M86 Web Filter and Reporter INSTALLATION GUIDE Models: 350, 550 Software Version: 2.0.10 Document Version: 06.22.10...
Page 2
Every effort has been made to ensure the accuracy of this document. However, M86 Security makes no warranties with respect to this documentation and disclaims any implied warranties of merchantability and fitness for a particular purpose. M86 Security shall not be liable for any error or for incidental or consequential damages in connec- tion with the furnishing, performance, or use of this manual or the examples herein.
PPLIANCE NTRODUCTION About this Document...................... 2 Conventions Used in this Document................2 ..................3 ERVICE NFORMATION M86 Security Corporate Headquarters (USA)............... 3 M86 Security Taiwan....................... 3 Procedures........................3 ..............4 RELIMINARY ETUP ROCEDURES Unpack the Unit from the Carton................... 4 Select a Site for the Server.....................
Page 4
ONTENTS Power up a 300 Series Model ..................17 Power up a 500 Series Model ..................17 HyperTerminal Setup Procedures ..................18 Login screen ........................... 21 Quick Start menu screen ......................21 Quick Start menu: administration menu ................. 22 Change filtering mode ..................... 23 Configure network interface LAN1 ...................
Page 5
ONTENTS Enterprise Reporter registration, Save settings ............... 43 Step 4: Generate SSL Certificate................. 44 Generate a Self-Signed Certificate for the WFR ..............44 IE Security Certificate Installation Procedures ............... 46 Accept the Security Certificate in IE ................46 Windows XP or Vista with IE 7 or 8................46 Windows 7 with IE 8....................
Page 7
ONTENTS Step A: Create a custom category group ..............104 Step B: Run a report for a specified category group .............104 V. Create a custom user group and generate reports ............105 Step A: Create a custom user group ................105 Step B: Generate a report for a custom user group ............105 Summary Report ......................105 Detail Report ......................106 MPORTANT...
Page 8
ONTENTS viii M86 S ECURITY NSTALLATION UIDE...
M86’s Web Filtering and Reporting Suite (WFR) consists of the best in breed of the M86 Professional Edition, consolidated into one unit. M86 Security’s Web Filter offers an enhanced solution for Internet filtering on a network. The Web Filter tracks each user’s online activity, and can be configured...
• Introduction - This section is comprised of an overview of the WFR product and how to use this document • Service Information - This section provides M86 Security contact information • Preliminary Setup Procedures - This section includes instructions on how to physically set up the WFR appliance in your network environment •...
The user should not attempt any maintenance or service on the unit beyond the procedures outlined in this document. Any initial hardware setup problem that cannot be resolved at your internal organi- zation should be referred to an M86 Security solutions engineer or technical support representative. M86 Security Corporate Headquarters (USA) Local 714.282.6111...
Carefully unpack the unit from the carton and verify that all accessories are included. Save all packing materials in the event that the unit needs to be returned to M86 Security. The carton should contain the following items: • 1 Web Filter and Reporter appliance (WFR) •...
RELIMINARY ETUP ROCEDURES ELECT A ITE FOR THE ERVER Select a Site for the Server The server operates reliably within normal office environmental limits. Select a site that meets the following criteria: • Clean and relatively free of excess dust. •...
RELIMINARY ETUP ROCEDURES OUNT THE ERVER Rack Mount the Server Rack Setup Precautions WARNING: Before rack mounting the server, the physical environment should be set up to safely accommodate the server. Be sure that: • The weight of all units in the rack is evenly distributed. Mounting of the equip- ment in the rack should be such that a hazardous condition is not achieved due to uneven mechanical loading.
RELIMINARY ETUP ROCEDURES OUNT THE ERVER Rack Mount Instructions for 500 Series Servers Rack Setup Suggestions • Determine the placement of each component in the rack before you install the rails. • Install the heaviest server components on the bottom of the rack first, and then work up.
RELIMINARY ETUP ROCEDURES OUNT THE ERVER Install the Slide Assemblies to the Rack 1. After you have installed the short and long brackets to the outer slides, you are ready to install the whole slide assemblies (outer slides with short and long brackets attached) to the rack.
RELIMINARY ETUP ROCEDURES OUNT THE ERVER Install the Chassis into the Rack 1. Push the inner slides, which are attached to the chassis, into the grooves of the outer slide assemblies that are installed in the rack as shown below: 2.
RELIMINARY ETUP ROCEDURES OUNT THE ERVER Install the Bezel on the 500 Series Chassis After rack mounting a 500 series server, the bezel should be installed on the front end of the chassis. NOTE: This portion of the installation process requires you to unpack the bezel. The bezel has been packaged separately from the unit to prevent damage during shipping.
• In geographic regions that are susceptible to electrical storms, M86 Security highly recommends plugging the AC power cord for the server into a surge suppressor.
WARNING: If the server is used in a manner not specified by the manufacturer, the protec- tion provided by the server may be impaired. WARNING: M86 Security is not responsible for regulatory compliance of any server that has been modified. Altering the server’s enclosure in any way other than the installation operations specified in this document may invalidate the server’s safety certifications.
RELIMINARY ETUP ROCEDURES ENERAL AFETY NFORMATION AC Power Cord and Cable Precautions WARNING: • The AC power cord for the server must be plugged into a grounded, power outlet. • Do not modify or use a supplied AC power cord if it is not the exact type required in the region where the server will be installed and used.
RELIMINARY ETUP ROCEDURES ENERAL AFETY NFORMATION Motherboard Battery Precautions CAUTION: The battery on the motherboard should not be replaced without following instruc- tions provided by the manufacturer. Only qualified service personnel should replace batteries. The battery contains energy and, as with all batteries, a malfunction can cause heat, smoke, or fire, release toxic materials, or cause burns.
1: S NSTALL THE ERVER ETUP ROCEDURES NSTALL THE ERVER Step 1: Setup Procedures This step requires you to set up parameters for the WFR to function on the network. You have the option of using the text-based Quick Start setup procedures described in Step 1A, or the LCD panel setup procedures described in Step 1B.
1A: Q NSTALL THE ERVER UICK TART ETUP ROCEDURES Step 1A: Quick Start Setup Procedures Link the Workstation to the WFR Monitor and Keyboard Setup A. Connect the PC monitor and keyboard cables to the rear of the WFR chassis. B.
1A: Q NSTALL THE ERVER UICK TART ETUP ROCEDURES Power on the WFR Power up a 300 Series Model A. Make sure the power adapter is plugged into the back of the chassis and connected to the power cord. B. Plug the power cord into a power source with an appropriate rating. WARNING: It is strongly suggested you use an uninterruptible power supply.
1A: Q NSTALL THE ERVER UICK TART ETUP ROCEDURES HyperTerminal Setup Procedures If using a serial console, follow these procedures on a Windows XP machine to create a HyperTerminal session. NOTE: HyperTerminal is no longer included with Windows as of Microsoft’s Vista system. Please note on Microsoft’s Web page “What happened to HyperTerminal?”...
Page 27
1A: Q NSTALL THE ERVER UICK TART ETUP ROCEDURES C. At the Connect using field, select the COM port assigned to the serial port on the laptop (probably “COM1”), and then click OK to open the Properties dialog box, displaying the Port Settings tab: D.
Page 28
1A: Q NSTALL THE ERVER UICK TART ETUP ROCEDURES F. In the HyperTerminal session window, go to File > Properties to open the Prop- erties dialog box, displaying the Connect To and Settings tabs: G. Click the Settings tab, and at the Emulation menu select “VT100”. H.
1A: Q NSTALL THE ERVER UICK TART ETUP ROCEDURES Login screen The login screen displays after powering on the WFR using a monitor and keyboard, or after creating a HyperTerminal session. NOTES: If using a HyperTerminal session, the login screen will display with black text on a white background.
1A: Q NSTALL THE ERVER UICK TART ETUP ROCEDURES Quick Start menu: administration menu A. At the Press the number of your selection prompt, press 2 to select the “Quick Start Setup” process. The Quick Start menu takes you to the following configuration screens to make entries: •...
1A: Q NSTALL THE ERVER UICK TART ETUP ROCEDURES Change filtering mode A. From the Quick Start menu, press 3 to go to the Filter mode configuration screen. B. Select a filter mode (Invisible, Router, or Firewall) using up-arrow and down- arrow keys.
1A: Q NSTALL THE ERVER UICK TART ETUP ROCEDURES Configure host name A. From the Quick Start menu, press 8 to go to the Configure host name screen. B. At the Enter host name prompt, type in the host name and press Enter. C.
1A: Q NSTALL THE ERVER UICK TART ETUP ROCEDURES Non-Quick Start procedures or settings The options described below do not pertain to the quick start setup process. Reboot system A. From the Quick Start menu, press B to go to the Reboot confirmation screen. B.
1A: Q NSTALL THE ERVER UICK TART ETUP ROCEDURES System Status screen The System Status screen contains the following information: • Operation Mode for the Web FIlter specified in screen 3 (Change filtering mode) • Capturing Interface specified in screen 4 or 5 (Configure network interface LAN1 or LAN2) •...
1B: LCD P NSTALL THE ERVER ANEL ETUP ROCEDURES Step 1B: LCD Panel Setup Procedures LCD Panel A. Connect the AC power cord(s) to the back of the chassis and plug the cord(s) into a UPS power supply unit. B. Power on the server following the instructions at Step 1A: Quick Start Setup Procedures, Power on the WFR.
1B: LCD P NSTALL THE ERVER ANEL ETUP ROCEDURES M86 menu When the M86 menu option is selected from the LCD Menu tree, the following menu items display in the panel, the entire list which is viewable by using the navi- gation keys: •...
1B: LCD P NSTALL THE ERVER ANEL ETUP ROCEDURES WF Filter Mode When the WF Filter Mode option is selected, the WF Filter Mode screen displays. A. At the Mode field, use the left / right arrow keys to view and choose from the available options: Invisible, Router, Firewall.
1B: LCD P NSTALL THE ERVER ANEL ETUP ROCEDURES DNS 1 and 2 When the DNS 1 (2) option is selected, the DNS 1 (2) screen displays with the Configure DNS IP 1 (2) menu item. A. Choose Configure DNS IP 1 (2) and press the checkmark / ENTER key to go to the Configure DNS IP 1 (2) screen.
1B: LCD P NSTALL THE ERVER ANEL ETUP ROCEDURES TAR GUI Wizard User When the TAR GUI Wizard User option is selected, the TAR GUI Wizard User screen displays with two menu selections: • Choose Change User to reset the username for accessing the Threat Analysis Reporter login window (this is the username entered and saved during the TAR Wizard process) and to return to the main menu.
1B: LCD P NSTALL THE ERVER ANEL ETUP ROCEDURES Reboot When the Reboot option is selected, the Reboot screen displays with two menu items. A. Choose one of two options: • Yes, reboot now!!! - This selection reboots the WFR. •...
1B: LCD P NSTALL THE ERVER ANEL ETUP ROCEDURES LCD Options menu When “LCD Options >” is selected, the following menu items display on the screen: Heartbeat, Backlight, LCD Controls >. Make a selection from the menu, and press the checkmark / ENTER key to go to that screen. Heartbeat When the Heartbeat option is selected, the Heartbeat screen displays.
2: P NSTALL THE ERVER HYSICALLY ONNECT THE NIT TO THE ETWORK Step 2: Physically Connect the Unit to the Network Now that your WFR network parameters are set, you can physically connect the unit to your network. This step requires two standard CAT-5E cables. A.
‘x’ represents an octet—and then press Enter.) • If pinging the IP address of the WFR is unsuccessful, try restarting the network service or rebooting the WFR. • If still unsuccessful, contact an M86 Security solutions engineer or technical support representative. M86 S...
3: R NSTALL THE ERVER EGISTER THE AND ITS PPLICATIONS Accept the Security Certificate in Firefox A. If using a Firefox browser, in the page “This Connection is Untrusted,” click the option I Understand the Risks: B. In the next set of instructions that display, click Add Exception...: Clicking Add Exception opens the Add Security Exception window: M86 S ECURITY...
Page 45
3: R NSTALL THE ERVER EGISTER THE AND ITS PPLICATIONS C. In the Add Security Exception window, click Get Certificate and wait a few seconds until the security certificate is obtained by the server. D. With the checkbox Permanently store this exception selected, click Confirm Security Exception to open the WFR Welcome window: Proceed to Accept the End User License Agreement.
3: R NSTALL THE ERVER EGISTER THE AND ITS PPLICATIONS Temporarily Accept the Security Certificate in IE If using an IE browser, in the page “There is a problem with this website's security certificate.”, click Continue to this website (not recommended): Selecting this option displays the WFR Welcome window with the address field and the Certificate Error button to the right of the field shaded a reddish color: Proceed to Accept the End User License Agreement.
3: R NSTALL THE ERVER EGISTER THE AND ITS PPLICATIONS Accept the Security Certificate in Safari A. If using a Safari browser, the pop-up window "Safari can't verify the identity of the website..." opens: Click Show Certificate to open the certificate information box at the bottom of this window: B.
3: R NSTALL THE ERVER EGISTER THE AND ITS PPLICATIONS Accept the End User License Agreement A. In the WFR Welcome window, click the TAR icon: After clicking the TAR icon—and accepting a security exception for the TAR application, if necessary—the EULA Agreement dialog box opens: B.
3: R NSTALL THE ERVER EGISTER THE AND ITS PPLICATIONS Log in to the Threat Analysis Reporter Wizard A. In the Username field of the Login window, type in the username specified in the Configure setup wizard user screen of the Quick Start Setup Procedures (Step 1A), or the TAR GUI Wizard screen in LCD Panel Setup Procedures (Step 1B): B.
3: R NSTALL THE ERVER EGISTER THE AND ITS PPLICATIONS Use the TAR Wizard to Specify Application Settings Enter Main Administrator Criteria A. Enter the Username the global administrator will use when logging into the Threat Analysis Reporter Administrator console. The global administrator has the highest level of permissions in all user applications in WFR.
3: R NSTALL THE ERVER EGISTER THE AND ITS PPLICATIONS Setup Criteria for an Additional Web Filter NOTE: This section of the wizard can be skipped unless there is an additional Web Filter to be used with the WFR. A. Enter the Server Name of the Web Filter to be used with the Threat Analysis Reporter, which is any name you wish to associate with that Web Filter.
4: G SSL C NSTALL THE ERVER ENERATE ERTIFICATE Step 4: Generate SSL Certificate Generate a Self-Signed Certificate for the WFR This step requires you to generate a self-signed certificate so your browser will recognize the WFR as an accepted device. A.
Page 53
4: G SSL C NSTALL THE ERVER ENERATE ERTIFICATE D. Go to the bottom left corner of the Device Registry screen and click Generate SSL Certificate to open the Generate Self-Signed Certificate dialog box with the following message: "Generation of a self-signed certificate might take a long time.
4: G SSL C NSTALL THE ERVER ENERATE ERTIFICATE IE Security Certificate Installation Procedures Accept the Security Certificate in IE Go to the appropriate sub-section if using the following Windows operating system and IE browser: • Windows XP or Vista with IE 7 or 8 •...
Page 55
4: G SSL C NSTALL THE ERVER ENERATE ERTIFICATE Figure A2: Windows XP, IE 7 B. Click Certificate Error to open the Certificate Invalid pop-up box: Figure B: Windows XP, IE 7 C. Click View certificates to open the Certificate window that includes the host name you assigned to the WFR: M86 S ECURITY...
Page 56
4: G SSL C NSTALL THE ERVER ENERATE ERTIFICATE Figure C: Windows XP, IE 7 D. Click Install Certificate... to launch the Certificate Import Wizard: Figure D: Windows XP, IE 7 E. Click Next > to display the Certificate Store page: Figure E: Windows XP, IE 7 M86 S ECURITY...
Page 57
4: G SSL C NSTALL THE ERVER ENERATE ERTIFICATE F. Choose the option “Place all certificates in the following store” and then click Browse... to open the Select Certificate Store pop-up box: Figure F: Windows XP, IE 7 G. Choose “Trusted Root Certification Authorities” and then click OK to close the pop-up box.
4: G SSL C NSTALL THE ERVER ENERATE ERTIFICATE Now that the security certificate is installed, you will need to map the WFR’s IP address to its host name. Proceed to Map the WFR’s IP Address to the Server’s Host Name. Windows 7 with IE 8 A.
4: G SSL C NSTALL THE ERVER ENERATE ERTIFICATE Now that the security certificate is installed, you will need to map the WFR’s IP address to its host name. Proceed to Map the WFR’s IP Address to the Server’s Host Name. Map the WFR’s IP Address to the Server’s Host Name A.
Page 60
4: G SSL C NSTALL THE ERVER ENERATE ERTIFICATE C. Enter a line in the hosts file with the WFR’s IP address and its host name—the latter entered during the Configure host name screen of the Quick Start Setup Procedures (Step 1A), or the Host Name screen in LCD Panel Setup Proce- dures (Step 1B)—and then save and close the file.
B. The connections should be blocked, and the block pages served by the Web Filter should display in the browser’s Address field. If you do not receive a block page for each tested URL, contact an M86 Security solutions engineer or tech- nical support representative.
Web Filter library updates. Library updates are critical for filtering as new sites are added to the M86 Security library each day. To activate updates, visit the M86 Security Web site and enter the activation code that was issued to you by e-mail (also included on the product invoice).
6: S NSTALL THE ERVER IBRARY PDATES Log in to the Web Filter A. In the WFR Welcome window, click the icon corresponding to Web Filter: After clicking the Web Filter icon—and accepting a security exception for the Web Filter application, if necessary—the Web Filter Administrator console login window opens: B.
6: S NSTALL THE ERVER IBRARY PDATES Perform a Complete Library Update Your WFR was shipped with the latest Web Filter library update for the current soft- ware release. However, as new updates continually become available, before you begin using the Web Filter you must perform a complete library update to ensure you have the latest library updates.
6: S NSTALL THE ERVER IBRARY PDATES Monitor the Library Update Process To verify that the library is being updated: A. From the navigation panel, click Updates and select Library Update Log from the menu. B. In the Library Update Log window, click View Log to display the update activity: NOTE: You will be notified in the log when the library has been completely updated by the message: “Full URL Library Update has completed.”...
7: S NSTALL THE ERVER ONITORING Step 7: Set Self-Monitoring A. In the WFR Welcome window, click the icon corresponding to Enterprise Reporter Administration Module: After clicking the ER Admin Module icon—and accepting a security exception for the ER Admin Module application, if necessary—the ER Administrator console login window opens: B.
Page 67
7: S NSTALL THE ERVER ONITORING NOTE: On a new server, the ER Status pop-up window opens after you log in to the user interface of the ER Administration Module. This pop-up window will continue to open each time you log in until the ER is no longer in the evaluation mode. See the section Important Information about using the ER in the Evaluation Mode for more details about the evalua- tion mode.
8: V NSTALL THE ERVER ERIFY ILTER RANSFER Step 8: Verify Web Filter Log Transfer To verify that the Web Filter is sending logs to the ER Administrator Module: A. Access the ER Administrator console. B. Go to the Database pull-down menu and choose Tools to display the Tools screen: C.
NSTALL THE ERVER INGLE CCESS EFAULT SERNAME ASSWORD Single Sign-On Access, Default Username/Password Access WFR Applications from the TAR User Interface By logging in to the Threat Analysis Reporter using the TAR Wizard username and password, the Web Filter, ER Web Client, and ER Administrator console are accessible to you via the TAR user interface.
NOTE: If you cannot view reports, or if your specific environment is not covered in the WFR User Guide, contact an M86 Security solutions engineer or technical support repre- sentative. Port 22 (SSH) and Port 3306 (SQL) must be open on your network to allow access by remote technical support.
ILTERING AND EPORTING RACTICES ILTERING AND EPORTING RACTICES This Best Filtering and Reporting Practices section is provided to help you get started using the Web Filter, Threat Analysis Reporter, and Enterprise Reporter Web Client applications. Each of these applications has its own sub-section with scenarios for configuring and using basic tools in the user interface of each product.
User Guide for pages containing detailed, step-by-step instructions on configuring and/or using the tools and features described in that scenario. M86 Security’s filtering library currently consists of 104 library filtering categories, each placed in one of the 20 filtering category groups defined in the interface: Adult...
ILTERING AND EPORTING RACTICES ILTER SAGE CENARIOS I. Threats/Liabilities 1. Category block Block categories that threaten your network/organization. In pertinent profiles, block access to the Security category group and other categories containing content that threaten your organization. To block categories in a profile, go to: •...
ILTERING AND EPORTING RACTICES ILTER SAGE CENARIOS 4. Custom Lock, Block, Warn, X Strikes, Quota pages Customize a lock, block, warning, X Strikes, or quota page. Modify page contents to point to a URL within your organization, send a request to your admin- istrator’s email address, or include verbiage of your choice that informs users of their Internet usage activities that triggered the page.
ILTERING AND EPORTING RACTICES ILTER SAGE CENARIOS 7. Custom Category (blocked) Add a category to block content that could endanger your network/organiza- tion. Create a custom category with contents tailored to safeguard your organiza- tion. Block this category in appropriate profiles. To set up a custom category and block it, go to: •...
ILTERING AND EPORTING RACTICES ILTER SAGE CENARIOS 10. Exception URL bypass Use exception URLs to grant users access to URLs blocked at the root. To grant users access to globally-blocked URLs, enable the exception URL bypass option in the Minimum Filtering Level. For these users, add the exception URLs in their profiles.
ILTERING AND EPORTING RACTICES ILTER SAGE CENARIOS II. Bandwidth/Productivity 1. Time Quota/Hit Quota Limit time spent in PASSED categories to prevent excessive bandwidth usage and increase productivity. Enable the Quota Settings feature, and configure the Seconds Per Hit. Set up pertinent categories in the user’s profile with quotas so the user is notified and then locked out of those categories after all minutes in the quota have been used.
ILTERING AND EPORTING RACTICES ILTER SAGE CENARIOS 4. Warn option with low filter settings Warn users before they access unacceptable content that their Internet activities are logged. Set HTTPS filtering at the “low” level, and then configure the number of minutes for the interval the warning page will re-display for any user who attempts to access content deemed unacceptable.
ILTERING AND EPORTING RACTICES ILTER SAGE CENARIOS 7. IM patterns Block IM services. Enable Pattern Blocking for all users. In the profile, block Internet Communication > Chat and Instant Messaging (IM) categories. To block IM services, go to: • SYSTEM: System > Control > Filter window •...
ILTERING AND EPORTING RACTICES ILTER SAGE CENARIOS 10. Remote Access patterns Block remote access patterns. Enable Pattern Blocking for all users. In the profile, block Internet Productivity > Remote Access category. To block remote access patterns, go to: • SYSTEM: System > Control > Filter window •...
ILTERING AND EPORTING RACTICES ILTER SAGE CENARIOS 13. Rule block Use a rule to block the Bandwidth category. Create a rule that blocks the Band- width category and apply this rule to pertinent profiles. To create and block a rule for the Bandwidth category, go to: •...
ILTERING AND EPORTING RACTICES ILTER SAGE CENARIOS 16. Custom Block/Warn/X Strikes/Quota pages Customize a block, warning, X Strikes, or quota pages. Modify page contents to point to a URL within your organization, send a request to your administrator’s email address, or include verbiage of your choice that informs users of their Internet usage activities that triggered the page.
ILTERING AND EPORTING RACTICES ILTER SAGE CENARIOS III. General/Productivity 1. Warn Feature with higher thresholds Warn users before they access unacceptable content. Set HTTPS filtering at the “high” level to block certificates that may be questionable. Configure Warning settings. In the end user’s profile, apply the warn option to pertinent categories. The end user may not be able to access all requested sites due to high settings, and will receive the warning message for excessive Internet usage.
ILTERING AND EPORTING RACTICES ILTER SAGE CENARIOS 3. Time Quota/Hit Quota Limit time spent in PASSED categories to increase productivity. Enable the Quota Settings feature, and configure the Seconds Per Hit. Set up pertinent cate- gories in the user’s profile with quotas so the user is notified and then locked out of those categories after all minutes in the quota have been used.
ILTERING AND EPORTING RACTICES ILTER SAGE CENARIOS 6. Customize an M86 Supplied Category Include region-specific content in an M86 Supplied category. Add/delete content to/from an existing M86 Supplied Category that only includes content perti- nent to your organization or region that should be blocked. Apply this category to a profile.
ILTERING AND EPORTING RACTICES ILTER SAGE CENARIOS IV. Pass/Allow 1. Always Allow Custom Category Create a white list custom category. Set up an Always Allow category and add all URLs deemed acceptable. Apply this category to all pertinent profiles. Please keep in mind that if any library category in this list is set up to be blocked in the Minimum Filtering Level, the Minimum Filtering Level setting will override the entry in the Always Allow custom category.
ILTERING AND EPORTING RACTICES ILTER SAGE CENARIOS 4. Override Accounts Set up override accounts to grant specified users access to URLs blocked for general users. Enable the option to bypass the Minimum Filtering Level using an override account. Create the override account profile, including the accessible categories.
ILTERING AND EPORTING RACTICES HREAT NALYSIS EPORTER SAGE CENARIOS Threat Analysis Reporter Usage Scenarios This collection of setup and usage scenarios is designed to help you understand and use basic tools in the console for enforcing your Internet usage policy. Each scenario is followed by console setup information.
• Admin Trails - view a list of alert records for the most recent time period • Device Registry - view information about devices connected to the WFR, edit M86 Security appliance criteria, add or delete a Web Filter from the device registry, generate an SSL certificate for the WFR server, and synchronize the Threat Analysis Reporter user groups and library categories •...
ILTERING AND EPORTING RACTICES HREAT NALYSIS EPORTER SAGE CENARIOS • Admin Groups - set permissions so that an administrator in your group will only be able to access areas of the Threat Analysis Reporter console that you specify • User Groups - manage user groups whose activity will be monitored by gauges •...
Page 91
ILTERING AND EPORTING RACTICES HREAT NALYSIS EPORTER SAGE CENARIOS 2. Find the threat with the highest score, and click that score to open the Threat View User panel: Note the left side of this panel is populated with rows of records for Threats affected by the selected end user.
ILTERING AND EPORTING RACTICES HREAT NALYSIS EPORTER SAGE CENARIOS Step B: Investigate a user’s activity in a specified gauge 1. To find out which URLs the top end user visited in the library category associ- ated with the high-scoring threat, select the Threat with the highest score and then click it to display a list of URLs the user visited in the right side of this panel: 2.
ILTERING AND EPORTING RACTICES HREAT NALYSIS EPORTER SAGE CENARIOS Step C: Investigate the user’s Internet activity in other gauges 1. To find out which other gauges the same user is currently affecting, return to the Gauge Ranking table by going to the lower left corner of the Threat View User panel and clicking the Back button.
ILTERING AND EPORTING RACTICES HREAT NALYSIS EPORTER SAGE CENARIOS 4. To find out which URLs the user is viewing in a particular library category, choose the category from the list, and then click the URL in the URLs list (see Step B1).
ILTERING AND EPORTING RACTICES HREAT NALYSIS EPORTER SAGE CENARIOS In the WFR User Guide index, see: • How to: access the Add/Edit Gauges panel Step B: Add a URL Gauge 1. Click New Gauge at the bottom left of the panel to open the URL Gauge panel: 2.
Page 96
ILTERING AND EPORTING RACTICES HREAT NALYSIS EPORTER SAGE CENARIOS 5. From the Available User Groups list, select the user group to highlight it. 6. Click add > to move the user group to the Assigned User Groups list box. 7. After adding users, click Save at the bottom right of the panel to return to the Add/Edit Gauges panel that now includes the name of the gauge you just added: In the WFR User Guide index, see:...
ILTERING AND EPORTING RACTICES HREAT NALYSIS EPORTER SAGE CENARIOS Now that you know the basics of creating a gauge, you will soon be able to create and use gauges to monitor various groups of users who frequent URLs in library categories you wish to restrict, and deal in real time with Internet usage issues that endanger your network and/or consume an excessive amount of bandwidth resources.
Page 98
ILTERING AND EPORTING RACTICES HREAT NALYSIS EPORTER SAGE CENARIOS 3. Click New Alert to open a panel that displays the Alert Information frame to the left and the greyed-out target panel to the right containing the Email Addresses and Low Lockout Components accordions: 4.
ILTERING AND EPORTING RACTICES HREAT NALYSIS EPORTER SAGE CENARIOS • Email - An email alert notifies a group administrator via email if an end user has reached the threshold limit set up in a gauge alert. • System Tray - A TAR Alert message notifies a group administrator via his/ her workstation’s System Tray if an end user has reached the threshold limit set up in a gauge alert.
ILTERING AND EPORTING RACTICES HREAT NALYSIS EPORTER SAGE CENARIOS In the WFR User Guide index, see: • How to: set up email alert notifications in TAR Step D: Receiving an email alert When an end user’s activity in a gauge reaches the threshold limit established for an alert, it triggers an alert notification.
ILTERING AND EPORTING RACTICES NTERPRISE EPORTER SAGE CENARIOS Enterprise Reporter Usage Scenarios This collection of reporting scenarios is designed to help you use the ER Web Client to create typical snapshots of end user Internet activity. Each scenario is followed by Client setup information. Please consult the “How to” section in the index of the WFR User Guide for pages containing detailed, step-by-step instruc- tions on configuring and/or using the tools and features described in that scenario.
ILTERING AND EPORTING RACTICES NTERPRISE EPORTER SAGE CENARIOS Step B: Further investigate using a Summary Drill Down Report Now you will use a Drill Down Report to find out which user(s) are visiting sites in the category you’ve targeted for investigation. From the top panel, go to Drill Down Reports >...
ILTERING AND EPORTING RACTICES NTERPRISE EPORTER SAGE CENARIOS Step C: Create a New Report using yesterday’s date scope 1. At the top of the Summary Drill Down Report view, click the New Report button to open the Drill Down Report pop-up window: 2.
ILTERING AND EPORTING RACTICES NTERPRISE EPORTER SAGE CENARIOS After executing the last command, note that user IP addresses now display in the first column of the report view instead of categories. In the WFR User Guide index, see: • How to: use filter columns and buttons For the last step of this exercise, you will select a user from the current Summary Drill Down Report view and then drill down further to see which URLs that user visited, thereby creating a Detail Drill Down Report view.
ILTERING AND EPORTING RACTICES NTERPRISE EPORTER SAGE CENARIOS Note that the Detail Drill Down Report view contains columns of information pertaining to the user’s machine and setup on the network, sites visited, cate- gorized URLs, and clickable links to access pages the user viewed. 2.
ILTERING AND EPORTING RACTICES NTERPRISE EPORTER SAGE CENARIOS 2. To find out which sites were visited in a popular category, target the category and then click the Category/Sites filter button corresponding to that category to create a double-break report view: Note that URLs/IP addresses of sites users visited in the category now display in the first column of the modified report view, instead of category names.
ILTERING AND EPORTING RACTICES NTERPRISE EPORTER SAGE CENARIOS In the WFR User Guide index, see: • How to: modify a Drill Down Report • How to: display only a specified number of records Step C: Export the report view in the .PDF output format 1.
Page 108
ILTERING AND EPORTING RACTICES NTERPRISE EPORTER SAGE CENARIOS The generated .PDF file for the report includes a list of the top 10 Sites records for the selected category, as well as the following counts for each record in the report: IP, User, Page, Object, Time (HH:MM:SS), Hit, and Blocked Hits. The Grand Total and total Count display at the end of the report.
ILTERING AND EPORTING RACTICES NTERPRISE EPORTER SAGE CENARIOS III. Save and schedule a report exercise In this exercise you will learn how to save a report view and then create a schedule for running a report on a regular basis using criteria specified for that report. While a Summary Drill Down Report is used in this exercise, these steps also apply to a Detail Drill Down Report.
ILTERING AND EPORTING RACTICES NTERPRISE EPORTER SAGE CENARIOS NOTE: Saved reports can be edited at any time. These reports are accessed by going to Custom Reports, selecting Saved Custom Reports, and then choosing the report from the Report Name drop-down menu. In the WFR User Guide index, see: •...
Page 111
ILTERING AND EPORTING RACTICES NTERPRISE EPORTER SAGE CENARIOS In the WFR User Guide index, see: • How to: schedule a report to run You have now learned how to save a report and schedule a recurring event for running this report. Reports created for a variety of purposes can be scheduled to run on different dates and times to capture records of specified user activity as necessary.
ILTERING AND EPORTING RACTICES NTERPRISE EPORTER SAGE CENARIOS IV. Create a custom category group and generate reports After you’ve run a few summary and detail reports for the top visited categories, you might want to generate reports targeting specified categories only. To do so, you must first create a custom category group.
ILTERING AND EPORTING RACTICES NTERPRISE EPORTER SAGE CENARIOS V. Create a custom user group and generate reports In addition to running reports for various custom category groups, you might want to create one or more custom user groups and run reports for these user groups. NOTE: In order to generate reports for a custom user group, the user group must be created a day in advance, since the list of users is updated each day automatically based on group definitions and latest usage data.
ILTERING AND EPORTING RACTICES NTERPRISE EPORTER SAGE CENARIOS Detail Report Specific User Detail by Page/Object - To use this option, choose Custom Reports from the left panel, select Custom Report Wizard, and then specify Specific User Detail by Page/Object. Click the Next button, choose the User Group name, and then click the View Drill Down Results button to generate the report.
MPORTANT NFORMATION ABOUT USING THE IN THE VALUATION VALUATION MPORTANT NFORMATION ABOUT USING THE VALUATION In the evaluation mode, the Expiration screen in the ER Administrator console and the ER Server Statistics window in the ER Web Client will display and function differently than they do in the activated (standard) mode (described respectively in the ER Administrator Section and ER Web Client Section of the WFR User Guide).
ER W , ER S MPORTANT NFORMATION ABOUT USING THE IN THE VALUATION LIENT ERVER NFORMATION INDOW ER Web Client, ER Server Information Window In the ER Server Information window, the note “*Evaluation Mode Enabled” displays above the ER Activity frame. To the right of this note, the Server Info button displays.
LED I 500 S NDICATORS AND UTTONS RONT ONTROL ANEL ON ERIES LED I NDICATORS AND UTTONS Front Control Panel on 500 Series Unit Control panel buttons, icons, and LED indicators display on the right side of the 500 series model front panel. The buttons let you perform a function on the unit, while an LED indicator corresponding to an icon alerts you to the status of that feature on the unit.
LED I 300 S NDICATORS AND UTTONS RONT ONTROL ANEL ON A ERIES Front Control Panel on a 300 Series Unit In addition to executing functions listed in the LCD panel menu, the keypad on the front of the server is also used for performing basic server functions. •...
(500 S EGULATORY PECIFICATIONS AND ISCLAIMERS ERIES ECLARATION OF THE ANUFACTURER OR MPORTER EGULATORY PECIFICATIONS AND ISCLAIMERS (500 S ERIES Declaration of the Manufacturer or Importer Safety Compliance USA: UL 60950-1 1st ed. 2007 Europe: Low Voltage Directive (LVD) 2006/95/EC to CB Scheme IEC 60950-1: 2001 Canada CSA C22.2 No.
ECLARATION OF THE ANUFACTURER OR MPORTER EC Declaration of Conformity European Community Directives Requirement (CE) Declaration of Conformity Manufacturer’s Name: M86 Security 828 W. Taft Avenue Manufacturer’s Address: Orange, CA 92865 Application of Council Directive(s): Low Voltage • 2006/95/EC • 2004/108/EC...
Page 123
NDEX Save Report 101 SE Keywords 73 Search Engine Keywords 66 serial port cable 15 shut down 32 300 series server 110 500 series server 109 Streaming Media patterns 71 Summary Drill Down Report 94 TAR GUI Wizard User 24 Threats/Liabilities 65 Time Based Profiles 69 Time Quota/Hit Quota 69...