M86 Security IR Web Filter User Manual

Table of Contents

Quick Links

Download this manual

M86 IR Web Filter

USER GUIDE

Software Version: 4.0.10

Document Version: 06.08.10

Table of Contents

Troubleshooting

Summary of Contents for M86 Security IR Web Filter

Page 1: User Guide
M86 IR Web Filter USER GUIDE Software Version: 4.0.10 Document Version: 06.08.10...
Page 2 M86 Security shall not be liable for any error or for incidental or consequential damages in connection with the furnishing, performance, or use of this manual or the examples herein.
Page 3: Table Of Contents
ONTENTS ..........1 NTRODUCTORY ECTION Web Filter ..................1 About this User Guide ..............1 How to Use this User Guide ............3 Conventions ..................3 Terminology ..................4 Overview ..................9 Environment Requirements ............. 10 Workstation Requirements .............. 10 Administrator ................
Page 4 ONTENTS M86 Supplied Categories............ 25 Custom Categories ............. 25 Service Ports ................26 Rules ..................26 Minimum Filtering Level ............26 Filter Settings ................27 Filtering Rules ................. 28 Filtering Levels Applied ............28 Chapter 2: Logging and Blocking ..........31 Web Access Logging ..............
Page 5 ONTENTS Non-synchronized Items ............. 45 Server Maintenance Procedures ............. 47 Source Server Failure Scenarios ..........47 Establish Backup Procedures ........... 47 Use a Backup File to Set up a Source Server ......48 Set up a Target Server as a Source Server ......48 Set up a Replacement Target Server .........
Page 6 ONTENTS Chapter 1: System screen ............70 Control ..................... 72 Filter window ................72 Local Filtering..............73 Disable Local Filtering Options ........73 Enable Local Filtering Options........74 HTTP Filtering ..............74 Enable HTTP Packet Splitting Detection ...... 74 Disable HTTP Packet Splitting Detection ..... 74 HTTPS Filtering ..............
Page 7 ONTENTS Add an Administrator Account..........96 Edit an Administrator Account ..........97 Delete an Administrator Account......... 97 Secure Logon .................. 98 Logon Settings window ............. 98 Enable, Disable Password Expiration ......... 99 Enable, Disable Account Lockout ........100 Logon Management ..............102 View User Account Status, Unlock Username ....
Page 8 ONTENTS Specify FTP Criteria............ 121 FTP the Log on Demand ..........121 View ................. 122 View the Log of Administrator Changes ..... 122 Alert ....................123 Alert Settings window ............. 123 Enable the Alert Feature ..........125 Modify Alert Settings ............125 Disable the Alert Feature ..........
Page 9 ONTENTS Invisible Option: Specify the Block Page Delivery..... 152 ICAP Option: Specify ICAP Server Settings ..... 153 Mobile Options: Specify the Mobile Client Control ... 155 Apply Operation Mode Settings ........155 Proxy Environment Settings window ........155 Use a Local Proxy Server ..........156 Use Proxy Port 80 .............
Page 10 ONTENTS Configuration..............178 Set up Blocking Criteria ..........178 Reset All Workstations..........179 Lock Page..............179 Overblocking or Underblocking........180 Email Alert ................ 182 Set up Email Alert Criteria .......... 182 Set up Email Alert Recipients ........183 Remove Email Alert Recipients ........183 Logon Accounts ...............
Page 11 ONTENTS Preview Sample Quota Block Page ........210 Quota Notice Page Customization window ......212 Add, Edit Entries ............... 212 Preview Sample Quota Notice Page......... 213 CMC Management ................ 215 Software Update Management window ........215 View Software Update Information ........216 Apply or Undo a Software Update ........
Page 12 ONTENTS Create, Edit a List of Service Ports......248 Default Redirect URL ............248 Create, Edit the Redirect URL ........249 Filter Options..............249 Create, Edit the Filter Options ........249 Override Account window ............253 Add an Override Account ..........254 Category Profile ............
Page 13 ONTENTS Download Log, View, Print Contents ........ 279 Download the Log............279 View the Contents of the Log........279 Save, Print the Log File Contents ....... 282 Emergency Update Log window ..........283 View the Emergency Software Update Process ....283 Download the Software Update Log File ......
Page 14 ONTENTS Remove a URL from the Library Category ....304 Reload the Library ............304 URL Keywords window ............305 View a List of URL Keywords ........... 306 Add or Remove URL Keywords ........306 Add a URL Keyword to the Library Category....306 Remove a URL Keyword from the Library ....
Page 15 ONTENTS Re-login window ............320 Real Time Probe Reports ..........321 Create a Real Time Probe .......... 322 View Real Time Probe Details ........325 Usage Graphs ................329 Usage Graphs window ............329 Select a Graph to View ............ 330 Recent Trend ..............
Page 16 ONTENTS Delete an Override Account ..........350 Group Profile window ............. 350 Category Profile ..............350 Create, Edit a List of Selected Categories....351 Redirect URL ..............354 Create, Edit the Redirect URL ........354 Filter Options ..............355 Create, Edit the Filter Options ........355 Exception URL window ............
Page 17 ONTENTS Delete Sub Group ..............384 Delete an IP Sub-Group............ 384 Copy Sub Group ..............385 Copy an IP Sub-Group............385 Individual IP ................... 386 Member window ..............386 Enter the IP Address of the Member ........ 387 Individual IP Profile window ............ 387 Exception URL window ............
Page 18 ONTENTS Upload a List of URL Keywords to the Library ....409 Reload the Library............. 409 Search Engine Keywords window .......... 410 View a List of Search Engine Keywords ......411 Add or Remove Search Engine Keywords......411 Add a Search Engine Keyword to the Library..... 411 Remove a Search Engine Keyword......
Page 19 ONTENTS Set up for each sub-group .......... 423 2. Exclude filtering <server for block page> IP....424 Part II: Customize the Block Page .......... 424 1. Set up a Web server ............. 424 2. Create a customized block page........424 Show M86’s information in the block page (optional) .
Page 20 ONTENTS Mobile Client ................. 450 Environment Requirements ............ 451 Workstation Requirements..........451 Network Requirement ............452 Remote Filtering Components .......... 452 Work Flow Overview ............... 452 Mobile Client Installed on a Mobile PC ......452 Network Operations Overview ..........453 Mobile Client on the Network ..........
Page 21 ONTENTS Uninstallation from a Windows group ......493 Uninstallation from an individual computer ....493 Appendix E ................496 Glossary ..................496 ................503 NDEX M86 S ECURITY UIDE...
Page 22 ONTENTS xxii M86 S ECURITY UIDE...
Page 23: Introductory Section
NTRODUCTORY ECTION Web Filter M86 Security’s Web Filter tracks each user’s online activity, and can be configured to block specific Web sites, service ports, and pattern and file types, and lock out an end user from Internet access, thereby protecting your organization...
Page 24 NTRODUCTORY ECTION BOUT THIS UIDE • Introductory Section - This section is comprised of an overview on filtering, Web access logging, instant messaging and peer-to-peer blocking, and synchronizing multiple Web Filter units. This section also provides infor- mation on how to use this user guide to help you configure the Web Filter.
Page 25: How To Use This User Guide
NTRODUCTORY ECTION OW TO SE THIS UIDE How to Use this User Guide Conventions The following icons are used throughout this user guide: NOTE: The “note” icon is followed by italicized text providing additional information about the current subject. TIP: The “tip” icon is followed by italicized text giving you hints on how to execute a task more efficiently.
Page 26: Terminology
NTRODUCTORY ECTION OW TO SE THIS UIDE Terminology The following terms are used throughout this user guide. Sample images (not to scale) are included for each item. • alert box - a message box that opens in response to an entry you made in a dialog box, window, or screen.
Page 27 NTRODUCTORY ECTION OW TO SE THIS UIDE • frame - a boxed-in area in a dialog box, window, or screen that includes a group of objects such as fields, text boxes, list boxes, buttons, radio buttons, check- boxes, and/or tables. Objects within a frame belong to a specific function or group.
Page 28 NTRODUCTORY ECTION OW TO SE THIS UIDE • pop-up box or pop-up window - a box or window that opens after you click a button in a dialog box, window, or screen. This box or window may display infor- mation, or may require you to make one or more entries.
Page 29 NTRODUCTORY ECTION OW TO SE THIS UIDE • sub-topic - a subset of a main topic that displays as a menu item for the topic. The menu of sub-topics opens when a perti- nent topic link in the left panel—the navigation panel—of a screen is clicked.
Page 30 NTRODUCTORY ECTION OW TO SE THIS UIDE • tree - a tree displays in the naviga- tion panel of a screen, and is comprised of a hierarchical list of items. An entity associated with a branch of the tree is preceded by a plus (+) sign when the branch is collapsed.
Page 31: Overview
NTRODUCTORY ECTION VERVIEW Overview The Web Filter’s Administrator console is used by the global administrator—and group administrator, as required—to configure the Web Filter server to perform the following basic functions: • filter URLs (Web addresses) on the Internet • log traffic on the Internet and, if applicable for your organization: •...
Page 32: Environment Requirements
NTRODUCTORY ECTION NVIRONMENT EQUIREMENTS Environment Requirements Workstation Requirements Administrator System requirements for the administrator include the following: • Windows XP, Vista, or 7 operating system running: • Internet Explorer (IE) 7.0 or 8.0 • Firefox 3.5 • Macintosh OS X Version 10.5 or 10.6 running: •...
Page 33: End User
NTRODUCTORY ECTION NVIRONMENT EQUIREMENTS End User System requirements for the end user include the following: • Windows XP, Vista, or 7 operating system running: • Internet Explorer (IE) 7.0 or 8.0 • Firefox 3.5 • Macintosh OS X Version 10.5 or 10.6 running: •...
Page 34: Chapter 1: Filtering Operations
1: F NTRODUCTORY ECTION HAPTER ILTERING PERATIONS Chapter 1: Filtering Operations Operational Modes Based on the setup of your network, the Web Filter can be configured to use one of these operational modes for filtering the network: • invisible mode •...
Page 35: Invisible Mode
1: F NTRODUCTORY ECTION HAPTER ILTERING PERATIONS Invisible Mode If the Web Filter is set up in the invisible mode, the unit will filter all connections on the Ethernet between client PCs and the Internet, without stopping each IP packet on the same Ethernet segment.
Page 36 1: F NTRODUCTORY ECTION HAPTER ILTERING PERATIONS When users (Client PCs) make Internet requests, the traffic flows (1) through the network path without interruption. The Web Filter captures the request as the user’s request (2) leaves the network. The Web Filter then determines the action (3) to either block or pass the request.
Page 37: Router Mode
1: F NTRODUCTORY ECTION HAPTER ILTERING PERATIONS Router Mode If the Web Filter is set up in the router mode, the unit will act as an Ethernet router, filtering IP packets as they pass from one card to another. While all original packets from client PCs are allowed to pass, if the Web Filter determines that a request is inappropriate, a block page is returned to the client to replace the actual requested Web page or service.
Page 38: Firewall Mode
1: F NTRODUCTORY ECTION HAPTER ILTERING PERATIONS WARNING: M86 recommends contacting one of our solutions engineers if you need assistance with router mode setup proce- dures. Firewall Mode The firewall mode is a modification of the router mode. With the Web Filter set up in this mode, the unit will filter all requests.
Page 39 Web Filter. WARNING: Contact a solutions engineer at M86 Security for setup procedures if you wish to use the firewall mode. Fig. 1:1-5 Firewall mode diagram, with filtering and cache setup...
Page 40: Group Types
1: F NTRODUCTORY ECTION HAPTER ILTERING PERATIONS Group Types After the operational filtering mode is configured on the Web Filter, the group type(s) that will be used on the Web Filter must be set up so that filtering can take place. In the Policy section of the Administrator console, group types are structured in a tree format in the navigation panel.
Page 41: Ip Groups
1: F NTRODUCTORY ECTION HAPTER ILTERING PERATIONS IP Groups The IP group type is represented in the tree by the IP icon . A master IP group is comprised of sub-group members and/or individual IP members The global administrator adds master IP groups, adds and maintains override accounts at the global level, and estab- lishes and maintains the minimum filtering level.
Page 42: Filtering Profile Types
1: F NTRODUCTORY ECTION HAPTER ILTERING PERATIONS Filtering Profile Types A filtering profile is used by all users who are set up to be filtered on the network. This profile consists of rules that dictate whether a user has access to a specified Web site or service on the Internet.
Page 43 1: F NTRODUCTORY ECTION HAPTER ILTERING PERATIONS • override account profile - set up in either the Global Group section or the master IP group section of the console. • lock profile - set up under X Strikes Blocking in the Filter Options section of the profile.
Page 44: Static Filtering Profiles
1: F NTRODUCTORY ECTION HAPTER ILTERING PERATIONS Static Filtering Profiles Static filtering profiles are based on fixed IP addresses and include profiles for master IP groups and their members. Master IP Group Filtering Profile The master IP group filtering profile is created by the global administrator and is maintained by the group administrator.
Page 45: Active Filtering Profiles
1: F NTRODUCTORY ECTION HAPTER ILTERING PERATIONS Active Filtering Profiles Active filtering profiles include the Global Group Profile, Override Account profile, Time Profile, and Lock profile. NOTE: For information about authentication filtering profiles, see the M86 Web Filter Authentication User Guide. Global Filtering Profile The global filtering profile is created by the global adminis- trator.
Page 46: Filtering Profile Components
1: F NTRODUCTORY ECTION HAPTER ILTERING PERATIONS Filtering Profile Components Filtering profiles are comprised of the following compo- nents: • library categories - used when creating a rule, minimum filtering level, or filtering profile for the global group or any entity •...
Page 47: Library Categories
1: F NTRODUCTORY ECTION HAPTER ILTERING PERATIONS Library Categories A library category contains a list of Web site addresses and keywords for search engines and URLs that have been set up to be blocked or white listed. Library categories are used when creating a rule, the minimum filtering level, or a filtering profile.
Page 48: Service Ports
1: F NTRODUCTORY ECTION HAPTER ILTERING PERATIONS Service Ports Service ports are used when setting up filter segments on the network (the range of IP addresses/netmasks to be detected by the Web Filter), the global (default) filtering profile, and the minimum filtering level. When setting up the range of IP addresses/netmasks to be detected, service ports can be set up to be open (ignored).
Page 49: Filter Settings
1: F NTRODUCTORY ECTION HAPTER ILTERING PERATIONS NOTE: If the minimum filtering level is not set up, global (default) filtering settings will apply instead. If an override account is established at the IP group level for a member of a master IP group, filtering settings made for that end user will override the minimum filtering level if the global administrator sets the option to allow the minimum filtering level to be bypassed.
Page 50: Filtering Rules
1: F NTRODUCTORY ECTION HAPTER ILTERING PERATIONS • filter - if a service port is given a filter setting, that port will use filter settings created for library categories (block or open settings) to determine whether users should be denied or allowed access to that port •...
Page 51 1: F NTRODUCTORY ECTION HAPTER ILTERING PERATIONS b. An individual IP member time profile takes precedence over the individual IP member profile. 6. An authentication (LDAP) profile—this includes a work- station profile—takes precedence over an individual IP member’s time profile. NOTE: A Radius profile is another type of authentication profile and is weighted the same as LDAP authentication profiles in the precedence hierarchy.
Page 52 1: F NTRODUCTORY ECTION HAPTER ILTERING PERATIONS Fig. 1:1-7 Sample filtering hierarchy diagram M86 S ECURITY UIDE...
Page 53: Chapter 2: Logging And Blocking
2: L NTRODUCTORY ECTION HAPTER OGGING AND LOCKING Chapter 2: Logging and Blocking Web Access Logging One of the primary functions of the Web Filter is to log the activity of users on the Internet. Information captured in the Web Filter log files are transferred to the Enterprise Reporter (ER) where they are “normalized”...
Page 54: P2P Blocking
2: L NTRODUCTORY ECTION HAPTER OGGING AND LOCKING user’s profile to see whether the user’s connection to the IM service should be blocked, and then performs the appro- priate action. WARNING: The following items are known issues pertaining to the IM module: •...
Page 55: Setting Up Im And P2P
2: L NTRODUCTORY ECTION HAPTER OGGING AND LOCKING Setting up IM and P2P IM and P2P are set up in the System and Library sections of the Administrator console. 1. In the System section, activate Pattern Blocking in the Filter window. 2.
Page 56: Block Im, P2P For All Users
2: L NTRODUCTORY ECTION HAPTER OGGING AND LOCKING Block IM, P2P for All Users Block IM for All Users To block IM for all users on the network: • the Pattern Blocking option in the Filter window must be activated •...
Page 57: Block Specified Entities From Using Im, P2P
2: L NTRODUCTORY ECTION HAPTER OGGING AND LOCKING Block Specified Entities from Using IM, P2P Block IM for a Specific Entity To block IM for a specified group or user: • the Pattern Blocking option in the Filter window must be activated •...
Page 58: Chapter 3: Synchronizing Multiple Units
3: S NTRODUCTORY ECTION HAPTER YNCHRONIZING ULTIPLE NITS Chapter 3: Synchronizing Multiple Units Web Filter Synchronization The Web Filter can function in one of three modes—“Stand Alone” mode, “Source” mode, or “Target” mode—based on the setup within your organization. In a multi-Web Filter environment, all Web Filters should be set up with the same user profile data, so that no matter which Web Filter a user’s PC accesses on the network, that user’s Internet usage is...
Page 59: Source Mode
3: S NTRODUCTORY ECTION HAPTER YNCHRONIZING ULTIPLE NITS UNCTIONAL ODES Stand Alone Mode In the Stand Alone mode, the Web Filter functions as the only Internet filter on the network. This mode is used if there is only one Web Filter on the network. Synchronization does not occur in this mode.
Page 60: Synchronization Setup
3: S NTRODUCTORY ECTION HAPTER YNCHRONIZING ULTIPLE NITS Synchronization Setup To set up synchronization on a Web Filter, a selection must be made in Setup window from the System section of the Web Filter console to specify whether the Web Filter will function as a source server or as a target server.
Page 61: Types Of Synchronization Processes
3: S NTRODUCTORY ECTION HAPTER YNCHRONIZING ULTIPLE NITS should receive its running filter configuration in the event of a reboot. WARNING: If a Web Filter server is set up in the Target mode with a NAT device between the target and source server, be sure that ports 26262 and 26268 are open on the target server.
Page 62: Library Synchronization Process
3: S NTRODUCTORY ECTION HAPTER YNCHRONIZING ULTIPLE NITS If the target server is rebooted for any reason (loss of power etc.) upon bootup, the target server will actively download and apply the current running configuration from the source server. It will then also receive future changes made on the source server.
Page 63: Delays In Synchronization
3: S NTRODUCTORY ECTION HAPTER YNCHRONIZING ULTIPLE NITS Delays in Synchronization When a filtering profile is applied to the source server, there is a slight delay in the time it takes to apply the profile to the target server. This delay is caused by the amount of time it takes the source server to process the change, prepare the update for submission, send the update, and finally to acti- vate the update on the target server.
Page 64: Synchronized, Non-Synchronized Items
3: S NTRODUCTORY ECTION HAPTER YNCHRONIZING ULTIPLE NITS Synchronized, Non-Synchronized Items It is important to note that while some items are synchro- nized to the target Web Filters, they do not become perma- nent configurations on the target Web Filter. These items are in essence functionally synchronized, since they are configurations that the target Web Filters will read from the source Web Filter upon load.
Page 65: Synchronize All Items
3: S NTRODUCTORY ECTION HAPTER YNCHRONIZING ULTIPLE NITS Synchronize All Items The following lists show which items will be synchronized when the option to synchronize all items is selected. Synchronized Items (All) • M86 Library additions/deletions • Custom library creations •...
Page 66: Non-Synchronized Items
3: S NTRODUCTORY ECTION HAPTER YNCHRONIZING ULTIPLE NITS Non-synchronized Items • Filter control settings • Virtual IP and Authentication IP addresses • IP addresses • Default routes • Patch application • Synchronization settings • Filter Mode • Backup/Restore • Radius Authentication Settings •...
Page 67: Synchronize Only Library Items
3: S NTRODUCTORY ECTION HAPTER YNCHRONIZING ULTIPLE NITS Synchronize Only Library Items The following lists show which items will be synchronized when the option to synchronize only library items is selected. Synchronized Items (Library Only) • M86 Library additions/deletions • Custom library creations •...
Page 68 3: S NTRODUCTORY ECTION HAPTER YNCHRONIZING ULTIPLE NITS • LDAP User/Group: additions/deletions, changes, filter changes, profile activation/deactivation • Filter control settings • Virtual IP and Authentication IP addresses • IP addresses • Default routes • Software Update application • Synchronization settings •...
Page 69: Server Maintenance Procedures
3: S NTRODUCTORY ECTION HAPTER YNCHRONIZING ULTIPLE NITS Server Maintenance Procedures Source Server Failure Scenarios In the event that the source Web Filter unit should fail, the target servers will continue to run using the last known configuration loaded from the source server. However, all dynamic authentication-based profiles will eventually time- out, since the source Web Filter server can no longer verify user credentials.
Page 70: Use A Backup File To Set Up A Source Server
3: S NTRODUCTORY ECTION HAPTER YNCHRONIZING ULTIPLE NITS Use a Backup File to Set up a Source Server In the event of a source server failure, the global adminis- trator should designate a target server as the new source server. Set up a Target Server as a Source Server 1.
Page 71: Set Up A Replacement Target Server
3: S NTRODUCTORY ECTION HAPTER YNCHRONIZING ULTIPLE NITS Set up a Replacement Target Server Once the original source server is replaced or repaired, it can then be configured to replace the empty spot created by the movement of the target server to the position of source server.
Page 72: Chapter 4: Getting Started
SSL certificate for the unit generated to ensure a secure network connection. NOTE: If you do not have the M86 IR Installation Guide, contact M86 Security immediately to have a copy sent to you. Using the Administrator Console Access the Web Filter Login window...
Page 73: Access The Web Filter From The Ir Portal
4: G NTRODUCTORY ECTION HAPTER ETTING TARTED Access the Web Filter from the IR Portal 1. Launch an Internet browser window supported by the Web Filter. 2. In the address line of the browser window, type in “https://” and the IR server’s IP address or host name, and use port number “:1443”...
Page 74 4: G NTRODUCTORY ECTION HAPTER ETTING TARTED name, and use port number “:1443” for a secure network connection, plus “/login.jsp”. For example, if your IP address is 210.10.131.34, type in https://210.10.131.34:1443/login.jsp. Using a host name example, if the host name is logo.com, type in https://logo.com:1443/login.jsp.
Page 75: Last Library Update Message
4: G NTRODUCTORY ECTION HAPTER ETTING TARTED Fig. 1:4-3 Welcome screen On this screen, the Web Filter Version Number displays in the Product frame, and dates for the Last Software Update and Last Library Update display in the Web Filter Status frame.
Page 76 4: G NTRODUCTORY ECTION HAPTER ETTING TARTED After the libraries are updated, today’s date will appear as the Last Library Update on the welcome screen. NOTE: Refer to the Library screen’s Manual Update to M86 Supplied Categories window—in the Global Group Section—for information about updating library categories on demand.
Page 77: Navigation Tips
4: G NTRODUCTORY ECTION HAPTER ETTING TARTED Navigation Tips Access Main Sections The Administrator console is organized into six sections, each accessible by clicking the corresponding link in the navigation toolbar at the top of the screen: • Home - clicking this link displays the Welcome screen of the Administrator console.
Page 78 4: G NTRODUCTORY ECTION HAPTER ETTING TARTED • Help - clicking this link displays the Help screen. This screen includes navigation tips and a link to a page where you can access the latest user guides (in the .pdf format) for this application: Fig.
Page 79: Help Features
4: G NTRODUCTORY ECTION HAPTER ETTING TARTED Help Features Help features provide information about how to use windows in the Administrator console. Such features include help topics and tooltips. Access Help Topics Each of the main section screens contains a link beneath the banner.
Page 80: Tooltips
4: G NTRODUCTORY ECTION HAPTER ETTING TARTED Tooltips In any window that features the icon in the navigation path bar beneath the banner, additional information about that window can be obtained by hovering over that icon with your mouse, or by pressing the F1 key on your keyboard. •...
Page 81 4: G NTRODUCTORY ECTION HAPTER ETTING TARTED • Help pop-up box The Help pop-up box opens when you press the F1 key on your keyboard: Fig. 1:4-8 Help pop-up box Click OK to close the pop-up box. M86 S ECURITY UIDE...
Page 82: Screen And Window Navigation
4: G NTRODUCTORY ECTION HAPTER ETTING TARTED Screen and Window Navigation All screens are divided into two panels: a navigation panel to the left, and a window in the panel to the right. Windows display in response to a selection made in the navigation panel.
Page 83: Select Sub-Topics
4: G NTRODUCTORY ECTION HAPTER ETTING TARTED Select Sub-topics Some topics in Library and System screens consist of more than one window. For these topics, clicking a topic link opens a menu of sub-topics: Fig. 1:4-10 Sub-topics menu When a sub-topic from this menu is selected, the window for that sub-topic displays in the right panel of the screen.
Page 84: Navigate A Tree List
4: G NTRODUCTORY ECTION HAPTER ETTING TARTED Navigate a Tree List Tree lists are included in the navigation panel of Policy and Library screens. Fig. 1:4-11 Tree menu A tree is comprised of a hierarchical list of items. An entity associated with a branch of the tree is preceded by a plus (+) sign, when that branch of the tree is collapsed.
Page 85: Tree List Topics And Sub-Topics
4: G NTRODUCTORY ECTION HAPTER ETTING TARTED Tree List Topics and Sub-topics Policy and Library tree lists possess a menu of topics and sub-topics. Topics in the tree list display by default when the tree is opened. Examples of tree list topics are circled in Fig. 1:4- When a tree list topic is selected and clicked, a menu of sub- topics opens: Fig.
Page 86: Navigate A Window With Tabs
4: G NTRODUCTORY ECTION HAPTER ETTING TARTED Navigate a Window with Tabs In each section of the console, there are windows with tabs. When selecting a window with tabs from the navigation panel, the main tab for that window displays. Entries made in a tab must be saved on that tab, if the tab includes the Apply button.
Page 87: Console Tips And Shortcuts
4: G NTRODUCTORY ECTION HAPTER ETTING TARTED Console Tips and Shortcuts The following list of tips and shortcuts is provided to help you use windows in the Administrator console with greater efficiency. Navigation Path The navigation path displays at the top of each window: Fig.
Page 88: Select Multiple Items
4: G NTRODUCTORY ECTION HAPTER ETTING TARTED Select Multiple Items When moving several items from one list box to another, or when deleting several items, the Ctrl and Shift keys can be used to expedite this task. • Ctrl Key To select multiple items from a list box, click each item while pressing the Ctrl key on your keyboard.
Page 89: Calculate Ip Ranges Without Overlaps
4: G NTRODUCTORY ECTION HAPTER ETTING TARTED Calculate IP Ranges without Overlaps The Calculator button displays on windows in which IP ranges are entered. These windows include: Range to Detect and Members windows from the Policy section, and Block Page Route Table window from the System section. Fig.
Page 90: Re-Size The User Interface
4: G NTRODUCTORY ECTION HAPTER ETTING TARTED 2. After making a note of the information in this pop-up window, click Close to close the IP Calculator. Re-size the User Interface For greater ease in viewing content in any screen, re-size the browser window by placing your cursor at any edge or corner of the user interface, left clicking, and then dragging the cursor to the left or right, or inward or outward.
Page 91: Global Administrator Section
LOBAL DMINISTRATOR ECTION NTRODUCTION LOBAL DMINISTRATOR ECTION Introduction The Global Administrator Section of this user guide is comprised of four chapters, based on the layout of the Administrator console. This section is used by the autho- rized global administrator of the Web Filter for configuring and maintaining the Web Filter server.
Page 92: Chapter 1: System Screen
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Chapter 1: System screen The System screen is comprised of windows used for configuring and maintaining the server to authenticate users, and to filter, log, or block specified Internet content for each user based on an applied filtering profile. Fig.
Page 93 1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN NOTES: If the synchronization feature is used and a Web Filter is set up in the Source mode, the CMC Management topic and associated sub-topics are also available. If the synchronization feature is used and a Web Filter is set up in the Target mode to synchronize both profile and library setting changes, settings in the Filter window and Customization windows cannot be edited, and the following topics and any asso-...
Page 94: Control
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Control Control includes options for controlling basic Web Filter server functions. Click the Control link to view a menu of sub-topics: Filter, Block Page Authentication, ShutDown, and Reboot. Filter window The Filter window displays when Filter is selected from the Control menu.
Page 95: Local Filtering
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN clients such as Google Web Accelerator and proxy patterns that bypass filtering (see http://www.m86security.com/ software/8e6/hlp/r3000/files/1system_proxy_block .html for a list of proxy pattern types set up to be blocked. When using this feature, the Pattern Detection Whitelist window can be used for setting up IP addresses to bypass pattern filtering (see Pattern Detection Whitelist window in Chapter 3: Library screen).
Page 96: Enable Local Filtering Options
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Enable Local Filtering Options To enable Local Filtering, click “On”. The server will filter the specified Range to Detect on the network. To enable the detection of VLAN traffic on the network, at VLAN Detection, click “On”.
Page 97: Https Filtering
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN HTTPS Filtering Specify your preference for filtering HTTPS sites in the HTTPS Filtering frame. Select from the following settings for the HTTPS Filtering Level: • “None” - if you do not want the Web Filter to filter HTTPS sites •...
Page 98: Service Control
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN NOTE: After making all entries in this window, click Apply. Service Control In the Service Control frame, indicate whether or not Pattern Blocking with be enabled or disabled. Enable Pattern Blocking By default, Pattern Blocking is disabled. Click “On” to block the usage of clients such as Google Web Accelerator and various proxy pattern types on end user workstations that bypass filtering, and to log IM and P2P activity of end users...
Page 99: Disable Pattern Blocking
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN To create a whitelist of pattern IP addresses, see the Pattern Detection Whitelist window in Chapter 3: Library screen. Disable Pattern Blocking Click “Off” to disable Pattern Blocking. NOTE: After making all entries in this window, click Apply. Target(s) Filtering The Target(s) Filtering frame only displays if the Web Filter currently being configured is set up in the Source mode for...
Page 100: Block Page Authentication Window
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Block Page Authentication window The Block Page Authentication window displays when Block Page Authentication is selected from the Control menu. This feature is used for entering criteria the Web Filter will use when validating a user’s account.
Page 101: Enter, Edit Block Page Options
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Enter, Edit Block Page Options NOTE: If you are not using authentication, and/or if your users do not have override accounts set up, you do not need to select any option at the Re-authentication Options field. 1.
Page 102: Block Page
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN 2. If the Re-authentication option was selected, in the Logon Script Path field, \\PDCSHARE\scripts displays by default. In this field, enter the path of the logon script that the Web Filter will use when re-authenticating users on the network, in the event that a user's machine loses its connection with the server, or if the server is rebooted.
Page 103 Support page that explains why access to the site or service may have been denied. • M86 Security - Clicking this link takes the user to M86’s Web site. By default, these links are included in the block page under the following conditions: •...
Page 104: Options Page
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Email Address field populates the “To” field. The user’s message is submitted to the global administrator. Options page The Options page displays when the user clicks the following link in the block page: For further options, click here.
Page 105: Option 2
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN The frame beneath the User/Machine frame includes infor- mation for options (1, 2, and/or 3) based on settings made in this window and the Common Customization window. NOTE: Information about Option 1 is included in the M86 Web Filter Authentication User Guide.
Page 106: Option 3
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN The user should click the logon.bat icon to run a script that will re-authenticate his/her profile on the network. Option 3 Option 3 is included in the Options page, if “Override Account” was selected at the Re-authentication Options field.
Page 107: Shutdown Window
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN ShutDown window The ShutDown window displays when ShutDown is selected from the Control menu. This window is used for powering off the server. Fig. 2:1-8 ShutDown window Shut Down the Server In the ShutDown frame, click ShutDown to power off the server.
Page 108: Reboot Window
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Reboot window The Reboot window displays when Reboot is selected from the Control menu. This window is used for reconnecting the server on the network. Fig. 2:1-9 Reboot window Reboot the Server 1.
Page 109 1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN The Server connected alert box also opens, informing you that the server is connected, and that you must restart the server. 3. Click OK to close the Web Filter ready alert box. 4.
Page 110: Network
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Network Network includes options for configuring the Web Filter on the network. Click the Network link to view a menu of sub- topics: LAN Settings, NTP Servers, Regional Setting, and Block Page Route Table. LAN Settings window The LAN Settings window displays when LAN Settings is selected from the Network menu.
Page 111: Specify Lan Settings
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Specify LAN Settings 1. In the Host Name field, enter up to 50 alphanumeric characters for the name of the host for this server, such as wf.logo.com. 2. Specify the following information, as necessary: •...
Page 112: Ntp Servers Window
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN NTP Servers window The NTP Servers window displays when NTP Servers is selected from the Network menu. This window is used for specifying IP addresses of servers running Network Time Protocol (NTP) software. NTP is a time synchronization system for computer clocks throughout the Internet.
Page 113: Specify Network Time Protocol Servers
2. Click Delete. 3. Click Apply to apply your settings. WARNING: If using the Web Filter with the M86 Security Reporter or M86 Enterprise Reporter unit, be sure that device is connected to the same NTP servers as the Web Filter.
Page 114: Regional Setting Window
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Regional Setting window The Regional Setting window displays when Regional Setting is selected from the Network menu. This window is used for specifying the time zone to be used by the Web Filter and the language set type, if necessary.
Page 115: Block Page Route Table Window
HAPTER YSTEM SCREEN WARNING: If using the Web Filter with an M86 Security Reporter or M86 Enterprise Reporter unit, be sure each Web Filter used by the SR or ER is set up in the same time zone as the SR or ER.
Page 116: Add A Router
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Add a Router In the Route Table frame: 1. Enter the IP address. 2. Select the network subnet Mask from the pull-down menu. 3. In the Gateway field, enter the IP address of the portal to which packets will be transferred to and from the Internet.
Page 117: Administrator
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Administrator Administrator window The Administrator window displays when Administrator is selected from the navigation panel. This window is used for adding and maintaining global administrator (Admin), group administrator (Sub Admin), and help desk administrator (Help Desk) accounts.
Page 118: View Administrator Accounts
M86 recommends that you retain this default account and pass- word in the event that the Web Filter cannot be accessed. An authorized M86 Security technical representative may need to use this username and password when troubleshooting the unit. WARNING: Always be sure that at least one account is listed in this window at all times.
Page 119: Edit An Administrator Account
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Edit an Administrator Account To change an administrator’s password and/or account type: 1. Select the username from the Current User list box; this action populates the Account Details frame with data. 2. In the Password field, enter eight to 20 characters for a new password—including at least one alpha character, one numeric character, and one special character.
Page 120: Secure Logon
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Secure Logon Secure Logon includes options for setting user passwords to expire after a designated number of days, and/or locking out users from the Web Filter after unsuccessfully attempting to log in for the specified number of attempts within the defined timespan.
Page 121: Enable, Disable Password Expiration
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Enable, Disable Password Expiration In the Logon Expiration frame, at the Number of days prior to expiration [1-365] field, specify the number of days logon passwords will be effective by doing one of the following: •...
Page 122: Enable, Disable Account Lockout
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Enable, Disable Account Lockout 1. In the Logon Options frame, enable any of the following options: • At the Lockout by Username field, click the radio button corresponding to either of the following options: •...
Page 123 1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN • At the Failed Password Attempts Timespan (in minutes) [1-1440] field—with the Lockout by User- name and/or Lockout by IP address option(s) enabled—enter the number of minutes that defines the interval in which a user can enter an incorrect pass- word—as specified in the Allowable Number of Failed Password Attempts [1-10] field—before being locked out of the Web Filter.
Page 124: Logon Management
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Logon Management The Logon Management window displays when Logon Management is selected from the Secure Logon menu. This window is used for viewing the status of user accounts— including the date passwords will expire, and which user- names/IP addresses are currently locked out of the Web Filter user interface—and for unlocking usernames and IPs currently locked out of the Web Filter.
Page 125: View User Account Status, Unlock Username
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN View User Account Status, Unlock Username View Account Status The All Accounts Status frame displays password statuses of current login accounts set up in this Web Filter being configured, including: • Account Name - username •...
Page 126: Unlock A Username
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Unlock a Username To unlock a username: 1. Select the Account Name from the All Accounts Status frame by clicking on it to highlight it. 2. Click Unlock to open the dialog box asking if you wish to proceed with this action.
Page 127: View Admin, Sub Admin User Interface Access
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN View Admin, Sub Admin User Interface Access To view the areas of the user interface accessible by a global administrator, LDAP group administrator, or help desk administrator: 1. Select the Admin, Sub Admin, or Help Desk username from the list.
Page 128: Diagnostics
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Diagnostics Diagnostics includes options for setting up or running processes for maintaining the server. Click the Diagnostics link to view a menu of sub-topics: System Command, View Log File, Troubleshooting Mode, Active Profile Lookup, and Admin Audit Trail.
Page 129: Perform A Diagnostic Test, View Data
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Perform a Diagnostic Test, View Data 1. Select a diagnostic tool from the Command pull-down menu: ping(Ping), traceroute(Trace Route), ps(Process list), top(TOP CPU processes), ifconfig(NIC configura- tion), netstat(active connections), netstat(routing table), free(current memory usage), iostat(CPU usage), sar(system performance), recent logins, uptime(system uptime), df(disk usage), and dmesg(print kernel ring buffer).
Page 130: Command Selections
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Command Selections Ping The Ping diagnostic tool is used for verifying whether the Web Filter can communicate with a machine at a given IP address within the network, and the speed of the network connection.
Page 131: Top Cpu Processes
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN TOP CPU processes The TOP CPU processes diagnostic tool is used for analyzing how much memory and CPU power is being consumed by which processes. When Execute is clicked, the pop-up window displays the following information: the load average, number of processes that can run, current utilization by CPUs on the system, and memory and swap file space currently being used and currently available.
Page 132: Current Memory Usage
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Current memory usage When Current Memory Usage is selected and Execute is clicked, the pop-up window shows the amount of memory being used, and the amount of memory available for three intervals of one second each. CPU usage The CPU Usage diagnostic tool shows information on disk usage.
Page 133: System Uptime
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN System uptime The System uptime diagnostic tool is used for showing the amount of time the Web Filter has been "up" and running. When Execute is clicked, the pop-up window displays a row of data showing the current time, the amount of time the Web Filter has been up, the number of users, and the load averages for the past 1, 5 and 15 minute intervals.
Page 134: View Log File Window
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN View Log File window The View Log File window displays when View Log File is selected from the Diagnostics menu. This window is used for viewing the most recent log file results of various activi- ties and for troubleshooting.
Page 135 1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN • “Error Log (error.log)” - used only if an Alternate IP Address is being used in the Block Page Route frame of the Operation Mode window. This log only displays information if the IP address used for sending block pages is not being reconciled with the MAC address of the NIC card.
Page 136: Troubleshooting Mode Window
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Troubleshooting Mode window The Troubleshooting Mode window displays when Trouble- shooting is selected from the Diagnostics menu. This window is used if the server is not sending or receiving packets as normal. Fig.
Page 137: Use The Troubleshooting Mode
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Use the Troubleshooting Mode 1. Click Enable to begin working in the troubleshooting mode. 2. In the Packet Logging frame, select the Packet Logging Time from the available selections (10 seconds, 30 seconds, 60 seconds).
Page 138: Active Profile Lookup Window
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN 8. After performing the fixes on the Web Filter, return to this window and click Disable to resume filtering the network. Active Profile Lookup window The Active Profile Lookup window displays when Active Profile Lookup is selected from the Diagnostics menu.
Page 139: Verify Whether A Profile Is Active
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Verify Whether a Profile is Active 1. In the User IP/MAC Address field, enter the IP address or MAC address of the end user. 2. Click Lookup to verify whether or not a profile is active for that IP/MAC address.
Page 140 1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN • Global profile - Global Group Profile • Override profiles - Override Account profile • Lock profiles - X Strikes Blocking lock out profile • Time profiles - Time Profile • TAR profile - Threat Analysis Reporter lock out profile •...
Page 141 1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN message and agreeing to its terms. • Block - URLs in this category will be blocked. • Quota - If a number displays in this column, the corresponding category group/library category was set up as passed but with a time limit, as defined by the number of minutes in that column.
Page 142: Admin Audit Trail Window
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN • Filter Options (optional) - filter options to be used in the user’s profile: “X Strikes Blocking”, “Google/Bing/ Yahoo!/Youtube/Ask/AOL Safe Search Enforcement”, “Search Engine Keyword Filter Control”, and/or “URL Keyword Filter Control” with/without the “Extend URL Keyword Filter Control”...
Page 143: Specify Ftp Criteria
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Specify FTP Criteria 1. Enter the IP address of the FTP Server. 2. The log will be sent to the current default directory, unless a Remote Directory is specified. 3. At the Transfer Mode field, “Passive” is selected by default, indicating that transfers will be made via unre- stricted outgoing network connections.
Page 144: View
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN View View the Log of Administrator Changes To view the log, click the View tab: Fig. 2:1-27 Admin Audit Trail window, View tab Click View Log to display data on recent activity. For each change made on the server, the log will contain the date and time the change was made (Time), IP address of the machine used by the administrator, administrator's User-...
Page 145: Alert
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Alert Alert includes options for setting up alert emails that notify designated individuals of problems on the network. Click the Alert link to view a menu of sub-topics: Alert Settings, and SMTP Server Settings. Alert Settings window The Alert Settings window displays when Alert Settings is selected from the Alert menu.
Page 146 1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN trator in troubleshooting the problem. In most cases, the reload procedure will fix the error, and no futher interven- tion will be required. However, if the error is not fixed— such as if a misconfiguration was made that causes a process to be unable to load on the system—the Web Filter repeats this procedure until an administrator fixes the error.
Page 147: Enable The Alert Feature
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Enable the Alert Feature By default, the “Disable” radio button is selected. To enable the feature for sending automated email notifications: 1. Click the “Enable” radio button to activate all elements in the Emergency Email Notification frame.
Page 148: Smtp Server Settings Window
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN SMTP Server Settings window The SMTP Server Settings window displays when SMTP Server Settings is selected from the Alert menu. This window is used for entering settings for the Simple Mail Transfer Protocol that will be used for sending email alert messages to specified administrators.
Page 149: Verify Smtp Settings
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN 4. By default, Authentication is disabled. Click “Enable” if a username and password are required for logging into the SMTP server. This action activates the fields below. Make the following entries: a. Enter the Username. b.
Page 150: Software Update
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Software Update Software Update includes options for uploading software updates. Click the Software Update link to view a menu of sub-topics: Local Software Update, and Software Update Log. Local Software Update window The Local Software Update window displays when Local Software Update is selected from the Software Update menu.
Page 151: Read Information About A Software Update
HAPTER YSTEM SCREEN TIP: Click the link (“here”) at the bottom of the window to go to the Web page at M86 Security’s public site (http:// www.m86security.com/support/wf/upgrade.asp) where release notes about software updates can be obtained. Read Information about a Software Update...
Page 152 1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Fig. 2:1-33 Software update installation dialog box 3. Click Yes to open the EULA dialog box: Fig. 2:1-34 EULA dialog box 4. After reading the contents of the End User License Agreement, click Yes if you agree to its terms. This action closes the EULA dialog box and opens the alert box veri- fying the software update application process: M86 S...
Page 153 1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Fig. 2:1-35 Software update verification message box NOTE: To verify whether or not a software update has been successfully applied, go to the View Log File window and select “Software Update Log (patch.log)”. See View Log File window for more information.
Page 154: Undo An Applied Software Update
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Undo an Applied Software Update NOTE: Only the most recently applied software update can be uninstalled. WARNING: If a software update is uninstalled, configuration settings will revert to the previous settings, before the software update was applied.
Page 155: View Log Contents
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN View Log Contents Click View Log to display contents of the log in the frame below with the status of the software update. Download Log, View, Print Contents Download the Log 1. Click Download Log to open the alert box containing a message on how to download the log file to your worksta- tion, if using Windows XP.
Page 156: View The Contents Of The Log
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN View the Contents of the Log Once the software update log file has been downloaded to your workstation, you can view its contents. 1. Find the log file in the folder, and right-click on it to open the pop-up menu: Fig.
Page 157 1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN 3. If using WinZip, click I Agree to open the window containing the zip file: Fig. 2:1-40 WinZip window 4. Right-click the zip file to open the pop-up menu, and choose “View” to open the View dialog box: Fig.
Page 158: Save, Print The Log File Contents
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Save, Print the Log File Contents With the log file displaying correctly formatted in WinZip’s View window, if you wish to save or print the contents of this file: 1. Click Clipboard Copy, wait for the dialog box to open and confirm that the text has been copied to the clip- board, and then click OK to close the dialog box.
Page 159: Synchronization
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Synchronization By default, the Synchronization pop-up menu includes the Setup option that lets you specify the Web Filter server’s function on the network: whether it will be a stand alone box, or whether it will send profile/library setting changes to—or receive such setting changes from—another Web Filter.
Page 160: Setup Window
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Setup window The Setup window displays when Setup is selected from the Synchronization menu. This window is used for establishing the function of the Web Filter, especially if there is more than one Web Filter on the network.
Page 161: Using Only One Web Filter On The Network
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Using Only One Web Filter on the Network By default, the “Stand Alone” mode is selected in the Mode frame. This indicates that all settings on the Web Filter that is currently being configured apply only to that Web Filter. For the Stand Alone mode setting: 1.
Page 162 1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Fig. 2:1-44 Setup window, Source mode 2. At the Selective Synchronization field, by default “All” is selected. This choice includes both profile and library setting changes. Choose “Library” if only library category additions/deletions (including search engine keywords and URL keywords additions/deletions)—and not profiles—should be synced to target servers.
Page 163 1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN • The mobile mode cannot be used • If “Library” Selective Synchronization is enabled, end users for the failed Web Filter “node” might be given the Global Group Profile instead of their active filtering profiles •...
Page 164: Sync All Target Servers With The Same Settings
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN • To remove an IP address from the list box, select it and click Remove Target. NOTE: This test only verifies whether this server can contact the target server(s). In order for synchronization to be operable on the network, the target server(s) must also be able to contact this source server being configured.
Page 165: Set Up A Web Filter To Be A Target Server
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN NOTE: See the Backup/Restore window for information on restoring data to a server. Set up a Web Filter to be a Target Server A Web Filter configured to be a target server will receive profile/library setting changes from the source server only.
Page 166 1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN NOTE: If a source server is set up with a NAT device, the NAT IP address must be used instead of the source server’s own IP address. 3. Click Test Source to open an alert box that provides the server mode status for the IP address you entered.
Page 167: Status Window
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Status window The Status window displays when Status is selected from the Synchronization menu. This menu selection is available only if this server currently being configured is either set up in the Source mode or Target mode. If set up in the Source mode, this window is used for veri- fying that profile updates are being sent to the target server(s), as in the example below:...
Page 168: View The Sync Status Of Targets From The Source
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN View the Sync Status of Targets from the Source If the server is set up in the Source mode, the Web Filter System Time displays at the top of the Target(s) Status frame.
Page 169: View Items Previously Synced To The Server
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Fig. 2:1-47 Queue of Target pop-up window 2. Click Close to close the pop-up window. View Items Previously Synced to the Server To view items previously synced to a specified target server: 1.
Page 170: Place Items In Queue For Syncing
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Place Items in Queue for Syncing To place new sync items in queue for the target server(s), click Test Sync. View the Sync Status of the Target Server If the server is set up in the Target mode, the Web Filter System Time displays above the Target Sync Status frame.
Page 171 1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN • Last Successful Sync - The date and time of the last successful synchronization displays, using the YYYY/ MM/DD and HH:MM:SS format. • History Log - Click the Details button to open the History of Target pop-up window.
Page 172: Mode
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Mode Mode includes options for configuring the Web Filter to filter the network. Click the Mode link to view a menu of sub- topics: Operation Mode and Proxy Environment Settings. Operation Mode window The Operation Mode window displays when Operation Mode is selected from the Mode menu.
Page 173: Set The Operation Mode
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Set the Operation Mode The default Mode setting is “Invisible”. To change this setting, click the radio button corresponding to “Router”, “Firewall”, “ICAP”, or “Mobile Only”. Selecting ICAP would make the Web Filter function in a capacity other than filtering users on the network.
Page 174: Invisible Option: Specify The Block Page Delivery
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN NOTES: After making all selections in this window, click Apply. The LAN IP address saved for the Device to send block page will display in the IP field at the bottom of the Administrator console. Invisible Option: Specify the Block Page Delivery The Block Page Delivery Method frame displays if the Invis- ible operation mode is selected.
Page 175: Icap Option: Specify Icap Server Settings
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN NOTES: The Current MAC Address displays if there is a resolu- tion between the IP address and the MAC address of the router or device used for serving block pages. If an Alternate IP Address is used, that address must be resolved with the MAC address in order for block pages to be served to client PCs.
Page 176 1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN 2. In the URI field, enter the Uniform Resource Identifier that must specify the complete hostname and path of the resource being requested. For example: icap:// icap.logo.com:1344/services/icap-services NOTE: This string must match what is set up on the ICAP server in order for the ICAP client's request to be accepted by the ICAP server.
Page 177: Mobile Options: Specify The Mobile Client Control
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Mobile Options: Specify the Mobile Client Control The Mobile Client Control frame displays if the Mobile Only operational mode or the Mobile option is selected. Either selection should be made if this Web Filter will additionally filter end user workstations physically located outside of the organization.
Page 178: Use A Local Proxy Server
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN NOTE: Basic Proxy Authentication must be used if using HTTPS in a proxy environment. The Web Filter has been tested with ISA, Blue Coat, and Squid proxies. Use a Local Proxy Server In the Proxy Setting frame, the default setting is “Off”.
Page 179: Authentication
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Authentication Authentication includes options for configuring the Web Filter to authenticate and re-authenticate users on the network. Click the Authentication link to view a menu of sub- topics: Enable/Disable Authentication, Authentication Settings, and Authentication SSL Certificate. NOTES: Information about these sub-topics can be found in the M86 Web Filter Authentication User Guide.
Page 180: Backup/Restore
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Backup/Restore Backup/Restore window The Backup/Restore window displays when Backup/ Restore is selected from the navigation panel. This window is used for saving configuration settings and/or custom library additions/deletions on or off the server, and for restoring these settings/modifications later, if necessary.
Page 181: Backup Procedures
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN TIPS: The order in which columns display in the grid can be changed by clicking the column header and sliding the column to another position in the grid. To change the sort order, click the header of a column. All rows will sort in order by that column.
Page 182: Perform A Backup On Demand
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Perform a Backup on Demand 1. In the Manual Backup frame on the Backup tab, click Backup to open the Web Filter Backup dialog box: Fig. 2:1-53 Web Filter Backup dialog box 2.
Page 183: Schedule A Backup
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Schedule a Backup Configure FTP Server Settings 1. In the Server Configuration section of the Scheduled Backup frame, enter the IP address of the Remote Server. 2. In the FTP Directory field, enter the path where log files will be stored.
Page 184: Create A Backup Schedule
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Create a Backup Schedule 1. In the Recurrence Schedule section of the Scheduled Backup frame, click Schedule to open the Scheduled Backup pop-up box: Fig. 2:1-54 Scheduled Backup pop-up box 2. In the Recurrence duration time frame, specify Start and End time range criteria: a.
Page 185 1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN In this pop-up box you can do the following: • Click the left or right arrow at the top of this box to navigate to the prior month or the next month. •...
Page 186 1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN • Monthly - If this selection is made, first enter the interval for the months this time profile will be used, and next specify which day of the month: • If Day is chosen, select from “1” - “31”. •...
Page 187: Remove A Backup Schedule
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN “Weekday”, “Weekend” - month: “January” - “December”. By default, the “First” “Sunday” of “January” are selected. If 2 is entered and the “First” “Monday” of “June” are selected, this profile will be used every two years on the first Monday in June.
Page 188: Download A File
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Download a File To download a file to your machine: 1. In the Restore tab, select the file from the Backup Config- urations grid: Fig. 2:1-55 Backup/Restore window, Restore tab 2. Click Download to open the alert box containing a message on how to download the log file to your worksta- tion, if using Windows XP.
Page 189: Perform A Restoration
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Perform a Restoration To restore backup data to the server, the backup file must be listed in the Backup Configurations grid in the Restore tab, and the restoration function must be executed. If the backup file is not included in the Backup Configurations grid, you must upload it to the server.
Page 190: Restore Configurations To The Server
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN 2. Click Browse... to open the Choose file window. 3. Select the file to be uploaded. After the file is selected, the Choose file window closes. 4. In the pop-up window, type in a Comment about the file. 5.
Page 191: View Backup And Restoration Details
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN View Backup and Restoration Details To view details on backup and/or restoration activities: 1. Click Log to open the Backup/Restore Log pop-up box: Fig. 2:1-57 Backup/Restore pop-up box The pop-up box includes rows of data about backup and restore processes performed via the Backup/Restore window.
Page 192: Reset
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Reset Reset window The Reset window displays when Reset is selected from the navigation panel. This function, used for resetting the server to factory default settings, is not available in IR. Fig. 2:1-58 Reset window M86 S ECURITY UIDE...
Page 193: Radius Authentication Settings
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Radius Authentication Settings Radius Authentication Settings window The Radius Authentication Settings window displays when Radius Authentication Settings is selected from the naviga- tion panel. This window is used for controlling filtering levels of dial-up users.
Page 194: Enable Radius
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Access Server or proxy server) that sends accounting request packets to the external Radius accounting server. Enable Radius The Radius Mode is “Off” by default. To use Radius, click the “On” radio button. This action displays the Radius Authentication Settings frame.
Page 195: Apply Settings
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN • Check the box for Use Web Filter IP as Source IP, if the IP address of the Web Filter (LAN1 or LAN2) should be used when forwarding packets instead of the IP address of the NAS. To disable the Forward Mode option, click the “Off”...
Page 196: Snmp
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN SNMP SNMP window The SNMP window displays when SNMP is selected from the navigation panel. This feature lets the global adminis- trator use a third party Simple Network Management Protocol (SNMP) product for monitoring and managing the working status of the Web Filter's filtering on a network.
Page 197: Specify Monitoring Settings
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Specify Monitoring Settings Set up Community Token for Public Access Enter the password to be used as the Community token for public access. This is the password that the manage- ment Web Filter console would use when requesting access.
Page 198: Hardware Failure Detection
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Hardware Failure Detection Hardware Failure Detection window The Hardware Failure Detection window displays when Hardware Failure Detection is selected from the navigation panel. This option is not available on the IR. Fig. 2:1-61 Hardware Failure Detection window M86 S ECURITY UIDE...
Page 199: Strikes Blocking
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN X Strikes Blocking X Strikes Blocking window The X Strikes Blocking window displays when X Strikes Blocking is selected from the navigation panel. This feature lets a global administrator set criteria for blocking a user's access to “unacceptable”...
Page 200: Configuration
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Configuration Set up Blocking Criteria 1. At Reset the X-Strike count upon authentication, “Off” is selected by default. To have all strikes reset before an end user is authenticated, click “On”. 2. Enter the Maximum Strikes Before “Locking” the Workstation.
Page 201: Reset All Workstations
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN To specify a different page, click “Custom URL” and enter the URL in the text box. 7. Click Save to save your configuration settings. Reset All Workstations The following buttons can be clicked to reset workstations: •...
Page 202: Overblocking Or Underblocking
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN The following information might also display in the lock page: “You have been denied access according to your organization's Internet Usage Policy. As a result, your Internet privileges were temporarily suspended for a total of ‘X’...
Page 203 1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN her workstation for five minutes. However, since the toler- ance timer is set at four seconds, a user could potentially receive five strikes within 16 seconds if he/she accesses a page with multiple, inappropriate images and/or links that load on each page within four seconds.
Page 204: Email Alert
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Email Alert Click the Email Alert tab to display Email Alert: Fig. 2:1-64 X Strikes Blocking window, Email Alert tab Set up Email Alert Criteria 1. In the Minutes Past Midnight Before Starting Time Interval (0-59) field, enter the number of minutes past midnight that a locked workstation email alert will first be sent to the specified recipient(s).
Page 205: Set Up Email Alert Recipients
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Fig. 2:1-65 The Daily Schedule pop-up window Click Close to close the pop-up window. 3. Click Save to save the field entries. Set up Email Alert Recipients 1. Enter the Email Address of an individual who will receive locked workstation email alerts.
Page 206: Logon Accounts
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Logon Accounts Click the Logon Accounts tab to display Logon Accounts: Fig. 2:1-66 X Strikes Blocking window, Logon Accounts tab Set up Users Authorized to Unlock Workstations 1. Enter the Username of a staff member who is authorized to unlock workstations.
Page 207: Deactivate An Authorized Logon Account
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Deactivate an Authorized Logon Account To deactivate an authorized user’s account: 1. Select the username from the Current Accessible Users list box. 2. Click Disable to move the username to the Current Un- Accessible Users list box.
Page 208: Categories
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Categories Click the Categories tab to display Categories: Fig. 2:1-67 X Strikes Blocking window, Categories tab Set up Categories to Receive Strikes or No Strikes 1. Select library categories from the “No Strike” Categories list box.
Page 209: Go To X Strikes Unlock Workstation Gui
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Go to X Strikes Unlock Workstation GUI When any administrator clicks the X Strikes Blocking icon or Go to X Strikes Unlock Workstation GUI, either the Re-login window or the X Strikes Unlock Workstation pop-up window opens.
Page 210: Strikes Unlock Workstation
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN X Strikes Unlock Workstation The following information displays in the X Strikes Unlock Workstation pop-up window: IP Address, User Name, and Expire Date/Time of currently locked workstations. Fig. 2:1-69 X Strikes Unlock Workstation window Unlock a Workstation To unlock a specified workstation: 1.
Page 211 1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN NOTE: An authorized staff member can click a link in an email alert, or type in http://x.x.x.x:88/XStrike.html in the address field of a browser window—in which “x.x.x.x” is the IP address of the Web Filter—to view locked workstation criteria.
Page 212: Set Up An Email Address To Receive Alerts
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Set up an Email Address to Receive Alerts To send locked workstation information to a designated administrator: 1. Enter the email address in the Email Address to be Subscribed/Unsubscribed text box. 2. Click Subscribe. Remove an Email Address from the Alert List To remove an administrator's email address from the notifi- cation list:...
Page 213: Warn Option Setting
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Warn Option Setting Warn Option Setting window The Warn Option Setting window displays when Warn Option Setting is selected from the navigation panel. This feature lets a global administrator specify the number of minutes for the interval of time in which a warning page will redisplay for the end user who accesses a URL in a library category with a Warn setting for his/her profile.
Page 214: Specify Interval For Re-Displaying The Warn Page
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN NOTES: If using the synchronization feature, the Warn Option Setting window is available in the Stand Alone and Source mode. This topic does not display if this server being configured is set up in the Target mode to synchronize both profile and library setting changes.
Page 215: Common Customization Window
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Common Customization window The Common Customization window displays when Common Customization is selected from the Customization menu. This window is used for specifying elements to be included in block, lock, profile, and warning pages, and/or the authentication request form the end user will see.
Page 216: Enable, Disable Features
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Enable, Disable Features 1. Click “On” or “Off” to enable or disable the following elements in the HTML pages, and make entries in fields to display customized text, if necessary: • Username Display - if enabled, displays “User/ Machine”...
Page 217 1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN • Help Link URL - By default, http:// www.m86security.com/support/r3000/accessde- nied.asp displays as the help link URL. Enter the URL to be used when the end user clicks the help link text (specified in the Help Link Text field). •...
Page 218: Lock Page Customization Window
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Lock Page Customization window The Lock Page Customization displays when Lock Page is selected from the Customization menu. This window is used with the X Strikes Blocking feature, and lets you customize text in the lock page end users will see when attempting to access Internet content blocked for their profiles, and their workstations are currently locked.
Page 219: Edit Entries, Setting
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Edit Entries, Setting 1. Make an entry in any of the following fields: • In the Header field, enter a static header to be displayed at the top of the lock page. •...
Page 220: Preview Sample Lock Page
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Preview Sample Lock Page 1. Click Preview to launch a separate browser window containing a sample customized lock page, based on entries saved in this window and in the Common Customization window: Fig.
Page 221: Block Page Customization Window
DMINISTRATOR ECTION HAPTER YSTEM SCREEN • M86 Security - Clicking this link takes the user to M86’s Web site. 2. Click the “X” in the upper right corner of the window to close the sample customized lock page. TIP: If necessary, make edits in the Lock Page Customization window or the Common Customization window, and then click Preview in this window again to view a sample lock page.
Page 222: Add, Edit Entries
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN TIP: An entry in any of the fields in this window is optional, but if an entry is made in the Link Text field, a corresponding entry must also be made in the Link URL field. Add, Edit Entries 1.
Page 223: Preview Sample Block Page
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Preview Sample Block Page 1. Click Preview to launch a separate browser window containing a sample customized block page, based on entries saved in this window and in the Common Customization window: Fig.
Page 224 Support page that explains why access to the site or service may have been denied. • M86 Security - Clicking this link takes the user to M86’s Web site. By default, these links are included in the block page under the following conditions: •...
Page 225: Warn Page Customization Window
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Warn Page Customization window The Warn Page Customization window displays when Warn Page is selected from the Customization menu. This window is used with the Warn Option Setting feature, and lets you customize text in the pop-up window end users will see if attempting to access a URL in a library category set up with a Warn setting for his/her profile.
Page 226: Add, Edit Entries
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Add, Edit Entries 1. Make an entry in any of the following fields: • In the Header field, enter a static header to be displayed at the top of the warning page. •...
Page 227: Preview Sample Warning Page
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Preview Sample Warning Page 1. Click Preview to launch a separate browser window containing a sample customized warning page, based on entries saved in this window and in the Common Customization window: Fig.
Page 228 • HELP - Clicking this link takes the user to M86’s Tech- nical Support page that explains why access to the site or service may have been denied. • M86 Security - Clicking this link takes the user to M86’s Web site. The following buttons are included in the warning page: •...
Page 229: Profile Control Window
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN 2. Click the “X” in the upper right corner of the window to close the sample customized warning page. TIP: If necessary, make edits in the Warn Page Customization window or the Common Customization window, and then click Preview in this window again to view a sample warning page.
Page 230: Edit Entries
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN TIP: An entry in any of the fields in this window is optional. Edit Entries 1. Make an entry in any of the following fields: • In the Header field, enter a static header to be displayed at the top of the profile control pop-up window.
Page 231: Quota Block Page Customization Window
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Quota Block Page Customization window The Quota Block Page Customization window displays when Quota Block Page is selected from the Customization menu. This window is used for making customizations to the quota block page the end user will see if he/she has a quota time limit set for a passed category in his/her profile and has attained or exceeded that limit.
Page 232: Preview Sample Quota Block Page
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN • In the Link Text field, enter text for the link's URL, and in the Link URL field, enter the corresponding hyper- link in plain text using the http:// or https:// syntax. Any entries made in these fields will display centered in the customized quota block page, using the Arial font type.
Page 233 Support page that explains why access to the site or service may have been denied. • M86 Security - Clicking this link takes the user to M86’s Web site. 2. Click the “X” in the upper right corner of the window to close the sample customized quota block page.
Page 234: Quota Notice Page Customization Window
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Quota Notice Page Customization window The Quota Notice Page Customization window displays when Quota Notice Page is selected from the Customiza- tion menu. This window is used for making customizations to the quota notice page the end user will see if he/she has a quota time limit set for a passed category in his/her profile and has used 75 percent of the allotted time in that category.
Page 235: Preview Sample Quota Notice Page
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN • In the Link Text field, enter text for the link's URL, and in the Link URL field, enter the corresponding hyper- link in plain text using the http:// or https:// syntax. Any entries made in these fields will display centered in the customized quota notice page, using the Arial font type.
Page 236 Support page that explains why access to the site or service may have been denied. • M86 Security - Clicking this link takes the user to M86’s Web site. The following button is included in the quota notice page: •...
Page 237: Cmc Management
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN CMC Management CMC Management displays on a Web Filter set up in the Source mode, and includes Centralized Management Console options for viewing the filtering statuses of this source server and its target server(s), and managing soft- ware updates on these servers.
Page 238: View Software Update Information
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN View Software Update Information The Software Updates frame displays the software update statuses of the source and each target Web Filter: Host- name/Location (information entered in the LAN Settings window for the source server's hostname, or the information entered for the target server in the Target Location field in the Setup window);...
Page 239: Apply Or Undo A Software Update
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Apply or Undo a Software Update To apply a software update: 1. Click to select the row(s) corresponding to the servers to be updated. 2. Click Apply. NOTES: If the source server is selected for a software update, the EULA displays when the software update is about to be applied.
Page 240: Status Window
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Status window The Status window displays when Status is selected from the CMC Management menu. This window is used for viewing the filtering status of the source and target server(s) for troubleshooting purposes. Fig.
Page 241 1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN • Last Library Update - most recent date the library was updated on the server, using the YYYY/MM/DD format, if this information is available. TIPS: The order in which columns display in the grid can be changed by clicking the column header and sliding the column to another position in the grid.
Page 242: Quota Setting
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Quota Setting Quota Setting window The Quota Setting window displays when Quota Setting is selected from the navigation panel. This window lets a global administrator configure URL hits that—along with quotas specified in filtering profiles—determine when a user will be blocked from further accessing URLs in a library group/category.
Page 243: Configure Quota Hit Settings
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Configure Quota Hit Settings 1. Enter the number of Seconds Per Hit to indicate how much time will be applied towards a “hit” (URL access) in any category with a quota. The default is 10 seconds per hit.
Page 244: Reset Quotas
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Reset Quotas Quotas are automatically reset at midnight, but also can be manually reset on demand or scheduled to be reset at specific times each day. Reset Quotas Now Click Reset Now to reset all quotas to zero (“0”). Users currently blocked from accessing URLs because of a quota time limit will now be able to access URLs in any library/ group category with a quota.
Page 245: Delete A Quota Reset Time From The Schedule
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Delete a Quota Reset Time from the Schedule 1. Select the quota reset time from the Current Reset Time(s) list box. 2. Click Remove to remove the quota reset time from the list box.
Page 246 • HELP - Clicking this link takes the user to M86’s Tech- nical Support page that explains why access to the site may have been denied. • M86 Security - Clicking this link takes the user to M86’s Web site. The end user can decide whether or not to access the requested URL.
Page 247: Quota Block Page
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Quota Block page When the end user has spent 100 percent of time in a quota-restricted library group/category, the quota block page displays: Fig. 2:1-89 Sample Quota Block Page Once receiving a quota block page, the end user will not be able to access content in that library group/category until the quota is reset.
Page 248: Ssl Certificate
• HELP - Clicking this link takes the user to M86’s Tech- nical Support page that explains why access to the site or service may have been denied. • M86 Security - Clicking this link takes the user to M86’s Web site. SSL Certificate...
Page 249: Generate An Ssl Certificate For The Ir
1: S LOBAL DMINISTRATOR ECTION HAPTER YSTEM SCREEN Generate an SSL Certificate for the IR 1. Click Generate SSL Certificate to open the pop-up box that asks if you wish to continue, which would restart your server. TIP: Click No to close the pop-up window and to return to SSL Certificate window.
Page 250: Chapter 2: Policy Screen
2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN Chapter 2: Policy screen The Policy screen is comprised of windows and dialog boxes used for adding IP groups and/or LDAP domains, and for creating filtering profiles for IP/LDAP groups and their members.
Page 251 2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN Double-click the branch of your selection to display the list of groups/domains previously added to that branch. Keep double-clicking items in the tree list to view additional items. Click an entity in the tree list to view a menu of topics or actions that can be performed for that entity.
Page 252: Global Group
2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN Global Group Global Group includes options for creating and maintaining groups. Click the Global Group link to view a menu of sub- topics: Range to Detect, Rules, Global Group Profile, Over- ride Account, Minimum Filtering Level, and Refresh All. NOTE: If the synchronization feature is used and this Web Filter being configured is set up in the Target mode to synchronize both profile and library setting changes, the only sub-topic that...
Page 253: Add A Segment To The Network
2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN The main window (Fig. 2:2-2) lets you add segments to the network, or modify or remove existing segments. The Current Ranges list box includes a list of segments previ- ously added using this feature. The Mandatory Settings tab provides examples of settings that can be made.
Page 254 2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN Fig. 2:2-4 Range to Detect Settings, second window 2. Click one of the following buttons to select the procedure for adding the segment: • Start the Setup Wizard - clicking this button takes you to the Range to Detect Setup Wizard.
Page 255: Range To Detect Setup Wizard
2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN Range to Detect Setup Wizard Click the Start the Setup Wizard button to display Step 1 of the Range to Detect Setup Wizard. The Wizard is comprised of six steps. An entry is required in Step 1, but not in Steps 2 - 5.
Page 256 2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN 2. Click Add to include the segment in the list box above. NOTE: To modify the segment, select it from the list box and click Modify to move the segment to the field(s) below for editing. To remove the segment, select it from the list box and click Remove.
Page 257 2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN Step 3: Optional In this step you define the source IP address(es) to be excluded from filtering. Fig. 2:2-7 Range to Detect Setup Wizard window, Step 3 Step 4: Optional In this step you define the destination IP address(es) to be excluded from filtering.
Page 258 2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN Fig. 2:2-8 Range to Detect Setup Wizard window, Step 4 Step 5: Optional In this step you enter destination port numbers to be excluded from filtering. Fig. 2:2-9 Range to Detect Setup Wizard window, Step 5 M86 S ECURITY UIDE...
Page 259 2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN 1. In the Individual Port field, enter the port number to be excluded from filtering. 2. Click Add to include the entry in the list box above. NOTE: To remove the port number, select it from the list box and click Remove.
Page 260: Range To Detect Advanced Settings
2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN • click Finish to accept all your entries. This action takes you to the main Range to Detect Settings window where the segment you entered now displays in the Current Ranges list box. Range to Detect Advanced Settings Click the Advanced Settings button to display the Range to Detect Advanced Settings window:...
Page 261: Modify A Segment Of The Network
2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN Modify a Segment of the Network To modify a segment: 1. In the main Range to Detect Settings window (see Fig. 2:2-2), select the segment from the Current Ranges list box. 2. Click Modify to go to the second page (see Fig. 2:2-4). 3.
Page 262: Rules Window
2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN Rules window The Rules window displays when Rules is selected from the Global Group menu. This window is used for adding a filtering rule when creating a filtering profile for an entity. Fig.
Page 263: Add A Rule
2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN Add a Rule To create a new rule: 1. Click New Rule to populate the Rule # field with the next consecutive rule number available. 2. Enter up to 20 characters for a unique Rule Description that describes the theme for that rule.
Page 264 2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN NOTE: If a category group does not display any filter setting (i.e. the check mark does not display in any column for the category group), one or more library categories within that group has a filter setting in a column other than the filter setting designated for all collective library categories within that group.
Page 265: Modify A Rule
2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN • The Overall Quota field becomes enabled if a quota is entered for any library group/category. By default, the enabled Overall Quota is turned “Off”. If turned “On”, enter the number of minutes in the Min field to indicate when the end user’s access to passed library groups/ categories with quotas will be blocked.
Page 266: Remove A Rule
2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN 5. Click Save Rule. Remove a Rule To delete a rule: 1. Select the rule from the Current Rules pull-down menu. 2. Click Delete Rule. Global Group Profile window The Global Group Profile window displays when Global Group Profile is selected from the Global Group menu.
Page 267: Category Profile
2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN Category Profile Category Profile displays by default when Global Group Profile is selected from the Global Group menu, or when the Category tab is clicked. This tab is used for assigning filter settings to category groups/library categories for the global group profile.
Page 268 2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN • Block - URLs in this category will be blocked. NOTE: If a category group does not display any filter setting (i.e. the check mark does not display in any column for the category group), one or more library categories within that group has a filter setting in a column other than the filter setting designated for all collective library categories within that group.
Page 269: Port
2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN NOTE: See the Quota Settings window in Chapter 1: System screen for more information on configuring quota settings and resetting quotas for end users currently blocked by quotas. • The Overall Quota field becomes enabled if a quota is entered for any library group/category.
Page 270: Create, Edit A List Of Service Ports
2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN Create, Edit a List of Service Ports All service ports are filtered by default. To block a service port from being accessed by global filtering profile users: 1. Enter the port number in the Port field. 2.
Page 271: Create, Edit The Redirect Url
2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN Create, Edit the Redirect URL 1. Specify the type of redirect URL to be used: “Default Block Page”, “Authentication Request Form”, or “Custom URL”. If “Custom URL” is selected, enter the redirect URL in the corresponding text box.
Page 272 2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN Control”, “URL Keyword Filter Control”. If URL Keyword Filter Control is selected, the “Extend URL Keyword Filter Control” option can be selected. 2. Click Apply to apply your settings. X Strikes Blocking With the X Strikes Blocking option enabled, an end user who attempts to access inappropriate sites on the Internet will be locked out from his/her workstation after a specified number...
Page 273 2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN Search Engine Keyword Filter Control With the Search Engine Keyword Filter Control option enabled, search engine keywords can be set up to be blocked. When a user enters a keyword in the search engine, if that keyword has been set up to be blocked, the search will not be performed.
Page 274 2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN URL Keyword Filter Control With the URL Keyword Filter Control option enabled, URL keywords can be set up to be blocked. When a user enters a keyword in the address line of a browser window, if that keyword has been set up to be blocked, the user will be denied access to that site or service.
Page 275: Override Account Window
2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN Override Account window The Override Account window displays when Override Account is selected from the Global Group menu. This window is used for creating an override account that allows an IP group user to bypass settings at the minimum filtering level.
Page 276: Add An Override Account
2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN Add an Override Account To create an Override Account profile: 1. In the Account Details frame, enter the username in the Name field. 2. Enter the Password. 3. Make the same entry again in the Confirm Password field.
Page 277: Category Profile
2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN Category Profile The Rule tab is used for creating the categories portion of the override account profile. Fig. 2:2-18 Override Account pop-up window, Rule tab To create the category profile: 1. Select a filtering rule from the available choices in the Available Filter Levels pull-down menu.
Page 278 2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN in the Adult Content category group some of the library catego- ries have a block setting and other library categories have a warn setting, there would be no category group filter setting, since all library categories do not have the same filter setting.
Page 279 2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN • In the Quota column, enter the number of minutes the user will be able to access the library group/category. The minimum number of minutes is “1” and the maximum is “1439” (one day minus one minute). The number of minutes entered here combines with the seconds per hit (minimum one second to maximum 3600 seconds) defined in the Quota Settings window...
Page 280: Redirect Url
2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN Redirect URL The Redirect tab is used for specifying the URL to be used for redirecting the user if he/she attempts to access a site or service set up to be blocked. Fig.
Page 281: Filter Options
2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN Filter Options The Filter Options tab is used for specifying which filter option(s) will be applied to the override account profile. Fig. 2:2-20 Override Account pop-up window, Filter Options tab 1. Click the checkbox(es) corresponding to the option(s) to be applied to the override account filtering profile: •...
Page 282 2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN • “Google/Bing/Yahoo!/Youtube/Ask/AOL Safe Search Enforcement” - With the Google/Yahoo!/Youtube/Ask/ AOL Safe Search Enforcement option enabled, Google, Bing.com, Yahoo!, YouTube, Ask.com, and AOL’s “strict” SafeSearch Filtering option will be used whenever the end user performs a Google, Bing.com, Yahoo!, YouTube, Ask.com, or AOL Web search or Image search.
Page 283: Edit An Override Account
2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN • “URL Keyword Filter Control” - With the URL Keyword Filter Control option enabled, URL keywords can be set up to be blocked. When the user enters a keyword in the address line of a browser window, if that keyword has been set up to be blocked, the user will be denied access to that site or service.
Page 284: Modify An Override Account
2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN 4. Make the same entry again in the Confirm Password field. 5. Click View/Modify to open the pop-up window. 6. Click Apply. 7. Click Close to close the pop-up window. Modify an Override Account To modify an override account: 1.
Page 285: Minimum Filtering Level Window
2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN Minimum Filtering Level window The Minimum Filtering Level window displays when Minimum Filtering Level is selected from the Global Group menu. This window is used for establishing the minimum filtering level that will apply to all users who belong to a group, and to any group using a filtering profile other than the global (default) filtering profile.
Page 286: Minimum Filtering Categories
2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN Minimum Filtering Categories Minimum Filtering Categories displays by default when Minimum Filtering Level is selected from the Global Group menu, or when the Category tab is clicked. This tab is used for making selections from the list of library categories, and specifying whether each of these selected categories will be opened or blocked at the minimum filtering level.
Page 287: Create, Edit Minimum Filtering Categories
2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN Create, Edit Minimum Filtering Categories To create the categories portion of the minimum filtering level profile: 1. Double-click the column (Pass, Block) in the row corre- sponding to that category group/library category to move the check mark to that column: •...
Page 288: Port
2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN Port Port displays when the Port tab is clicked. This tab is used for blocking access to specified ports at the minimum filtering level. Fig. 2:2-22 Minimum Filtering Level window, Port tab Create, Edit a List of Service Ports All service ports are filtered by default.
Page 289: Minimum Filtering Bypass Options
2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN 3. Click Apply to apply your settings at the minimum filtering level. Minimum Filtering Bypass Options Minimum Filtering Bypass Options displays when the Min. Filter Bypass tab is clicked. This tab is used for specifying whether users in a master IP group will be allowed to bypass the minimum filtering level with an override account or an exception URL.
Page 290: Specify Minimum Filtering Bypass Options
2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN Specify Minimum Filtering Bypass Options To allow a user to override settings made at the minimum filtering level: 1. In the Override Account frame, click the “On” checkbox. Any user who has an override account will be able to access content blocked at the minimum filtering level.
Page 291: Add Group
2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN IP includes options for adding a master IP group and to refresh the tree list. Click the IP link to view a menu of sub- topics: Add Group, and Refresh. Add Group Add a Master IP Group From the IP group menu: 1.
Page 292: Refresh
2: P LOBAL DMINISTRATOR ECTION HAPTER OLICY SCREEN 3. Enter the Password, and re-enter it in the Confirm Password field, using eight to 20 characters and at least one alpha character, one numeric character, and one special character. The password is case sensitive. 4.
Page 293: Chapter 3: Library Screen
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN Chapter 3: Library screen The Library screen is comprised of windows and dialog boxes used for adding and maintaining library categories. Library categories are used when creating or modifying filtering profiles. Fig. 2:3-1 Library screen A list of main topics displays in the navigation panel at the left of the screen: Updates, Library Lookup, Customer Feed- back Module, Category Weight System, NNTP Newsgroup,...
Page 294 3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN Click Library Lookup, Customer Feedback Module, Cate- gory Weight System, NNTP Newsgroup, or Pattern Detec- tion Whitelist to select that topic. To view the list of category groups, double-click Category Groups to open the tree list. Double-click a category group envelope—any envelope except Custom Categories—to view M86 supplied library categories for that group.
Page 295: Updates
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN Updates Updates includes options for making configurations for library category activities. Click the Updates link to view a menu of sub-topics: Configuration, Manual Update, Addi- tional Language Support, Library Update Log, and Emer- gency Update Log.
Page 296: Optional: Specify A Proxy Server
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN Optional: Specify a Proxy Server 1. In the FTP Proxy Setting frame, by default “Disable” is selected. Click “Enable” if the server is in a proxy server environment. This selection activates the fields in this frame.
Page 297: Manual Update Window
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN Manual Update window The Manual Update to M86 Supplied Categories window displays when Manual Update is selected from the Updates menu. This window is used for updating specified M86 supplied library categories on demand from the update server, if the Web Filter has not received daily updates due to an occurrence such as a power outage.
Page 298 3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN • Full URL Library Update - Select this option to update URL library categories with core library files, and to update search engine keywords, newsgroup libraries, and IM/P2P pattern files. Choose this option to replace the core library files.
Page 299: Additional Language Support Window
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN Additional Language Support window The Additional Language Support window displays when Additional Language Support is selected from the Updates menu. This window is used for including additional M86- supported languages in library downloads. Fig.
Page 300: Library Update Log Window
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN 3. Click Apply to have URLs from the selected language(s) included in the library categories. Library Update Log window The Library Update Log window displays when Library Update Log is selected from the Updates menu. This window is used for viewing transfer activity of library updates from the update server to your Web Filter, and for downloading the activity log.
Page 301: Download Log, View, Print Contents
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN Download Log, View, Print Contents Download the Log 1. Click Download Log to open the alert box containing a message on how to download the log file to your worksta- tion, if using Windows XP. 2.
Page 302 3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN Fig. 2:3-6 Folder containing downloaded file 2. Choose “Open With” and then select a zip file executable program such as “WinZip Executable” to launch that application: Fig. 2:3-7 WinZip Executable program 3. If using WinZip, click I Agree to open the window containing the zip file: M86 S ECURITY...
Page 303 3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN Fig. 2:3-8 WinZip window 4. Right-click the zip file to open the pop-up menu, and choose “View” to open the View dialog box: Fig. 2:2-9 View dialog box 5. Select “Internal ASCII text viewer”, and then click View to open the View window containing the log file contents: Fig.
Page 304: Save, Print The Log File Contents
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN Save, Print the Log File Contents With the log file displaying correctly formatted in WinZip’s View window, if you wish to save or print the contents of this file: 1. Click Clipboard Copy, wait for the dialog box to open and confirm that the text has been copied to the clip- board, and then click OK to close the dialog box.
Page 305: Emergency Update Log Window
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN Emergency Update Log window The Emergency Update Log window displays when Emer- gency Update Log is selected from the Updates menu. This window is used for viewing transfer activity of emergency software updates from the update server to your Web Filter, and for downloading the activity log.
Page 306: Download The Software Update Log File
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN Download the Software Update Log File NOTE: See Library Update Log window for screen shots pertaining to downloading the software update log file. 1. Click Download Log to open the alert box containing a message on how to download the log file to your worksta- tion, if using Windows XP.
Page 307: Library Lookup
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN Library Lookup Library Lookup window The Library Lookup window displays when Library Lookup is selected from the navigation panel. This window is used for verifying whether a URL or search engine keyword or keyword phrase exists in a library category, and to remove it, if necessary.
Page 308: Remove A Url
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN The following types of URL formats also can be entered in this field: • IP address - e.g. "209.247.228.221" in http:// 209.247.228.221 • octal format - e.g. http://0106.0125.0226.0322 • hexadecimal short format - e.g. http://0x465596d2 •...
Page 309: Submit An Email To The Administrator
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN Submit an Email to the Administrator If using a non-Web based email client such as Outlook, you can send an email to the administrator at your organization regarding a URL or search engine keyword that appears to be incorrectly categorized.
Page 310: Reload The Library
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN Reload the Library Once all changes have been made to library windows, click Reload Library to refresh. NOTE: Since reloading the library utilizes system resources that impact the performance of the Web Filter, M86 recommends clicking Reload Library only after modifications to all library windows have been made.
Page 311: Disable Customer Feedback Module
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN WARNING: This feature is enabled by default. Please refer to the sub-section Enable Customer Feedback Module to review the contents of the disclaimer that applies when this feature is enabled. NOTE: For optimum results when using this feature, M86 recom- mends enabling Alert Settings and entering at least one email address that an M86 technical suppport representative can use to contact you for assistance.
Page 312 “M86 Security agrees to discuss the information collected by the Customer Feedback Module only with M86 Security’s employees who have a need to know and who have been informed of the confidential nature of the information and of their personal obligation not to disclose or use such information.
Page 313 HAPTER IBRARY SCREEN “Your agreement to activate the Customer Feedback Module will be transmitted back to M86 Security once you click the ‘Accept’ button.” 4. After reading this text, if you agree with the terms, click in the checkbox to activate the Accept button.
Page 314: Category Weight System
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN Category Weight System Category Weight System window The Category Weight System window displays when Cate- gory Weight System is selected from the navigation panel. This feature lets you choose which category will be logged and reported for a URL request that exists in multiple cate- gories (possibly both M86 supplied and custom library cate- gories) with the same operational precedence.
Page 315: View The Current Selections
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN View the Current Selections This window contains two list boxes: • “No Weight” Categories - Populated with M86 supplied categories • “Weight” Categories - Pre-populated by default with cate- gories M86 suggests you might want to use for this feature.
Page 316: Weighting Library Categories
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN Weighting Library Categories 1. Select the category from the "No Weight" Categories list box. TIP: Multiple categories can be selected by clicking each cate- gory while pressing the Ctrl key on your keyboard. Blocks of cate- gories can be selected by clicking the first category, and then pressing the Shift key on your keyboard while clicking the last category.
Page 317: Nntp Newsgroup
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN NNTP Newsgroup NNTP Newsgroup window The NNTP Newsgroup window displays when NNTP News- group is selected from the navigation panel. This window is used for adding or removing a newsgroup from the libraries. Fig.
Page 318: Remove A Newsgroup From The Library
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN Remove a Newsgroup from the Library To remove a newsgroup from the library: 1. In the Newsgroup frame, enter the Newsgroup address. 2. Click Remove. After all changes have been made to library windows, click Reload Library to refresh.
Page 319: Create, Maintain A Whitelist Of Ip Addresses
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN NOTE: This feature can be used in conjunction with the Pattern Blocking feature, which, when enabled, blocks IP address patterns. (See the Filter window sub-section in Chapter 1: System screen.) Create, Maintain a Whitelist of IP Addresses 1.
Page 320: Category Groups
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN Category Groups Category Groups is represented by a tree of library category groups, with each group comprised of M86 supplied library categories. M86 supplied library categories are updated regularly with new URLs via Traveler, M86’s executable program that supplies updates to the Web Filter.
Page 321: Library Details Window
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN Double-click a category group’s envelope to open that segment of the tree and to view library categories belonging to that group. Click the M86 supplied category link to view a menu of sub- topics: Library Details, URLs, URL Keywords, and Search Engine Keywords.
Page 322: Urls Window
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN URLs window The URLs window displays when URLs is selected from the library category’s menu of sub-topics. This window is used for viewing, or adding and/or removing a URL from a library category.
Page 323: View A List Of Urls In The Library Category
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN View a List of URLs in the Library Category To view a list of all URLs that either have been added or deleted: 1. Click the View tab. 2. Make a selection from the pull-down menu for “Addition List”, “Deletion List”, “Wildcard Addition List”, or “Wild- card Deletion List”.
Page 324: Add Or Remove Urls, Reload The Library
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN Add or Remove URLs, Reload the Library The Action tab is used for making entries in the URLs window for adding or removing a URL, or reloading the library. Add a URL to the Library Category To add a URL to the library category: 1.
Page 325: Add A Wildcard Url To The Library Category
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN TIP: Multiple URLs can be selected by clicking each URL while pressing the Ctrl key on your keyboard. Blocks of URLs can be selected by clicking the first URL, and then pressing the Shift key on your keyboard while clicking the last URL.
Page 326: Remove A Url From The Library Category
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN Remove a URL from the Library Category To remove a URL or wildcard URL from the library category: 1. Click the Action tab. 2. Enter the URL in the Edit URL List frame or Edit Wild- Card URL List frame, as pertinent.
Page 327: Url Keywords Window
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN URL Keywords window The URL Keywords window displays when URL Keywords is selected from the library category’s menu of sub-topics. This window is used for adding and removing URL keywords from a library category. A library category uses URL keywords to block a user’s access to Internet addresses containing keywords included in its list.
Page 328: View A List Of Url Keywords
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN View a List of URL Keywords To view a list of all URL keywords that either have been added or deleted: 1. In the View Keyword Addition/Deletion List frame, make a selection from the pull-down menu for “Addition List”, or “Deletion List”.
Page 329: Upload A List Of Url Keywords To The Library
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN Upload a List of URL Keywords to the Library Before uploading a text file with URL keyword additions or deletions, in the Upload URL Keyword File frame, specify whether the contents of this file will add to the current file, or overwrite the current file on the server, by clicking the “Append”...
Page 330: Upload A List Of Url Keyword Deletions
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN Upload a List of URL Keyword Deletions To upload a text file with URL keyword deletions: 1. Click Upload To Deletion File to open the Upload Library Keyword pop-up window (see Fig. 2:3-25). 2.
Page 331: Search Engine Keywords Window
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN Search Engine Keywords window The Search Engine Keywords window displays when Search Engine Keywords is selected from the library cate- gory’s menu of sub-topics. This window is used for adding and removing search engine keywords/phrases to and from a library category.
Page 332: View A List Of Search Engine Keywords
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN WARNING: Use extreme caution when setting up search engine keywords for filtering. If a non-offending keyword contains the same consecutive characters as a keyword set up to be blocked, users will be denied the ability to perform a search using keywords that are not even in blocked categories.
Page 333: Remove A Search Engine Keyword From The Library
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN Remove a Search Engine Keyword from the Library To remove a search engine keyword/phrase from the library category: 1. In the Edit Search Keyword List frame, enter up to 75 alphanumeric characters in the Keyword field. 2.
Page 334: Upload A List Of Search Engine Keyword Deletions
3: L LOBAL DMINISTRATOR ECTION HAPTER IBRARY SCREEN Upload a List of Search Engine Keyword Deletions To upload a text file with search engine keyword/phrase deletions: 1. Click Upload To Deletion to open the Upload Library Keyword pop-up window (see Fig. 2:3-25). 2.
Page 335: Chapter 4: Reporting Screen
4: R LOBAL DMINISTRATOR ECTION HAPTER EPORTING SCREEN Chapter 4: Reporting screen The Reporting screen contains options for transferring and/ or reviewing Internet usage data collected by the Web Filter. Fig. 2:4-1 Reporting screen From the navigation panel at the left of the screen, click Report Configuration to display the Report Configuration window, used if the Web Filter's log files will be transferred to a reporting application.
Page 336: Report Configuration
4: R LOBAL DMINISTRATOR ECTION HAPTER EPORTING SCREEN Report Configuration Report Configuration window The Report Configuration window displays when Report Configuration is selected from the navigation panel. This window is used for initiating an on demand log transfer to the ER Administration module. Fig.
Page 337: Real Time Probe
4: R LOBAL DMINISTRATOR ECTION HAPTER EPORTING SCREEN Real Time Probe Real Time Probe window The Real Time Probe window displays when Real Time Probe is selected from the navigation panel. This feature lets the probe administrator monitor a user's Internet usage in real time to see if that user is using the Internet appropri- ately.
Page 338: Set Up Real Time Probes
4: R LOBAL DMINISTRATOR ECTION HAPTER EPORTING SCREEN Set up Real Time Probes 1. Enter the Maximum Probes to Run/Schedule Simulta- neously, up to 99 probes. The default setting is 10 probes. 2. Enter the Maximum Probes that can be Scheduled, equal to or less than the maximum probes that can run at the same time.
Page 339: Report Recipients
4: R LOBAL DMINISTRATOR ECTION HAPTER EPORTING SCREEN Report Recipients Click the Report Recipients tab to display Email Report: Fig. 2:4-4 Real Time Probe window, Report Recipients tab Specify Email File Criteria 1. Click the radio button corresponding the to the Email Format to be used for the file: “Plain Text”...
Page 340: Remove Email Addresses
4: R LOBAL DMINISTRATOR ECTION HAPTER EPORTING SCREEN NOTE: The maximum number of report recipients is 50. If more than 50 recipients need to be included, M86 recommends setting up an email alias list for group distribution. Remove Email Addresses 1.
Page 341: Deactivate An Authorized Logon Account
4: R LOBAL DMINISTRATOR ECTION HAPTER EPORTING SCREEN 3. Click Add to include the username in the Current Acces- sible Users list box. NOTE: When an authorized staff member is added to this list, that username is automatically added to the Current Un-Accessible Users list box in the Logon Accounts tab of the X Strikes Blocking window.
Page 342: Go To Real Time Probe Reports Gui
4: R LOBAL DMINISTRATOR ECTION HAPTER EPORTING SCREEN Go to Real Time Probe Reports GUI When any administrator clicks the Real Time Probe icon or Go to Real Time Probe Reports GUI, either the Re-login window or the Real Time Probe Reports pop-up window opens.
Page 343: Real Time Probe Reports
4: R LOBAL DMINISTRATOR ECTION HAPTER EPORTING SCREEN Real Time Probe Reports The Real Time Probe Reports window is comprised of the View and Create tabs. The View tab displays by default (see Fig. 2:4-11), showing the global administrator information on all active probes.
Page 344: Create A Real Time Probe
4: R LOBAL DMINISTRATOR ECTION HAPTER EPORTING SCREEN Fig. 2:4-8 Real Time Probes introductory window This window must be left open during the entire session. Create a Real Time Probe Click the Create tab to enter and specify criteria for the report you wish to generate: Fig.
Page 345 4: R LOBAL DMINISTRATOR ECTION HAPTER EPORTING SCREEN The Current Probe Count displays the Total number of active probes, and the number of probes Created Under This Account. The Maximum Probes to Run/Schedule Simultaneously entered on the Configuration tab displays. 1.
Page 346 4: R LOBAL DMINISTRATOR ECTION HAPTER EPORTING SCREEN • “Category”: Select the library category to be probed. This selection generates a report with data for the specified library category. NOTE: Up to 250 characters will be accepted for the IP Address, User Name, or URL.
Page 347: View Real Time Probe Details
4: R LOBAL DMINISTRATOR ECTION HAPTER EPORTING SCREEN View Real Time Probe Details Click the View tab to view details about active probes: Fig. 2:4-10 Real Time Probe Reports, View tab The Display Name shows the name assigned to the probe on the Create tab.
Page 348 4: R LOBAL DMINISTRATOR ECTION HAPTER EPORTING SCREEN View option If a probe is Completed or In Progress, clicking View opens the Real Time Information box: Fig. 2:4-11 Real Time Information box This box displays the number of minutes left for the probe to run (Run Time Left), and user details for each item in the grid: Date &...
Page 349 4: R LOBAL DMINISTRATOR ECTION HAPTER EPORTING SCREEN • After the probe is completed, the Email button is avail- able instead of the Stop button. Clicking Email opens the Email option dialog box in which you specify an email address to send the completed report (see Email option). •...
Page 350 4: R LOBAL DMINISTRATOR ECTION HAPTER EPORTING SCREEN Stop, Delete options Clicking Stop halts the probe and gives it a Completed status. This option is also available in the Real Time Infor- mation box via the “Stop” button. Clicking Delete opens the following dialog box, asking if you want to delete the probe: Fig.
Page 351: Usage Graphs
4: R LOBAL DMINISTRATOR ECTION HAPTER EPORTING SCREEN Usage Graphs Usage Graphs window The Usage Graphs window displays when Usage Graphs is selected from the navigation panel. This window is used for viewing and analyzing Internet usage data for a specified time period within the past 14 days.
Page 352: Select A Graph To View
4: R LOBAL DMINISTRATOR ECTION HAPTER EPORTING SCREEN Select a Graph to View 1. From the available menu choices, select either “Recent Trend” or one of the “Daily Peaks” dates. 2. Click View to open a separate browser window containing the specified graph. Recent Trend The Recent Trend graph includes the following information: date range, and Number of Hits per Hour for a given date:...
Page 353: Daily Peaks
4: R LOBAL DMINISTRATOR ECTION HAPTER EPORTING SCREEN Daily Peaks The Daily Peaks graph includes the following information: date, and Number of Hits per Second at Peak Time for a given Time using the HH:MM format: Fig. 2:4-17 Daily Peaks graph Click the “X”...
Page 354: Shadow Log Format
4: R LOBAL DMINISTRATOR ECTION HAPTER EPORTING SCREEN Shadow Log Format Shadow Log Format window The Shadow Log Format window displays when Shadow Log Format is selected from the navigation panel.This window is used for specifying the log format the Web Filter will use for sending logs to the ER.
Page 355: Auto-Detect Option
4: R LOBAL DMINISTRATOR ECTION HAPTER EPORTING SCREEN Auto-detect option By default, “Auto-detect” is selected. Using this option, the Web Filter will identify the software version of the ER soft- ware update applied to that application. Status: • Active - displays by default, or if the ER is using a soft- ware version prior to 4.1 •...
Page 356: Post 2.0 Log Format Option
4: R LOBAL DMINISTRATOR ECTION HAPTER EPORTING SCREEN Post 2.0 log format option If this Web Filter currently has the 2.0 or higher software update applied, the Post 2.0 log option should be selected, since the ER 4.1 or higher software update uses the new log structure.
Page 357: Roup Dministrator Ection
ROUP DMINISTRATOR ECTION NTRODUCTION ROUP DMINISTRATOR ECTION Introduction The Group Administrator Section of this user guide is comprised of two chapters that include information on func- tions performed by the group administrator. Chapter 1 includes information on setting up and main- taining master IP groups and group members.
Page 358: Chapter 1: Policy Screen
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Chapter 1: Policy screen Group administrators use Policy screen windows to add members to a master IP group, create sub-groups and/or individual IP members, and define and maintain members’ filtering profiles. A member is associated with an IP or MAC address (the latter when using the mobile mode) and may contain a netmask within a valid IP address range.
Page 359: Refresh
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Refresh Refresh the Master IP Group, Member Click Refresh whenever a change has been made to the master IP group or member level of the tree. Fig. 3:1-2 Policy screen, IP menu M86 S ECURITY UIDE...
Page 360: Master Ip Group
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Master IP Group Master IP group includes options for defining and main- taining group accounts, setting up an override account and/ or exception URLs to bypass global settings, and uploading or downloading IP profiles. Click the master IP group’s link to view a menu of sub-topics: Group Details, Members, Override Account, Group Profile, Exception URL, Time Profile, Upload/Download IP Profile, Add Sub Group, Add...
Page 361: Members Window
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN To change the password for this group: 1. Enter the password in the Password and Confirm Pass- word fields, using eight to 20 characters and at least one alpha character, one numeric character, and one special character.
Page 362: Add The Ip Address Of The Member
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Add the IP Address of the Member If using the invisible or router mode: 1. Specify whether to add an IP address range with or without a netmask by selecting either “Source IP” or “Source IP Start / End”.
Page 363: Override Account Window
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Override Account window The Override Account window displays when Override Account is selected from the menu. This window is used for creating an override account that allows an end user from a master IP group to bypass settings at the minimum filtering level.
Page 364: Add An Override Account
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN how a user with an override account can authenticate if a pop-up blocker is installed on his/her workstation. Add an Override Account To create an Override Account profile: 1. In the Account Details frame, enter the username in the Name field.
Page 365: Category Profile
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Category Profile The Rule tab is used for creating the categories portion of the override account profile. Fig. 3:1-6 Override Account pop-up window, Rule tab To create the category profile: 1. Select a filtering rule from the available choices in the Available Filter Levels pull-down menu.
Page 366 1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN in the Adult Content category group some of the library catego- ries have a block setting and other library categories have a warn setting, there would be no category group filter setting, since all library categories do not have the same filter setting.
Page 367 1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN • In the Quota column, enter the number of minutes the user will be able to access the library group/category. The minimum number of minutes is “1” and the maximum is “1439” (one day minus one minute). The number of minutes entered here combines with the seconds per hit (minimum one second to maximum 3600 seconds) defined in the Quota Settings window...
Page 368: Redirect Url
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Redirect URL The Redirect tab is used for specifying the URL to be used for redirecting the user if he/she attempts to access a site or service set up to be blocked. Fig.
Page 369: Filter Options
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Filter Options The Filter Options tab is used for specifying which filter option(s) will be applied to the override account profile. Fig. 3:1-8 Override Account pop-up window, Filter Options tab Click the checkbox(es) corresponding to the option(s) to be applied to the override account filtering profile: •...
Page 370 1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN AOL’s “strict” SafeSearch Filtering option will be used whenever the end user performs a Google, Bing.com, Yahoo!, YouTube, Ask.com, or AOL Web search or Image search. WARNING: If this option is used in conjunction with the X Strikes Blocking feature and the user is performing an inappropriate Google, Bing.com, Yahoo!, YouTube, Ask.com, or AOL Image search, the number of strikes that user will receive is based...
Page 371: Edit An Override Account
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN NOTE: To set up URL keywords in a URL Keywords window, see the URL Keywords window in Chapter 2. Edit an Override Account Change the Password To change an override account’s password: 1.
Page 372: Delete An Override Account
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Delete an Override Account To delete an override account: 1. In the Current Accounts frame, select the username from the list box. 2. Click Remove. Group Profile window The Group Profile window displays when Group Profile is selected from the group menu.
Page 373: Create, Edit A List Of Selected Categories
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Fig. 3:1-9 Group Profile window, Profile tab NOTE: In order to use this tab, filtering rules profiles must already have been set up by the global administrator. By default, “Rule0 Minimum Filtering Level” displays in the Available Filter Levels pull-down menu, and the Minimum Filtering Level box displays “Child Pornography”...
Page 374 1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN TIP: In the Category Groups tree, double-click the group enve- lope to open that segment of the tree and to view library catego- ries belonging to that group. NOTE: If a category group does not display any filter setting (i.e. the check mark does not display in any column for the category group), one or more library categories within that group has a setting in a column other than the filter setting designated for all...
Page 375 1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN 4. To use the quota feature to restrict the end user’s access to a passed library group/category, do the following: • In the Quota column, enter the number of minutes the user will be able to access the library group/category. The minimum number of minutes is “1”...
Page 376: Redirect Url
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Redirect URL Redirect URL displays when the Redirect URL tab is clicked. This tab is used for specifying the URL to be used for redirecting users who attempt to access a site or service set up to be blocked at the group level.
Page 377: Filter Options
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Filter Options Filter Options displays when the Filter Options tab is clicked. This tab is used for specifying which filter option(s) will be applied to the group’s filtering profile. Fig. 3:1-11 Group Profile window, Filter Options tab Create, Edit the Filter Options 1.
Page 378 1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN NOTE: See the X Strikes Blocking window in Chapter 1: System screen of the Global Group Section for information on setting up the X Strikes Blocking feature. Google/Bing/Yahoo!/Youtube/Ask/AOL Safe Search Enforce- ment With the Google/Bing/Yahoo!/Youtube/Ask/AOL Safe Search Enforcement option enabled, Google, Bing.com, Yahoo!, YouTube, Ask.com, and AOL’s “strict”...
Page 379 1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN NOTES: Search engine keyword filtering relies on an exact keyword match. For example, if the word “sex” is set up to be blocked, but “sexes” is not set up to be blocked, a search will be allowed on “sexes”...
Page 380: Exception Url Window
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Exception URL window The Exception URL window displays when Exception URL is selected from the group menu. This window is used for blocking group members’ access to specified URLs and/or for letting group members access specified URLs blocked at the minimum filtering level.
Page 381: Valid Url Entries
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Valid URL entries The following types of URL entries are accepted in this window: • formats such as: http://www.coors.com, www.coors.com, or coors.com • IP address - e.g. "209.247.228.221" in http:// 209.247.228.221 • octal format - e.g. http://0106.0125.0226.0322 •...
Page 382: Add Urls To Block Url Or Bypass Url Frame
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Add URLs to Block URL or ByPass URL frame To block or bypass specified URLs, in the Block URL or the ByPass URL frame: 1. Type the URL to be blocked in the Block URLs field, or the URL to be bypassed in the ByPass URLs field.
Page 383 1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN The message “URL can be added, but conflicting URLs will be removed” applies to any URL that the query found included in the opposite frame of the Exception URL window. When this scenario occurs, for each conflicting URL a yellow warning triangle icon displays in the Status column of the pop-up window.
Page 384: Remove Urls From Block Url Or Bypass Url Frame
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Remove URLs from Block URL or ByPass URL frame To remove URLs from the Block URL or the ByPass URL frame: 1. Select a URL to be removed from the Block URL / ByPass URL list box;...
Page 385: Apply Settings
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN 3. Click Remove Selected to close the pop-up window and to remove your selection(s) from the appropriate URL list box. Apply Settings Click Apply to apply your settings after adding or removing any URLs.
Page 386: Add A Time Profile
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Add a Time Profile To create a time profile: 1. Click Add to open the Adding Time Profile pop-up box: Fig. 3:1-17 Adding Time Profile 2. Type in three to 20 alphanumeric characters—the under- score ( _ ) character can be used—for the profile name.
Page 387 1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN a. Select from a list of time slots incremented by 15 minutes: “12:00” to “11:45”. By default, the Start field displays the closest 15-minute future time, and the End field displays a time that is one hour ahead of that time. For example, if the time is currently 11:12, “11:15”...
Page 388 1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN If 5 is entered, this profile will be used every five days at the specified time. • Weekly - If this selection is made, enter the interval for the weeks this time profile will be used, and specify the day(s) of the week (“Sunday”...
Page 389 1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN First enter the year(s) for the interval. By default “1” displays, indicating this time profile will be used each year. Next, choose from one of two options to specify the day of the month for the interval: •...
Page 390 1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN 7. Click each of the tabs (Rule, Redirect, Filter Options, Exception) and specify criteria to complete the time profile. (See Category Profile, Redirect URL, Filter Options, and Exception URL in this sub-section for infor- mation on the Rule, Redirect, Filter Options, and Excep- tion tabs.) 8.
Page 391: Category Profile
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Category Profile The Rule tab is used for creating the categories portion of the time profile. Fig. 3:1-19 Time Profile pop-up window, Rule tab NOTE: See the Override Account window, Category Profile sub- section in this chapter for information about entries that can be made for this component of the filtering profile.
Page 392: Redirect Url
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Redirect URL The Redirect tab is used for specifying the URL to be used for redirecting users who attempt to access a site or service set up to be blocked. Fig. 3:1-20 Time Profile pop-up window, Redirect URL tab NOTE: See the Override Account window, Redirect URL sub- section in this chapter for information about entries that can be made for this component of the filtering profile.
Page 393: Filter Options
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Filter Options The Filter Options tab is used for specifying which filter option(s) will be applied to the time profile. Fig. 3:1-21 Time Profile pop-up window, Filter Options tab NOTE: See the Override Account window, Filter Options sub- section in this chapter for information about entries that can be made for this component of the filtering profile.
Page 394: Exception Url
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Exception URL The Exception tab is used for allowing users to be blocked from accessing specified URLs and/or to be allowed to access specified URLs blocked at the minimum filtering level. Fig. 3:1-22 Time Profile pop-up window, Exception tab NOTES: See the Exception URL window sub-section in this chapter for information about entries that can be made for this component of the filtering profile.
Page 395: Modify A Time Profile
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Modify a Time Profile To modify an existing time profile: 1. Select the time profile from the Current Time Profiles list box. 2. Click View/Modify to open the Modify Time Profiles pop- up window.
Page 396: Upload/Download Ip Profile Window
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Upload/Download IP Profile window The IP Profile Management window displays when Upload/ Download IP Profile is selected from the group menu. This window is used for uploading or downloading a text file containing filtering profiles of multiple users or sub-groups.
Page 397 1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN NOTE: Leave the refresh page open until the file containing the profile has been uploaded. 2. Click Browse... to open the Choose file window in which you find and select the file containing the IP profiles to be uploaded.
Page 398: Download Profile
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Download Profile If profiles have been created and/or uploaded to the server: 1. Click Download Profile to open a browser window containing the profiles: Fig. 3:1-26 Download IP Profiles window The contents of this window can viewed, printed, and/or saved.
Page 399: Add Sub Group
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Add Sub Group Add an IP Sub Group From the group menu: 1. Click Add Sub Group to open the Create Sub Group dialog box: Fig. 3:1-27 Create Sub Group box 2. Enter the Group Name for the sub-group. NOTES: The name of the sub-group must be less than 20 char- acters;...
Page 400: Add Individual Ip
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Add Individual IP Add an Individual IP Member From the group menu: 1. Click Add Individual IP to open the Create Individual IP dialog box: Fig. 3:1-28 Create Individual IP box 2. Enter the Member Name for the Individual IP address. NOTES: The name of the individual IP address must be less than 20 characters;...
Page 401: Delete Group
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Delete Group Delete a Master IP Group Profile To delete a group profile, choose Delete Group from the group menu. This action removes the master IP group from the tree. Paste Sub Group The Paste Sub Group function is used for expediting the process of creating sub-groups, if the sub-group to be added has the same configuration settings as one that...
Page 402: Sub Group
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Sub Group Sub Group includes options for creating and maintaining the filtering profile for the sub-group. Click the sub-group’s link to view a menu of sub-topics: Sub Group Details, Members, Sub Group Profile, Exception URL, Time Profile, Delete Sub Group, and Copy Sub Group.
Page 403: Add Ip Sub-Group Details
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN • Member IP address and netmask or IP address range, and MAC Address(es) if using the mobile mode. NOTE: See Appendix D: Mobile Client for information on using the mobile mode. Add IP Sub-Group Details If the sub-group was not previously defined, the fields in the IP Address frame and the Apply button remain activated.
Page 404: Members Window
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN 3. Click Apply to save your entries. Once applied, the Member fields become greyed-out and the Apply button becomes deactivated (see Fig. 3:1-30). Members window The Members window displays when Members is selected from the menu.
Page 405: Modify Sub-Group Members
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Modify Sub-Group Members The Modify Sub Group Member frame is comprised of the IP Address and MAC Address frames. 1. In the IP Address frame, specify whether to add or edit an IP address range with or without a netmask by selecting either “Member IP”...
Page 406: Exception Url Window
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Exception URL window The Exception URL window displays when Exception URL is selected from the sub-group menu. This window is used for blocking sub-group members’ access to specified URLs and/or for letting sub-group members access specified URLs blocked at the minimum filtering level.
Page 407: Copy Sub Group
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Copy Sub Group The Copy Sub Group function is used for expediting the process of creating sub-groups, if the sub-group to be added has the same configuration settings as one that already exists. Copy an IP Sub-Group To copy configurations made for a specified sub-group: 1.
Page 408: Individual Ip
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Individual IP Individual IP includes options for creating and maintaining the filtering profile for the Individual IP member. Click the individual IP member’s link to view a menu of sub-topics: Members, Individual IP Profile, Exception URL, Time Profile, Delete Individual IP.
Page 409: Enter The Ip Address Of The Member
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN Enter the IP Address of the Member In the Modify Individual Group Member frame: 1. Enter the IP address in the Member field. 2. Click Modify to apply your changes. Individual IP Profile window The Individual IP Profile window displays when Individual IP Profile is selected from the individual IP member menu.
Page 410: Delete Individual Ip
1: P ROUP DMINISTRATOR ECTION HAPTER OLICY SCREEN NOTE: See the Time Profile window in the Policy tree section of this chapter for information on entries that can be made for the following components of the filtering profile: Category Profile, Redirect URL, Filter Options, Exception URL.
Page 411: Chapter 2: Library Screen
2: L ROUP DMINISTRATOR ECTION HAPTER IBRARY SCREEN Chapter 2: Library screen Group administrators use windows and dialog boxes in the Library screen to look up URLs and to add and maintain custom library categories for a group. Library categories are used when creating or modifying filtering profiles.
Page 412: Library Lookup
2: L ROUP DMINISTRATOR ECTION HAPTER IBRARY SCREEN Library Lookup Library Lookup window The Library Lookup window displays when Library Lookup is selected from the navigation panel. This window is used for verifying whether or not a URL or search engine keyword or keyword phrase exists in a library category.
Page 413: Look Up A Url
2: L ROUP DMINISTRATOR ECTION HAPTER IBRARY SCREEN Look up a URL 1. In the URL Lookup frame, enter the URL. For example, enter http://www.coors.com, coors.com, or use a wild- card by entering *.coors.com. A wildcard entry finds all URLs containing text that follows the period (.) after the asterisk (*).
Page 414: Look Up A Search Engine Keyword
2: L ROUP DMINISTRATOR ECTION HAPTER IBRARY SCREEN Look up a Search Engine Keyword To see if a search engine keyword or keyword phrase has been included in any library category: 1. In the Search Engine Keyword Lookup frame, enter the Search Engine Keyword or keyword phrase, up to 75 alphanumeric characters.
Page 415: Custom Categories
2: L ROUP DMINISTRATOR ECTION HAPTER IBRARY SCREEN Custom Categories Custom Categories includes options for adding a custom category to the tree list and to refresh the menu. Click the Custom Categories link to view a menu of topics: Add Cate- gory, and Refresh.
Page 416: Add Category
2: L ROUP DMINISTRATOR ECTION HAPTER IBRARY SCREEN Add Category A unique custom library category should be created only if it does not exist in the Category Groups tree, and if any sub- group needs to use that library category. Custom library categories for a group must be maintained by the group administrator.
Page 417: Refresh
2: L ROUP DMINISTRATOR ECTION HAPTER IBRARY SCREEN NOTE: The category must have URLs, URL keywords, and/or search keywords added to its profile in order for it to be effective. Refresh Refresh the Library Click Refresh after uploading a file to a customized library category.
Page 418: Custom Library Category
2: L ROUP DMINISTRATOR ECTION HAPTER IBRARY SCREEN Custom library category When a custom library category is created, its long name displays in the Custom Categories tree list. Click the custom library category link to view a menu of sub-topics: Library Details, URLs, URL Keywords, Search Engine Keywords, and Delete Category.
Page 419: Library Details Window
2: L ROUP DMINISTRATOR ECTION HAPTER IBRARY SCREEN Library Details window The Library Details window displays when Library Details is selected from the library category’s menu of sub-topics. This window is used for editing the long name of the custom library category, and for viewing name criteria previously entered.
Page 420: Urls Window
2: L ROUP DMINISTRATOR ECTION HAPTER IBRARY SCREEN URLs window The URLs window displays when URLs is selected from the custom library category’s menu of sub-topics. This window is used for viewing, adding and/or removing a URL from a custom library category’s master URL list or master wildcard URL list.
Page 421: View A List Of Urls In The Library Category
2: L ROUP DMINISTRATOR ECTION HAPTER IBRARY SCREEN View a List of URLs in the Library Category To view a list of all URLs that either have been added or deleted from the master URL list or master wildcard URL list: 1.
Page 422: Add Or Remove Urls Or Wildcard Urls
2: L ROUP DMINISTRATOR ECTION HAPTER IBRARY SCREEN Add or Remove URLs or Wildcard URLs The Action tab is used for making entries in the URLs window for adding or removing a URL or wildcard URL, uploading a master URL list or master wildcard URL list, or reloading the library.
Page 423: Add A Wildcard Url To The Library Category
2: L ROUP DMINISTRATOR ECTION HAPTER IBRARY SCREEN TIP: Multiple URLs can be selected by clicking each URL while pressing the Ctrl key on your keyboard. Blocks of URLs can be selected by clicking the first URL, and then pressing the Shift key on your keyboard while clicking the last URL.
Page 424: Remove A Url From The Library Category
2: L ROUP DMINISTRATOR ECTION HAPTER IBRARY SCREEN Remove a URL from the Library Category To remove a URL or wildcard URL from the library category: 1. Click the Action tab. 2. Enter the URL in the Edit URL List frame or Edit Wild- Card URL List frame, as pertinent.
Page 425: Upload A Master List To The Library
2: L ROUP DMINISTRATOR ECTION HAPTER IBRARY SCREEN Upload a Master List to the Library Upload a Master List of URLs To upload a master file with URL additions: 1. Click Upload Master to open the Upload Custom Library URL pop-up window: Fig.
Page 426 2: L ROUP DMINISTRATOR ECTION HAPTER IBRARY SCREEN 4. Click Upload File to display the results of the library file content validation in the Library File Content/IP Lookup Options pop-up window: Fig. 3:2-10 Library File Content/IP Lookup Options URLs contained in the file are listed under the column for either Valid URL or Invalid URL.
Page 427: Upload A Master List Of Wildcard Urls
2: L ROUP DMINISTRATOR ECTION HAPTER IBRARY SCREEN selected, an IP lookup for IP addresses that correspond to URLs in the uploaded file will not be performed. b. Click Upload to open the Upload Successful pop-up window. NOTE: In order for the URLs to take effect, library categories must be reloaded.
Page 428: Reload The Library
2: L ROUP DMINISTRATOR ECTION HAPTER IBRARY SCREEN NOTE: Before the file is uploaded to the server, it will first be vali- dated 4. Click Upload File to display the results of the library file content validation in the Library File Content/IP Lookup Options pop-up window: Fig.
Page 429: Url Keywords Window
2: L ROUP DMINISTRATOR ECTION HAPTER IBRARY SCREEN NOTE: Since reloading the library utilizes system resources that impact the performance of the Web Filter, M86 recommends clicking Reload Library only after modifications to all library windows have been made. URL Keywords window The URL Keywords window displays when URL Keywords is selected from the custom library category’s menu of sub- topics.
Page 430: View A List Of Url Keywords
2: L ROUP DMINISTRATOR ECTION HAPTER IBRARY SCREEN WARNING: Use extreme caution when setting up URL keywords for filtering. If a keyword contains the same consecutive charac- ters as a keyword set up to be blocked, users will be denied access to URLs that are not even within blocked categories.
Page 431: Upload A List Of Url Keywords To The Library
2: L ROUP DMINISTRATOR ECTION HAPTER IBRARY SCREEN Upload a List of URL Keywords to the Library To upload a text file containing URL keyword additions: 1. In the Upload Master URL Keyword File frame, click Upload Master to open the Upload Library Keyword pop-up window: Fig.
Page 432: Search Engine Keywords Window
2: L ROUP DMINISTRATOR ECTION HAPTER IBRARY SCREEN Search Engine Keywords window The Search Engine Keywords window displays when Search Engine Keywords is selected from the custom library category’s menu of sub-topics. This window is used for adding and removing search engine keywords and phrases to and from a custom library category’s master list.
Page 433: View A List Of Search Engine Keywords
2: L ROUP DMINISTRATOR ECTION HAPTER IBRARY SCREEN able to run a search on a subject such as “cotton gin”. However, if the word “sex” is set up to be blocked, a search will be allowed on “sexes” but not “sex” since a search engine keyword must exactly match a word set up to be blocked.
Page 434: Upload A Master List Of Search Engine Keywords
2: L ROUP DMINISTRATOR ECTION HAPTER IBRARY SCREEN Upload a Master List of Search Engine Keywords To upload a master list containing search engine keyword/ phrase additions: 1. In the Upload Search Keywords File frame, click Upload Master to open the Upload Library Keyword pop-up window (see Fig.
Page 435: Technical Support / Product Warranties
UPPORT ECHNICAL UPPORT RODUCT ARRANTIES Technical Support For technical support, visit M86 Security’s Technical Support Web page at http://www.m86security.com/ support/ or contact us by phone, by email, or in writing. For troubleshooting tips, visit http://www.m86security.com/software/8e6/ts/wf.html Hours Regular office hours are from Monday through Friday, 8 a.m.
Page 436: E-Mail
ECHNICAL UPPORT RODUCT ARRANTIES ECHNICAL UPPORT E-Mail For non-emergency assistance, email us at support@m86security.com Office Locations and Phone Numbers M86 Corporate Headquarters (USA) 828 West Taft Avenue Orange, CA 92865-4232 Local 714.282.6111 714.282.6116 Domestic US 1.888.786.7999 International +1.714.282.6111 M86 Taiwan 7 Fl., No.
Page 437: Support Procedures
ECHNICAL UPPORT RODUCT ARRANTIES ECHNICAL UPPORT Support Procedures When you contact our technical support department: • You will be greeted by a technical professional who will request the details of the problem and attempt to resolve the issue directly. • If your issue needs to be escalated, you will be given a ticket number for reference, and a senior-level technician will contact you to resolve the issue.
Page 438: Product Warranties
ARRANTIES Product Warranties Standard Warranty M86 Security warrants the medium on which the M86 product is provided to be free from defects in material and workmanship under normal use for period of one year (the “Warranty Period”) from the date of delivery. This standard Warranty Period applies to both new and refurbished equip- ment for a period of one year from the delivery date.
Page 439: Technical Support And Service
ARRANTIES RODUCT ARRANTIES Technical Support and Service M86 Security will provide initial installation support and technical support for up to 90 days following installation. M86 Security provides after-hour emergency support to M86 server customers. An after hours technician can be reached by voice line.
Page 440: Extended Warranty (Optional)
If parts are discontinued from production during the Warranty Period, immediate replacement product(s) or hardware parts will be available for exchange with defective parts from M86 Security’s local reseller or distributor. Extended Technical Support and Service Extended technical support is available to customers under a Technical Support Agreement.
Page 441: Appendices Section
PPENDICES ECTION PPENDIX PPENDICES ECTION Appendix A Filtering Profile Format and Rules A filtering profile must be set up in a specified format, containing the following items: 1. The username or group name 2. IP address or MAC address 3. Filtering profile criteria: •...
Page 442: Rule Criteria
PPENDICES ECTION PPENDIX Rule Criteria Rule criteria consists of selections made from the following lists of codes that are used in profile strings: • Port command codes: Filter all ports Filter the defined port number(s) Open all ports Open the defined port number(s) Set the defined port number(s) to trigger a warn message Block all ports...
Page 443: Category Codes
PPENDICES ECTION PPENDIX • Category command codes: Category command codes must be entered in the following order: J, R, M, I. “PASSED” should either be entered after J, R, or M, or after a string of category codes following J, R, or M. J = Positioned before the category/categories defined as "always allowed."...
Page 444: Filter Option Codes
PPENDICES ECTION PPENDIX • Filter Option codes: • 0x1 Exception URL Query (always enabled) • 0x2 X Strikes Blocking • 0x4 Google/Bing/Yahoo!/Youtube/Ask/AOL Safe Search Enforcement • 0x100 = Search Engine Keyword • 0x200 = URL Keyword • 0x1000= Extend URL Keyword Filter Control NOTE: To enable multiple filter codes, add the codes together.
Page 445: Create A Custom Block Page
PPENDICES ECTION PPENDIX Appendix B Create a Custom Block Page M86 offers ways for you to customize the block page so that the page can have a different look while retaining the infor- mation/functionality provided in M86’s default block page. NOTE: The solutions provided in this appendix will only let you customize the Block page, not the Options page.
Page 446: Exclude Filtering Ip
PPENDICES ECTION PPENDIX http://<server for block_page>[:<port for block page>]/ <blockpage>?URL=<blocked url>&IP=<client IP>&CAT=<URL category>&USER=<client User Name> 2. Exclude filtering <server for block page> IP 1. Go to: GUI: Policy > Global Group > Range to Detect 2. Input the IP address under “Destination IP” > ”Exclude IP”...
Page 447: Show M86'S Information In The Block Page (Optional)
PPENDICES ECTION PPENDIX Show M86’s information in the block page (optional) The following information is passed to the <blockpage> through the query string: Name Description: Value Blocked URL: From the query string of the block page URL IP that accessed the blocked URL: (see URL) Category of the blocked URL: (see URL) USER User Name that accessed the blocked URL: (see URL)
Page 448: Customized Block Page Examples
PPENDICES ECTION PPENDIX Customized block page examples The examples in the Reference portion of this appendix illustrate how form data is parsed and posted in the custom- ized block page. Examples include: 1. HTML (using Java Script to parse/post form data) 2.
Page 449: Reference
PPENDICES ECTION PPENDIX Reference HTML     <html> <head> <script language=javascript> function parseData(str, start, end) result = "";...
Page 450 PPENDICES ECTION PPENDIX user = parseData(query, "USER=", "&"); document.block.USER.value = user; function showData(){ document.write("URL:" + document.block.URL.value + "<br>"); document.write("IP:" + document.block.IP.value + "<br>"); document.write("CAT:" + document.block.CAT.value + "<br>"); document.write("USER:" + document.block.USER.value + "<br>"); function do_options(){ document.block.action="http://<Web Filter IP>:81/cgi/ block.cgi" document.block.submit(); </script>...
Page 451: Cgi Written In Perl
PPENDICES ECTION PPENDIX CGI written in Perl There are two methods for CGI written in Perl: One lets you embed data in the query string to pass data to the Options CGI, and the other lets you use Java Script to post form data to the Options CGI.
Page 452: Use Java Script To Post Form Data
PPENDICES ECTION PPENDIX print "<br>For further options, <a href=\"http://<Web Filter IP>:81/ cgi/ block.cgi?URL=$url&IP=$ip&CAT=$cat&USER=$user&STEP=STEP2\">click here</a><br>\n"; print "</body>\n"; print "</html>\n"; Use Java Script to post form data #!/usr/bin/perl # Original Filename: cusp_block2.cgi # File Type: # Description: Sample Perl script for Web Filter customized block page # Replace the <Web Filter IP>...
Page 453 PPENDICES ECTION PPENDIX print "<body>\n"; print "<form method=post name=block>\n"; print "<input type=hidden name=\"SITE\" value=\"_BLOCK_SITE_\">\n"; print "<input type=hidden name=\"IP\" value=\"$ip\">\n"; print "<input type=hidden name=\"URL\" value=\"$url\">\n"; print "<input type=hidden name=\"CAT\" value=\"$cat\">\n"; print "<input type=hidden name=\"USER\" value=\"$user\">\n"; print "<input type=hidden name=\"STEP\" value=\"STEP2\">\n"; print "<br>Web Filter Customized Block Page (CGI written with Perl using Java Script to post form data)<br>\n";...
Page 454: Cgi Written In C
PPENDICES ECTION PPENDIX CGI written in C * cusc_block.c * Description: sample C source code of CGI for customized block page * Replace <Web Filter IP> with real IP and recompile before using * Revision: 1 * Date: 03/08/2004 #include <stdio.h> struct { char *name;...
Page 455 PPENDICES ECTION PPENDIX unescape_url(paramv); paramn = (char *)makeword(paramv, '='); to_upper(paramn); if (strcmp(paramn, "IP") == 0) strcpy(szIP, paramv); else if (strcmp(paramn, "URL") == 0) strcpy(szURL, paramv); else if (strcmp(paramn, "CAT") == 0) strcpy(szCategory, paramv); else if (strcmp(paramn, "USER") == 0) strcpy(szUserName, paramv); getnextquery(&paramv);...
Page 456 PPENDICES ECTION PPENDIX printf("<html>\n"); printf("<head>\n"); printf("<script language=\"JavaScript\">\n"); printf("function do_options()\n"); printf("{\n"); printf("document.block.action=\"http://<Web Filter IP>:81/cgi/ block.cgi\"\n"); printf("document.block.submit()\n"); printf("}\n"); printf("</script>\n"); printf("</head>\n"); printf("<form method=post name=block >\n"); printf("<input type=hidden name=\"SITE\" value=\"_BLOCK_SITE_\">\n"); printf("<input type=hidden name=\"IP\" value=\"%s\">\n", szIP); printf("<input type=hidden name=\"URL\" value=\"%s\">\n", szURL); printf("<input type=hidden name=\"CAT\" value=\"%s\">\n", szCategory);...
Page 457 PPENDICES ECTION PPENDIX url[x] = x2c(&url[y+1]); y+=2; url[x] = '\0'; char x2c(char *what) register char digit; digit = (what[0] >= 'A' ? ((what[0] & 0xdf) - 'A')+10 : (what[0] - '0')); digit *= 16; digit += (what[1] >= 'A' ? ((what[1] & 0xdf) - 'A')+10 : (what[1] - '0'));...
Page 458 PPENDICES ECTION PPENDIX char *word; int ll; wsize = 102400; ll=0; word = (char *) malloc(sizeof(char) * (wsize + 1)); while(1) word[ll] = (char)fgetc(f); if(ll==wsize) word[ll+1] = '\0'; wsize+=102400; word = (char *)realloc(word,sizeof(char)*(wsize+1)); --(*cl); if((word[ll] == stop) || (feof(f)) || (!(*cl))) if(word[ll] != stop) ll++;...
Page 459 PPENDICES ECTION PPENDIX void getquery(char *paramd, char **paramv) if (paramd == NULL) *paramv = NULL; else *paramv = (char *)strtok(paramd, "&"); void getnextquery(char **paramv) *paramv = (char *)strtok(NULL, "&"); M86 S ECURITY UIDE...
Page 460: Override Pop-Up Blockers
PPENDICES ECTION PPENDIX Appendix C Override Pop-up Blockers An override account user with pop-up blocking software installed on his/her workstation will need to temporarily disable pop-up blocking in order to authenticate him/herself via the Options page: Fig. C-1 Options page This appendix provides instructions on how to use an over- ride account if typical pop-up blocking software is installed, as in the following products: Yahoo! Toolbar, Google...
Page 461: Yahoo! Toolbar Pop-Up Blocker
PPENDICES ECTION PPENDIX Yahoo! Toolbar Pop-up Blocker If Pop-up Blocking is Enabled 1. In the Options page (see Fig. C-1), enter your Username and Password. 2. Press and hold the Ctrl key on your keyboard while simultaneously clicking the Override button—this action opens the override account pop-up window.
Page 462 PPENDICES ECTION PPENDIX Fig. C-3 Allow pop-ups from source 3. Select the source from the Sources of Recently Blocked Pop-Ups list box to activate the Allow button. 4. Click Allow to move the selected source to the Always Allow Pop-Ups From These Sources list box. 5.
Page 463: Google Toolbar Pop-Up Blocker
PPENDICES ECTION PPENDIX Google Toolbar Pop-up Blocker If Pop-up Blocking is Enabled 1. In the Options page (see Fig. C-1), enter your Username and Password. 2. Press and hold the Ctrl key on your keyboard while simultaneously clicking the Override button—this action opens the override account pop-up window.
Page 464: Adwaresafe Pop-Up Blocker
PPENDICES ECTION PPENDIX AdwareSafe Pop-up Blocker If Pop-up Blocking is Enabled 1. In the Options page (see Fig. C-1), enter your Username and Password. 2. Press and hold the Ctrl key on your keyboard while simultaneously clicking the Override button—this action opens the override account pop-up window.
Page 465: Mozilla Firefox Pop-Up Blocker
PPENDICES ECTION PPENDIX Mozilla Firefox Pop-up Blocker Add Override Account to the White List 1. From the Firefox browser, go to the toolbar and select Tools > Options to open the Options dialog box. 2. Click the Content tab at the top of this box to open the Content section: Fig.
Page 466 PPENDICES ECTION PPENDIX Fig. C-7 Mozilla Firefox Pop-up Window Exceptions 4. Enter the Address of the web site to let the override account window pass. 5. Click Allow to add the URL to the list box section below. 6. Click Close to close the Allowed Sites - Pop-ups box. 7.
Page 467: Windows Xp Sp2 Pop-Up Blocker
PPENDICES ECTION PPENDIX Windows XP SP2 Pop-up Blocker Set up Pop-up Blocking There are two ways to enable the pop-up blocking feature in the IE browser. Use the Internet Options dialog box 1. From the IE browser, go to the toolbar and select Tools > Internet Options to open the Internet Options dialog box.
Page 468: Use The Ie Toolbar
PPENDICES ECTION PPENDIX Use the IE Toolbar In the IE browser, go to the toolbar and select Tools > Pop- up Blocker > Turn On Pop-up Blocker: Fig. C-9 Toolbar setup When you click Turn On Pop-up Blocker, this menu selec- tion changes to Turn Off Pop-up Blocker and activates the Pop-up Blocker Settings menu item.
Page 469: Add Override Account To The White List
PPENDICES ECTION PPENDIX Add Override Account to the White List There are two ways to disable pop-up blocking for the over- ride account and to add the override account to your white list. Use the IE Toolbar 1. With pop-up blocking enabled, go to the toolbar and select Tools >...
Page 470: Use The Information Bar
PPENDICES ECTION PPENDIX Use the Information Bar With pop-up blocking enabled, the Information Bar can be set up and used for viewing information about blocked pop- ups or allowing pop-ups from a specified site. Set up the Information Bar 1. Go to the toolbar and select Tools > Pop-up Blocker > Pop-up Blocker Settings to open the Pop-up Blocker Settings dialog box (see Fig.
Page 471 PPENDICES ECTION PPENDIX 3. Click the Information Bar for settings options: Fig. C-12 Information Bar menu options 4. Select Always Allow Pop-ups from This Site—this action opens the Allow pop-ups from this site? dialog box: Fig. C-13 Allow pop-ups dialog box 5.
Page 472: Mobile Client
PPENDICES ECTION PPENDIX Appendix D Mobile Client Mobile Client performs Internet filtering and blocking on mobile PCs physically located outside your organization. This product is comprised of a Web Filter configured to use the mobile mode, profiles of end users—working at home or on the road—uploaded to the Web Filter configured to use the mobile mode, and Mobile Client software installed on end users’...
Page 473: Environment Requirements
PPENDICES ECTION PPENDIX Environment Requirements Workstation Requirements System requirements for the administrator include the following: • Web Filter must be configured to use the Mobile mode option • Session cookies from the Web Filter must be allowed in order for the Administrator console to function properly •...
Page 474: Network Requirement
PPENDICES ECTION PPENDIX Network Requirement • High speed connection from the Web Filter to mobile Remote Filtering Components • Mobile Client software installed on each end user’s mobile PC Work Flow Overview Mobile Client Installed on a Mobile PC For mobile PCs located outside of the organization: •...
Page 475: Network Operations Overview
PPENDICES ECTION PPENDIX Network Operations Overview Mobile Client on the Network Mobile Client 1. A URL request is made from an end user’s mobile PC to access inappropriate content on the Internet. 2. The Mobile Client installed on the end user’s workstation sends a parallel request to the Web Filter.
Page 476: Mobile Server Section
PPENDICES ECTION PPENDIX Mobile Server Section The Mobile Server Section of this user guide contains infor- mation on how to set up and configure the Web Filter’s hard- ware and software to be used with the Mobile Client. Initial Setup The basic requirements for initial network setup are as follows: •...
Page 477: Configure The Web Filter To Use The Mobile Mode
PPENDICES ECTION PPENDIX Configure the Web Filter to use the Mobile Mode The Operation Mode window is used for setting up the Web Filter to use the mobile mode for filtering mobile PCs. 1. In the Mode frame, choose either “Mobile Only” or one of the filtering modes (Invisible, Router, FIrewall) with the “Mobile”...
Page 478: Add Mac Addresses To The Master Ip Group
PPENDICES ECTION PPENDIX Exception URL, LDAP Authentication, and Warn and Quota filter settings. (An end user with categories blocked in his/her profile will be blocked from categories with a Warn or Quota setting instead of receiving a warning or quota page. If his/her profile does not contain blocked categories but instead contains catego- ries with Warn or Quota settings, the Global Group Profile will be assigned instead.)
Page 479: Select Mac Addresses For A Sub Group
PPENDICES ECTION PPENDIX NOTES: Follow steps 2-3 for each MAC address to be added. To remove a member from the Current Members list box, select the MAC address from the list box, and then click Remove. Select MAC Addresses for a Sub Group In the mobile mode, the sub-group Members window is used for selecting MAC addresses for inclusion in the sub- group.
Page 480: View Sub Group Mac Addresses
PPENDICES ECTION PPENDIX • To remove MAC addresses from the sub-group, select each sub-group by highlighting it in the Member MAC(s) list box, and then clicking the right arrow to move the item(s) to the Available MAC(s) list box. TIPS: Multiple MAC addresses can be moved to a list box by clicking each MAC address while pressing the Ctrl key on your keyboard, and then clicking the arrow key pointing to that list box.
Page 481: Add A Mac Address To An Individual Member
PPENDICES ECTION PPENDIX If the sub-group has been completely defined, IP address criteria was entered in the IP Address frame and saved in this window. Add a MAC Address to an Individual Member When using the mobile mode, the Individual IP’s Member window is used for selecting the member’s MAC address for inclusion in the sub-group.
Page 482: Upload Mac Address File For Ip Group
PPENDICES ECTION PPENDIX Upload MAC Address File for IP Group A file containing multiple MAC addresses can be uploaded to the master IP group using the Upload/Download IP Profile window. Fig. D-6 Master IP group’s Upload/Download IP Profile window WARNING: Any existing profiles will be overwritten by the contents of the uploaded file.
Page 483: Troubleshoot Mac Addresses
PPENDICES ECTION PPENDIX Troubleshoot MAC Addresses When using the mobile mode, the Active Profile Lookup is used for verifying whether an entity has an active filtering profile for his/her MAC address. This window also is used for troubleshooting synchronization on "target" Web Filters, to verify whether settings for user profiles match the ones synced over from the "source"...
Page 484: Mobile Client Section
PPENDICES ECTION PPENDIX Mobile Client Section The Mobile Client Section of this user guide contains infor- mation on how the Windows network administrator uses the Mobile Client Deployment Kit to install the Mobile Client on a Windows or Macintosh network, configure the Mobile Client via the Package Editor, deploy the Mobile Client to Windows or Macintosh OS X end user workstations, and uninstall the Mobile Client.
Page 485: Download And Install The Deployment Kit
PPENDICES ECTION PPENDIX Download and Install the Deployment Kit 1. Insert the CD-ROM—that was packaged in the carton containing your Web Filter appliance—into your machine. 2. After launching the start.html Web page, find and click the Mobile Client Deployment Kit Installer (.msi file) link to download that file to your machine.
Page 486 PPENDICES ECTION PPENDIX Fig. D-9 End User License Agreement 5. Click Next to go to the Choose Setup Type step, and select the setup option for installing the Mobile Client: “Typical”, “Custom”, “Complete”: Fig. D-10 Choose Setup Type 6. Click Next to proceed with the option you selected for installing the application.
Page 487 PPENDICES ECTION PPENDIX Fig. D-11 Installation process ready to begin 7. Click Install to begin the installation process. The following page displays when the installation process is complete: Fig. D-12 Installation complete 8. Click Finish to close the wizard dialog box. M86 S ECURITY UIDE...
Page 488: Access The Mobile Client Deployment Tool Window
Help link in the Mobile Client Deployment Tool for instructions on using these windows. The Mobile Client Deployment Tool window is accessible via Start > All Programs > M86 Security Mobile Client Deployment Kit > Package Editor: Fig. D-13 Mobile Client Deployment Tool window The Mobile Client Deployment Tool’s package editor log...
Page 489: Configure A New Package Set
PPENDICES ECTION PPENDIX Configure a New Package Set 1. In the Mobile Client Deployment Tool window, go to File > New Package... to open the Choose Product Version dialog box: Fig. D-14 Choose Product Version dialog box 2. Select the Mobile Client software version from the avail- able choices, and then click OK to close the Choose Product Version dialog box and to open the Package Configuration window:...
Page 490: Specify Package Criteria
PPENDICES ECTION PPENDIX The Package Configuration window is comprised of the following frames: Package Information, Network Settings, Automatic Update Settings, and Application Options Settings. NOTE: To exit the Package Configuration window at any time before saving your edits, select File > Cancel from the menu. Specify Package criteria The Package Information frame includes the following infor- mation: Path on the system where the current package is...
Page 491: Configure Network Settings
PPENDICES ECTION PPENDIX Configure Network Settings The Network Settings frame includes fields for entering IP addresses of host servers used for filtering mobile worksta- tions and in-house workstations, and proxy server criteria— the latter, if a proxy server is used with filtering servers on your network.
Page 492 PPENDICES ECTION PPENDIX Add, remove internal filter host server NOTE: Entries made in this portion of the user interface are optional. If you have one filter host server on your network, the IP address would be the same IP address you entered for the mobile filter host server.
Page 493 PPENDICES ECTION PPENDIX Add proxy address or host name 1. If your organization is using a proxy server on the network, in the Proxy address or host name field, enter the IP address or host name of your proxy server. 2.
Page 494: Optional: Specify Url For Mobile Client Updates
PPENDICES ECTION PPENDIX Optional: Specify URL for Mobile Client Updates NOTES: A URL directory entry is required in the Automatic Update Settings frame only if the Mobile Client Updater will be installed on end user workstations and a Web server will be used for deploying updated Mobile Client package configuration updates to these workstations.
Page 495: Optional: Set Up Application Options
PPENDICES ECTION PPENDIX 3. Click Add to include the entry in the list box below. 4. After entering the URL, click OK to close the dialog box and to display your entries in the Update URL Base field of the Package Configuration window. NOTE: To remove a URL from the list, select the entry from the Update URLS list box, click Delete, and then click OK.
Page 496 PPENDICES ECTION PPENDIX Step 1: First line entry By default, the Application Options Settings field is empty. If you wish to add any options, you must first type in Mode 0 on the first line. For example: Mode 0 {option #1} {option #2} …...
Page 497 PPENDICES ECTION PPENDIX Step 3: Add an option line for the application Enter an option line for each application to be blocked or bypassed. To block an application, for example: block_firefox -c “c:\Program Files\Mozilla Firefox\Firefox.exe” -k To bypass an application, for example: bypass_myapp -c “c:\Program Files\MyCorporation\MyCus- tomApp\MyApp.exe”...
Page 498 PPENDICES ECTION PPENDIX Line encryptor/decryptor... Other types of application qualifying arguments exist in addition to the examples provided in the previous para- graphs of this user guide. It is also possible to encrypt the Application Options Settings if you wish to obfuscate them from your users.
Page 499: Save Configuration Settings, Download Files
PPENDICES ECTION PPENDIX • MD5 Calculation - use the tools in this frame to generate an MD5 “digital thumbprint” for a file. • AES / Base64 Encryption - use the tools in this frame to generate Advanced Encryption Standard (AES) base64 encryption: 2.
Page 500 PPENDICES ECTION PPENDIX Fig. D-20 Mobile Client Package Contents page M86 S ECURITY UIDE...
Page 501 PPENDICES ECTION PPENDIX The Mobile Client Package Contents page includes the following information: • Component Versions - The Mobile Client Windows and Macintosh version numbers and MCU version numbers • Packages - Links to downloadable components for: • Windows - Direct or Group Policy Setup links for down- loading the following components: •...
Page 502 PPENDICES ECTION PPENDIX • Configuration - Mobile Client and server settings: • Configuration Revision number • Mobile Server Host IP address(es) and Port number(s) • Internal Server Host IP address(es) and Port number(s) • Proxy server - Server host name or IP address, Port number, and Username if a proxy server was specified •...
Page 503: Edit A Package Configuration
PPENDICES ECTION PPENDIX Edit a Package Configuration 1. From the Mobile Client Deployment Tool window, select File > Edit Package... to open the Select Package window: Fig. D-21 Select Package window 2. From the Packages list box, choose the package to be edited;...
Page 504: Edit Default Configuration Settings
PPENDICES ECTION PPENDIX Edit default configuration settings 1. From the Mobile Client Deployment Tool window, select Tools > Edit default configuration... to open the Package Configuration window for default settings: Fig. D-22 Package Configuration window for default settings This window is similiar in appearance to the Package Configuration window used for adding a new package or editing an existing package, except the Package Infor- mation frame includes the following differences:...
Page 505: View Package Configuration Contents
PPENDICES ECTION PPENDIX TIP: Select File > Cancel to exit without saving your edits. 2. Make your edits in this window and then select from the following options to save the default configuration: File > Save or File > Save and Quit. NOTE: See Save configuration settings, download files in Configure a New Package Set for information about these Save options.
Page 506: Mcu File Preparations
PPENDICES ECTION PPENDIX MCU file preparations In order to use the optional Mobile Client Updater (MCU) component to distribute product or configuration updates to end users, you must first install the MCU on end user work- stations. Then you must select the host server to deploy updates to end user workstations.
Page 507: Step 2: Choose A Deployment Host For Updates
PPENDICES ECTION PPENDIX Step 2: Choose a deployment host for updates Decide where to host Mobile Client update files: • A Web server you maintain • Mobile Server Web Filter Host MC file on your Web server This choice is advantageous for environments with multiple Mobile Server appliances, since update files need to be copied to only one server instead of each Web Filter appli- ance.
Page 508 PPENDICES ECTION PPENDIX not coordinate their synchronization attempts with each other, the timing of download attempts will follow a random statistical distribution. Nevertheless, it is conceivable that if you have 4,000 client workstations, they might all attempt to download the update within the first hour after it is posted, although the starting times of each download will vary.
Page 509: Step 3: Post The Latest Files For Mcu
PPENDICES ECTION PPENDIX Step 3: Post the latest files for MCU Next you must post the Mobile Client configuration files to the host server. After this initial posting, whenever changes are made to the client configuration, or whenever a new software version of the Mobile Client becomes available, you need to post the updated files to this designated host server.
Page 510 PPENDICES ECTION PPENDIX 3. Click Browse... to open the File Upload window and search for the .tgz file to be uploaded to the server. WARNING: Uploading subsequent packages of the Mobile Client to the server will overwrite the current file configuration. 4.
Page 511: Mc Deployment To Windows Computers
PPENDICES ECTION PPENDIX MC Deployment to Windows Computers Deployment to a group The modified 8e6client.msi file is distributed to multiple Windows workstations by creating a Group Policy Object (GPO) which assigns this software to the required computers on the network. NOTE: The procedure suggested below presumes that you are using the free add-on Group Policy Management Console (GPMC) provided by Microsoft.
Page 512 PPENDICES ECTION PPENDIX 3. Link the new policy: a. In the GPMC, select the domain or organizational unit for which the policy should be applied. b. Right-click, choose "Link an existing GPO", and then select the new policy you created in step 2. Click OK. c.
Page 513 PPENDICES ECTION PPENDIX 5. Enable the policy link: Return to the new policy link in the GPMC for the target domain or Organizational Unit, right-click, and then choose "Link Enabled". 6. Test the deployment: a. Select one of the workstations within the scope of the policy and refresh its policies by running gpup- date.exe.
Page 514: Installation On A Single Computer
PPENDICES ECTION PPENDIX Installation on a single computer The Mobile Client is manually installed on a single Windows workstation by following these procedures: 1. Go to the folder in which the modified 8e6client.msi file was downloaded, and click the .msi file icon to launch the automatic installation process on the current workstation: Fig.
Page 515: Mobile Client Removal From Computers
PPENDICES ECTION PPENDIX Mobile Client Removal from Computers Uninstallation from a Windows group If the Group Policy that was used for installing the Mobile Client on workstations is removed, the Mobile Client will still remain installed on target workstations. In order to use the Group Policy framework to uninstall the Mobile Client, the Mobile Client Remover (8e6purge.msi) must be deployed using the Group Policy, just as the installer was deployed.
Page 516 PPENDICES ECTION PPENDIX • Windows XP: Start > Control Panel > Add or Remove Programs 2. Find the Mobile Client program and click Remove to open the M86 Mobile Client - Uninstall dialog box: Fig. D-27 Mobile Client Uninstall dialog box 3.
Page 517 PPENDICES ECTION PPENDIX Fig. D-29 Generate a key Copy this Uninstall key. In this example: f0d34d NOTE: Click Close to close the Create Uninstall Key pop-up window. 6. Access the M86 Mobile Client - Uninstall dialog box again, and enter the generated password key in the Key field.
Page 518: Glossary
PPENDICES ECTION PPENDIX Appendix E Glossary This glossary includes definitions for terminology used in this user guide. M86 supplied category - A library category that was created by M86, and includes a list of URLs, URL keywords, and search engine keywords to be blocked. always allowed - A filter category or port given this desig- nation in a profile will be included in the white list.
Page 519 PPENDICES ECTION PPENDIX global administrator - An authorized administrator of the network who maintains all aspects of the Web Filter, except for managing master IP groups and their members, and their associated filtering profiles. The global administrator configures the Web Filter, sets up master IP groups, and performs routine maintenance on the server.
Page 520 PPENDICES ECTION PPENDIX (LDAP) is a directory service protocol based on entries (Distinguished Names). machine name - Pertains to the name of the user’s work- station machine (computer). master IP group - An IP group set up in the tree menu in the Policy section of the console, comprised of sub-groups and/or individual IP filtering profiles.
Page 521 PPENDICES ECTION PPENDIX tions. The command also controls persistent net connec- tions. NetBIOS - Network Basic Input Output System is an appli- cation programming interface (API) that augments the DOS BIOS by adding special functions to local-area networks (LANs). Almost all LANs for PCs are based on the NetBIOS. NetBIOS relies on a message format called Server Message Block (SMB).
Page 522 PPENDICES ECTION PPENDIX proxy server - An appliance or software that accesses the Internet for the user’s client PC. When a client PC submits a request for a Web page, the proxy server accesses the page from the Internet and sends it to the client. A proxy server may be used for security reasons or in conjunciton with caching for bandwidth and performance reasons.
Page 523 PPENDICES ECTION PPENDIX service port - Service ports can be set up to blocked. Examples of these ports include File Transfer Protocol (FTP), Hyper Text Transfer Protocol (HTTP), Network News Transfer Protocol (NNTP), Secured HTTP Transmission (HTTPS), and Other ports such as Secure Shell (SSH). SMTP - Simple Mail Transfer Protocol is used for transfer- ring email messages between servers.
Page 524 PPENDICES ECTION PPENDIX VLAN - Virtual Local Area Network is a network of computers that may be located on different segments of a LAN but communicate as if they were on the same physical LAN segment. warn setting - A setting assigned to a library category or uncategorized URLs when creating a rule, or when setting up a filtering profile.
Page 525: Index
NDEX account password security 98 setup 95 Active connections diagnostic tool 109 active filtering profiles 23 Active Profile Lookup window 116 Additional Language Support window 277 Admin Audit Trail window 120 Administrator menu 95 Administrator window 95 alert box, terminology 4 Alert menu 123 Alert Settings window 123 always allowed 27...
Page 526 NDEX calculator 67 category codes 421 custom categories 393 custom category 25 library 25 M86 supplied category 299 category codes 421 Category Groups menu 298 category profile global 245 IP group 350 minimum filtering level 264 Category Weight System menu 292 Category Weight System window 292 Centralized Management Console 37 checkbox, terminology 4...
Page 527 NDEX dialog box, terminology 4 Disk Usage diagnostic tool 111 DMZ 454 Emergency Update Log window 283 Enterprise Reporter 31 environment requirements 10 Mobile Client 451 EULA 217 exception URL 81 Exception URL window 358 field, terminology 4 filter option codes 422 filter options global group 249 filter setting 28...
Page 528 NDEX proxy setting 274 global administrator 1 add account 95 definition 497 global filtering profile 23 global group 18 category profile 245 default redirect URL 248 filter options 249 menu 230 override account 253 port profile 247 Global Group Profile window 244 Google Web Accelerator 76 Google/Bing/Yahoo!/Youtube/Ask/AOL Safe Search Enforcement global group filter option 250...
Page 529 NDEX customize pages 192 set up a custom category 393 set up a Time Profile 363 set up an Override Account Global Group 253 Group profile 341 set up Exception URLs 358 set up pattern detection whitelisting 296 set up profile options Global Group Profile 249 Group or member Profile 355 Override Account profile 259...
Page 530 NDEX add to group 378 definition 497 delete 388 profile type 22 Individual IP Profile window 387 Installation Guide 50 instant messaging 31 definition 497 Internet Explorer 10 invisible mode 13 definition 497 diagram 13 diagram with port monitoring 14 IP group 19 category profile 350 create 269...
Page 531 NDEX lookup 285 manual updates 275 search engine keywords, custom category 410 search engine keywords, M86 supplied category 309 software update 276 update categories 275 update logs 278 URL keywords, custom category 407 URL keywords, M86 supplied category 305 URLs, custom category 398 URLs, M86 supplied category 300 weekly update 275 library categories 25...
Page 532 NDEX block page authentication 80 Logon Settings window 98 lookup library 285 M86 supplied category 25 definition 496 machine name, definition 498 Macintosh 10 Manual Update to M86 Supplied Categories 275 Manual Update window 275 master IP group 19 definition 498 filtering profile 22 maintenance 338 setup 269...
Page 533 NDEX NAT 38 definition 499 navigation panel 60 terminology 5 navigation tips 55 net use definition 498 NetBIOS definition 499 Network Address Translation (NAT), definition 499 Network menu 88 network requirements 11 Network Time Protocol (NTP) 90 NIC Configuration diagnostic tool 109 NNTP Newsgroup menu 295 NNTP Newsgroup window 295 NTP Servers window 90...
Page 534 NDEX definition 499 password expiration 52 override account 341 unlock IP address 104 unlock username 103 Pattern Detection Whitelist menu 296 Pattern Detection Whitelist window 296 peer-to-peer 31 definition 499 Ping 108 Policy screen 55 pop-up blocking, disable 438 pop-up box/window, terminology 6 port profile global 247 minimum filtering level 266...
Page 535 NDEX Quota Block Page Customization window 209 Quota Notice Page Customization window 212 Quota Setting menu 220 Quota Setting window 220 radio button, terminology 6 Radius definition 500 Radius Authentication Settings menu 171 Radius Authentication Settings window 171 Radius profile 21 Range to Detect Settings window 141 Range to Detect window 230 Real Time Probe 500...
Page 536 NDEX Routing table diagnostic tool 109 rule 26 definition 500 Rules window 240 Safari 10 screen, terminology 6 search engine definition 500 search engine keyword custom category 410 M86 supplied category 309 Search Engine Keyword Filter Control global group filter option 251 search engine keyword filtering 251 Search Engine Keywords window 309 custom category 410...
Page 537 NDEX Source mode 37 SSL Certificate menu 226 SSL Certificate window 226 Stand Alone mode 37 static filtering profiles 22 Status window 145 Status window, CMC Management 218 Sub Group (IP Group) window 380 MAC addresses 458 Sub Group Profile window 383 sub-group 336 add to master IP group 377 copy 385...
Page 538 NDEX Threat Analysis Reporter 29 time profile add 364 definition 501 delete 373 modify 373 profile type 23 Time Profile window 363 time-based profile 79 tolerance timer 180 tooltips 58 TOP CPU processes diagnostic tool 109 topic 60 terminology 7 Trace Route 108 Traveler 298 definition 501...
Page 539 NDEX URL, definition 501 URLs window 300 custom category 398 M86 supplied category 300 Usage Graphs window 329 usage logs 112 View Log File window 112 virtual IP address, definition 501 VLAN 502 Warn Option Setting window 191 Warn Page Customization window 203 warn setting 27 definition 502 Web access logging 31...
Page 540 NDEX M86 S ECURITY UIDE...

M86 Security IR Web Filter User Manual

Chapter 1: Filtering Operations

Chapter 2: Logging and Blocking

Chapter 3: Synchronizing Multiple Units

Chapter 4: Getting Started

Quick Links

USER GUIDE

Troubleshooting

Related Manuals for M86 Security IR Web Filter

Summary of Contents for M86 Security IR Web Filter