1. Manuals
  2. Brands
  3. M86 Security Manuals
  4. Network Hardware
  5. 350
  6. Installation manual

M86 Security 350 Installation Manual

M86 web filter and reporter
Hide thumbs Also See for 350:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Installation Manual
M86 Web Filter and Reporter

INSTALLATION GUIDE

Models: 350, 550
Software Version: 2.0.10
Document Version: 06.22.10

Advertisement

Table of Contents
loading

Related Manuals for M86 Security 350

Summary of Contents for M86 Security 350

  • Page 1: Installation Guide

    M86 Web Filter and Reporter INSTALLATION GUIDE Models: 350, 550 Software Version: 2.0.10 Document Version: 06.22.10...
  • Page 2 Every effort has been made to ensure the accuracy of this document. However, M86 Security makes no warranties with respect to this documentation and disclaims any implied warranties of merchantability and fitness for a particular purpose. M86 Security shall not be liable for any error or for incidental or consequential damages in connec- tion with the furnishing, performance, or use of this manual or the examples herein.

  • Page 3: Table Of Contents

    PPLIANCE NTRODUCTION About this Document...................... 2 Conventions Used in this Document................2 ..................3 ERVICE NFORMATION M86 Security Corporate Headquarters (USA)............... 3 M86 Security Taiwan....................... 3 Procedures........................3 ..............4 RELIMINARY ETUP ROCEDURES Unpack the Unit from the Carton................... 4 Select a Site for the Server.....................
  • Page 4 ONTENTS Power up a 300 Series Model ..................17 Power up a 500 Series Model ..................17 HyperTerminal Setup Procedures ..................18 Login screen ........................... 21 Quick Start menu screen ......................21 Quick Start menu: administration menu ................. 22 Change filtering mode ..................... 23 Configure network interface LAN1 ...................
  • Page 5 ONTENTS Enterprise Reporter registration, Save settings ............... 43 Step 4: Generate SSL Certificate................. 44 Generate a Self-Signed Certificate for the WFR ..............44 IE Security Certificate Installation Procedures ............... 46 Accept the Security Certificate in IE ................46 Windows XP or Vista with IE 7 or 8................46 Windows 7 with IE 8....................
  • Page 6 ONTENTS 10. Remote Access patterns ................... 72 11. HTTPS settings ......................72 12. Category block ......................72 13. Rule block ........................73 14. SE Keywords ......................73 15. URL Keywords ......................73 16. Custom Block/Warn/X Strikes/Quota pages .............. 74 17.
  • Page 7 ONTENTS Step A: Create a custom category group ..............104 Step B: Run a report for a specified category group .............104 V. Create a custom user group and generate reports ............105 Step A: Create a custom user group ................105 Step B: Generate a report for a custom user group ............105 Summary Report ......................105 Detail Report ......................106 MPORTANT...
  • Page 8 ONTENTS viii M86 S ECURITY NSTALLATION UIDE...

  • Page 9: M86 Wfr Appliance Introduction

    M86’s Web Filtering and Reporting Suite (WFR) consists of the best in breed of the M86 Professional Edition, consolidated into one unit. M86 Security’s Web Filter offers an enhanced solution for Internet filtering on a network. The Web Filter tracks each user’s online activity, and can be configured...

  • Page 10: About This Document

    • Introduction - This section is comprised of an overview of the WFR product and how to use this document • Service Information - This section provides M86 Security contact information • Preliminary Setup Procedures - This section includes instructions on how to physically set up the WFR appliance in your network environment •...

  • Page 11: Service Information

    The user should not attempt any maintenance or service on the unit beyond the procedures outlined in this document. Any initial hardware setup problem that cannot be resolved at your internal organi- zation should be referred to an M86 Security solutions engineer or technical support representative. M86 Security Corporate Headquarters (USA) Local 714.282.6111...

  • Page 12: Preliminary Setup Procedures

    Carefully unpack the unit from the carton and verify that all accessories are included. Save all packing materials in the event that the unit needs to be returned to M86 Security. The carton should contain the following items: • 1 Web Filter and Reporter appliance (WFR) •...

  • Page 13: Select A Site For The Server

    RELIMINARY ETUP ROCEDURES ELECT A ITE FOR THE ERVER Select a Site for the Server The server operates reliably within normal office environmental limits. Select a site that meets the following criteria: • Clean and relatively free of excess dust. •...

  • Page 14: Rack Mount The Server

    RELIMINARY ETUP ROCEDURES OUNT THE ERVER Rack Mount the Server Rack Setup Precautions WARNING: Before rack mounting the server, the physical environment should be set up to safely accommodate the server. Be sure that: • The weight of all units in the rack is evenly distributed. Mounting of the equip- ment in the rack should be such that a hazardous condition is not achieved due to uneven mechanical loading.

  • Page 15: Rack Mount Instructions For 500 Series Servers

    RELIMINARY ETUP ROCEDURES OUNT THE ERVER Rack Mount Instructions for 500 Series Servers Rack Setup Suggestions • Determine the placement of each component in the rack before you install the rails. • Install the heaviest server components on the bottom of the rack first, and then work up.

  • Page 16: Install The Slide Assemblies To The Rack

    RELIMINARY ETUP ROCEDURES OUNT THE ERVER Install the Slide Assemblies to the Rack 1. After you have installed the short and long brackets to the outer slides, you are ready to install the whole slide assemblies (outer slides with short and long brackets attached) to the rack.

  • Page 17: Install The Chassis Into The Rack

    RELIMINARY ETUP ROCEDURES OUNT THE ERVER Install the Chassis into the Rack 1. Push the inner slides, which are attached to the chassis, into the grooves of the outer slide assemblies that are installed in the rack as shown below: 2.

  • Page 18: Install The Bezel On The 500 Series Chassis

    RELIMINARY ETUP ROCEDURES OUNT THE ERVER Install the Bezel on the 500 Series Chassis After rack mounting a 500 series server, the bezel should be installed on the front end of the chassis. NOTE: This portion of the installation process requires you to unpack the bezel. The bezel has been packaged separately from the unit to prevent damage during shipping.

  • Page 19: Check The Power Supply

    • In geographic regions that are susceptible to electrical storms, M86 Security highly recommends plugging the AC power cord for the server into a surge suppressor.

  • Page 20: General Safety Information

    WARNING: If the server is used in a manner not specified by the manufacturer, the protec- tion provided by the server may be impaired. WARNING: M86 Security is not responsible for regulatory compliance of any server that has been modified. Altering the server’s enclosure in any way other than the installation operations specified in this document may invalidate the server’s safety certifications.

  • Page 21: Ac Power Cord And Cable Precautions

    RELIMINARY ETUP ROCEDURES ENERAL AFETY NFORMATION AC Power Cord and Cable Precautions WARNING: • The AC power cord for the server must be plugged into a grounded, power outlet. • Do not modify or use a supplied AC power cord if it is not the exact type required in the region where the server will be installed and used.

  • Page 22: Motherboard Battery Precautions

    RELIMINARY ETUP ROCEDURES ENERAL AFETY NFORMATION Motherboard Battery Precautions CAUTION: The battery on the motherboard should not be replaced without following instruc- tions provided by the manufacturer. Only qualified service personnel should replace batteries. The battery contains energy and, as with all batteries, a malfunction can cause heat, smoke, or fire, release toxic materials, or cause burns.

  • Page 23: Install The Server

    1: S NSTALL THE ERVER ETUP ROCEDURES NSTALL THE ERVER Step 1: Setup Procedures This step requires you to set up parameters for the WFR to function on the network. You have the option of using the text-based Quick Start setup procedures described in Step 1A, or the LCD panel setup procedures described in Step 1B.

  • Page 24: Step 1A: Quick Start Setup Procedures

    1A: Q NSTALL THE ERVER UICK TART ETUP ROCEDURES Step 1A: Quick Start Setup Procedures Link the Workstation to the WFR Monitor and Keyboard Setup A. Connect the PC monitor and keyboard cables to the rear of the WFR chassis. B.

  • Page 25: Power On The Wfr

    1A: Q NSTALL THE ERVER UICK TART ETUP ROCEDURES Power on the WFR Power up a 300 Series Model A. Make sure the power adapter is plugged into the back of the chassis and connected to the power cord. B. Plug the power cord into a power source with an appropriate rating. WARNING: It is strongly suggested you use an uninterruptible power supply.

  • Page 26: Hyperterminal Setup Procedures

    1A: Q NSTALL THE ERVER UICK TART ETUP ROCEDURES HyperTerminal Setup Procedures If using a serial console, follow these procedures on a Windows XP machine to create a HyperTerminal session. NOTE: HyperTerminal is no longer included with Windows as of Microsoft’s Vista system. Please note on Microsoft’s Web page “What happened to HyperTerminal?”...
  • Page 27 1A: Q NSTALL THE ERVER UICK TART ETUP ROCEDURES C. At the Connect using field, select the COM port assigned to the serial port on the laptop (probably “COM1”), and then click OK to open the Properties dialog box, displaying the Port Settings tab: D.
  • Page 28 1A: Q NSTALL THE ERVER UICK TART ETUP ROCEDURES F. In the HyperTerminal session window, go to File > Properties to open the Prop- erties dialog box, displaying the Connect To and Settings tabs: G. Click the Settings tab, and at the Emulation menu select “VT100”. H.

  • Page 29: Login Screen

    1A: Q NSTALL THE ERVER UICK TART ETUP ROCEDURES Login screen The login screen displays after powering on the WFR using a monitor and keyboard, or after creating a HyperTerminal session. NOTES: If using a HyperTerminal session, the login screen will display with black text on a white background.

  • Page 30: Quick Start Menu: Administration Menu

    1A: Q NSTALL THE ERVER UICK TART ETUP ROCEDURES Quick Start menu: administration menu A. At the Press the number of your selection prompt, press 2 to select the “Quick Start Setup” process. The Quick Start menu takes you to the following configuration screens to make entries: •...

  • Page 31: Change Filtering Mode

    1A: Q NSTALL THE ERVER UICK TART ETUP ROCEDURES Change filtering mode A. From the Quick Start menu, press 3 to go to the Filter mode configuration screen. B. Select a filter mode (Invisible, Router, or Firewall) using up-arrow and down- arrow keys.

  • Page 32: Configure Host Name

    1A: Q NSTALL THE ERVER UICK TART ETUP ROCEDURES Configure host name A. From the Quick Start menu, press 8 to go to the Configure host name screen. B. At the Enter host name prompt, type in the host name and press Enter. C.

  • Page 33: Non-Quick Start Procedures Or Settings

    1A: Q NSTALL THE ERVER UICK TART ETUP ROCEDURES Non-Quick Start procedures or settings The options described below do not pertain to the quick start setup process. Reboot system A. From the Quick Start menu, press B to go to the Reboot confirmation screen. B.

  • Page 34: System Status Screen

    1A: Q NSTALL THE ERVER UICK TART ETUP ROCEDURES System Status screen The System Status screen contains the following information: • Operation Mode for the Web FIlter specified in screen 3 (Change filtering mode) • Capturing Interface specified in screen 4 or 5 (Configure network interface LAN1 or LAN2) •...

  • Page 35: Step 1B: Lcd Panel Setup Procedures

    1B: LCD P NSTALL THE ERVER ANEL ETUP ROCEDURES Step 1B: LCD Panel Setup Procedures LCD Panel A. Connect the AC power cord(s) to the back of the chassis and plug the cord(s) into a UPS power supply unit. B. Power on the server following the instructions at Step 1A: Quick Start Setup Procedures, Power on the WFR.

  • Page 36: M86 Menu

    1B: LCD P NSTALL THE ERVER ANEL ETUP ROCEDURES M86 menu When the M86 menu option is selected from the LCD Menu tree, the following menu items display in the panel, the entire list which is viewable by using the navi- gation keys: •...

  • Page 37: Wf Filter Mode

    1B: LCD P NSTALL THE ERVER ANEL ETUP ROCEDURES WF Filter Mode When the WF Filter Mode option is selected, the WF Filter Mode screen displays. A. At the Mode field, use the left / right arrow keys to view and choose from the available options: Invisible, Router, Firewall.

  • Page 38: Dns 1 And 2

    1B: LCD P NSTALL THE ERVER ANEL ETUP ROCEDURES DNS 1 and 2 When the DNS 1 (2) option is selected, the DNS 1 (2) screen displays with the Configure DNS IP 1 (2) menu item. A. Choose Configure DNS IP 1 (2) and press the checkmark / ENTER key to go to the Configure DNS IP 1 (2) screen.

  • Page 39: Tar Gui Wizard User

    1B: LCD P NSTALL THE ERVER ANEL ETUP ROCEDURES TAR GUI Wizard User When the TAR GUI Wizard User option is selected, the TAR GUI Wizard User screen displays with two menu selections: • Choose Change User to reset the username for accessing the Threat Analysis Reporter login window (this is the username entered and saved during the TAR Wizard process) and to return to the main menu.

  • Page 40: Reboot

    1B: LCD P NSTALL THE ERVER ANEL ETUP ROCEDURES Reboot When the Reboot option is selected, the Reboot screen displays with two menu items. A. Choose one of two options: • Yes, reboot now!!! - This selection reboots the WFR. •...

  • Page 41: Lcd Options Menu

    1B: LCD P NSTALL THE ERVER ANEL ETUP ROCEDURES LCD Options menu When “LCD Options >” is selected, the following menu items display on the screen: Heartbeat, Backlight, LCD Controls >. Make a selection from the menu, and press the checkmark / ENTER key to go to that screen. Heartbeat When the Heartbeat option is selected, the Heartbeat screen displays.

  • Page 42: Step 2: Physically Connect The Unit To The Network

    2: P NSTALL THE ERVER HYSICALLY ONNECT THE NIT TO THE ETWORK Step 2: Physically Connect the Unit to the Network Now that your WFR network parameters are set, you can physically connect the unit to your network. This step requires two standard CAT-5E cables. A.

  • Page 43: Step 3: Register The Wfr And Its Applications

    ‘x’ represents an octet—and then press Enter.) • If pinging the IP address of the WFR is unsuccessful, try restarting the network service or rebooting the WFR. • If still unsuccessful, contact an M86 Security solutions engineer or technical support representative. M86 S...

  • Page 44: Accept The Security Certificate In Firefox

    3: R NSTALL THE ERVER EGISTER THE AND ITS PPLICATIONS Accept the Security Certificate in Firefox A. If using a Firefox browser, in the page “This Connection is Untrusted,” click the option I Understand the Risks: B. In the next set of instructions that display, click Add Exception...: Clicking Add Exception opens the Add Security Exception window: M86 S ECURITY...
  • Page 45 3: R NSTALL THE ERVER EGISTER THE AND ITS PPLICATIONS C. In the Add Security Exception window, click Get Certificate and wait a few seconds until the security certificate is obtained by the server. D. With the checkbox Permanently store this exception selected, click Confirm Security Exception to open the WFR Welcome window: Proceed to Accept the End User License Agreement.

  • Page 46: Temporarily Accept The Security Certificate In Ie

    3: R NSTALL THE ERVER EGISTER THE AND ITS PPLICATIONS Temporarily Accept the Security Certificate in IE If using an IE browser, in the page “There is a problem with this website's security certificate.”, click Continue to this website (not recommended): Selecting this option displays the WFR Welcome window with the address field and the Certificate Error button to the right of the field shaded a reddish color: Proceed to Accept the End User License Agreement.

  • Page 47: Accept The Security Certificate In Safari

    3: R NSTALL THE ERVER EGISTER THE AND ITS PPLICATIONS Accept the Security Certificate in Safari A. If using a Safari browser, the pop-up window "Safari can't verify the identity of the website..." opens: Click Show Certificate to open the certificate information box at the bottom of this window: B.

  • Page 48: Accept The End User License Agreement

    3: R NSTALL THE ERVER EGISTER THE AND ITS PPLICATIONS Accept the End User License Agreement A. In the WFR Welcome window, click the TAR icon: After clicking the TAR icon—and accepting a security exception for the TAR application, if necessary—the EULA Agreement dialog box opens: B.

  • Page 49: Log In To The Threat Analysis Reporter Wizard

    3: R NSTALL THE ERVER EGISTER THE AND ITS PPLICATIONS Log in to the Threat Analysis Reporter Wizard A. In the Username field of the Login window, type in the username specified in the Configure setup wizard user screen of the Quick Start Setup Procedures (Step 1A), or the TAR GUI Wizard screen in LCD Panel Setup Procedures (Step 1B): B.

  • Page 50: Use The Tar Wizard To Specify Application Settings

    3: R NSTALL THE ERVER EGISTER THE AND ITS PPLICATIONS Use the TAR Wizard to Specify Application Settings Enter Main Administrator Criteria A. Enter the Username the global administrator will use when logging into the Threat Analysis Reporter Administrator console. The global administrator has the highest level of permissions in all user applications in WFR.

  • Page 51: Setup Criteria For An Additional Web Filter

    3: R NSTALL THE ERVER EGISTER THE AND ITS PPLICATIONS Setup Criteria for an Additional Web Filter NOTE: This section of the wizard can be skipped unless there is an additional Web Filter to be used with the WFR. A. Enter the Server Name of the Web Filter to be used with the Threat Analysis Reporter, which is any name you wish to associate with that Web Filter.

  • Page 52: Step 4: Generate Ssl Certificate

    4: G SSL C NSTALL THE ERVER ENERATE ERTIFICATE Step 4: Generate SSL Certificate Generate a Self-Signed Certificate for the WFR This step requires you to generate a self-signed certificate so your browser will recognize the WFR as an accepted device. A.
  • Page 53 4: G SSL C NSTALL THE ERVER ENERATE ERTIFICATE D. Go to the bottom left corner of the Device Registry screen and click Generate SSL Certificate to open the Generate Self-Signed Certificate dialog box with the following message: "Generation of a self-signed certificate might take a long time.

  • Page 54: Ie Security Certificate Installation Procedures

    4: G SSL C NSTALL THE ERVER ENERATE ERTIFICATE IE Security Certificate Installation Procedures Accept the Security Certificate in IE Go to the appropriate sub-section if using the following Windows operating system and IE browser: • Windows XP or Vista with IE 7 or 8 •...
  • Page 55 4: G SSL C NSTALL THE ERVER ENERATE ERTIFICATE Figure A2: Windows XP, IE 7 B. Click Certificate Error to open the Certificate Invalid pop-up box: Figure B: Windows XP, IE 7 C. Click View certificates to open the Certificate window that includes the host name you assigned to the WFR: M86 S ECURITY...
  • Page 56 4: G SSL C NSTALL THE ERVER ENERATE ERTIFICATE Figure C: Windows XP, IE 7 D. Click Install Certificate... to launch the Certificate Import Wizard: Figure D: Windows XP, IE 7 E. Click Next > to display the Certificate Store page: Figure E: Windows XP, IE 7 M86 S ECURITY...
  • Page 57 4: G SSL C NSTALL THE ERVER ENERATE ERTIFICATE F. Choose the option “Place all certificates in the following store” and then click Browse... to open the Select Certificate Store pop-up box: Figure F: Windows XP, IE 7 G. Choose “Trusted Root Certification Authorities” and then click OK to close the pop-up box.

  • Page 58: Windows 7 With Ie 8

    4: G SSL C NSTALL THE ERVER ENERATE ERTIFICATE Now that the security certificate is installed, you will need to map the WFR’s IP address to its host name. Proceed to Map the WFR’s IP Address to the Server’s Host Name. Windows 7 with IE 8 A.

  • Page 59: Map The Wfr's Ip Address To The Server's Host Name

    4: G SSL C NSTALL THE ERVER ENERATE ERTIFICATE Now that the security certificate is installed, you will need to map the WFR’s IP address to its host name. Proceed to Map the WFR’s IP Address to the Server’s Host Name. Map the WFR’s IP Address to the Server’s Host Name A.
  • Page 60 4: G SSL C NSTALL THE ERVER ENERATE ERTIFICATE C. Enter a line in the hosts file with the WFR’s IP address and its host name—the latter entered during the Configure host name screen of the Quick Start Setup Procedures (Step 1A), or the Host Name screen in LCD Panel Setup Proce- dures (Step 1B)—and then save and close the file.

  • Page 61: Step 5: Test Filtering Or The Mobile Client Connection

    B. The connections should be blocked, and the block pages served by the Web Filter should display in the browser’s Address field. If you do not receive a block page for each tested URL, contact an M86 Security solutions engineer or tech- nical support representative.

  • Page 62: Step 6: Set Library Updates

    Web Filter library updates. Library updates are critical for filtering as new sites are added to the M86 Security library each day. To activate updates, visit the M86 Security Web site and enter the activation code that was issued to you by e-mail (also included on the product invoice).

  • Page 63: Log In To The Web Filter

    6: S NSTALL THE ERVER IBRARY PDATES Log in to the Web Filter A. In the WFR Welcome window, click the icon corresponding to Web Filter: After clicking the Web Filter icon—and accepting a security exception for the Web Filter application, if necessary—the Web Filter Administrator console login window opens: B.

  • Page 64: Perform A Complete Library Update

    6: S NSTALL THE ERVER IBRARY PDATES Perform a Complete Library Update Your WFR was shipped with the latest Web Filter library update for the current soft- ware release. However, as new updates continually become available, before you begin using the Web Filter you must perform a complete library update to ensure you have the latest library updates.

  • Page 65: Monitor The Library Update Process

    6: S NSTALL THE ERVER IBRARY PDATES Monitor the Library Update Process To verify that the library is being updated: A. From the navigation panel, click Updates and select Library Update Log from the menu. B. In the Library Update Log window, click View Log to display the update activity: NOTE: You will be notified in the log when the library has been completely updated by the message: “Full URL Library Update has completed.”...

  • Page 66: Step 7: Set Self-Monitoring

    7: S NSTALL THE ERVER ONITORING Step 7: Set Self-Monitoring A. In the WFR Welcome window, click the icon corresponding to Enterprise Reporter Administration Module: After clicking the ER Admin Module icon—and accepting a security exception for the ER Admin Module application, if necessary—the ER Administrator console login window opens: B.
  • Page 67 7: S NSTALL THE ERVER ONITORING NOTE: On a new server, the ER Status pop-up window opens after you log in to the user interface of the ER Administration Module. This pop-up window will continue to open each time you log in until the ER is no longer in the evaluation mode. See the section Important Information about using the ER in the Evaluation Mode for more details about the evalua- tion mode.

  • Page 68: Step 8: Verify Web Filter Log Transfer

    8: V NSTALL THE ERVER ERIFY ILTER RANSFER Step 8: Verify Web Filter Log Transfer To verify that the Web Filter is sending logs to the ER Administrator Module: A. Access the ER Administrator console. B. Go to the Database pull-down menu and choose Tools to display the Tools screen: C.

  • Page 69: Single Sign-On Access, Default Username/Password

    NSTALL THE ERVER INGLE CCESS EFAULT SERNAME ASSWORD Single Sign-On Access, Default Username/Password Access WFR Applications from the TAR User Interface By logging in to the Threat Analysis Reporter using the TAR Wizard username and password, the Web Filter, ER Web Client, and ER Administrator console are accessible to you via the TAR user interface.

  • Page 70: Conclusion

    NOTE: If you cannot view reports, or if your specific environment is not covered in the WFR User Guide, contact an M86 Security solutions engineer or technical support repre- sentative. Port 22 (SSH) and Port 3306 (SQL) must be open on your network to allow access by remote technical support.

  • Page 71: Best Filtering And Reporting Practices

    ILTERING AND EPORTING RACTICES ILTERING AND EPORTING RACTICES This Best Filtering and Reporting Practices section is provided to help you get started using the Web Filter, Threat Analysis Reporter, and Enterprise Reporter Web Client applications. Each of these applications has its own sub-section with scenarios for configuring and using basic tools in the user interface of each product.

  • Page 72: Web Filter Usage Scenarios

    User Guide for pages containing detailed, step-by-step instructions on configuring and/or using the tools and features described in that scenario. M86 Security’s filtering library currently consists of 104 library filtering categories, each placed in one of the 20 filtering category groups defined in the interface: Adult...

  • Page 73: Threats/Liabilities

    ILTERING AND EPORTING RACTICES ILTER SAGE CENARIOS I. Threats/Liabilities 1. Category block Block categories that threaten your network/organization. In pertinent profiles, block access to the Security category group and other categories containing content that threaten your organization. To block categories in a profile, go to: •...

  • Page 74: Custom Lock, Block, Warn, X Strikes, Quota

    ILTERING AND EPORTING RACTICES ILTER SAGE CENARIOS 4. Custom Lock, Block, Warn, X Strikes, Quota pages Customize a lock, block, warning, X Strikes, or quota page. Modify page contents to point to a URL within your organization, send a request to your admin- istrator’s email address, or include verbiage of your choice that informs users of their Internet usage activities that triggered the page.

  • Page 75: Custom Category (Blocked)

    ILTERING AND EPORTING RACTICES ILTER SAGE CENARIOS 7. Custom Category (blocked) Add a category to block content that could endanger your network/organiza- tion. Create a custom category with contents tailored to safeguard your organiza- tion. Block this category in appropriate profiles. To set up a custom category and block it, go to: •...

  • Page 76: Exception Url Bypass

    ILTERING AND EPORTING RACTICES ILTER SAGE CENARIOS 10. Exception URL bypass Use exception URLs to grant users access to URLs blocked at the root. To grant users access to globally-blocked URLs, enable the exception URL bypass option in the Minimum Filtering Level. For these users, add the exception URLs in their profiles.

  • Page 77: Bandwidth/Productivity

    ILTERING AND EPORTING RACTICES ILTER SAGE CENARIOS II. Bandwidth/Productivity 1. Time Quota/Hit Quota Limit time spent in PASSED categories to prevent excessive bandwidth usage and increase productivity. Enable the Quota Settings feature, and configure the Seconds Per Hit. Set up pertinent categories in the user’s profile with quotas so the user is notified and then locked out of those categories after all minutes in the quota have been used.

  • Page 78: Warn Option With Low Filter Settings

    ILTERING AND EPORTING RACTICES ILTER SAGE CENARIOS 4. Warn option with low filter settings Warn users before they access unacceptable content that their Internet activities are logged. Set HTTPS filtering at the “low” level, and then configure the number of minutes for the interval the warning page will re-display for any user who attempts to access content deemed unacceptable.

  • Page 79: Im Patterns

    ILTERING AND EPORTING RACTICES ILTER SAGE CENARIOS 7. IM patterns Block IM services. Enable Pattern Blocking for all users. In the profile, block Internet Communication > Chat and Instant Messaging (IM) categories. To block IM services, go to: • SYSTEM: System > Control > Filter window •...

  • Page 80: Remote Access Patterns

    ILTERING AND EPORTING RACTICES ILTER SAGE CENARIOS 10. Remote Access patterns Block remote access patterns. Enable Pattern Blocking for all users. In the profile, block Internet Productivity > Remote Access category. To block remote access patterns, go to: • SYSTEM: System > Control > Filter window •...

  • Page 81: Rule Block

    ILTERING AND EPORTING RACTICES ILTER SAGE CENARIOS 13. Rule block Use a rule to block the Bandwidth category. Create a rule that blocks the Band- width category and apply this rule to pertinent profiles. To create and block a rule for the Bandwidth category, go to: •...

  • Page 82: Custom Block/Warn/X Strikes/Quota

    ILTERING AND EPORTING RACTICES ILTER SAGE CENARIOS 16. Custom Block/Warn/X Strikes/Quota pages Customize a block, warning, X Strikes, or quota pages. Modify page contents to point to a URL within your organization, send a request to your administrator’s email address, or include verbiage of your choice that informs users of their Internet usage activities that triggered the page.

  • Page 83: General/Productivity

    ILTERING AND EPORTING RACTICES ILTER SAGE CENARIOS III. General/Productivity 1. Warn Feature with higher thresholds Warn users before they access unacceptable content. Set HTTPS filtering at the “high” level to block certificates that may be questionable. Configure Warning settings. In the end user’s profile, apply the warn option to pertinent categories. The end user may not be able to access all requested sites due to high settings, and will receive the warning message for excessive Internet usage.

  • Page 84: Time Quota/Hit Quota

    ILTERING AND EPORTING RACTICES ILTER SAGE CENARIOS 3. Time Quota/Hit Quota Limit time spent in PASSED categories to increase productivity. Enable the Quota Settings feature, and configure the Seconds Per Hit. Set up pertinent cate- gories in the user’s profile with quotas so the user is notified and then locked out of those categories after all minutes in the quota have been used.

  • Page 85: Customize An M86 Supplied Category

    ILTERING AND EPORTING RACTICES ILTER SAGE CENARIOS 6. Customize an M86 Supplied Category Include region-specific content in an M86 Supplied category. Add/delete content to/from an existing M86 Supplied Category that only includes content perti- nent to your organization or region that should be blocked. Apply this category to a profile.

  • Page 86: Pass/Allow

    ILTERING AND EPORTING RACTICES ILTER SAGE CENARIOS IV. Pass/Allow 1. Always Allow Custom Category Create a white list custom category. Set up an Always Allow category and add all URLs deemed acceptable. Apply this category to all pertinent profiles. Please keep in mind that if any library category in this list is set up to be blocked in the Minimum Filtering Level, the Minimum Filtering Level setting will override the entry in the Always Allow custom category.

  • Page 87: Override Accounts

    ILTERING AND EPORTING RACTICES ILTER SAGE CENARIOS 4. Override Accounts Set up override accounts to grant specified users access to URLs blocked for general users. Enable the option to bypass the Minimum Filtering Level using an override account. Create the override account profile, including the accessible categories.

  • Page 88: Threat Analysis Reporter Usage Scenarios

    ILTERING AND EPORTING RACTICES HREAT NALYSIS EPORTER SAGE CENARIOS Threat Analysis Reporter Usage Scenarios This collection of setup and usage scenarios is designed to help you understand and use basic tools in the console for enforcing your Internet usage policy. Each scenario is followed by console setup information.

  • Page 89: Step B: Navigate Panels In The Policy Section

    • Admin Trails - view a list of alert records for the most recent time period • Device Registry - view information about devices connected to the WFR, edit M86 Security appliance criteria, add or delete a Web Filter from the device registry, generate an SSL certificate for the WFR server, and synchronize the Threat Analysis Reporter user groups and library categories •...

  • Page 90: Drill Down Into A Gauge Exercise

    ILTERING AND EPORTING RACTICES HREAT NALYSIS EPORTER SAGE CENARIOS • Admin Groups - set permissions so that an administrator in your group will only be able to access areas of the Threat Analysis Reporter console that you specify • User Groups - manage user groups whose activity will be monitored by gauges •...
  • Page 91 ILTERING AND EPORTING RACTICES HREAT NALYSIS EPORTER SAGE CENARIOS 2. Find the threat with the highest score, and click that score to open the Threat View User panel: Note the left side of this panel is populated with rows of records for Threats affected by the selected end user.

  • Page 92: Step B: Investigate A User's Activity In A Specified Gauge

    ILTERING AND EPORTING RACTICES HREAT NALYSIS EPORTER SAGE CENARIOS Step B: Investigate a user’s activity in a specified gauge 1. To find out which URLs the top end user visited in the library category associ- ated with the high-scoring threat, select the Threat with the highest score and then click it to display a list of URLs the user visited in the right side of this panel: 2.

  • Page 93: Step C: Investigate The User's Internet Activity In Other Gauges

    ILTERING AND EPORTING RACTICES HREAT NALYSIS EPORTER SAGE CENARIOS Step C: Investigate the user’s Internet activity in other gauges 1. To find out which other gauges the same user is currently affecting, return to the Gauge Ranking table by going to the lower left corner of the Threat View User panel and clicking the Back button.

  • Page 94: Create A Gauge Exercise

    ILTERING AND EPORTING RACTICES HREAT NALYSIS EPORTER SAGE CENARIOS 4. To find out which URLs the user is viewing in a particular library category, choose the category from the list, and then click the URL in the URLs list (see Step B1).

  • Page 95: Step B: Add A Url Gauge

    ILTERING AND EPORTING RACTICES HREAT NALYSIS EPORTER SAGE CENARIOS In the WFR User Guide index, see: • How to: access the Add/Edit Gauges panel Step B: Add a URL Gauge 1. Click New Gauge at the bottom left of the panel to open the URL Gauge panel: 2.
  • Page 96 ILTERING AND EPORTING RACTICES HREAT NALYSIS EPORTER SAGE CENARIOS 5. From the Available User Groups list, select the user group to highlight it. 6. Click add > to move the user group to the Assigned User Groups list box. 7. After adding users, click Save at the bottom right of the panel to return to the Add/Edit Gauges panel that now includes the name of the gauge you just added: In the WFR User Guide index, see:...

  • Page 97: Create An Email Alert Exercise

    ILTERING AND EPORTING RACTICES HREAT NALYSIS EPORTER SAGE CENARIOS Now that you know the basics of creating a gauge, you will soon be able to create and use gauges to monitor various groups of users who frequent URLs in library categories you wish to restrict, and deal in real time with Internet usage issues that endanger your network and/or consume an excessive amount of bandwidth resources.
  • Page 98 ILTERING AND EPORTING RACTICES HREAT NALYSIS EPORTER SAGE CENARIOS 3. Click New Alert to open a panel that displays the Alert Information frame to the left and the greyed-out target panel to the right containing the Email Addresses and Low Lockout Components accordions: 4.

  • Page 99: Step C: Select Email Alert Action

    ILTERING AND EPORTING RACTICES HREAT NALYSIS EPORTER SAGE CENARIOS • Email - An email alert notifies a group administrator via email if an end user has reached the threshold limit set up in a gauge alert. • System Tray - A TAR Alert message notifies a group administrator via his/ her workstation’s System Tray if an end user has reached the threshold limit set up in a gauge alert.

  • Page 100: Step D: Receiving An Email Alert

    ILTERING AND EPORTING RACTICES HREAT NALYSIS EPORTER SAGE CENARIOS In the WFR User Guide index, see: • How to: set up email alert notifications in TAR Step D: Receiving an email alert When an end user’s activity in a gauge reaches the threshold limit established for an alert, it triggers an alert notification.

  • Page 101: Enterprise Reporter Usage Scenarios

    ILTERING AND EPORTING RACTICES NTERPRISE EPORTER SAGE CENARIOS Enterprise Reporter Usage Scenarios This collection of reporting scenarios is designed to help you use the ER Web Client to create typical snapshots of end user Internet activity. Each scenario is followed by Client setup information. Please consult the “How to” section in the index of the WFR User Guide for pages containing detailed, step-by-step instruc- tions on configuring and/or using the tools and features described in that scenario.

  • Page 102: Step B: Further Investigate Using A Summary Drill Down Report

    ILTERING AND EPORTING RACTICES NTERPRISE EPORTER SAGE CENARIOS Step B: Further investigate using a Summary Drill Down Report Now you will use a Drill Down Report to find out which user(s) are visiting sites in the category you’ve targeted for investigation. From the top panel, go to Drill Down Reports >...

  • Page 103: Step C: Create A New Report Using Yesterday's Date Scope

    ILTERING AND EPORTING RACTICES NTERPRISE EPORTER SAGE CENARIOS Step C: Create a New Report using yesterday’s date scope 1. At the top of the Summary Drill Down Report view, click the New Report button to open the Drill Down Report pop-up window: 2.

  • Page 104: Step E: Create A Detail Drill Down Report To Obtain A List Of Urls

    ILTERING AND EPORTING RACTICES NTERPRISE EPORTER SAGE CENARIOS After executing the last command, note that user IP addresses now display in the first column of the report view instead of categories. In the WFR User Guide index, see: • How to: use filter columns and buttons For the last step of this exercise, you will select a user from the current Summary Drill Down Report view and then drill down further to see which URLs that user visited, thereby creating a Detail Drill Down Report view.

  • Page 105: Double-Break Report And Export Report Exercise

    ILTERING AND EPORTING RACTICES NTERPRISE EPORTER SAGE CENARIOS Note that the Detail Drill Down Report view contains columns of information pertaining to the user’s machine and setup on the network, sites visited, cate- gorized URLs, and clickable links to access pages the user viewed. 2.

  • Page 106: Step B: Modify The Report View To Only Display Top 10 Site Records

    ILTERING AND EPORTING RACTICES NTERPRISE EPORTER SAGE CENARIOS 2. To find out which sites were visited in a popular category, target the category and then click the Category/Sites filter button corresponding to that category to create a double-break report view: Note that URLs/IP addresses of sites users visited in the category now display in the first column of the modified report view, instead of category names.

  • Page 107: Step C: Export The Report View In The .Pdf Output Format

    ILTERING AND EPORTING RACTICES NTERPRISE EPORTER SAGE CENARIOS In the WFR User Guide index, see: • How to: modify a Drill Down Report • How to: display only a specified number of records Step C: Export the report view in the .PDF output format 1.
  • Page 108 ILTERING AND EPORTING RACTICES NTERPRISE EPORTER SAGE CENARIOS The generated .PDF file for the report includes a list of the top 10 Sites records for the selected category, as well as the following counts for each record in the report: IP, User, Page, Object, Time (HH:MM:SS), Hit, and Blocked Hits. The Grand Total and total Count display at the end of the report.

  • Page 109: Save And Schedule A Report Exercise

    ILTERING AND EPORTING RACTICES NTERPRISE EPORTER SAGE CENARIOS III. Save and schedule a report exercise In this exercise you will learn how to save a report view and then create a schedule for running a report on a regular basis using criteria specified for that report. While a Summary Drill Down Report is used in this exercise, these steps also apply to a Detail Drill Down Report.

  • Page 110: Step B. Schedule A Recurring Time For The Report To Run

    ILTERING AND EPORTING RACTICES NTERPRISE EPORTER SAGE CENARIOS NOTE: Saved reports can be edited at any time. These reports are accessed by going to Custom Reports, selecting Saved Custom Reports, and then choosing the report from the Report Name drop-down menu. In the WFR User Guide index, see: •...
  • Page 111 ILTERING AND EPORTING RACTICES NTERPRISE EPORTER SAGE CENARIOS In the WFR User Guide index, see: • How to: schedule a report to run You have now learned how to save a report and schedule a recurring event for running this report. Reports created for a variety of purposes can be scheduled to run on different dates and times to capture records of specified user activity as necessary.

  • Page 112: Create A Custom Category Group And Generate Reports

    ILTERING AND EPORTING RACTICES NTERPRISE EPORTER SAGE CENARIOS IV. Create a custom category group and generate reports After you’ve run a few summary and detail reports for the top visited categories, you might want to generate reports targeting specified categories only. To do so, you must first create a custom category group.

  • Page 113: Create A Custom User Group And Generate Reports

    ILTERING AND EPORTING RACTICES NTERPRISE EPORTER SAGE CENARIOS V. Create a custom user group and generate reports In addition to running reports for various custom category groups, you might want to create one or more custom user groups and run reports for these user groups. NOTE: In order to generate reports for a custom user group, the user group must be created a day in advance, since the list of users is updated each day automatically based on group definitions and latest usage data.

  • Page 114: Detail Report

    ILTERING AND EPORTING RACTICES NTERPRISE EPORTER SAGE CENARIOS Detail Report Specific User Detail by Page/Object - To use this option, choose Custom Reports from the left panel, select Custom Report Wizard, and then specify Specific User Detail by Page/Object. Click the Next button, choose the User Group name, and then click the View Drill Down Results button to generate the report.

  • Page 115: Important Information About Using The Er In The Evaluation Mode

    MPORTANT NFORMATION ABOUT USING THE IN THE VALUATION VALUATION MPORTANT NFORMATION ABOUT USING THE VALUATION In the evaluation mode, the Expiration screen in the ER Administrator console and the ER Server Statistics window in the ER Web Client will display and function differently than they do in the activated (standard) mode (described respectively in the ER Administrator Section and ER Web Client Section of the WFR User Guide).

  • Page 116: Er Web Client, Er Server Information Window

    ER W , ER S MPORTANT NFORMATION ABOUT USING THE IN THE VALUATION LIENT ERVER NFORMATION INDOW ER Web Client, ER Server Information Window In the ER Server Information window, the note “*Evaluation Mode Enabled” displays above the ER Activity frame. To the right of this note, the Server Info button displays.

  • Page 117: Led Indicators And Buttons

    LED I 500 S NDICATORS AND UTTONS RONT ONTROL ANEL ON ERIES LED I NDICATORS AND UTTONS Front Control Panel on 500 Series Unit Control panel buttons, icons, and LED indicators display on the right side of the 500 series model front panel. The buttons let you perform a function on the unit, while an LED indicator corresponding to an icon alerts you to the status of that feature on the unit.

  • Page 118: Front Control Panel On A 300 Series Unit

    LED I 300 S NDICATORS AND UTTONS RONT ONTROL ANEL ON A ERIES Front Control Panel on a 300 Series Unit In addition to executing functions listed in the LCD panel menu, the keypad on the front of the server is also used for performing basic server functions. •...

  • Page 119: R S D (500 S )

    (500 S EGULATORY PECIFICATIONS AND ISCLAIMERS ERIES ECLARATION OF THE ANUFACTURER OR MPORTER EGULATORY PECIFICATIONS AND ISCLAIMERS (500 S ERIES Declaration of the Manufacturer or Importer Safety Compliance USA: UL 60950-1 1st ed. 2007 Europe: Low Voltage Directive (LVD) 2006/95/EC to CB Scheme IEC 60950-1: 2001 Canada CSA C22.2 No.

  • Page 120: Ec Declaration Of Conformity

    ECLARATION OF THE ANUFACTURER OR MPORTER EC Declaration of Conformity European Community Directives Requirement (CE) Declaration of Conformity Manufacturer’s Name: M86 Security 828 W. Taft Avenue Manufacturer’s Address: Orange, CA 92865 Application of Council Directive(s): Low Voltage • 2006/95/EC • 2004/108/EC...

  • Page 121: Index

    NDEX Activate the Web Filter 54 Add to Event Schedule 102 Always Allow Custom Category 78 Bandwidth/Productivity 69 boot up 300 series server 110 500 series server 109 Category block 65 Change Quick Start password 25 CSA 111 Custom Block/Warn/X Strikes/Quota pages 74 Custom Category (blocked) 67 custom category group 63 Custom Lock, Block, Warn, X Strikes, Quota pages 66...
  • Page 122 NDEX ICES-003 111 IEC 111 IM patterns 71 IP exceptions 78 LCD Panel 15 Local category adds/deletes 77 Login screen 21 LVD 111 Minimum Filtering Level 67 Mobile Client 53 Modify Report 98 New Report 95 Overall Quota 69 Override Account bypass 67 Override Accounts 79 P2P patterns 70 Pass/Allow 78...
  • Page 123 NDEX Save Report 101 SE Keywords 73 Search Engine Keywords 66 serial port cable 15 shut down 32 300 series server 110 500 series server 109 Streaming Media patterns 71 Summary Drill Down Report 94 TAR GUI Wizard User 24 Threats/Liabilities 65 Time Based Profiles 69 Time Quota/Hit Quota 69...
  • Page 124 NDEX M86 S ECURITY NSTALLATION UIDE...
  • Page 126 M86 Security Corporate Headquarters (USA): 828 West Taft Avenue Orange, CA 92865-4232 • Tel: 714.282.6111 or 888.786.7999 Fax: 714.282.6116 (Sales/Technical Support) • 714.282.6117 (General Office)

This manual is also suitable for:

550

Table of Contents