oame.
  • Page 89 or faiaed, aaa subsequeot atempts to take the test wiaa be treated as that same user aod they wiaa aaso aaready have passed or faiaed. Uoder etogs Geoeraa, eosure that the Migitaa Citzeoship Liceose feature is eoabaed by checkiog the box oext to it.

  • Page 90: Group Overrides

    Fioaaay, seaect the tart Time for wheo users wiaa begio to be redirected to the MCL Test website, aod the top Time for wheo the feature wiaa automatcaaay disabae redirectog users. We recommeod discussiog this tme with Teachers aod taf beforehaod, so that your schooa is oot takeo by surprise wheo studeots caooot access the ioteroet as they expect.
  • Page 91 The search term override feature requires whoae word matchiog; you wiaa oeed to eoter search terms exactay as they appear io the search. Pauraas aod commoo misspeaaiogs wiaa oot automatcaaay be matched. If you override "poro" aod "poroography", aod someooe searches for "poroo" or "proo", it wiaa be missed.
  • Page 92 Example Type Description mysite.com Momaio Matches actvity to mysite.com aod its subdomaios (www.mysite.com, images.mysite.com, etc.) jenny.mysite.com Momaio Matches actvity to oeooy.mysite.com aod its subdomaios. ioce this ruae is more specific thao the previous ruae (mysite.com), it wiaa have higher precedeoce. mysite.com/news/ Matches actvity to the /oews/ directory aod its subdirectories (/oews/images/, etc.) oo mysite.com...
  • Page 93 Creatini or Updatini Overrides For addiog ao override, seaect the "Add" butoo io the upper right coroer io the header. For ao update caick the override you wish to edit. Ooce the diaaog has opeoed, eoter the override io the proper fiead. Commeots are optooaa aod are there ooay for your owo refereoce.

  • Page 94: User Overrides

    To import, seaect the e'Importe' butoo from the cootroa bar. Ooce the diaaog is opeo, choose the group aod category that aaa the imported overrides wiaa be assigoed to. Next caick the e'Browse...e' butoo aod seaect the fiae you wish to import. Caick e'OKe' aod the import wiaa begio. Exportini Overrides To export, seaect the e'Exporte' butoo from the cootroa bar.

  • Page 95: Policy Templates

    Policy Templates Poaicy Tempaates aaaow you to create a ruaeset of poaicy setogs aod aiok them to muatpae groups at the same tme. Aoy chaoges to the poaicy tempaate wiaa chaoge the poaicy for the associated groups iostaotay. Muatpae tempaates cao theo be created for difereot situatoos such as for ooaioe testog. Caick the Add butoo to be takeo to a baaok poaicy where you cao theo give the tempaate a oame before saviog.
  • Page 96 This tab cootaios the geoeraa propertes of a Net pectve group. A uoique group oame is the ooay required fiead. Directory Source A Net pectve group cao be coofigured to mirror the user aist of a specific Group or Orgaoizatooaa Uoit io a LMAP Mirectory.
  • Page 97 Block Paie Manaiement The Baock Page Bypass feature eoabaes baocked web sites to be temporariay aaaowed for a certaio period of tme by eoteriog a password or by providiog credeotaas of ao authorized maoager. The bypass cao afect the eotre Net pectve group or oust the user from which the override origioated. Type Block Bypasses Mode...
  • Page 98 Policy Properties – Safe Search Net pectvee's afe earch feature traospareotay cooverts aaa Googae, Biog, Yahoo, Ask, Baidu, Mogpiae, MuckMuckGo, Hotbot, Iofo pace, aod Lycos searches ioto " afe Mode" searches. To eoabae afe earch, check the box oext to afe earch. earch eogioes that are oot aaaowed aod are uochecked cao aaso be redirected to the search eogioe of your chose from the Redirect drop dowo meou.
  • Page 99 Properties – Restrict Facebook Content By eoabaiog the check box for Restrict Facebook Cooteot, the WebFiater wiaa aaaow trafc to Facebook regardaess of your poaicy setog for the ociety category. Ooce this feature is eoabaed, you cao disabae fuoctooaaity of Facebook features aod actoos by checkiog the associated checkboxes. You cao disabae as maoy Facebook features as you wouad aike.
  • Page 100 Group Policy Every group has its owo poaicy that cao Baock, Mooitor, or Igoore ioteroet actvity based upoo category aod tme of day. The poaicy is dispaayed as a grid with categories as the vertcaa axis aod tme of day as the horizootaa axis.
  • Page 101 Special Icons This fag iodicates the category is Abusive. The oumber io the icoo sigoifies which Abuse Metectoo Levea wiaa be used for the abuse. If Poaicy Remioder is eoabaed for the aevea aod the category is set Log/Mooitor, the first atempted accesses to this category wiaa trigger the Poaicy Remioder page aod the Poaicy Remioder must be accepted by the user.

  • Page 102: Authentication Rules

    This sectoo is a read ooay view of the groupe’s overrides. To add or edit aoy overrides, you must go to the Group Overrides sectoo pertaioiog to the type of override you wish to make. Users The Groups – Users Tab dispaays the curreot aist of users who are members of the group you have seaected io the aef paoe.
  • Page 103 Mobiae Compatbae Portaa with Pairiog is the same as the Mobiae Compatbae Portaa, except that the credeotaas suppaied wiaa be used to pair the mobiae device to a user. Pairiog is the associatoo of a mobiae device with a Net pectve User for a specified amouot of tme. A tokeo is geoerated by the Net pectve aod stored oo the mobiae device.
  • Page 104 Eoabaiog pairiog wiaa redirect eod-users to a web page where they cao request to be paired. Pairiog is the associatoo of a mobiae device with a Net pectve User for a specified amouot of tme. A tokeo is geoerated by the Net pectve aod stored oo the mobiae device. The tokeo is theo used to ideotfy the associatoo betweeo the mobiae device aod the assigoed user.
  • Page 105 This optoo provides siogae sigo oo capabiaites for Wiodows users. Io additoo, some browsers such as Firefox aaso support this method oo other operatog systems such as Lioux aod macO . Note: You must ooio Net pectve to a Wiodows domaio to use NTLM Wiodows autheotcatoo. Proxy Setnis Net pectve cao use trafc shapiog to give higher or aower priority to certaio trafc aod to aimit trafc.
  • Page 106 Fail Over Muatpae Net pectve appaiaoces are coofigured with the same Ioteroaa IP address. The appaiaoces coordioate so that ooay ooe of them is actve aod wiaa repay to ARP requests for the shared Ioteroaa IP. If the actve appaiaoce goes dowo for more thao 60 secoods, ooe of the backup appaiaoces wiaa automatcaaay take over.
  • Page 107 htps://support.googae.com/youtube/aoswer/6214622 For a detaiaed descriptoo oo what YouTube coosiders Moderate or Restrict, paease see the associated Googae support artcae. htps://support.googae.com/youtube/aoswer/174084 Priority Setnis Net pectve supports 3 priority caasses of trafc - High, Medium, aod Low. Each priority caass has a coofigurabae target perceotage of maximum baodwidth, for exampae High priority trafc may use 75% of the maximum aaaowed baodwidth eveo wheo there is demaod for Medium aod Low trafc.
  • Page 108 NetSpective Proxies This setog is required. Caick the drop dowo meou to dispaay a aist of aaa curreotay detected Net pectve devices aod the aist of assigoed proxy IP addresses or hostoames. Make sure the devicee's IP or MN hostoame, as weaa as aoy other devices io a aoad baaaoced causter, are io the e'Assigoede' aist. You may add ao IP or MN hostoame of a Net pectve proxy device by caickiog the e'Adde' butoo.
  • Page 109 Before the Remote Ageot cao be used, it must koow how to coooect to your Net pectve Appaiaoces. You shouad specify aaa Net pectve appaiaoces oo your oetwork with both pubaic aod private addresses. Mepeodiog oo the aocatoo of the remote access user, the oetwork, aod the aoad oo the appaiaoces, the Remote Ageot caieot wiaa choose to commuoicate with the appropriate Net pectve appaiaoce.
  • Page 110 The Remote Ageot cao be coofigured to Automatcaaay eod ofware Upgrades to Caieots. This cao poteotaaay be disruptve to eod users. Remote Ageot upgrades may require a reboot upoo upgradiog. Aaso, most imagiog sofware, such a Meep Freeze, cao force a workstatoo io ao eodaess reboot if the ageot cootouaaay atempts to upgrade.
  • Page 111 Afer eoabaiog L Iospectoo for Remote Ageots, there are two more areas you cao optooaaay coofigure. You may excaude IP raoges from beiog iospected as weaa as excaude Appaicatoo from beiog iospected. ome appaicatoos or servers refuse to respect a third partye’s certficate aod wiaa ooay use their owo. The Googae Mrive appaicatoo aod Mropbox app are good exampaes of programs that shouad be exempt from L Iospectoo.
  • Page 112 Aaa Logoo Ageot aod Remote Ageots seod packets over UMP to a correspoodiog Net pectve appaiaoce. ioce Net pectve processes the ioformatoo with mioimaa overhead, the oetwork wiaa oot be burdeoed with the trafc geoerated by the appaicatoo. The Logoo Ageot wiaa NOT dowoaoad aod iostaaa aoy CA Certficates.
  • Page 113 It is importaot to set the ‘Logoo Ageot Ioactvitye’ tmeout appropriateay. Wheo the Mobiae Browser app is oot actve oo ao iPad, the operatog system wiaa oot aaaow the mobiae browser to keep a aiok opeo to Net pectve due to the impact oo batery aife. Wheo a fiatered iPad is brought ioto schooa (or the ofce) io the moroiog aod grabs a oew IP address oo your wireaess oetwork, Net pectve wiaa oot koow which user has aogged oo uota the Mobiae Browser is opeoed.
  • Page 114 Gooile Siin-In The Googae Iotegratoo sectoo aaaows Net pectve to commuoicate to a Googae Apps for Educatoo domaio. By doiog this, we cao provide features specific to Googae domaios aod Googae devices. The Caieot etogs are used to aeverage Googae igo-Io with our Mobiae Portaa. By doiog this, the portaa wiaa dispaay a Googae igo-Io icoo that users are famiaiar with.
  • Page 115 Host Name The host oame is the short oame of the Net pectve device. You cao choose aoy oame to represeot the Net pectve device oo your domaio. (Exampae: myoetspectve) Domain The Wiodows NT compatbae ( hort) domaio of your oetwork. (Exampae: exampae) AD Realm (Active Directory Only) The Actve Mirectory Reaam of your oetwork.
  • Page 116 To add a oew ource, caick the Add butoo. To chaoge a source, caick oo the oame of the source you wouad aike to edit. Ooce the diaaog has opeoed, eoter the appropriate ioformatoo. 11. Name – A oame to ideotfy the LMAP ource. 12.
  • Page 117 Type Search Base Active dc=wexampae,dc=wcom Directory eDirectory o=wtest Open Directory dc=wxserve,dc=wcom Gooile OAuth2 Inteiration with an Active Directory Forest If your eoviroomeot cootaios ao Actve Mirectory forest with muatpae Wiodows domaios, there are two optoos for associatog Net pectve groups with Actve Mirectory groups cootaioiog users with mixed domaio membership.
  • Page 118 Setnis Filter Options This sectoo cootaios advaoced optoos that iocaude Remote Logios, VLAN Trafc, aod other optoos. Block QUIC UDP Transport Protocol By defauat this optoo is checked. By baockiog the QUIC protocoa, Chrome wiaa dowograde its coooectoo to the target website from usiog QUIC to L/TL , which cao be decrypted with the Ioaioe soautoo aod Remote Ageots.
  • Page 119 Copy Oriiinal VLAN Tai When Blockini By defauat, this is uochecked aod Net pectve wiaa oot put VLAN tags oo its baock packets wheo baockiog VLAN trafc. If your switch wooe't route uotagged packets, check this optoo. This optoo ooay appaies wheo "Fiater VLAN Trafc"...
  • Page 120 Net pectve may be mooitored via NMP so that you may keep track of its heaath aod fiateriog actvity. Net pectve exports iodustry-staodard MIB aod a custom MIB that may be dowoaoaded from the Utaites sectoo. Paease see your NMP caieote's documeotatoo for ioformatoo oo how to aoad custom MIB .
  • Page 121 SMTP Setnis If you waot to be abae to seod emaia for abuse ootficatoo, you must specify ao emaia server to use. Server This is the host oame or IP address of your maia server. Most popuaar maia servers support the MTP protocoa, which is the staodard protocoa for Ioteroet emaia.
  • Page 122 Ooce you have choseo to baock IP io the Group Poaicy screeo, you cao use this screeo to cootroa the criteria of the IP sessioos you choose to baock. You cao baock aaa IP registratoos, baock IP audio aod/or video sessioos or choose to permit or baock certaio IP Providers. A IP Provider is the hostoame of for the IP server used by a provider aod may be difereot thao the providere's actuaa website.
  • Page 123 The Net pectve device aaaows you to coofigure some oetwork setogs, such as the oetwork ioterfaces, MN setogs, aod statc routes. These setogs wiaa aaaow the device more fexibiaity aod a greater raoge of cootroa io more compaicated oetworks. Trafc The appaiaoce by defauat wiaa ooay fiater trafc.
  • Page 124 Interfaces You may view aod chaoge the IP address aod Netmask of the devicee's Etheroet aod virtuaa ioterfaces. You may aaso view the aiok status aod MAC Hardware addresses of your Etheroet devices. Admin Interface This ioterface was ioitaaay coofigured duriog the text mode iostaaaatoo. Use this ioterface to access the Net pectve web-based admioistratoo page.
  • Page 125 You may eoter a aist of MN servers to use aod a aist of MN earch Momaios. For exampae, a search domaio of "exampae.com" wiaa aaaow a short hostoame of "iotraoet" to resoave to "iotraoet.exampae.com". Providiog a MN server wiaa aaaow Net pectve to use host oames io additoo to IP addresses for other setogs, such as the Loggiog FTP server.
  • Page 126 Address: pecifies the destoatoo of the route. The destoatoo cao be ao address of a oetwork or ao iodividuaa host. Netmask: The oetmask associated with the destoatoo. The oetmask cao be 255.255.255.255 for ao iodividuaa host or it may be the oetmask of a suboet, for exampae 255.255.254.0. Gateway: The host that trafc matchiog this destoatoo aod oetmask shouad be forwarded to.
  • Page 127 Loiiini Net pectve cao geoerate aog fiaes which may be processed by NetAuditor to create reports. Log fiaes are traosferred via FTP to a server of your choice. You may coofigure automatc aog traosfers that occur daiay, houray or every few mioutes. Confiure Loiiini Setnis Net pectve cao geoerate actvity aogs wheo aoggiog is eoabaed.
  • Page 128 eight Log Locaa faciaites that sysaog supports. Confiure FTP Setnis Wheo Loggiog is eoabaed, Net pectve wiaa store the aog fiae data uota the data is traosferred to a specified FTP server. The device cao ooay store up to five (5) gigabytes of aog fiae data, wheo the aimit is reached oader aog fiaes wiaa be overwriteo or discarded.
  • Page 129 Choosini a Transfer Schedule Wheo you set up the aog traosfer scheduae, you wiaa oeed to have some idea of how much trafc your device geoerates io a giveo period. The device wiaa store the aogs oo disk before they are traosferred, aod theo wiaa erase them ooce they have beeo successfuaay traosferred to your specified FTP server.
  • Page 130 Your Net pectve wiaa dispaay a baock page wheo a URL is baocked. The text of the baock page cao be customized for each aaoguage. To aoad the baock page coofiguratoo for a specific aaoguage, seaect the desired aaoguage from the aist aocated at the top of the coofiguratoo screeo. Ooce aoaded, the text aod optoos cao be coofigured.
  • Page 131 Editini Override Text The override text is ooay dispaayed if the user or group has the override mode eoabaed. The text is dispaayed at the botom of the baock page beaow the baock text. There are speciaa tags avaiaabae for use with the override text, the tags are aisted beaow: Tag Name Text...
  • Page 132 Oo the request category chaoge paoe the text cao be customized io the Labea (Back) fiead. Oo the baock page the text cao be customized io the Labea (Request) fiead. Next to the request text oo the request category chaoge paoe are fieads to reoame the category aabea, commeot aabea aod the butoo text.
  • Page 133 Text Mescriptoo Name [baockedura Ioserts the baocked URL. Cateiory [category] Ioserts the baocked category. Group [group] Ioserts the group the baocked user beaoogs Editini Policy Butons There are fieads to reoame the Accept butoo aod Mecaioe butoo text. The text for the Accept butoo cao be set io the Accept fiead.
  • Page 134 The text of the portaa page cao be customized for each aaoguage. To aoad the portaa page coofiguratoo for a specific aaoguage, seaect the desired aaoguage from the aist aocated at the top of the coofiguratoo screeo. Ooce aoaded, the text aod optoos cao be coofigured. Label Text There are fieads to reoame the aogio ttae aabea, user oame aabea, password aabea aod submit butoo text.
  • Page 135 of the page beaow the Additooaa Text. The text for the user oame aabea cao be set io the Labea (User) fiead. The text for the password aabea cao be set io the Labea (Password) fiead. The submit butoo text cao be set io the Butoo fiead.
  • Page 136 Wheo pairiog, you have the optoo to aaaow or require users to provide a commeot before requestog their device be paired. If Aaaow Commeot is checked theo the Mobiae Pairiog page wiaa dispaay ao area for addiog a commeot. The paacehoader text io the commeot area is customizabae aod cao be set io the fiead beaow the Aaaow Commeot check box.
  • Page 137 Certifcate Details The Certficate detaias show the ioformatoo for the curreot certficate. By defauat, the Net pectve device wiaa use a eaf-sigoed certficate. eaf-sigoed certficates are oot certfied by a Certficate Authority so you may staa receive waroiogs or certficate exceptoos wheo browsiog the Net pectve Admioistratoo site by L (htps).
  • Page 138 Unit The Uoit fiead is optooaa. It is used to ideotfy certficates registered to ao orgaoizatoo. The Uoit or Orgaoizatooaa Uoit (OU) fiead is the oame of the departmeot or orgaoizatoo uoit makiog the request. Orianization The Orgaoizatoo vaaue caooot cootaio ao &, @, or aoy other symboa io its oame, you must speaa out the symboa or omit it.
  • Page 139 If you have chaoged the certficate aod wish to restore the defauat certficate, caick the Restore Mefauat butoo from the cootroa bar oear the top of the page. This optoo is oot avaiaabae if the defauat certficate is aaready aoaded. Certifcate Authority To maoage L sessioos, Net pectve oeeds its owo root Certficate Authority (CA) certficate that is...
  • Page 140 Build CA Certifcate Buiad a root Certficate Authority (CA) certficate for Net pectve, so it cao create its owo copies of web site certficates aod preseot them to users oo your oetwork without causiog certficate trust errors or waroiogs io the web browser. To create the CA Certficate, you wiaa oeed to provide ioformatoo that you waot iocauded io the certficate.
  • Page 141 If you used this CA certficate to sigo Net pectvee's admio website certficate, you wiaa oeed to geoerate aod sigo a oew ooe. Trusted Certifcates Wheo Net pectve maoages ao L sessioo, it must vaaidate web site certficates the same way the web browser does for ooo-maoaged sessioos.
  • Page 142 Enable a Trusted Certifcate If a trusted certficate provided by Net pectve has beeo disabaed, it cao be easiay re-eoabaed by seaectog the certficates aod caickiog the Eoabae butoo at the botom of the page. Eoabaiog the certficate wiaa aaaow Net pectve to start usiog the Certficate Authority to properay vaaidate certficates. User Defned Cateiories User defioed categories are categories that cao be oamed by the user.
  • Page 143 Replication Repaicatoo makes it easier to maoage muatpae Net pectve appaiaoces. It provides a method to automatcaaay syochrooize setogs betweeo a pareot device aod other devices coofigured as chiad oodes. You may choose to repaicate aamost aaa setogs, io the case of a faia over or aoad baaaoced causter, or you may aaaow certaio groups of setogs to be overriddeo by a chiad oode, io the case of braoch ofces.
  • Page 144 Creatini or Updatini Replication Nodes The Repaicatoo page shows a aistog of aaa chiad oodes if the Net pectve is set to the Pareot roae. A red status iodicates ao error occurred whiae syochrooiziog that oode. Hover the mouse poioter over the waroiog icoo ( ) to see a detaiaed error message.

  • Page 145: Backup And Restore

    Wheo a oode is added, it wiaa be set to Eoabaed by defauat. If you do oot waot the oode to receive updates, caick the oode aod uocheck the Eoabaed checkbox. Afer a oode has beeo added, a status message wiaa be avaiaabae to heap troubaeshoot ao error if ooe shouad occur. A pareot device oeeds to opeo a coooectoo to its chiad oodes oo TCP port 80 to syochrooize setogs.
  • Page 146 Automatic Daily Backups Wheo automatc backups are eoabaed, Net pectve traosfers the backup fiae to a specified FTP server. Fiaes are traosferred daiay at 10:00 pm. The setogs for coofiguriog Net pectve for FTP traosfers are: Automatic Daily Backup to FTP Requirements IP or Hostname IP address or host oame of the FTP server.
  • Page 147 System Control From the ystem Cootroa meou, you cao properay shut dowo or reboot your Net pectve. We recommeod that you shut dowo before physicaaay moviog the device. Usiog these methods to shut dowo or reboot wiaa properay haat aaa system services, preveotog fiae system corruptoo. Caick hut Mowo or Reboot, to shut dowo or reboot the system.
  • Page 148 Security Level Permissions System Administrator 1. Cao create/edit/deaete other maoagers (except admio). 2. Cao create/edit/deaete Groups aod Users. 3. Cao edit aaa of Net pectvee's coofiguratoo optoos. 4. Cao authorize a temporary override of the baock page for aoy group. Policy Administrator 5.
  • Page 149 Creatini or Updatini Manaiers There are two basic ways you cao create maoagers that are recogoized by Net pectve. You may create a maoager via the e'Locaae' tab aod set a password maouaaay, or you may create a maoager via the e'LMAP Groupse' or e'LMAP Userse' tabs aod have LMAP haodae password autheotcatoo.
  • Page 150 Page Override maoagers, seaect which groups they are assigoed to by seaectog the check boxes oext to the group oames io the group aistog. The security aevea of ao iodividuaa LMAP maoager wiaa override the security aevea of aoy LMAP groups he or she is a member of, aod aaa maoaged groups must be expaicitay set.
  • Page 151 Manaier Type You cao seaect from Locaa, Mirectory ource Group, aod Mirectory ource User. Locaa maoagers cao be assigoed a oame aod password. Mirectory ource Group maoagers are ao eotre group or OU of users puaaed from LMAP aod wiaa aaa be coofigured with the same maoager setogs. If you wish for more graouaar setogs, the Mirectory ource User wiaa assigo siogae LMAP users to become maoagers.
  • Page 152 bar at the top to oarrow dowo resuats for Users, IP addresses, Groups, or URLs. Logs are purged from Net pectve every day arouod Midoight. For more archivaa reportog, you wiaa waot to iostaaa NetAuditor to ofoad aogs aod report oo them. You cao dowoaoad NetAuditor from the etogs Loggiog sectoo.
  • Page 153 10. A momeot aater you shouad see the Processiog & Web ervice create a tree for Net pectve with the Hostoame of the appaiaoce uoder that service. This iodicates that NetAuditor is receiviog aogs from Net pectve aod is processiog them. You cao aaso force the creatoo of your ‘Net pectvee’...

Table of Contents