Table of Contents
Advertisement
Quick Links
Advertisement
Table of Contents
Related Manuals for EdgeWave iPrism Web Security
Summary of Contents for EdgeWave iPrism Web Security
- Page 1 Administration Guide V7.0 iPrism Web Security 800-782-3762 www.edgewave.com...
- Page 2 © 2001 – 2012 EdgeWave. All rights reserved. The EdgeWave logo, iPrism and iGuard are trademarks of EdgeWave Inc. All other trademarks and registered trademarks are hereby acknowledged. Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
-
Page 3: Table Of Contents
Contents Chapter 1 Introduction About iPrism About this Guide Who Should Use this Guide? Knowledgebase, Tutorials and Technical Support Installation Notes Chapter 2 Overview How iPrism Works The Filtering Database Deciding What Gets Blocked Assigning Profiles Getting Past Blocked Sites How iPrism Filters Internet Activity Introduction to Profiles Proxy Mode... - Page 4 Copying an Application Profile Deleting an Application Profile Authentication and Assigning Profiles to Users Assigning Profiles to a Set of IP Addresses (Workstations) Quotas and Warnings Email Alerts Adding an Email Alert Editing an Email Alert Deleting an Email Alert Quotas Adding a Quota Editing a Quota...
- Page 5 Groups Adding a Group Editing a Group Deleting a Group Mapping Groups to Profiles Nested Groups Privileges Networks Adding a Network Profile Editing a Network Profile Deleting a Network Profile VLAN Management Adding a VLAN Description Editing a VLAN Description Deleting a VLAN Description Admin Roles Adding an Admin Role...
- Page 6 Restoring Restoring Your System from a Local Backup Restoring iPrism to its Default (Factory) Configuration Event Log Deleting Access Event Records Policy Test Self Check Send Test Email Site Rating & Test Support Tunnel Test Directory Services Chapter 7 System Settings Central Management Customizable Pages Customizing Pages...
- Page 7 FTP Settings High Availability Setup Recovery License Key iPrism Certificates Uploading Your License Key Local Categories Network ID Network Services Network Hardening (Protecting Against DoS Attacks) Enabling SNMP The SNMP Community String WCCP Configuring WCCP Settings in iPrism Configuring SMTP Relay Settings Enabling the Co-Management Network Pending Request Options Ports...
- Page 8 Unrated Pages (iARP) User Settings Chapter 8 System Status About Administration Log Configuration Summary Connectivity Pinging a Host Tracing Network Activity Perform a DNS Lookup Refreshing the System Updates Server Routing Table Security Log Status Chapter 9 Central Management Before You Begin Setting Up a Master/Slave Configuration Designating Slave Systems Designating the Master System...
- Page 9 Pornography Sexuality Questionable Activities Category Copyright Infringement Computer Hacking Intolerance/Extremism Miscellaneous Questionable Profanity Tasteless Weapons/Bombs Violence Security Exploits Category Phishing Spyware/Adware Malware Society Category Alt/New Age Art/Culture Family Issues Government Politics Social Issues Keywords News Classifieds Religion Cult Alternative Lifestyle Internet (Web) Category Anonymizer Discussion Forums...
- Page 10 Web Banners Web Host Web Search Portals High Bandwidth Dynamically Detected Proxies Business Category Specialized Shopping Dining/Restaurant Real Estate Automotive Internet Services Corporate Marketing Finance Job/Employment Search Professional Services Online Auctions Education Category Continuing Education/Colleges History K-12 Reference Sites Sci/Tech Sex Education Health Category Alcohol/Tobacco...
- Page 11 Social Networking/Dating Special Interests Sports Travel Web Log (Blog) Appendix B Configuring Browsers for Proxy Mode Configuring Firefox for Proxy Mode Configuring Safari (Mac OS X only) for Proxy Mode Configuring Internet Explorer for Proxy Mode Appendix C iPrism Error Messages iPrism Rating Error iPrism List Update iPrism List Error...
-
Page 12: Chapter 1 Introduction
iPrism Administration Guide Introduction HAPTER About iPrism The iPrism Web Filter combines simplicity, performance and value to deliver unrivalled protection from Internet-based threats such as malware, viruses, spyware, anonymizers, IM, P2P, and inappropriate content. As a self-contained appliance-based solution, iPrism offers universal interoperability on any platform and in any network environment, delivering Internet security at the perimeter, to help enforce your Internet acceptable use and security policies. -
Page 13: Knowledgebase, Tutorials And Technical Support
Knowledgebase, Tutorials and Technical Support If you are unable to resolve your issue using the manual, please check our Knowledgebase at: www.edgewave.com/support/web_security/knowledgebases.asp Embedded iLearn videos are a series of short task-oriented videos to help guide you through specific iPrism configuration scenarios. These tutorials are available at: www.edgewave.com/support/web_security/recorded_webinars_ilearn.asp... - Page 14 Administration Guide If one or more of these conditions exist on your network and you are not able to get iPrism to function properly, check the EdgeWave website. This site contains the most current support information for iPrism. www.edgewave.com/support/web_security/default.asp If you are still unable to find a solution, you may request assistance with your installation from the iPrism technical support team.
-
Page 15: Chapter 2 Overview
To ensure that each iPrism unit is always operating with the very latest filtering database, the iPrism appliance automatically connects to the EdgeWave server daily and downloads the most recent filtering database files. The URL database now contains more than 80 categories with millions of websites. - Page 16 iPrism Administration Guide To do this you need to create an ACL with the following settings: Category Monitor Blocked adult nudity everything else The ACL controls what is blocked and monitored. iPrism needs to know when to apply the ACL and who to apply it to.
- Page 17 iPrism Administration Guide Figure 1. Profiles and Scheduling In this example, the schedule applies to the entire company (Profile name = MyCompany). But sometimes you need to give different users different access rights. For example, the Purchasing department may legitimately need access to online shopping, and Finance may need access to online gambling.
-
Page 18: Assigning Profiles
iPrism Administration Guide Finally, you can manually add users to your iPrism. In practice, manual creation is usually only done for iPrism administrators and sub-administrators. Assigning Profiles Now that you have set up profiles, you need to learn how to associate a profile with the people to which it applies. -
Page 19: How Iprism Filters Internet Activity
IM/P2P activity can be viewed in the Application Detailed Report, available through the iPrism Report Manager (refer to the iPrism Reporting Guide at http://edgewave.com/support/web_security/documentation.asp). Chapter 2 Overview... -
Page 20: Introduction To Profiles
iPrism Administration Guide Besides blocking web, IM, and P2P activity, the administrator also has the ability to simply monitor the traffic. For websites, you can select which categories are monitored and when this monitoring is to be done. For IM and P2P traffic, you can monitor based on the protocol used. Monitoring allows you to see how your network in being used;... -
Page 21: Proxy Mode
iPrism Administration Guide Proxy Mode Proxy mode is the simplest, and is the preferred mode in which to operate an iPrism when testing, as well as when iPrism is installed “inside” a busy network with many different kinds of traffic. In proxy mode, the iPrism is installed right off the switch. -
Page 22: Bridge (Transparent) Mode
iPrism Administration Guide Figure 2. Deploying iPrism in Proxy Mode iPrism Installation Guide Refer to the for detailed information. Bridge (Transparent) Mode In bridge (transparent) mode, the iPrism is an “in-line installation” which has 2 network (NIC) connections. This mode is recommended for full network production deployment. In this mode, iPrism is installed between the firewall and the switch. -
Page 23: Using The Management Interface
iPrism Administration Guide Figure 3. Deploying iPrism in Bridge (Transparent) Mode Notes: The iPrism can also act as a filtering web proxy when in bridge (transparent) mode. Users can configure their browsers to point at the iPrism, just as they do in proxy mode, although the iPrism is configured in bridge (transparent) mode. -
Page 24: Logging In And Out Of Iprism
For more information on configuring and using the management interface, refer to the Knowledgebase article “How do I enable the Management Interface?” at www.edgewave.com/support/web_security/knowledgebases.asp. Logging In and Out of iPrism Logging into iPrism is done via the login page. It is recommended that you bookmark this page. -
Page 25: Restarting And Shutting Down Iprism
iPrism Administration Guide Restarting and Shutting Down iPrism • To restart iPrism, select Restart from the Logout menu in the top right corner of the page. • To shut down iPrism, select Shut Down from the Logout menu in the top right corner of the page. The iPrism Home Page The primary method of administering the iPrism is via the configuration options available from the iPrism home page. -
Page 26: Chapter 3 Profiles & Filters
iPrism Administration Guide Profiles & Filters HAPTER This section describes how iPrism’s profiles and filters work, and provides detailed procedures for creating and implementing your own filtering profiles. Instructions for controlling access to specific websites and other Internet services is also provided. To access iPrism Profiles &... -
Page 27: Adding A Custom Filter
iPrism Administration Guide Figure 5. Custom Filters If you want to search for a custom filter, type all or part of the filter name and click Search. Adding a Custom Filter In the Custom Filters window click Add. Chapter 3 Profiles & Filters... - Page 28 If all sub-URLs of this address are to be included in the filter, check Apply to all sub-URLs of this address. If you want to have this URL submitted to the EdgeWave iGuard team for rating, check Submit this URL to EdgeWave for rating.
-
Page 29: Editing A Custom Filter
iPrism Administration Guide Figure 7. Manage Filter Properties • No Antivirus - Turns off virus checking for this URL or file extension. • No Authentication - Turns off authentication for this URL or file extension. • Safe Parameter - Checks for the specified parameter and, if it matches this definition, allows the content. -
Page 30: Importing And Exporting Custom Filters
iPrism Administration Guide Importing and Exporting Custom Filters To import a custom filter: In the Custom Filters window, click Import. Click Yes to confirm. Locate the file and click Open. To export a custom filter: In the Custom Filters window, select a filter and click Export. Enter a name for the file and click Save. -
Page 31: How Iprism Uses Profiles
iPrism Administration Guide Profiles’ flexibility stems from the fact that each profile is made up of one or more individual filtering criteria, called an Access Control List (ACL). An ACL tells iPrism what to do for each category of website and specifies which traffic gets blocked or monitored. For example, ACLs can block access to websites of an “adult”... -
Page 32: Iprism's Default Profiles
iPrism Administration Guide • Machine-level filtering, based on Machine ID, that applies only to remote users. The Machine ID identifies a particular remote machine and defines a policy for all users on that machine. It is treated like a username, and by default is the hostname of the machine when the client is installed. -
Page 33: Adding A Web Profile
iPrism Administration Guide Figure 8. Web Profiles Adding a Web Profile To add a profile: Click Add in the main Web Profiles window. Enter a name for the profile. Add new Access Control Lists (ACLs) or edit existing ACLs. For details, see Access Control Lists (ACLs) For each ACL that is part of this profile, assign the days/times the ACL is in effect. -
Page 34: Copying A Profile
iPrism Administration Guide Figure 9. ACL Times Click OK to add the web profile. Copying a Profile To create a new profile by copying an existing profile: Select a profile in the main Web Profiles window and click Copy. Enter a name for the new profile. Add new Access Control Lists (ACLs) or edit the existing ACLs. -
Page 35: Deleting A Profile
iPrism Administration Guide Deleting a Profile When you delete a profile, you need to specify a replacement profile. Select a profile in the main Web Profiles window and click Delete. Select a replacement profile from the dropdown list and click OK. Important: Assigning a different profile may dramatically change what the user sees. -
Page 36: Adding An Application Profile
iPrism Administration Guide Figure 11. Application Profiles Adding an Application Profile To add a profile: In the Application Profiles window, click Add. Enter a name for the profile. Add new Access Control Lists (ACLs) or edit existing ACLs. For details, see Access Control Lists (ACLs) Chapter 3 Profiles &... - Page 37 iPrism Administration Guide Figure 12. Application ACL For each ACL that is part of this profile, assign the days/times the ACL is in effect. Select an ACL. Click next to a time and drag to highlight the time blocks when the ACL is in effect. Chapter 3 Profiles &...
-
Page 38: Copying An Application Profile
iPrism Administration Guide Figure 13. ACL Times Click OK to add the application profile. Copying an Application Profile To create a new profile by copying an existing profile: In the Application Profiles window, select a profile and click Copy. Enter a name for the new profile. Add new Access Control Lists (ACLs) or edit the existing ACLs. -
Page 39: Deleting An Application Profile
iPrism Administration Guide Deleting an Application Profile When you delete a profile, you need to specify a replacement profile. In the Application Profiles window, select a profile and click Delete. Select a replacement profile from the dropdown list and click OK. Important: Assigning a different profile may dramatically change what the user sees. - Page 40 iPrism Administration Guide • Quotas generate a notification at a certain threshold of activity and then block the activity when the quota is reached. • Warnings notify the user that their activity is being monitored. Quotas and warnings are attached to ACLs within web profiles. See Creating a New Web ACL more information.
-
Page 41: Email Alerts
iPrism Administration Guide • To add a new item, select the appropriate tab. See Email Alerts, Quotas, or Warnings details. When you are finished click Save at the bottom of the Quotas & Warnings window. If you have completed all your administrative changes, click Activate Changes to activate the changes immediately. -
Page 42: Adding An Email Alert
iPrism Administration Guide Adding an Email Alert From the Email Alerts window, click Add. Enter a name for the email alert. Select Enabled to turn on the alert or Disabled to turn it off (save for later use). From the Monitoring dropdown list, select an option: •... -
Page 43: Editing An Email Alert
iPrism Administration Guide In the ACL Categories frame, click Select and choose the categories that will trigger the alert. Click OK to return to the Email Alerts window. Type the email address(es) of the users to receive the email alert. Use commas to separate multiple email addresses. -
Page 44: Deleting An Email Alert
iPrism Administration Guide Deleting an Email Alert Note: If you might use the email alert later, you can deactivate it instead of deleting it. To deactivate an alert, click the green indicator on the far left. The indicator turns red to show the email alert is disabled. To delete an email alert: In the Email Alerts window, select the alert to delete. - Page 45 iPrism Administration Guide Figure 18. Quotas When a user has reached a specified percentage of the quota, the following message appears. Figure 19. Percentage of Quota Reached This message can be customized. See Customizable Pages. When a user has reached the quota they are not able to access the requested page. The following message appears.
-
Page 46: Adding A Quota
iPrism Administration Guide Figure 20. Quota Reached Adding a Quota From the Quotas window, click Add. Enter a name for the quota. Select Enabled to turn on the quota or Disabled to turn it off (save for later use). Note: When a quota is disabled, the ACL associations still appear even though the quota is not being enforced. -
Page 47: Editing A Quota
iPrism Administration Guide Note: The quota calculation is a total of the usage in all the categories selected. For example, a 100KB quota for selected categories of games and sports will reach the quota if games is at 30KB and sports is at 70KB. Type the email address(es) of the users to receive email notification when the quota has been reached. -
Page 48: Deleting A Quota
iPrism Administration Guide Click Edit. Make changes as needed. Click OK to save your changes. Deleting a Quota Note: If you might use the quota later, you can deactivate it instead of deleting it. To deactivate a quota, click the green indicator on the far left. The indicator turns red to show the quota is inactive. -
Page 49: Adding A Warning
iPrism Administration Guide Figure 22. Warnings When a user accesses a page that has a warning attached to it, the following message appears. Figure 23. Warning This message can be customized. See Customizable Pages. Adding a Warning From the Warnings window, click Add. Enter a name for the warning. - Page 50 iPrism Administration Guide Select Enabled to turn on the warning or Disabled to turn it off (save for later use). Note: When a warning is disabled, the ACL associations still appear even though they are not affected. iPrism will activate the warnings for those ACLs when the warning is enabled.
-
Page 51: Editing A Warning
iPrism Administration Guide Editing a Warning In the Warnings window, select the warning to edit. Click Edit. Make changes as needed. Click OK to save your changes. Deleting a Warning Note: If you might use the warning later, you can deactivate it instead of deleting it. - Page 52 iPrism Administration Guide Enter a name for the ACL. Figure 25. Web Access Control List Select General Options. • Deny all access to the web: No web traffic is allowed for this ACL. This is a quick way to set all categories (even local allowed) to Blocked.
-
Page 53: Creating A New Application Acl
iPrism Administration Guide • Override link: The Access Denied page will include an Override button, allowing users with override privileges to gain access to the page. • Request access link: The Access Denied page will include a Request Access button, allowing users to petition the administrator for access when they are blocked from a site. -
Page 54: Editing An Acl
iPrism Administration Guide Editing an ACL Create or edit a web profile or an application profile.For details, see Web Profiles Application Profiles In the Profile Details window, select the ACL to edit and click Edit. Make your changes and then click OK. Deleting an ACL Create or edit a web profile or an application profile.For details, see Web Profiles... - Page 55 iPrism Administration Guide Figure 26. Lock ACL Check Lock ACLs in each profile. Click Edit next to the type of ACL you want to lock (Web Lock ACL or Application Lock ACL). Make your changes and then click OK. Select whether the Override link will appear on the Access Denied page. You can specify that it does not appear, or you can specify that this is determined by the Web Profile setting (and restrict the login).
-
Page 56: Current Overrides
iPrism Administration Guide Current Overrides Override access allows users with the required privileges to be able to overrule the active filtering policy and gain access to web pages that would otherwise be blocked. In iPrism, override privileges are determined by a user’s administrator level assignment. To view current overrides: •... -
Page 57: Pending Requests
iPrism Administration Guide • Rating Category: The filtering profile affected by the override (e.g., News). This may be the name of the profile overridden by the user, or it may read Any if the override is relevant to a network, not a profile. •... -
Page 58: Granting Requests
iPrism Administration Guide Granting Requests In the Pending Requests window, select the request(s) and click Grant. Note: You cannot grant requests that are locked, which will be indicated by the Locked column. Locked requests are set up via Lock ACL (see Lock ACL), and can only be unlocked if the administrator unlocks them via the Lock ACL. -
Page 59: Recent Blocks
iPrism Administration Guide If you have completed all your administrative changes, click Activate Changes to activate the changes immediately. If you do not Activate Changes now, you will be prompted to do so before logging out of iPrism. Recent Blocks You can view a list of the 100 most recently blocked pages by selecting Profiles &... -
Page 60: Using Remote Filtering
Once mobile laptop and/or remote users are provisioned from the iPrism, there is no need to connect to the iPrism directly, eliminating the need to use your VPN. The EdgeWave Data Center functions as an intermediary for the iPrism and the remote client. - Page 61 iPrism Administration Guide Figure 29. Remote Filtering Check Enable Remote Filtering. Remote filtering is centrally administered. When a remote policy is enforced on the client, users of the client will be presented with a Denied page. As the administrator, you have the opportunity to influence the message on that page.
- Page 62 Remote clients that are controlled by a policy in which monitoring is configured periodically send event logs back to iPrism by way of the EdgeWave Data Center. The frequency at which iPrism requests events from the Data Center can be adjusted with the Remote Filtering Logs selection.
- Page 63 iPrism Administration Guide You will be prompted to select a default web profile for remote users. Select a default profile from the list and click OK. Figure 31. Remote Default Behavior You can now set up remote users (see Remote Users).
-
Page 64: Chapter 4 Users & Networks
iPrism Administration Guide Users & Networks HAPTER To access user and network information, click Users & Networks from the home page. Local Users The Local Users section allows you to view, import, add, delete, or modify locally defined iPrism users. Local users exist in addition to and independent of users defined under Windows or LDAP authentication systems. -
Page 65: Adding Users
iPrism Administration Guide Figure 32. Local Users Adding Users In the Local Users window, click Add. Type a Username and Password in the appropriate fields, and type the password again in the Confirm Password field. Assign a web profile by selecting it from the dropdown list; Check Use network profiles to assign the web profile based on the IP address of the user’s com- puter. -
Page 66: Editing A Local User
iPrism Administration Guide • Full Access: Allows the user to reply to administrative requests (overrides, access, etc.). This user can access reports and the Block/Unblock Site interface, but cannot access the Configuration interface or the Real-time Monitor. • Global Policy Admin: This role is a user or login that is in charge of global filtering policies, regardless of existing partitions. -
Page 67: Deleting A Local User
iPrism Administration Guide Make changes as needed and click OK. Deleting a Local User To delete a local user: In the Local Users window, select a user and click Delete. Click Yes to confirm. Importing Users In the Local Users window, click Import. Figure 34. -
Page 68: Exporting Users
iPrism Administration Guide Exporting Users In the Local Users window, click Export. Figure 35. Export Local Users In the Field Delimiter dropdown list, select the desired delimiter (Comma, Pipe, or Tab). This character will be used to delimit individual users in the exported file. Click Save As. -
Page 69: Adding A Group
iPrism Administration Guide Figure 36. Groups Adding a Group In the Groups window, click Add. In the Profile Maps window, determine the level of access for this group by selecting a Domain, a Web Profile, and an Application Access profile. Type a name for the group in the Group field. -
Page 70: Editing A Group
iPrism Administration Guide Editing a Group In the Groups window, click Edit. Make any changes in the Profile Maps window. Click OK to save your changes. When you are finished editing all groups, click Save at the bottom of the Groups window. Deleting a Group In the Groups window, select a group and click Delete. -
Page 71: Nested Groups
iPrism Administration Guide • Whatever defines the group (DOMAIN or groupname) can be wildcarded (replaced with a single asterisk (*)). The asterisk wildcard means that all domains or all groups are covered by the mapping entry. An example of this convenience is if you want members of the ‘staff’ group (in any domain) to be mapped to the MonitorAll profile: ( [*\staff >... -
Page 72: Privileges
iPrism Administration Guide iPrism assigns profiles and privileges based on the first group on the Groups page or Privileges page of which the user is a member, whether the user is directly a member of that group or is a member via the nested groups feature. - Page 73 iPrism Administration Guide Select a domain from the Domain dropdown list. Type the group to which you are mapping this privilege; for information about setting up groups, see Groups. Figure 40. Privilege Map Select a Privilege from the dropdown list: •...
-
Page 74: Networks
iPrism Administration Guide If you have completed all your administrative changes, click Activate Changes to activate the changes immediately. If you do not Activate Changes now, you will be prompted to do so before logging out of iPrism. Networks The Networks section allows you to manage network profiles. A network profile is a profile assigned to a range of IP addresses. -
Page 75: Adding A Network Profile
iPrism Administration Guide Figure 41. Networks Adding a Network Profile In the Networks window, click Add. In the Details tab, enter the details of the Network Profile: the IP Start and IP End range, whether the workstation is proxying to iPrism’s external interface (e.g., users are connecting to a firewall VPN when iPrism is in bridge (transparent) mode), and the Web Profile and Application Profile that will apply to this network profile. - Page 76 iPrism Administration Guide Figure 42. Network Profile Details Click the Authentication tab. Figure 43. Authentication Tab – Proxy Mode Chapter 4 Users & Networks...
- Page 77 iPrism Administration Guide From the appropriate Authentication dropdown list, select which Authentication mode is to be used if Always attempt manual login is selected in Advanced Auto-Login settings (see step 8 below). If Always attempt manual login is selected, one of the following options must be selected here to specify how to handle the manual login.
-
Page 78: Editing A Network Profile
iPrism Administration Guide If Always attempt manual login is selected, select an option in step 4 above to specify how to handle the manual login. Click OK to save your changes. Editing a Network Profile In the Networks window, click Edit. Make changes as necessary. -
Page 79: Adding A Vlan Description
iPrism Administration Guide Important: Activating changes to the VLAN configuration causes the iPrism network interfaces to reset. This will cause a momentary interruption of network traffic and may interrupt your administrative session. If your administrative session is affected, use your browser to reconnect to the iPrism, then log in again to continue. -
Page 80: Editing A Vlan Description
iPrism Administration Guide Figure 46. Adding a VLAN Assign a VLAN ID in the range 0-4094. Choose whether to add filtering to this VLAN, or specify that filtering should be ignored for this VLAN. Enter a DNS hostname, IP address, and subnet mask that the iPrism will use for participation on this VLAN. -
Page 81: Admin Roles
iPrism Administration Guide Admin Roles Administrator Roles (Admin Roles) define the type of access an iPrism administrator has. Detailed descriptions of each role are on Global Policy Administrator (GPA): The GPA has the right to log in to UI Configuration tools and administer global filtering policies. The GPA can also access reports, filter management, and overrides. -
Page 82: Adding An Admin Role
iPrism Administration Guide Adding an Admin Role In the Admin Roles window, click Add. Type a name for this Admin Role, and select a Role Type from the dropdown list. The following roles are available: • Global Policy Administrator (GPA): The GPA has the right to log in to UI Configuration tools and administer global filtering policies. - Page 83 iPrism Administration Guide Figure 48. Admin Roles – Access Control List Tab One or more individual filtering criteria, or Access Control Lists (ACLs), make up a Web profile. A Web ACL tells iPrism what to do for each category of website and specifies which traffic gets blocked or monitored.
- Page 84 iPrism Administration Guide • Use Predefined Durations: Select either Unlimited, or select Minute(s), Hour(s), Day(s), Week(s), from the dropdown list and type in the number of minute(s), hour(s), day(s), and/or week(s) this override is valid (e.g., 1 hour 30 minutes). •...
-
Page 85: Editing An Admin Role
iPrism Administration Guide • Current Path: The path component is the part of the URL which appears after the host name. This allows overriding based on a specific path, regardless of the host name. • Current Domain: The domain name of the host part of the URL. For example, the domain for http://www.yahoo.com is yahoo.com. -
Page 86: Deleting An Admin Role
iPrism Administration Guide Deleting an Admin Role In the Admin Roles window, select a role and click Delete. Click Yes to confirm. Exceptions iPrism’s goal on your network is to act as a web filter for access to the Internet. In fact, this is how it is able to perform its monitoring and blocking tasks. - Page 87 iPrism Administration Guide Figure 50. Managing Exceptions Type a name for the exception in the Name field. Select the type of exception: • No Filter: Traffic will pass unfiltered through the specified Source and Destination range of IP addresses, or the specified port. •...
-
Page 88: Editing An Exception
iPrism Administration Guide Type the IP address range for the sending machine or set of machines in the Source IP Start and End fields. Type the IP address range for the receiving machine or set of receiving machines in the Destination IP Start and End fields. - Page 89 iPrism Administration Guide Important: The Machine Identifier identifies a particular remote machine and defines a policy for all users on that machine. It is treated like a username, and by default is the hostname of the machine when the client is installed (to locate the computer’s hostname, see Locating a Hostname in the iPrism Remote Filtering Client Guide ).
-
Page 90: Adding A Remote User
iPrism Administration Guide Adding a Remote User In the Remote Users window, click Add. Enter the username/machine ID. See Remote Users for details. To enable this machine now, select Enabled. Select the Web profile to apply for this machine. Select the Failover action for this machine. Click OK. -
Page 91: Deleting A Remote User
iPrism Administration Guide Deleting a Remote User In the Remote Users window, select a user and click Delete. Click Yes to confirm. Importing Remote Users If you already have a list of remote users, you may want to import them to iPrism. In the Remote Users window, click Import. -
Page 92: Exporting Remote Users
iPrism Administration Guide ru_sonia,false,1,BlockOffensive ru_tony,false,1,PassAll ru_john,false,1,BlockOffensive ru_mary,false,1,PassAll ru_peter,false,1,PassAll Exporting Remote Users Note: You must Save & Activate any unsaved changes prior to exporting users. In the Remote Users window, click Export. A check will be performed to verify whether any changes need to be saved and activated. If there are changes, you must click Save, then click Activate Changes before you can perform an export. -
Page 93: Remote Upgrades
iPrism Administration Guide Remote Upgrades System upgrades for remote users can be scheduled during non-peak periods if needed. Set up the defaults that will apply to most systems, and then add exceptions if needed, for specific machines or ranges of machines. To set up remote upgrades: From the iPrism home page, select Users &... - Page 94 iPrism Administration Guide Figure 54. Remote Upgrade Settings To add exceptions, click Add, enter the information, and click OK. • To enter a range of machine IDs, use the * wildcard (only available at the end of the ID). • Select Enabled to turn the exception setting on, or Disabled to turn off this exception setting.
- Page 95 iPrism Administration Guide If you have completed all your administrative changes, click Activate Changes to activate the changes immediately. If you do not Activate Changes now, you will be prompted to do so before logging out of iPrism. Chapter 4 Users & Networks...
-
Page 96: Chapter 5 Reporting
The iPrism Report Manager contains predefined, commonly needed reports, such as who was visiting what website and when. You can also create your own custom reports for IM, P2P and URL events. Refer to the iPrism Reporting Guide http://www.edgewave.com/support/web_ security/documentation.asp for detailed instructions on how to manage and use the Report Manager. -
Page 97: Chapter 6 Maintenance
iPrism Administration Guide Maintenance HAPTER This section describes how to change iPrism’s internal settings and set your preferences for common iPrism activities such as managing updates, backing up, restoring, running tests, and doing self-checks. Appliance Updates Also known as the Hotfix Manager, Appliance Updates provide a convenient interface for tracking iPrism updates and patches (called Hotfixes). -
Page 98: Installing A New Hotfix
Although it is unlikely you will ever need to do this, you can uninstall a Hotfix if you suspect it is causing issues with your iPrism, or if you are directed to do so by EdgeWave Technical Support. To uninstall a Hotfix: In the Installed Hotfixes list, select the Hotfix you want to remove and click Uninstall. -
Page 99: Backup And Restore
iPrism Administration Guide Note: If you uninstall a Hotfix on which others are dependent, all dependent Hotfixes are also uninstalled. Backup and Restore You can back up all of your settings to a file on your local hard drive, restore the iPrism configuration to a previously saved version, or reset to factory default settings. -
Page 100: Restoring
iPrism Administration Guide If you need to change your backup preferences: • Click Settings. See Backup Settings for details. Restoring You can restore your iPrism from a local backup or to its original factory configuration. Restoring Your System from a Local Backup In the Backup & Restore window, select Restore from backup from the dropdown list. -
Page 101: Deleting Access Event Records
iPrism Administration Guide Figure 57. Event Log To view the Event Log: • From the iPrism home page, select Maintenance, then Event Log. Deleting Access Event Records There are times when you may wish to purge event data from iPrism, such as if an iPrism is transferred from one department to another. -
Page 102: Self Check
A check will be performed and the results displayed. You can stop the check by clicking Stop Check. You can send these results directly to EdgeWave Technical Support by clicking Send to Tech Support. To clear the screen and perform a new check, click Clear, then Start Check. -
Page 103: Send Test Email
iPrism Administration Guide Send Test Email This allows the administrator to test designated iPrism email recipients, such as iPrism administrators or users with privileges, as well as the allowable email size (in MB). From the iPrism home page, select Maintenance, then Send Test Email. Type the email address of the recipient to whom you want to test, and the allowable size you want to test (in MB). -
Page 104: Support Tunnel
Figure 59. Site Rating & Test If you would like to submit the site to EdgeWave for review, click Submit URL for Rating. The URL of the site is sent to the URL Review team and will be reviewed within 24 hours. - Page 105 iPrism Administration Guide Enter a username and password. Select the LDAP server or domain to test. Click Test Credentials. Chapter 6 Maintenance...
-
Page 106: Chapter 7 System Settings
iPrism Administration Guide System Settings HAPTER This section describes how to change iPrism’s internal settings and set your preferences for common iPrism activities. Central Management Central Management. Customizable Pages iPrism’s Customizable Pages allow you to fully customize several of the default pages used by iPrism. -
Page 107: Customizing Pages
iPrism Administration Guide Figure 60. iPrism Customizable Pages Customizing Pages From the iPrism home page, select System Settings, then Customizable Pages. If you first want to view the default page, make sure iPrism default is selected for that page and click Preview. -
Page 108: Specified Url
iPrism Administration Guide Use the design window to change the page as needed. For a listing of customizable page tags, Customizable Page Tags. Click when you are done editing. Click Yes to save the changes. Figure 61. Customizing the Quotas Page Specified URL Note that this is not available for the Authentication page. -
Page 109: All Other Pages
iPrism Administration Guide All Other Pages Click Customize. On the HTML tab, select a theme for the page (Default or Custom). Figure 62. Customizing the Other Pages If you want to use a background image, enter the URL. If you want to use a style sheet, enter the URL. Select where the HTML code will reside (Top, Left, Right, or Bottom). -
Page 110: Reporting Logo
iPrism Administration Guide Figure 63. Customizing the Contact Details Enter the administrator contact name and organization name. Click OK. Reporting Logo To customize the logo that shows on reports: Select Customized Logo from the dropdown list. Click Yes to confirm. Navigate to the folder containing the logo file. -
Page 111: Customizable Page Tags
iPrism Administration Guide Customizable Page Tags Use the following tags to insert relevant iPrism information and tools. Description FORM_START The starting HTML FORM element. This tag must be placed before any form input elements. CACHE_USER The value entered in as the username. Use this when an authentication attempt fails. -
Page 112: Directory Services
iPrism Administration Guide Description |INFO| An Information button, which provides more information about the Access Denied page. |RATING| The rating of the site trying to be accessed. Directory Services iPrism can be configured to filter Internet traffic in a variety of ways. •... -
Page 113: Choosing An Authentication Mechanism
• Migrating from AD2003 to AD2008 For OS X with Open Directory, refer to the iPrism Knowledgebase article: Integrating iPrism with OS X Open Directory. The knowledgebase articles are available at: , available at www.edgewave.com/support/web_ security/knowledgebases.asp. Chapter 7 System Settings... -
Page 114: Local Authentication
iPrism Administration Guide Local Authentication The iPrism’s local authentication system lets you define a set of users on the iPrism itself. No Directory Service is involved. Even if you have an external authentication server, the local user list allows you to provide a small number of people administrative access rights to iPrism. To create user accounts on the iPrism: From the iPrism home page, select Users &... - Page 115 iPrism Administration Guide Figure 64. LDAP Authentication Complete the necessary information for the LDAP server to which iPrism will connect. To use preset information, click Presets and select from the following options: • Active Directory (Multi-Domain) • Active Directory (Single-Domain) •...
-
Page 116: Authentication From The User's Perspective
iPrism Administration Guide Figure 65. LDAP Presets Click Test Settings to test LDAP server connectivity. Once connected, an LDAP bind attempt using administrative credentials is made to configure the base. • If either the primary server or backup server test is successful, a notice indicating that the test was successful is displayed. -
Page 117: Microsoft Windows Active Directory Authentication (Active Directory 2000/2003)
iPrism Administration Guide Microsoft Windows Active Directory Authentication (Active Directory 2000/2003) To implement NTLM authentication in iPrism using a Windows 2003 server network, complete the following steps. From the iPrism home page, select System Settings, then Directory Services. Click Configure & Join. From the Authentication Mode dropdown list, choose Server 2000/2003. -
Page 118: Assigning Iprism Profiles To Windows Ad Global Groups
For a description of how the Active Directory (AD) environment works in general, refer to the iPrism Knowledgebase at www.edgewave.com/support/web_security/knowledgebases.asp. To set up your iPrism to authenticate against an Active Directory 2008 server, you must have the following prerequisities in place, then complete the steps below . -
Page 119: Setting Up Iprism To Authenticate Against A Windows 2008 Server
iPrism Administration Guide • The client machines must be able to resolve the iPrism fully qualified domain name via DNS. • You must know an AD username (and password) that is a member of the “Domain Admins” group. • All clients must be given unique host names, or authentication failures will result. Important: If you have restored a system configuration, you must explicitly specify the domains and rejoin. - Page 120 iPrism Administration Guide Figure 66. Active Directory 2008 Authentication Your NT Domain, Active Directory Realm, Machine Account, and Domain Controllers will be populated. You can change any of these if necessary. • If you change the prepopulated Active Directory Realm, you must use a fully qualified domain name.
- Page 121 iPrism Administration Guide • This account need not be in the same AD domain as the iPrism is joining. However, this account MUST have administrative rights in the AD domain that the iPrism is joining. (Permissions may be granted via a trust relationship between domains.) The only allowable formats are as follows: Username (e.g., jdoe) NT Domain\Username (e.g., SALES-ABC\jdoe)
-
Page 122: Migrating From Ad 2003 To Ad 2008
Migrating from AD 2003 to AD 2008 If you want to migrate your AD 2003 environment to AD 2008, see the Knowledgebase article “Migrating from AD 2003 to AD 2008” at www.edgewave.com/support/web_ security/knowledgebases.asp. Enterprise Reporting The Enterprise Reporting Server (ERS) for iPrism provides consolidated reporting for up to thirty (30) iPrism systems. -
Page 123: Email Settings
iPrism Administration Guide Figure 67. Event Logging – Syslog Export Type the IP address of the host which will receive the logging information in the Syslog Host field. Click Save. If you have completed all your administrative changes, click Activate Changes to activate the changes immediately. -
Page 124: Ftp Settings
iPrism Administration Guide If you have completed all your administrative changes, click Activate Changes to activate the changes immediately. If you do not Activate Changes now, you will be prompted to do so before logging out of iPrism. FTP Settings From the iPrism Home Page, select System Settings, then Event Logging. -
Page 125: Setup
iPrism Administration Guide Figure 70. Parallel iPrisms Setup Before you can set up high availability: • The management interface must be enabled on both iPrisms. See Using the Management Interface for more information. • The iPrisms must be connected via the management port link. This can be either a crossover cable or a switched network. - Page 126 Bridge On: Leave the bridge ON. Note: If these settings are not appropriate for your network configuration, for either state (standby or failed), contact EdgeWave to understand how this will affect your network performance and security. Chapter 7 System Settings...
-
Page 127: Recovery
iPrism Administration Guide Select which interfaces are in use when the iPrism is in a failed state. The recommendations for these settings are the same as for standby. The internal and external interfaces can be enabled immediately, after a brief time delay, or not at all. If a time delay is chosen, the interface will be shut down for this time period when the iPrism fails, and then iPrism will attempt to turn the interface back on. -
Page 128: License Key
iPrism Administration Guide License Key This window allows you to complete information about the registered license key associated with your iPrism, and create an SSL certificate if necessary. From the iPrism home page, select System Settings, then License Key. In the Registration information, complete the necessary organizational and administrator information if you have not already done so in the Installation Wizard. - Page 129 iPrism Administration Guide Notes: If you upload an external certificate, you will not be required to Activate Changes. You may now be automatically logged out of iPrism. You must log back in for the keys to take effect. If you cannot log back in, clear your browser cache and refresh your browser. If you need to create an iPrism server certificate: Click Create/View Request to generate a Certificate Signing Request (CSR), which you can then use to obtain a trusted Server Certificate.
-
Page 130: Uploading Your License Key
Locate the file containing these keys and click Open. If the key is valid and uploads successfully, you will receive a confirmation message. Note: If you do not have a local license key file, contact your EdgeWave sales representative for a key. -
Page 131: Network Id
iPrism Administration Guide Local Deny is designed for web pages that no one should see. It is automatically checked (both blocked and monitored) in all new ACLs that are created, and should also be checked in all existing profiles (except the default “PassAll” profile). iPrism uses this category as part of its Custom Filters feature to let users instantly deny access to any URL. - Page 132 iPrism Administration Guide To set up iPrism on your network: From the iPrism home page, select System Settings, then Network ID. In the Host Name field, type the fully qualified domain name of your iPrism host. Figure 77. Network Identity Select a mode in which to configure your iPrism (Bridge (transparent) or Proxy (single- interface)).
- Page 133 iPrism Administration Guide Figure 79. External Interface If you are using a Management Interface, select a Mode (Auto, 100, or 1000) from the Mode dropdown list in the Management Interface frame. If you are not using the Management Interface, leave the Mode as Disabled. Figure 80.
- Page 134 iPrism Administration Guide Note: Although it is possible to run iPrism without specifying a name server, it is not advised. Many of iPrism features such as the anti-spoofing filter depending on being able to contact a name server and will not work if no DNS server is available.
- Page 135 iPrism Administration Guide Figure 82. Routing Some routers constantly exchange this type of network information via Routing Information Protocol (RIP) updates. If your routers support RIP, you can have iPrism listen for these updates. Note: iPrism supports versions 1 and 2 of the RIP protocol. To enable this functionality in iPrism, check the Listen to RIP updates box in the Routing frame.
-
Page 136: Network Services
iPrism Administration Guide Figure 83. Add Static Route In the Gateway Address field, type the IP address of the Internal router/gateway that connects iPrism to the workstations you specified above. Click OK. The new route displays in the Static Routes frame. Repeat this procedure as necessary to create additional static routes in iPrism. -
Page 137: Network Hardening (Protecting Against Dos Attacks)
iPrism Administration Guide Network Hardening (Protecting Against DoS Attacks) A DoS (Denial of Service) attack occurs when a malicious person tries to shut down a network by flooding it with network traffic. Usually the traffic is designed to use the maximum amount of system resources;... -
Page 138: Wccp
iPrism Administration Guide The community string is now available. Note: The same community string must be used in both the MIB browser and the iPrism. Figure 85. Enabling SNMP WCCP iPrism supports the WCCP protocol (versions 1 and 2). WCCP provides fault tolerance by automatic detection and rerouting to eliminate network downtime in the event that iPrism is turned off, disconnected, or a system failure occurs. -
Page 139: Configuring Smtp Relay Settings
To set the WCCP password, click Set Password. Refer to the iPrism Knowledgebase for information on configuring various versions of the WCCP router: www.edgewave.com/support/web_security/knowledgebases.asp Configuring SMTP Relay Settings iPrism uses the SMTP protocol to perform the following types of communications: •... -
Page 140: Enabling The Co-Management Network
iPrism Administration Guide By default, iPrism will perform a DNS (MX record) lookup to deliver these emails. If iPrism is installed in a network where a DNS server is not available and a SMTP Smarthost is used (for efficiency), its IP address can be configured here, in the SMTP Relay field. -
Page 141: Pending Request Options
iPrism Administration Guide Figure 88. Co-Management Network Check Enabled. Type IP addresses in the IP Start and IP End fields to define the range of IP addresses that will be allowed to access iPrism from the external interface. Only workstations in this range of IP addresses will be able to configure iPrism via the external interface. -
Page 142: Ports
iPrism Administration Guide The Pending Request Options window allows you to set options for how to manage these pending requests. To set the pending request options: • From the iPrism home page, select System Settings, then Pending Request Options. From here, you can set the following: •... -
Page 143: Proxy And Configuration Ports
iPrism Administration Guide Figure 91. Ports Proxy and Configuration Ports If desired, you can reconfigure the primary client proxy port of 3128, a secondary proxy port, or the standard administration port of 80. Important: Remote Filtering will not function properly if iPrism’s configuration port is not set to the default of port 80. -
Page 144: Redirect And Https Ports
iPrism Administration Guide Configuration Port: 80 is the default port used to access iPrism administration tools. The port can be any value between 1 and 65,535, but cannot be the same as either of the proxy ports. After changing the configuration port, you will need to append the port number to your iPrism URL to access the iPrism configuration tools, for example: https://[your iPrism]:8080 To add a proxy or configuration port:... -
Page 145: Proxy
iPrism Administration Guide To delete a redirect port (Transparent mode only), select the port in the Redirect Ports list and click Delete. Click Yes to confirm you want to delete the port. Click Save at the bottom of the window. If you have completed all your administrative changes, click Activate Changes to activate the changes immediately. -
Page 146: Slaving Iprism To A Parent Proxy (Proxy Mode)
Parent or Upstream Proxies, are explained in detail in the Knowledgebase article “How do I integrate iPrism with an Upstream or Parent Proxy?” at www.edgewave.com/support/web_security/knowledgebases.asp. To set up the proxy section: From the iPrism home page, select System Settings, then Proxy. -
Page 147: Enabling An Upstream Proxy In Bridge (Transparent) Mode
iPrism Administration Guide Note: If iPrism is configured to send administrative alerts, internal logs and/or reports via email, it will need an SMTP server entry for email exchange. iPrism will send all locally generated email to this SMTP server without attempting to contact a DNS server for name resolution. -
Page 148: Configuring The Filter List/System Update Proxy Server
iPrism Administration Guide • Specify: The value you enter in the Specified Value field will be used. Configuring the Filter List/System Update Proxy Server To specify the proxy server from which filter lists and system updates are downloaded: In the Proxy window, select an option from the Filter List dropdown: •... -
Page 149: Backup Settings
iPrism Administration Guide Figure 95. System Preferences To set system preferences: From the iPrism home page, select System Settings, then System Preferences. Select the options as described below. Click Save to save your changes. If you have completed all your administrative changes, click Activate Changes to activate the changes immediately. -
Page 150: Bypass Authentication
iPrism Administration Guide • Display backup reminders: Choose this option to have iPrism prompt you to back up. • Prompt when Exiting: You will be prompted to back up your iPrism when you exit an iPrism session. • Prompt when Starting: You will be prompted to back up when you start an iPrism session. -
Page 151: Filter Failover Mode
iPrism Administration Guide Select a city that is in your time zone and shares the same local variations, such as Daylight Savings Time, from the Time Zone list. This is usually the city that is closest to you geographically. To set the time manually, make sure that Set time manually is checked (as it is by default) and type the date and time into their respective fields. -
Page 152: Filter List (Iguard) Updates
iPrism Administration Guide Type a password in the Password field, then type the password again in the Confirm Password field. Click OK to save the password. Click Yes to save your changes. Filter List (iGuard) Updates Filter list updates help to keep your iPrism’s URL database current with the constantly updated database. -
Page 153: System Updates
iPrism Administration Guide • Pass Traffic (Unfiltered): This setting allows all Internet traffic to pass, as though all categories are allowed access. Users will have full access to the web. • Block Traffic: This setting blocks all Internet traffic that passes through the iPrism. Depending on the nature of the failure, it might be impossible to connect to the iPrism through the user interface. -
Page 154: Scheduled Reboot
iPrism Administration Guide Scheduled Reboot If the iPrism needs to be rebooted, but you can't do it immediately, you can schedule the reboot for a later date/time. To schedule a reboot: In the System Preferences window, in the Scheduled Reboot frame, click Set. Figure 97. -
Page 155: Unrated Pages (Iarp)
iPrism Administration Guide Unrated Pages (iARP) iPrism can automatically rate unrated, frequently accessed URLs (the iPrism Automatic Rating Protocol, or iARP). After a period of seven (7) days the top 100 currently unrated, frequently accessed URLs for a given iPrism are sent to for rating. You can opt to get an email message when the list of sites is sent and when the rating is complete, which normally occurs within a few days. -
Page 156: User Settings
iPrism Administration Guide Figure 98. Unrated Pages User Settings The administrator can reset dialog prompts back to the factory defaults. This affects the dialog prompts that are displayed when certain actions are taken (e.g., confirming delete). If a user checked Do not ask me about this again in the following example, resetting dialog prompts results in this setting being cleared, and the user again being asked to confirm delete. -
Page 157: Chapter 8 System Status
iPrism Administration Guide System Status HAPTER The System status options give you access to event data, as well as build ID, configuration information, connectivity status, and security and other information. See also About The read-only About window contains configuration details about your iPrism, such as hardware details, the version of software you are running, the iPrism build number, and how to contact Sales and Technical Support. -
Page 158: Configuration Summary
iPrism Administration Guide Figure 101. iPrism Administration Log Configuration Summary The Configuration Summary is a read-only window that displays information about how your iPrism is configured. You can save this file as a text file, and/or print it. This can be useful to iPrism Technical Support to assist in troubleshooting. -
Page 159: Pinging A Host
iPrism Administration Guide Pinging a Host To test whether a particular host is reachable across an IP network, you can ping it. From the iPrism home page, select System Status, then Connectivity. Type the IP address of the host and click Ping. The results are displayed in the Results frame. -
Page 160: Security Log
iPrism Administration Guide To view the routing table: • From the iPrism home page, select System Status, then Routing Table. A list of the network routes is displayed. To refresh the list, click Refresh. Security Log The security log is a read-only window that displays the last time your system received a filter list update, the last time there were configuration changes, the last time a backup was performed, the last time a remote filtering policy was delivered to the portal, and information about IP accesses, email alerts, overrides, and automatic reports. - Page 161 iPrism Administration Guide • Web Proxy Requests: Number of URLs processed and blocked for systems using the iPrism as a proxy. • Bridge Sessions: Number of URLs processed and blocked for systems using the iPrism in bridge (transparent) mode. • Number of Clients: Number of client workstations serviced by iPrism.
-
Page 162: Chapter 9 Central Management
iPrism Administration Guide Central Management HAPTER iPrism’s central management features let you manage a large set of iPrism systems using a single configuration manager. The system works by letting you designate a single master system and one or more slave systems. Any configuration changes made to the master system are automatically copied by the slaves. -
Page 163: Setting Up A Master/Slave Configuration
iPrism Administration Guide Setting Up a Master/Slave Configuration There are two steps to setting up a master/slave configuration, and it is recommended that they be completed in order: Designating Slave Systems. Designating the Master System. Designating Slave Systems For each iPrism that will be a slave: •... -
Page 164: Designating The Master System
iPrism Administration Guide Figure 102. Designate Slave Designating the Master System Log into the iPrism you want to designate as a master. From the iPrism home page, select System Settings, then Central Management. Select Master from the iPrism Mode dropdown list. The mode changes to Master, and a notification message appears when this is complete. - Page 165 iPrism Administration Guide Figure 103. Designate Master To choose the master settings to be applied to the slaves, click Manage Policies. Select which set of policies to apply and click OK. See Central Management Policies descriptions. To add slaves, in the Slave iPrism Appliances frame, click Add. Type the IP address of the slave.
-
Page 166: Changing The Master System
iPrism Administration Guide If you want the master to handle all overrides and access requests that come to the slaves, check Slave appliances route overrides and access requests back to Master. Note: If this option is selected and the current policy is to synchronize overrides, the initial connection to the slave appliances synchronizes the overrides from the master. -
Page 167: Removing A Slave System
iPrism Administration Guide Removing a Slave System Log into the master iPrism. From the iPrism home page, select System Settings, then Central Management. All designated slave systems are listed in the Slave iPrism Appliances frame. Select the one you want to remove, and click Remove. Click OK. - Page 168 iPrism Administration Guide Select Stand Alone from the iPrism Mode dropdown list. Click OK. Select System Settings, then System Preferences. In the System Updates frame, click Update Now. You will be prompted to confirm your decision (click Yes), and will be notified that the update will commence within 15 minutes.
-
Page 169: Chapter 10 Override Management
iPrism Administration Guide Override Management HAPTER When a browser tries to access a web page that is being blocked by iPrism, an ‘Access Denied’ page displays. iPrism gives the user and the administrators a variety of options for handling blocked pages. -
Page 170: Using Override Privileges
iPrism Administration Guide Using Override Privileges If the iPrism administrator has checked Override Link when setting up a profile, a user under that profile can bypass the Access Denied page and view the blocked page. The override request is recorded and can be viewed in Profiles & Filters > Current Overrides. Note: When a user has bypassed the Access Denied page and is viewing the blocked page, they are accessing the Internet under the grantor’s profile for the specified duration. - Page 171 iPrism Administration Guide • Current Workstation [IP address]: Any user on the current workstation will be able to access the blocked URL. • Following Network [network range]: Any user whose workstation is within the specified network range will be able to access the blocked URL. (This is available if you are using network profiles.) •...
-
Page 172: Using Access Requests
iPrism Administration Guide Using Access Requests Users that want to get past a blocked page but do not have override privileges have the option to plead their case to the iPrism administrator (or other authorized user with override privileges), who can subsequently grant or deny access to the page. -
Page 173: Managing Override Access
iPrism Administration Guide Managing Override Access Override access allows users with the required privileges to be able to “overrule” the active filtering policy and gain access to web pages that would otherwise be blocked. In iPrism, override privileges are determined by a user’s administrator level assignment. •... -
Page 174: Appendix A Filtering Categories
The database is constantly being updated, and the categories are subject to change as new and different types of content are encountered. To see the most current list of categories, as well as descriptions of each, refer to the online resource at: http://www.edgewave.com/products/web_security/technology_iGuard.asp Site Rating Categories Sex Category Adult This category refers to sites that are adult in nature and are not defined in other rating categories. -
Page 175: Lingerie/Bikini
iPrism Administration Guide Keywords mature subjects, mail order brides, penis enlargement, Viagra/Cialis, online pharmacy Lingerie/Bikini This category refers to sites displaying or dedicated to bikini or lingerie that could be considered for adults only. Sites about modeling would not be included in this area. Examples http://www.bikinihangout.com http://www.victoriassecret.com... -
Page 176: Pornography
iPrism Administration Guide Pornography This category covers anything relating to pornography, including mild depiction, soft pornography and hard-core pornography. Pornography pertains to writings, photographs, movies, etc. intended to arouse sexual excitement. Also, any site offering memberships that may provide access to other pornographic sites will fit into this category. -
Page 177: Questionable Activities Category
iPrism Administration Guide Questionable Activities Category Copyright Infringement This category refers to sites that offer media, software, MP3, DVD movies or any other copyrighted materials that are bootlegged or illegally available for purchase or download. This category is often blocked to protect iPrism owners from liability caused by the download and installation of bootlegged software. Note that this category does not refer to sites that are specific to computer hacking. -
Page 178: Intolerance/Extremism
iPrism Administration Guide Intolerance/Extremism This category refers to any site advocating militant activities or extremism. This includes groups with extreme political views and intolerance to individuals and/or groups based upon discriminating or racial distinction. Examples http://www.kukluxklan.bz http://www.stormfront.org http://www.godhatesamerica.com Keywords KKK, skin heads, nazism, fascism, anti-Semitism, homophobia, hate speech, totalitarianism, absolutism, anti-gay, discrimination, racism, militias, bigotry, prejudice, fanaticism, radicalism Miscellaneous Questionable This category refers to sites that are considered questionable in nature and may involve illegal... -
Page 179: Tasteless
iPrism Administration Guide Examples http://www.tshirthell.com http://www.eviladam.com http://www.wtfpeople.com Keywords swearing, cursing, vulgarity, strong lyrics, bad language Tasteless This category refers to sites that contain information on subjects such as mutilation, torture, horror, grotesque or any behavior that may be considered inappropriate for public audience. This will not include pornography, nudity, or sites dealing with sexuality, which have their own specific classifications. -
Page 180: Violence
iPrism Administration Guide Violence This category refers to sites that contain visual representations of or invitations to participate in violent acts. This may include war, crime, pranks, hazing, etc. A violent act may be considered any activity that uses physical force designed to injure another living being. Examples http://www.fightworld.com http://www.fightauthority.com... -
Page 181: Malware
iPrism Administration Guide Examples http://www.gamebar.net http://www.esurveiller.com http://www.seeq.com Keywords spyware, adware, browser hijacker, keylogger Malware Websites that are known to contain harmful code that may modify a user’s system without the user’s knowledge. Examples http://www.ivstil.ru http://www.buddylinks.net http://www.1weight.us Keywords malware, virus, trojan, dialer, worm Society Category Alt/New Age This category refers to any site relating to the advocacy and/or information pertaining to the occult... -
Page 182: Art/Culture
iPrism Administration Guide http://wicca.net Keywords horoscopes, goddesses, witchcraft, voodoo, Wicca, spells, palm reading, fortune telling Art/Culture This category refers to any site relating to the arts or culture. Culture includes the beliefs, customs, practices, and social behavior of a particular nation or people. The arts include the creation of beautiful or thought-provoking works, for example, in paintings, pictures, drawings, or writings. ... -
Page 183: Government
iPrism Administration Guide Government This category refers to any site that is associated with governments and/or their militaries. This includes federal, state, county, city and local governments as well as any government agency. This does not include general information about a specific geographical location (state, city, etc) – these sites should be classified as Travel. ... -
Page 184: Social Issues
iPrism Administration Guide Social Issues This category refers to any site that that contains information regarding issues that are considered controversial by a society. Examples of these are site that provide information on abortion, euthanasia, gun control, drug legalization, suicide, immigration, civil/human rights and gay (or anti- gay) sites. -
Page 185: Religion
iPrism Administration Guide Religion This category refers to any site that pertains to mainstream religions, religious activities or participation. This includes information relating to any common religious organization. This is a standalone category. Examples http://www.homechurch.com http://www.gospel.com http://www.wop.com Keywords church, synagogue, temple, worship, ministries, atheism, faith, belief, creed, religious conviction, bible study, youth ministry Cult This category refers to any site that advocates or discusses information relating to the use of or... -
Page 186: Alternative Lifestyle
iPrism Administration Guide Alternative Lifestyle Sites that contain information relating to gay, lesbian or bisexual lifestyles. This excludes sites that are about social issues or contain sexual content. Sites that promote the lifestyle but are of business or professional nature are not included in this category. Internet (Web) Category Anonymizer This category refers to sites that allow the user to surf the net anonymously. -
Page 187: Online Chat
iPrism Administration Guide Online Chat This category refers to any site that offers access to, software for or participation in any Internet chat forum. The notion of chat should be associated with any online conversation involving at least two people that takes place in real time. If a site offers chat as one of its services, then the exact location where chat is taking place will be rated as 'Chat'. -
Page 188: Peer To Peer
iPrism Administration Guide Peer to Peer Sites that provide client software to enable peer-to-peer file sharing and transfer. Email Host Sites that provide email accounts, free or otherwise. Examples http://www.hotmail.com http://mail.yahoo.com http://www.gmail.com Keywords email, POP3, accounts Safe Search Engine This category refers to any search site that is specifically targeted toward families and children. Safe search engines will not allow the child or family member to search for pornography. -
Page 189: Web Banners
iPrism Administration Guide Keywords desktop themes, wallpapers, screen savers, legal software, downloads, shareware, freeware Web Banners This category refers to sites that provide service links/ banners/ ads for web sites. This could also include redirect services. Examples http://www.banner-link.com http://www.123banners.com http://www.free-banners.com Keywords links, banners, ads, redirects, spam urls, gibberish urls Web Host... -
Page 190: Portals
Sites that offer multiple web based services to assist a users experience on the Internet. High Bandwidth * This category is no longer used in new ratings from EdgeWave and is intended to be removed from future releases of iPrism. The iGuard team is actively recategorizing all sites previously rated under categories that are deprecated. -
Page 191: Business Category
iPrism Administration Guide Business Category Specialized Shopping This category refers to any site that sells a specific item(s) or product(s) that can be purchased using the Internet or telephone with minimal effort using information on the site. This rating is sometimes accompanied by another rating depending on the subject matter of the items sold. -
Page 192: Finance
iPrism Administration Guide Examples http://www.deltaco.com http://www.honda.com http://www.mcdonalds.com Keywords corporate info, product info, company info, advertising, promotion Finance This category refers to any site that provides investment information, stocks, bonds, mutual funds, newsletters, tips, and firms that offers these services (including banks). Examples http://investing.lycos.com http://www.etrade.com... -
Page 193: Professional Services
iPrism Administration Guide Professional Services This category refers to business related sites that include technical and professional services. Normally these businesses sell a service such as legal or consulting rather than a product. This excludes professional sites relating to health (doctors, hospitals, etc) that should be classified as ’Health’. -
Page 194: History
iPrism Administration Guide Examples http://www.grossmont.edu http://www.ucsd.edu http://www.photofieldschool.com Keywords colleges, universities, junior colleges, trade schools, vocational schools, ESL History This category refers to sites that offer a systematic, written and methodical record of past events. These events are arranged as to show the connection of causes and effects, to give an analysis of motive and action, etc. -
Page 195: Reference Sites
iPrism Administration Guide Reference Sites This category refers to site specifically dedicated to providing a research method on one or more subject matters. Examples http://www.radnorlibrary.org http://www.mvls.info http://www.libraryspot.com Keywords libraries, databases, yellow pages, people finder Sci/Tech This category refers to sites that relate specifically to education in Science and Technology. Also included in this category are sites relating to education with emphasis on computers, astronomy, programming, physics, etc. -
Page 196: Health Category
iPrism Administration Guide Note: If a site is rated as 'K-12 Sex Education', it must not have any other rating. Examples http://www.sxetc.org http://www.siecus.org http://www.teensource.org Keywords reproduction, contraceptives, family planning, safe sex Health Category Alcohol/Tobacco This category refers to sites that support the use of alcohol and tobacco products. They may be commercial sites, such as Philips Morris and Anheuser Busch, or sites that support the use of alcohol and tobacco related products. -
Page 197: Health
iPrism Administration Guide http://www.homemadedrugs.net http://www.norml.org Keywords bongs, marijuana, cocaine, paraphernalia Health This category refers to sites that claim to improve an individual's well being either medically, organically or through support. Examples http://www.webmd.com http://www.deltadental.com http://health.yahoo.com Keywords doctors, hospitals, medications, fitness, nutrition, dentists, weight loss, massage, cosmetic surgery, day spas, diet, clinics, ophthalmology Adult Sex Education This category refers to sites that provide sexual education information to anyone who has graduated... -
Page 198: Recreation Category
iPrism Administration Guide Recreation Category Entertainment This category refers to sites associated with passive activities – meaning visitors are looking for ”sit back and entertain me” sites such as those dealing with theatre, online comics, anime, amusement parks, clubs, etc. Examples http://www.theatre.com http://www.playbill.com... -
Page 199: Games
iPrism Administration Guide Games This category refers to any site that is associated with traditional board games, role-playing games and pursuits. This includes sites that promote game makers (Mattel), electronic games, video games, computer games or online games. This category includes both game hardware & software. Also included are tips, advice and cheat codes on playing computer/Internet based games and web sites hosting games and contests. -
Page 200: Mature Humor
iPrism Administration Guide Mature Humor This category refers to any site that contains mature themes and humor that may not be suitable for children, but do not contain pornography or strong profanity. These sites may contain a limited amount of PG-13 profanity without a profanity rating. Examples http://www.theonion.com http://www.laughgallery.com... -
Page 201: Social Networking/Dating
iPrism Administration Guide http://www.wrko.com http://www.wfan.com Keywords streaming audio, listen now, on air, live feed Social Networking/Dating Sites that offer free or paid services that promote interaction, dating or other networking through forums, chat, email or other methods. Examples http://www.match.com http://www.myspace.com http://friendfinder.com http://eharmony.com http://okcupid.com http://www.friendster.com Keywords singles, online dating, personals, connections, find/make friends, matchmakers ... -
Page 202: Sports
iPrism Administration Guide Sports This category refers to any site that contains information about sports or sports related activities. This includes sites that provide sports scores or games. These sites may also contain information about sporting events, camps, teams or outings. Sports are defined as organized and competitive athletics. -
Page 203: Web Log (Blog)
iPrism Administration Guide Web Log (Blog) Journals, diaries or newsletters that can be updated daily usually involving personal thoughts/opinions on internet, social or political issues. Other categories can be added to further classify. Appendix A Filtering Categories... -
Page 204: Appendix B Configuring Browsers For Proxy Mode
iPrism Administration Guide Configuring Browsers for Proxy Mode PPENDIX To enable browser-based authentication through iPrism, you must configure each browser to use iPrism as a proxy server. Important: Do not do this if you are using bridge (transparent) mode.) Configuring Firefox for Proxy Mode Start up Firefox Version 3.x. -
Page 205: Configuring Internet Explorer For Proxy Mode
iPrism Administration Guide In the menu bar at the top of the window, click Advanced. Click Change Settings (next to the Proxies label). Check Web Proxy (HTTP) . In their respective fields next to that check box, type the IP address or hostname of the iPrism and default port 3128. -
Page 206: Appendix C Iprism Error Messages
During this time, iPrism displays the iPrism List Update message. This message is not an error message and should only last for a few seconds. If the message does not disappear contact Technical Support: http://edgewave.com/support/web_security/default.asp Appendix C iPrism Error Messages... -
Page 207: Iprism List Error
If the filter list cannot update for 3 days, an email will be sent to the iPrism administrator. If you receive this error, contact Technical Support at: http://edgewave.com/forms/support/web_security.asp iPrism Filter Service Expired This error indicates that iPrism’s subscription to the filter list update has expired. -
Page 208: Authentication Is Required
iPrism Administration Guide • iPrism detected a routing loop. A routing loop occurs when the traffic that iPrism is sending to reach a website is being routed via iPrism again, causing iPrism to filter its own traffic. This is typically the result of configuring iPrism’s default gateway as a machine located on the internal interface of the appliance. -
Page 209: Invalid Request
10 seconds. Retry after a few seconds. If the error message does not go away contact Technical Support at: http://edgewave.com/forms/support/web_security.asp Zero Sized Reply The “Zero Sized Reply” error occurs when no data is returned in the HTTP connection. This may... -
Page 210: Write Error / Broken Pipe
iPrism Administration Guide • The remote web server did not send actual data and closed the connection too early (typically a script error). • The remote web server is unable to reply. This is a problem on the web server you are trying to reach. Try again later or contact the web server’s administrator. - Page 211 15333 Avenue of Science, San Diego, CA 92128 Phone: 858-676-2277 Toll Free: 800-782-3762 Fax: 858-676-2299 Email: info@edgewave.com ©2012 EdgeWave, Inc. All rights reserved. The EdgeWave logois a trademark of EdgeWave Inc. All other trademarks and registred trademarks are hereby acknowledged.
Need help?
Do you have a question about the iPrism Web Security and is the answer not in the manual?
Questions and answers