- DL manuals
- Freedom9
- Tuner
- freeGuard Capture 1000
- User Manual
Freedom9 freeGuard Capture 1000 User Manual
Summary of freeGuard Capture 1000
Page 1
Freeguard capture internet content recorder and email archiver user’s manual part#: icr 1000 icr 2000 rev 2.0
Page 2
Copyright and trademark information this document contains proprietary information that is protected by copyright. All rights reserved. No part of this document may be photocopied, reproduced, or translated into another language without prior expressed written consent from freedom9 inc. © copyright ...
Page 3
Fcc warning this equipment has been tested and found to comply with the regulations for a class a digital device, pursuant to part 15 of the fcc rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. ...
Page 5
Freeguard capture appliance user’s manual 1 table of contents 1 product overview ....................................................................................................................9 introduction............................................................................................
Page 6
2 log out ....................................................................................................................................32 software update............................................................................................. 33 4 user list ..................................
Page 7
Freeguard capture appliance user’s manual 3 recorded service ...............................................................................................................61 smtp messages .............................................................................................. 61 pop3/imap mes...
Page 8
4 event log..............................................................................................................................102 14 technical support ...............................................................................................................103 online support ...........
Page 9
Freeguard capture appliance user’s manual 5 index of figures figure 1, icr1000 front panel ........................................................................................ 10 figure 2, icr2000 front panel ..........................................................................................
Page 10
6 figure 44, im management menu (expended) ................................................................... 43 figure 45, im login notice - configuration ........................................................................ 44 figure 46, im login notice – msn example .............................
Page 11
Freeguard capture appliance user’s manual 7 figure 88, remote backup menu..................................................................................... 86 figure 89, remote backup - backup settings .................................................................... 87 figure 90, remote backu...
Page 12
8.
Page 13: 1 Product Overview
Freeguard capture appliance user’s manual 9 1 product overview introduction thank you for purchasing the freeguard capture appliance, the internet content recorder and email archiver. The freeguard capture appliance allows organizations to capture, track and report on internet activities, such as: b...
Page 14: 2 Quick Installation
10 2 quick installation appliance front panel interfaces and layout for the icr appliance are listed below, z power led green: the appliance is powered on. Z hard disk led flashing: system is accessing data from the hard drive. Z console port one db9 console port for serial cable connection. Z wan/l...
Page 15
Freeguard capture appliance user’s manual 11 front panel for icr2000 figure 2, icr2000 front panel.
Page 16: System Deployment
12 system deployment there are two ways for icr appliance deployment: bridge mode or sniffer mode. Before you connect the icr appliance into your live network, you may want to configure it according to your network topology and requirement. Please note, each icr appliance from freedom9 inc has been ...
Page 17
Freeguard capture appliance user’s manual 13 sniffer mode link one of the internet recorder’s port to the mirror port of core switch or any port of the hub. Figure 4, deployment - sniffer mode.
Page 18: Administration Login
14 administration login connecting the administration pc and icr appliance’s lan port to the same hub or switch, make sure the administration pc is in the same network segment as the icr appliance. The default ip address for icr appliance is 192.168.1.1 with subnet mask 255.255.255.0. Start the web ...
Page 19
Freeguard capture appliance user’s manual 15.
Page 20: Setup Wizard
16 setup wizard if it’s the first time that user log into the system, the setup wizard page will be displayed automatically. Setup wizard will guide you through the basic configurations for the icr appliance, please follow the instructions on each page. This page can also be found under system Æ set...
Page 21
Freeguard capture appliance user’s manual 17 name binding: - binding to ip addresses: when the system captures the network traffic, all the network packets from one ip address, will be treated as the one user. This method is usually used for the corporation with the static ip addresses implemented i...
Page 22
18 the management interface address must correspond to the company’s environment. Set the ip in same subnet as lan. If the lan is not the segment of 192.168.1.X, for example, the lan is the segment of 172.16.X.X, then the interface ip needs to be changed to 172.16.X.X. For your reference, you may co...
Page 23
Freeguard capture appliance user’s manual 19 if the interface ip has been changed in previous steps, and the finish button was clicked, you’ll need to use the new ip address for your web browser, in order to log in again..
Page 24: System Clock Synchronization
20 system clock synchronization under systemÆdate/time, select enable synchronize with an internet time server (please adjust the time lag depends on the time area) or click synchronize system clock with this client , in order to provide the current time for the system. Figure 12, system clock synch...
Page 25: User Groups Management
Freeguard capture appliance user’s manual 21 user groups management under user list Æ setting, you can use your own name for the user groups, the number of supported user groups may vary depends on which model of icr appliance you have. Figure 13, set the name of department or group under user list ...
Page 26: 3 System
22 3 system the icr appliance is managed by the main system administrator. The main system administrator can add or delete any system settings and monitor the system status. The other group administrator have no competency to modify the system settings (the administrator’s name is set by the system ...
Page 27
Freeguard capture appliance user’s manual 23 z permitted ips, list of ip addresses that can login to the web interface z language, language used for page display z install wizard, wizard for quick and easy configuration z logout, logout from the web interface z software update, upgrade the firmware ...
Page 28: Administrator Accounts
24 administrator accounts each icr appliance has a built-in user name for administrative purpose, it’s called “admin” by default, and it can’t be changed nor removed. System administrator has the privileges to add/remove a group administrator and manage its privileges of accessing the icr appliance ...
Page 29
Freeguard capture appliance user’s manual 25 figure 16, create a group administrator – 1 figure 17, create a group administrator – 2.
Page 30: Interface Ip
26 interface ip setup interface ip address setup the ip address for the network interface for icr appliance. Figure 18, interface ip address setup ping response can be enabled on the unit, so the unit will send back the response to the ping test from the administrative pc. Administrator can determin...
Page 31: System / Setting
Freeguard capture appliance user’s manual 27 system / setting system setting overview figure 19, system setting page this page allows you to initialize the icr appliance, backup/restore configuration files, perform a factory reset, format the hard drive, repair the database, setup email alert, chang...
Page 32
28 backup / restore configuration settings all the customer settings in the icr appliance can be downloaded and saved to a file on your local computer, it provides a way to get all your settings back in case of hardware emergency. Click “download” button on the system/setting page to save the config...
Page 33
Freeguard capture appliance user’s manual 29 the reboot button will start the system reboot task once it’s been confirmed by the administrator. Figure 21, reboot confirmation some tasks such as “format hard drive”, “database repair” and system reboot may take some time to finish. Some changes to the...
Page 34: Date / Time
30 date / time the date and time settings can be changed to the current computer’s system clock, or be synchronized to an internet network time server (ntp). Figure 22, system date/time setting synchronize system clock the ip address of the ntp server is required in order to have the icr system cloc...
Page 35: Permitted Ip Addresses
Freeguard capture appliance user’s manual 31 permitted ip addresses the access to the administration web interface can be limited to only certain workstations with specific ip addresses, which is called “permitted ip addresses”. Step 1, add the permitted ip addresses for http, https and/or ping step...
Page 36: Language
32 language change the display language of the web interface, this task does not require the system reboot. Wizard the quick and easy way to configure the icr appliance is to use the setup/install wizard. It’ll guide you through the display languages, system clock, system deploy mode, client/user na...
Page 37
Freeguard capture appliance user’s manual 33 software update for new release of the firmware, you can update it with the “software update” page. The current firmware version will be shown on the page. Figure 26, firmware update running the update in lan is strongly recommended, i.E. Using a workstat...
Page 38
34 please make sure the firmware is correct for the model you have, to avoid any possible data lost or discrepancy. For more information on the release of the new firmware, please contact freedom9 technical support team..
Page 39: 4 User List
Freeguard capture appliance user’s manual 35 4 user list under user list pages allow administrators to manage the user groups, turn on or off the network traffic capturing for all users. Figure 28, user list menu setting the administrator with proper privileges can create, modify or remove a user gr...
Page 40
36 the list of user groups can be saved / exported to the local file of the management workstation, and it can be imported / uploaded from a “.Csv” file. Figure 30, save / export user groups to file setting – upload user list you can download the file for the user list, and then modify the csv file ...
Page 41: Logged User List
Freeguard capture appliance user’s manual 37 logged user list the icr appliance comes with automatic ip or mac addresses discovery, it scans all the network traffic passing through, and bind them with a user name if there’s a computer name can be recognized, all the subnet will be identified. Users ...
Page 42
38 logged user list – modify a user click on any user to modify the details for it, you can assign a new user name, change or assign the group name, or move the user to the ignore list. Figure 33, modify a user - 1 figure 34, modify a user - 2.
Page 43
Freeguard capture appliance user’s manual 39 logged user list – search you can search for a user in the subnet, by clicking the search icon, as shown in the picture below, figure 35, search for a user once you click the search icon, a pop up browser window will display the search dialogue box. Figur...
Page 44
40 logged user list – add new subnet to the group to add a new subnet to the group, click “add” button. Figure 38, add a new subnet to the user group figure 39, add a new subnet – example after click ok button, the new subnet will be added and shown,.
Page 45
Freeguard capture appliance user’s manual 41 logged user list – dept/group view to view the users under each group, click the “department/ group” link at the top, the page will change to the user group view. Figure 40, user list - group view you can also move a “logged” user to be ignored by the icr...
Page 46: Ignored User List
42 ignored user list this page gives you the list of ignored users, as shown in the picture below. Figure 42, ignored user list to capture the network traffic from/to the ignored user again, just check the box left to the user and click the button “logged”. Figure 43, move ignored user to logged all...
Page 47: Configure
Freeguard capture appliance user’s manual 43 5 instant messaging management im (instant messaging) management provides system administrator with flexibility and facility in managing im access. In the bridge mode, the icr appliance can be configured to grant or deny im access based on account or im a...
Page 48
44 figure 45, im login notice - configuration login notice - examples here’s an example for the notification in msn messenger clients. Once the user successfully signed on to msn server using msn client, a msn conversation window will be popped up, with the notification text message configured in th...
Page 49
Freeguard capture appliance user’s manual 45 figure 46, im login notice – msn example here’s an example for netbios message, figure 47, im notice - netbios example example for icq,.
Page 50
46 figure 48, im notice – icq.
Page 51: Authentication
Freeguard capture appliance user’s manual 47 authentication im access can be well managed by im authentication. System administrator may, accordingly, adopt one of the four available authentication methods, namely user, radius, pop3 and ldap, to regulate internal users’ access to instant messaging. ...
Page 52
48 radius pop3 ldap.
Page 53: Rules
Freeguard capture appliance user’s manual 49 rules default rule im access can be regulated based on the im clients (including web-based clients). For newly detected im users, the default rule will be applied. Figure 50, im authentication - default rules.
Page 54
50
Page 55
Freeguard capture appliance user’s manual 51 account rule accounts are classified into three categories, namely default account, accept account and drop account. System administrator may regulate the im access by arranging users in different account. Figure 51, im authentication - account rules clic...
Page 56: 6 P2P Management
52 6 p2p management when the icr appliance is working on the bridge mode, it can be used to allow or block the p2p (peer to peer) network traffic passing through. System administrator may grant or deny access to p2p applications based on protocol or the user. The p2p protocols that supported by the ...
Page 57: User Rule
Freeguard capture appliance user’s manual 53 user rule accounts are classified into three categories, z default accounts z accept accounts, the user is allowed to use the p2p protocol z drop accounts, the user is not allowed to use the p2p protocol, the request will be dropped. System administrator ...
Page 58
54 to move the two users to be the drop accounts list, just click the link says “to drop”,.
Page 59: 7 Record
Freeguard capture appliance user’s manual 55 7 record this section will allow the administrator to configure the way how icr appliance captures the network traffic, search / view / download or remove the captured records according to network protocols or user names. Setting under record / settings, ...
Page 60
56 signature pattern update (web mail, im, p2p) in order to efficiently filter emails and inspect the use of im and p2p software, the signature patterns need to be updated from freedom9’s update server. For authorized customers of the icr appliance, system will automatically check for the signature ...
Page 61
Freeguard capture appliance user’s manual 57 lan to lan recording the icr appliance is capable of recording the data transmission among lans, it is suggested to be checked for the scenario that the users are accessing the internet through an on-site proxy server. The maximum entries to be displayed ...
Page 62
58 http cache setting this option allows you to keep a copy of what the http web pages visited by the user. If it’s checked, a snapshot of the visited pages will be saved to the local hard drive. Otherwise, only the url of the link will be kept..
Page 63: Record - User
Freeguard capture appliance user’s manual 59 record - user display all the captured records by users per day. Figure 57, captured data by user move the mouse to the user name for details, to switch to the department / group view, click on the button called “department/group”. Click the user name / i...
Page 64
60 or you can choose “customer view” from the pop up menu for more specific search over the history, figure 58, customer view search by user.
Page 65: Recorded Service
Freeguard capture appliance user’s manual 61 recorded service under service section, a list of protocols that can be captured by the currently firmware will be listed. In the current firmware, icr appliance supports all major protocols used in network communication, including smpt, pop3, imap, http,...
Page 66
62 to forward a copy of the messages to a specific recipient, tick all the check boxes in front of the message that you want to forward, and then click the forward icon . Figure 61, records captured - forward to search for the records or define the search criteria, click the search icon , the search...
Page 67
Freeguard capture appliance user’s manual 63 the search result will look like this, all the keywords are high lighted, as shown below. All records are displayed per day. To save the searched result to a local file, click the “download” button on the search page, figure 63, download the search result.
Page 68
64 pop3/imap messages it captures and archives all the emails received by the email clients. Figure 64, records captured - pop3/imap to search for the records or define the search criteria, click the search icon , the search page will be displayed. Depends on the data volume, the search in the email...
Page 69
Freeguard capture appliance user’s manual 65 http records it captures and archives all the visited url addresses and web page contents. Figure 65, records captured - http to search for the records or define the search criteria, click the search icon , the search page will be displayed. Click the lin...
Page 70
66 im – instant messaging it captures and archives the source addresses, conversation details and display names of an instant messaging chat, it can also capture and archive file(s) transferred during the text conversation. Figure 66, records captured - im more examples for captured im chats, to sea...
Page 71
Freeguard capture appliance user’s manual 67 web smtp messages it will capture and archive web-based emails sent from the web mail server. Depends on the model and firmware version, the supported web-based email server may vary. Currently icr appliance supports web mail service provided by yahoo, gm...
Page 72
68 web pop3 messages it captures and archives emails received through web-based email servers. Depends on the model and firmware version, the supported web-based email server may vary. Currently icr appliance supports web mail service provided by yahoo, gmail, hotmail, seednet, pchome, hinet, sina, ...
Page 73
Freeguard capture appliance user’s manual 69 record – ftp sessions it archives files transferred via ftp protocol. Figure 69, records captured – ftp to download the captured ftp transfer, click on the url under “file name” column. Figure 70, records captured - ftp, download a copy a pop up window wi...
Page 74
70 record – telnet sessions it records the details of a session communicated through telnet protocol. Figure 71, records captured – telnet sessions to view the details for the session, click the icon under detail column, the screen shot below is an example of the captured telnet login. Figure 72, te...
Page 75: 8 Flow Analysis
Freeguard capture appliance user’s manual 71 8 flow analysis flow analysis includes today top-10, history top-n and flow statistics, which provides the system administrator an instant insight to the bandwidth usage analysis, and it’s based on user and services (network protocols). This feature is in...
Page 76: Today Top-10
72 today top-10 the top 10 of bandwidth usage chart by users and services. Chart of traffic vs. Time z x-axis indicates the traffic flow sampled in bits per second. Z y-axis indicates time. Z blue line signifies the continuous variation of the major services z brown line signifies the continuous var...
Page 77
Freeguard capture appliance user’s manual 73 detailed statistics per user can be displayed by clicking on the user name with the url link..
Page 78: History Top-N
74 history top-n the top 10 users of bandwidth and the most frequently used services of a specific period of time will be displayed, page navigation is provided in order to view the data for all the users. Figure 75, flow analysis - top n in history statistics in service top n view, all the services...
Page 79
Freeguard capture appliance user’s manual 75 the web interface allows administrator to send a copy of the report by email, the recipient will get an email with a pdf formatted report attached. The administrator can also download the report to local hard drive for future reference, by clicking the “d...
Page 80
76 flow statistics this page displays the statistics chart of the packets processed in the certain period. Figure 76, flow analysis - statistics chart.
Page 81: 9 Anomaly Flow Ip
Freeguard capture appliance user’s manual 77 9 anomaly flow ip when the corporate network is under a dos (or ddos) attack, the icr appliance will take actions (such as sending alerts) to protect the internal network. This chapter will be discussing the functionality and application of anomaly flow i...
Page 82: Anomaly Flow Ip Setting
78 anomaly flow ip setting when the number of concurrent sessions from an ip address has exceeded the threshold, icr appliance will treat the ip address as an anomaly flow ip, block data sent from it and send out email alert notification to designated email address. If the “enable anomaly flow ip bl...
Page 83: Virus Infected Ip
Freeguard capture appliance user’s manual 79 virus infected ip a list of computers those might be infected by virus. When a ddos attack occurs, the icr appliance will add an entry to the list, and send out alert by email and/or netbios notification. Figure 79, virus-infected ip figure 80, netbios no...
Page 84: Intrusion Ip
80 intrusion ip all the possible intrusion from internet detected by the icr appliance will be listed, including the source ip address and the time of the event happened. The administrator can click the “clear” button to remove all the records in the list, or click “download” to have a plain text ve...
Page 85: 10 Local Disk
Freeguard capture appliance user’s manual 81 10 local disk all the captured records of network traffic are stored in the built-in hard disk. The web interface of icr appliance provides a summary report of disk space usage based on the network protocols and users. The administrator may decide the sto...
Page 86
82 figure 84, storage time.
Page 87: Disk Space
Freeguard capture appliance user’s manual 83 disk space this page gives you the usage report of the built-in hard drive space, depends on the model of icr appliance, the disk capacity may vary. The report also provides the space used by all the protocols that been captured, and the space used by eac...
Page 88
84 figure 85, disk space usage an example to the disk space usage report, figure 86, disk space usage report.
Page 89
Freeguard capture appliance user’s manual 85 different color will be used for each protocol, which makes the chart easy to read. Figure 87, disk space usage details (continued).
Page 90: 11 Remote Backup
86 11 remote backup running a storage shortage is always a disaster especially when calling for archiving valuable information for a long-term storage. The icr appliance features remote backup which will be run automatically to create a copy of the captured records to a remote storage device, such a...
Page 91: Settings
Freeguard capture appliance user’s manual 87 settings backup settings figure 89, remote backup - backup settings z connection status of remote hard disk displays the access validity, assigned access privilege (read/write), space requirement for next backup and current available space of remote stora...
Page 92
88 z backup setting determines of which service, location and schedule to backup. Z backup immediately perform a backup for all the services / protocols in a particular period. Once the duration is defined, the required hard drive space will be displayed on the screen. Browse settings z connection s...
Page 93
Freeguard capture appliance user’s manual 89 browse under browse the menu lists all the major network services supported by the icr appliance. Click the service name to show captured records of it. To search in the same service, click the search icon - ; to forward the selected records, tick the che...
Page 94: 12 Report
90 12 report report delivers system administrator a quick insight to network traffic and storage space utilization with graphical charts, bettering the management on corporate network. Setting settings – scheduled report / periodic under report settings, you can define how the report will be generat...
Page 95
Freeguard capture appliance user’s manual 91 figure 93, daily report sent by the email.
Page 96
92 figure 94, sample report by email – network traffic.
Page 97
Freeguard capture appliance user’s manual 93.
Page 98
94 figure 95, daily report by users (partial) schedule for periodic report: 1. Yearly report gets generated at 12:00 am on january 1st the year. 2. Monthly report gets generated at 12:00 am on the first day of the month. 3. Weekly report gets generated at 12:00 am on the first day of the week. 4. Da...
Page 99
Freeguard capture appliance user’s manual 95 figure 96, report sample - weekly report.
Page 100
96 figure 97, report sample - weekly traffic weekly report by user..
Page 101: Storage Report
Freeguard capture appliance user’s manual 97 storage report storage report shows the bar charts of disk usage, indicating the disk space utilization of each service. It has viewed by day, week, month or year. How to read the chart, z y-axis indicates the used disk space in mb. Z x-axis indicates tim...
Page 102
98.
Page 103: 13 System Status
Freeguard capture appliance user’s manual 99 13 system status system status page shows the resource usage, session amount and system event log of the icr appliance. System info includes the usage of cpu, hard disk, memory and ram disk, all information are illustrated separately in different histogra...
Page 104
100
Page 105: Current Session
Freeguard capture appliance user’s manual 101 current session this page shows the active sessions created by each service, such as http, ftp, pop3, smtp, im, telnet, web mail and p2p. Figure 99, system status - current session records can be searched with criteria, such as service, status, protocol,...
Page 106: Event Log
102 event log this page shows all the system events of the icr appliance. Older event will be removed from the system, based on the expiration date for the event log is defined in “system / settings / log storage time” area. Figure 101, status - event log to view more information for the event, clic...
Page 107: 14 Technical Support
Freeguard capture appliance user’s manual 103 14 technical support online support all the trouble shooting tips will be updated and published on freedom9’s official web site, please check the support page www.Freedom9.Com/support for latest information on technical articles, frequently asked questio...