M86 Security Web Filter HL User Manual

Page of 512

Download

Print this page

Bookmark us

M86 Web Filter

USER GUIDE

Models: HL, SL, MSA / Software Version: 5.0.00

Document Version: 02.01.12

1 2 3 4 5 6 7 Next › »

Summary of Web Filter HL

Page 1
M86 web filter user guide models: hl, sl, msa / software version: 5.0.00 document version: 02.01.12.
Page 2: M86 W
Ii m86 s ecurity u ser g uide m86 w eb f ilter u ser g uide (hl, sl, msa) © 2012 m86 security all rights reserved. Version 1.01, published february 2012 for software release 5.0.00 printed in the united states of america this document may not, in whole or in part, be copied, photo- copied, reproduce...
Page 3: Ontents
M86 s ecurity u ser g uide iii c ontents i ntroductory s ection .................................................. 1 web filter ..................................................................................... 1 about this user guide .................................................................
Page 4
C ontents iv m86 s ecurity u ser g uide m86 supplied categories.................................................... 25 custom categories ............................................................. 25 service ports . ........................................................................... 26 rul...
Page 5
C ontents m86 s ecurity u ser g uide v non-synchronized items ..................................................... 45 server maintenance procedures ..................................................... 47 source server failure scenarios .............................................. 47 establish ba...
Page 6
C ontents vi m86 s ecurity u ser g uide control ............................................................................................. 72 filter window ............................................................................. 72 local filtering................................................
Page 7
C ontents m86 s ecurity u ser g uide vii edit an administrator account ............................................ 97 delete an administrator account......................................... 97 secure logon .................................................................................. 98 logon ...
Page 8
C ontents viii m86 s ecurity u ser g uide ftp the log on demand ............................................ 121 view ................................................................................. 122 view the log of administrator changes ..................... 122 alert .............................
Page 9
C ontents m86 s ecurity u ser g uide ix specify the listening device ............................................. 153 specify the block page device ......................................... 153 invisible option: specify the block page delivery............. 154 icap option: specify icap server setti...
Page 10
C ontents x m86 s ecurity u ser g uide hardware failure detection window ....................................... 177 view the status of the hard drives ................................... 177 x strikes blocking ......................................................................... 179 x strikes b...
Page 11
C ontents m86 s ecurity u ser g uide xi profile control window ............................................................ 210 edit entries........................................................................ 211 quota block page customization window . ............................. 212 add, edit...
Page 12
C ontents xii m86 s ecurity u ser g uide global group profile window .................................................. 247 category profile ............................................................... 248 create, edit a list of selected categories.................. 248 port.........................
Page 13
C ontents m86 s ecurity u ser g uide xiii set a time for updates to be retrieved............................ 279 optional: specify a proxy server ..................................... 280 select the log level.......................................................... 280 manual update window . .........
Page 14
C ontents xiv m86 s ecurity u ser g uide create, maintain a whitelist of ip addresses ................... 304 category groups ........................................................................... 305 library details window ............................................................ 306 view l...
Page 15
C ontents m86 s ecurity u ser g uide xv real time probe ........................................................................... 326 real time probe window ........................................................ 326 configuration......................................................................
Page 16
C ontents xvi m86 s ecurity u ser g uide members window .................................................................... 347 add the ip address of the member .................................. 348 remove a member from the group .................................. 348 override account window . ......
Page 17
C ontents m86 s ecurity u ser g uide xvii add sub group . ...................................................................... 390 add an ip sub group ........................................................ 390 add individual ip .......................................................................
Page 18
C ontents xviii m86 s ecurity u ser g uide refresh the library............................................................ 408 custom library category ................................................................ 409 library details window ............................................................
Page 19
C ontents m86 s ecurity u ser g uide xix set up for each sub-group .......................................... 429 2. Exclude filtering ip.................. 430 part ii: customize the block page .......................................... 430 1. Set up a web server .......................................
Page 20
C ontents xx m86 s ecurity u ser g uide configure the web filter for reporting ......................................... 456 entries in the web filter administrator console ...................... 456 entries in the sr, er administrator console . ......................... 458 appendix e ................
Page 21: Ntroductory
I ntroductory s ection w eb f ilter m86 s ecurity u ser g uide 1 i ntroductory s ection web filter m86 security’s web filter tracks each user’s online activity, and can be configured to block specific web sites, service ports, and pattern and file types, and lock out an end user from internet access...
Page 22
I ntroductory s ection a bout this u ser g uide 2 m86 s ecurity u ser g uide • introductory section - this section is comprised of an overview on filtering, web access logging, instant messaging and peer-to-peer blocking, and synchronizing multiple web filter units. This section also provides infor-...
Page 23: How to Use This User Guide
I ntroductory s ection h ow to u se this u ser g uide m86 s ecurity u ser g uide 3 how to use this user guide conventions the following icons are used throughout this user guide: note : the “note” icon is followed by italicized text providing additional information about the current subject. Tip : t...
Page 24: Terminology
I ntroductory s ection h ow to u se this u ser g uide 4 m86 s ecurity u ser g uide terminology the following terms are used throughout this user guide. Sample images (not to scale) are included for each item. • alert box - a message box that opens in response to an entry you made in a dialog box, wi...
Page 25
I ntroductory s ection h ow to u se this u ser g uide m86 s ecurity u ser g uide 5 • frame - a boxed-in area in a dialog box, window, or screen that includes a group of objects such as fields, text boxes, list boxes, buttons, radio buttons, check- boxes, and/or tables. Objects within a frame belong ...
Page 26
I ntroductory s ection h ow to u se this u ser g uide 6 m86 s ecurity u ser g uide • pop-up box or pop-up window - a box or window that opens after you click a button in a dialog box, window, or screen. This box or window may display infor- mation, or may require you to make one or more entries. Unl...
Page 27
I ntroductory s ection h ow to u se this u ser g uide m86 s ecurity u ser g uide 7 • sub-topic - a subset of a main topic that displays as a menu item for the topic. The menu of sub-topics opens when a perti- nent topic link in the left panel—the navigation panel—of a screen is clicked. If a sub-top...
Page 28
I ntroductory s ection h ow to u se this u ser g uide 8 m86 s ecurity u ser g uide • tree - a tree displays in the naviga- tion panel of a screen, and is comprised of a hierarchical list of items. An entity associated with a branch of the tree is preceded by a plus (+) sign when the branch is collap...
Page 29: Overview
I ntroductory s ection o verview m86 s ecurity u ser g uide 9 overview the web filter’s administrator console is used by the global administrator—and group administrator, as required—to configure the web filter server to perform the following basic functions: • filter urls (web addresses) on the int...
Page 30: Environment Requirements
I ntroductory s ection e nvironment r equirements 10 m86 s ecurity u ser g uide environment requirements workstation requirements administrator system requirements for the administrator include the following: • windows xp, vista, or 7 operating system running: • internet explorer (ie) 8 or 9 • firef...
Page 31: Network Requirements
I ntroductory s ection e nvironment r equirements m86 s ecurity u ser g uide 11 end user system requirements for the end user include the following: • windows xp, vista, or 7 operating system running: • internet explorer (ie) 8 or 9 • firefox 9 or 10 • google chrome 16 or 17 • safari 5.0 or 5.1 • ma...
Page 32: Operational Modes
I ntroductory s ection c hapter 1: f iltering o perations 12 m86 s ecurity u ser g uide chapter 1: filtering operations operational modes based on the setup of your network, the web filter can be configured to use one of these operational modes for filtering the network: • invisible mode • router mo...
Page 33
I ntroductory s ection c hapter 1: f iltering o perations m86 s ecurity u ser g uide 13 invisible mode if the web filter is set up in the invisible mode, the unit will filter all connections on the ethernet between client pcs and the internet, without stopping each ip packet on the same ethernet seg...
Page 34
I ntroductory s ection c hapter 1: f iltering o perations 14 m86 s ecurity u ser g uide when users (client pcs) make internet requests, the traffic flows (1) through the network path without interruption. The web filter captures the request as the user’s request (2) leaves the network. The web filte...
Page 35
I ntroductory s ection c hapter 1: f iltering o perations m86 s ecurity u ser g uide 15 router mode if the web filter is set up in the router mode, the unit will act as an ethernet router, filtering ip packets as they pass from one card to another. While all original packets from client pcs are allo...
Page 36
I ntroductory s ection c hapter 1: f iltering o perations 16 m86 s ecurity u ser g uide warning : m86 recommends contacting one of our solutions engineers if you need assistance with router mode setup proce- dures. Firewall mode the firewall mode is a modification of the router mode. With the web fi...
Page 37
I ntroductory s ection c hapter 1: f iltering o perations m86 s ecurity u ser g uide 17 the firewall mode cannot be used with any other mode (invisible or router). Figure 1:1-4 illustrates an example of a firewall mode setup in which requests are never sent to the caching server. In this scenario th...
Page 38: Group Types
I ntroductory s ection c hapter 1: f iltering o perations 18 m86 s ecurity u ser g uide group types after the operational filtering mode is configured on the web filter, the group type(s) that will be used on the web filter must be set up so that filtering can take place. In the policy section of th...
Page 39
I ntroductory s ection c hapter 1: f iltering o perations m86 s ecurity u ser g uide 19 ip groups the ip group type is represented in the tree by the ip icon . A master ip group is comprised of sub-group members and/or individual ip members . The global administrator adds master ip groups, adds and ...
Page 40: Filtering Profile Types
I ntroductory s ection c hapter 1: f iltering o perations 20 m86 s ecurity u ser g uide filtering profile types a filtering profile is used by all users who are set up to be filtered on the network. This profile consists of rules that dictate whether a user has access to a specified web site or serv...
Page 41
I ntroductory s ection c hapter 1: f iltering o perations m86 s ecurity u ser g uide 21 • override account profile - set up in either the global group section or the master ip group section of the console. • lock profile - set up under x strikes blocking in the filter options section of the profile....
Page 42
I ntroductory s ection c hapter 1: f iltering o perations 22 m86 s ecurity u ser g uide static filtering profiles static filtering profiles are based on fixed ip addresses and include profiles for master ip groups and their members. Master ip group filtering profile the master ip group filtering pro...
Page 43
I ntroductory s ection c hapter 1: f iltering o perations m86 s ecurity u ser g uide 23 active filtering profiles active filtering profiles include the global group profile, override account profile, time profile, and lock profile. Note : for information about authentication filtering profiles, see ...
Page 44: Filtering Profile Components
I ntroductory s ection c hapter 1: f iltering o perations 24 m86 s ecurity u ser g uide filtering profile components filtering profiles are comprised of the following compo- nents: • library categories - used when creating a rule, minimum filtering level, or filtering profile for the global group or...
Page 45
I ntroductory s ection c hapter 1: f iltering o perations m86 s ecurity u ser g uide 25 library categories a library category contains a list of web site addresses and keywords for search engines and urls that have been set up to be blocked or white listed. Library categories are used when creating ...
Page 46
I ntroductory s ection c hapter 1: f iltering o perations 26 m86 s ecurity u ser g uide service ports service ports are used when setting up filter segments on the network (the range of ip addresses/netmasks to be detected by the web filter), the global (default) filtering profile, and the minimum f...
Page 47
I ntroductory s ection c hapter 1: f iltering o perations m86 s ecurity u ser g uide 27 note : if the minimum filtering level is not set up, global (default) filtering settings will apply instead. If an override account is established at the ip group level for a member of a master ip group, filterin...
Page 48: Filtering Rules
I ntroductory s ection c hapter 1: f iltering o perations 28 m86 s ecurity u ser g uide • filter - if a service port is given a filter setting, that port will use filter settings created for library categories (block or open settings) to determine whether users should be denied or allowed access to ...
Page 49
I ntroductory s ection c hapter 1: f iltering o perations m86 s ecurity u ser g uide 29 b. An individual ip member time profile takes precedence over the individual ip member profile. 6. An authentication (ldap) profile—this includes a work- station profile—takes precedence over an individual ip mem...
Page 50
I ntroductory s ection c hapter 1: f iltering o perations 30 m86 s ecurity u ser g uide fig. 1:1-7 sample filtering hierarchy diagram.
Page 51: Web Access Logging
I ntroductory s ection c hapter 2: l ogging and b locking m86 s ecurity u ser g uide 31 chapter 2: logging and blocking web access logging one of the primary functions of the web filter is to log the activity of users on the internet. Information captured in the log can be transferred to a reporting...
Page 52
I ntroductory s ection c hapter 2: l ogging and b locking 32 m86 s ecurity u ser g uide feature of the web filter, groups and/or individual client machines can be set up to block the use of im services specified in the library category. When the im module is loaded on the server, the web filter comp...
Page 53
I ntroductory s ection c hapter 2: l ogging and b locking m86 s ecurity u ser g uide 33 setting up im and p2p im and p2p are set up in the system and library sections of the administrator console. 1. In the system section, activate pattern blocking in the filter window. 2. In the library section, no...
Page 54
I ntroductory s ection c hapter 2: l ogging and b locking 34 m86 s ecurity u ser g uide block im, p2p for all users block im for all users to block im for all users on the network: • the pattern blocking option in the filter window must be activated • the global filtering profile must have both chat...
Page 55
I ntroductory s ection c hapter 2: l ogging and b locking m86 s ecurity u ser g uide 35 • the chat and specified individual instant messaging library categories must both be set up to be blocked for that entity • the global filtering profile should not have im blocked, unless blocking all im traffic...
Page 56: Web Filter Synchronization
I ntroductory s ection c hapter 3: s ynchronizing m ultiple u nits 36 m86 s ecurity u ser g uide chapter 3: synchronizing multiple units web filter synchronization the web filter can function in one of three modes—“stand alone” mode, “source” mode, or “target” mode—based on the setup within your org...
Page 57
I ntroductory s ection c hapter 3: s ynchronizing m ultiple u nits m86 s ecurity u ser g uide 37 f unctional m odes stand alone mode in the stand alone mode, the web filter functions as the only internet filter on the network. This mode is used if there is only one web filter on the network. Synchro...
Page 58: Synchronization Setup
I ntroductory s ection c hapter 3: s ynchronizing m ultiple u nits 38 m86 s ecurity u ser g uide synchronization setup to set up synchronization on a web filter, a selection must be made in setup window from the system section of the web filter console to specify whether the web filter will function...
Page 59
I ntroductory s ection c hapter 3: s ynchronizing m ultiple u nits m86 s ecurity u ser g uide 39 should receive its running filter configuration in the event of a reboot. Warning : if a web filter server is set up in the target mode with a nat device between the target and source server, be sure tha...
Page 60
I ntroductory s ection c hapter 3: s ynchronizing m ultiple u nits 40 m86 s ecurity u ser g uide if the target server is rebooted for any reason (loss of power etc.) upon bootup, the target server will actively download and apply the current running configuration from the source server. It will then...
Page 61: Delays In Synchronization
I ntroductory s ection c hapter 3: s ynchronizing m ultiple u nits m86 s ecurity u ser g uide 41 delays in synchronization when a filtering profile is applied to the source server, there is a slight delay in the time it takes to apply the profile to the target server. This delay is caused by the amo...
Page 62
I ntroductory s ection c hapter 3: s ynchronizing m ultiple u nits 42 m86 s ecurity u ser g uide synchronized, non-synchronized items it is important to note that while some items are synchro- nized to the target web filters, they do not become perma- nent configurations on the target web filter. Th...
Page 63
I ntroductory s ection c hapter 3: s ynchronizing m ultiple u nits m86 s ecurity u ser g uide 43 synchronize all items the following lists show which items will be synchronized when the option to synchronize all items is selected. Synchronized items (all) • m86 library additions/deletions • custom l...
Page 64
I ntroductory s ection c hapter 3: s ynchronizing m ultiple u nits 44 m86 s ecurity u ser g uide • quota setting non-synchronized items • filter control settings • virtual ip and authentication ip addresses • ip addresses • default routes • software update application • synchronization settings • fi...
Page 65
I ntroductory s ection c hapter 3: s ynchronizing m ultiple u nits m86 s ecurity u ser g uide 45 synchronize only library items the following lists show which items will be synchronized when the option to synchronize only library items is selected. Synchronized items (library only) • m86 library add...
Page 66
I ntroductory s ection c hapter 3: s ynchronizing m ultiple u nits 46 m86 s ecurity u ser g uide • ldap user/group: additions/deletions, changes, filter changes, profile activation/deactivation • filter control settings • virtual ip and authentication ip addresses • ip addresses • default routes • s...
Page 67
I ntroductory s ection c hapter 3: s ynchronizing m ultiple u nits m86 s ecurity u ser g uide 47 server maintenance procedures source server failure scenarios in the event that the source web filter unit should fail, the target servers will continue to run using the last known configuration loaded f...
Page 68
I ntroductory s ection c hapter 3: s ynchronizing m ultiple u nits 48 m86 s ecurity u ser g uide use a backup file to set up a source server in the event of a source server failure, the global adminis- trator should designate a target server as the new source server. Set up a target server as a sour...
Page 69
I ntroductory s ection c hapter 3: s ynchronizing m ultiple u nits m86 s ecurity u ser g uide 49 set up a replacement target server once the original source server is replaced or repaired, it can then be configured to replace the empty spot created by the movement of the target server to the positio...
Page 70: Chapter 4: Getting Started
I ntroductory s ection c hapter 4: g etting s tarted 50 m86 s ecurity u ser g uide chapter 4: getting started initial setup to begin setting up your web filter server, follow the instructions in the m86 web filter installation guide, the booklet packaged with your web filter unit. This guide explain...
Page 71
I ntroductory s ection c hapter 4: g etting s tarted m86 s ecurity u ser g uide 51 3. After accepting the security certificate, click go to open the web filter login window: fig. 1:4-1 login window 4. Enter your username and password . Tip : the default username is admin and the password is user3 . ...
Page 72
I ntroductory s ection c hapter 4: g etting s tarted 52 m86 s ecurity u ser g uide on this screen, the web filter version number displays in the product frame, and dates for the last software update and last library update display in the web filter status frame. The following information displays at...
Page 73
I ntroductory s ection c hapter 4: g etting s tarted m86 s ecurity u ser g uide 53 fig. 1:4-3 welcome screen , last library update text click the checkbox “do not show “old library warning” dialog box in future” to disable the last library update message box. After the libraries are updated, the wel...
Page 74
I ntroductory s ection c hapter 4: g etting s tarted 54 m86 s ecurity u ser g uide navigation tips access main sections the administrator console is organized into six sections, each accessible by clicking the corresponding link in the navigation toolbar at the top of the screen: • home - clicking t...
Page 75
I ntroductory s ection c hapter 4: g etting s tarted m86 s ecurity u ser g uide 55 • help - clicking this link displays the help screen that includes navigation tips. Links in the left panel provide access to software and appliance information, and a page for downloading the latest documentation (in...
Page 76
I ntroductory s ection c hapter 4: g etting s tarted 56 m86 s ecurity u ser g uide help features help features provide information about how to use windows in the administrator console. Such features include help topics and tooltips. Access help topics each of the main section screens contains a lin...
Page 77
I ntroductory s ection c hapter 4: g etting s tarted m86 s ecurity u ser g uide 57 tooltips in any window that features the icon in the navigation path bar beneath the banner, additional information about that window can be obtained by hovering over that icon with your mouse, or by pressing the f1 k...
Page 78
I ntroductory s ection c hapter 4: g etting s tarted 58 m86 s ecurity u ser g uide • help pop-up box the help pop-up box opens when you press the f1 key on your keyboard: fig. 1:4-7 help pop-up box click ok to close the pop-up box..
Page 79
I ntroductory s ection c hapter 4: g etting s tarted m86 s ecurity u ser g uide 59 screen and window navigation all screens are divided into two panels: a navigation panel to the left, and a window in the panel to the right. Windows display in response to a selection made in the navigation panel. In...
Page 80
I ntroductory s ection c hapter 4: g etting s tarted 60 m86 s ecurity u ser g uide select sub-topics some topics in library and system screens consist of more than one window. For these topics, clicking a topic link opens a menu of sub-topics: fig. 1:4-9 sub-topics menu when a sub-topic from this me...
Page 81
I ntroductory s ection c hapter 4: g etting s tarted m86 s ecurity u ser g uide 61 navigate a tree list tree lists are included in the navigation panel of policy and library screens. Fig. 1:4-10 tree menu a tree is comprised of a hierarchical list of items. An entity associated with a branch of the ...
Page 82
I ntroductory s ection c hapter 4: g etting s tarted 62 m86 s ecurity u ser g uide tree list topics and sub-topics policy and library tree lists possess a menu of topics and sub-topics. Topics in the tree list display by default when the tree is opened. Examples of tree list topics are circled in fi...
Page 83
I ntroductory s ection c hapter 4: g etting s tarted m86 s ecurity u ser g uide 63 navigate a window with tabs in each section of the console, there are windows with tabs. When selecting a window with tabs from the navigation panel, the main tab for that window displays. Entries made in a tab must b...
Page 84
I ntroductory s ection c hapter 4: g etting s tarted 64 m86 s ecurity u ser g uide console tips and shortcuts the following list of tips and shortcuts is provided to help you use windows in the administrator console with greater efficiency. Navigation path the navigation path displays at the top of ...
Page 85
I ntroductory s ection c hapter 4: g etting s tarted m86 s ecurity u ser g uide 65 select multiple items when moving several items from one list box to another, or when deleting several items, the ctrl and shift keys can be used to expedite this task. • ctrl key to select multiple items from a list ...
Page 86
I ntroductory s ection c hapter 4: g etting s tarted 66 m86 s ecurity u ser g uide calculate ip ranges without overlaps the calculator button displays on windows in which ip ranges are entered. These windows include: range to detect and members windows from the policy section, and block page route t...
Page 87
I ntroductory s ection c hapter 4: g etting s tarted m86 s ecurity u ser g uide 67 2. After making a note of the information in this window, click close to close the ip calculator. Re-size the user interface for greater ease in viewing content in any screen, re-size the browser window by placing you...
Page 88
I ntroductory s ection c hapter 4: g etting s tarted 68 m86 s ecurity u ser g uide log off to log off the administrator console: 1. Click the logout button in the navigation toolbar at the top of the screen. This action opens the quit dialog box: fig. 1:4-15 quit dialog box 2. Click yes to return to...
Page 89: Lobal
G lobal a dministrator s ection i ntroduction m86 s ecurity u ser g uide 69 g lobal a dministrator s ection introduction the global administrator section of this user guide is comprised of four chapters, based on the layout of the administrator console. This section is used by the autho- rized globa...
Page 90: Chapter 1: System Screen
G lobal a dministrator s ection c hapter 1: s ystem screen 70 m86 s ecurity u ser g uide chapter 1: system screen the system screen is comprised of windows used for configuring and maintaining the server to authenticate users, and to filter, log, or block specified internet content for each user bas...
Page 91
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 71 notes : if the synchronization feature is used and a web filter is set up in the source mode, the cmc management topic and associated sub-topics are also available. If the synchronization feature is used and a w...
Page 92: Control
G lobal a dministrator s ection c hapter 1: s ystem screen 72 m86 s ecurity u ser g uide control control includes options for controlling basic web filter server functions. Click the control link to view a menu of sub-topics: filter, block page authentication, shutdown, and reboot. Filter window the...
Page 93
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 73 clients such as google web accelerator and proxy patterns that bypass filtering (see http://www.M86security.Com/ software/8e6/hlp/r3000/files/1system_proxy_block .Html for a list of proxy pattern types set up to...
Page 94
G lobal a dministrator s ection c hapter 1: s ystem screen 74 m86 s ecurity u ser g uide enable local filtering options to enable local filtering , click “on”. The server will filter the specified range to detect on the network. To enable the detection of vlan traffic on the network, at vlan detecti...
Page 95
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 75 https filtering specify your preference for filtering https sites in the https filtering frame. Select from the following settings for the https filtering level : • “none” - if you do not want the web filter to ...
Page 96
G lobal a dministrator s ection c hapter 1: s ystem screen 76 m86 s ecurity u ser g uide note : after making all entries in this window, click apply . Service control in the service control frame, indicate whether or not pattern blocking with be enabled or disabled. Enable pattern blocking by defaul...
Page 97
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 77 to create a whitelist of pattern ip addresses, see the pattern detection whitelist window in chapter 3: library screen. Disable pattern blocking click “off” to disable pattern blocking . Note : after making all ...
Page 98
G lobal a dministrator s ection c hapter 1: s ystem screen 78 m86 s ecurity u ser g uide block page authentication window the block page authentication window displays when block page authentication is selected from the control menu. This feature is used for entering criteria the web filter will use...
Page 99
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 79 enter, edit block page options note : if you are not using authentication, and/or if your users do not have override accounts set up, you do not need to select any option at the re-authentication options field. ...
Page 100
G lobal a dministrator s ection c hapter 1: s ystem screen 80 m86 s ecurity u ser g uide 2. If the re-authentication option was selected, in the logon script path field, \\pdcshare\scripts displays by default. In this field, enter the path of the logon script that the web filter will use when re-aut...
Page 101
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 81 by default, the following data displays in the user/machine frame of the block page: • user/machine field - the username displays for the ldap user. This field is blank for the ip group user. • ip field - the us...
Page 102
G lobal a dministrator s ection c hapter 1: s ystem screen 82 m86 s ecurity u ser g uide email address field populates the “to” field. The user’s message is submitted to the global administrator. Options page the options page displays when the user clicks the following link in the block page: for fu...
Page 103
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 83 the frame beneath the user/machine frame includes infor- mation for options (1, 2, and/or 3) based on settings made in this window and the common customization window. Note : information about option 1 is includ...
Page 104
G lobal a dministrator s ection c hapter 1: s ystem screen 84 m86 s ecurity u ser g uide notes : see profile control window for information on custom- izing the content in the profile control pop-up window. See appendix c: override pop-up blockers for information on how a user with an override accou...
Page 105
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 85 the user should click the logon.Bat icon to run a script that will re-authenticate his/her profile on the network. Note : if the end user is using a non-ie browser type (i.E. Firefox, safari, or chrome) he/she w...
Page 106
G lobal a dministrator s ection c hapter 1: s ystem screen 86 m86 s ecurity u ser g uide reboot window the reboot window displays when reboot is selected from the control menu. This window is used for reconnecting the server on the network. Fig. 2:1-9 reboot window reboot the server 1. In the reboot...
Page 107
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 87 the server connected alert box also opens, informing you that the server is connected, and that you must restart the server. 3. Click ok to close the web filter ready alert box. 4. Click ok to close the server c...
Page 108: Network
G lobal a dministrator s ection c hapter 1: s ystem screen 88 m86 s ecurity u ser g uide network network includes options for configuring the web filter on the network. Click the network link to view a menu of sub- topics: lan settings, ntp servers, regional setting, and block page route table. Lan ...
Page 109
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 89 specify lan settings 1. In the host name field, enter up to 50 alphanumeric characters for the name of the host for this server, such as wf.Logo.Com . 2. Specify the following information, as necessary: • in the...
Page 110
G lobal a dministrator s ection c hapter 1: s ystem screen 90 m86 s ecurity u ser g uide ntp servers window the ntp servers window displays when ntp servers is selected from the network menu. This window is used for specifying ip addresses of servers running network time protocol (ntp) software. Ntp...
Page 111
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 91 specify network time protocol servers in the details frame, three ntp server ip addresses display by default in the servers list box. These ip addresses are: 128.59.35.142 , 142.3.100.15 , and 129.132.98.11 . No...
Page 112
G lobal a dministrator s ection c hapter 1: s ystem screen 92 m86 s ecurity u ser g uide regional setting window the regional setting window displays when regional setting is selected from the network menu. This window is used for specifying the time zone to be used by the web filter and the languag...
Page 113
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 93 warning : if using the web filter with an m86 security reporter or m86 enterprise reporter unit, be sure each web filter used by the sr or er is set up in the same time zone as the sr or er. These “like” setting...
Page 114
G lobal a dministrator s ection c hapter 1: s ystem screen 94 m86 s ecurity u ser g uide add a router in the route table frame: 1. Enter the ip address. 2. Select the network subnet mask from the pull-down menu. 3. In the gateway field, enter the ip address of the portal to which packets will be tra...
Page 115: Administrator
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 95 administrator administrator window the administrator window displays when administrator is selected from the navigation panel. This window is used for adding and maintaining global administrator (admin), group a...
Page 116
G lobal a dministrator s ection c hapter 1: s ystem screen 96 m86 s ecurity u ser g uide tip : the default username is admin and the password is user3 . M86 recommends that you retain this default account and pass- word in the event that the web filter cannot be accessed. An authorized m86 security ...
Page 117
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 97 edit an administrator account to change an administrator’s password and/or account type: 1. Select the username from the current user list box; this action populates the account details frame with data. 2. In th...
Page 118: Secure Logon
G lobal a dministrator s ection c hapter 1: s ystem screen 98 m86 s ecurity u ser g uide secure logon secure logon includes options for setting user passwords to expire after a designated number of days, and/or locking out users from the web filter after unsuccessfully attempting to log in for the s...
Page 119
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 99 enable, disable password expiration in the logon expiration frame, at the number of days prior to expiration [1-365] field, specify the number of days logon passwords will be effective by doing one of the follow...
Page 120
G lobal a dministrator s ection c hapter 1: s ystem screen 100 m86 s ecurity u ser g uide enable, disable account lockout 1. In the logon options frame, enable any of the following options: • at the lockout by username field, click the radio button corresponding to either of the following options: •...
Page 121
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 101 • at the failed password attempts timespan (in minutes) [1-1440] field—with the lockout by user- name and/or lockout by ip address option(s) enabled—enter the number of minutes that defines the interval in whic...
Page 122
G lobal a dministrator s ection c hapter 1: s ystem screen 102 m86 s ecurity u ser g uide logon management the logon management window displays when logon management is selected from the secure logon menu. This window is used for viewing the status of user accounts— including the date passwords will...
Page 123
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 103 view user account status, unlock username view account status the all accounts status frame displays password statuses of current login accounts set up in this web filter being configured, including: • account ...
Page 124
G lobal a dministrator s ection c hapter 1: s ystem screen 104 m86 s ecurity u ser g uide unlock a username to unlock a username: 1. Select the account name from the all accounts status frame by clicking on it to highlight it. 2. Click unlock to open the dialog box asking if you wish to proceed with...
Page 125
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 105 view admin, sub admin user interface access to view the areas of the user interface accessible by a global administrator, ldap group administrator, or help desk administrator: 1. Select the admin, sub admin, or...
Page 126: Diagnostics
G lobal a dministrator s ection c hapter 1: s ystem screen 106 m86 s ecurity u ser g uide diagnostics diagnostics includes options for setting up or running processes for maintaining the server. Click the diagnostics link to view a menu of sub-topics: system command, view log file, troubleshooting m...
Page 127
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 107 perform a diagnostic test, view data 1. Select a diagnostic tool from the command pull-down menu: ping(ping), traceroute(trace route), ps(process list), top(top cpu processes), ifconfig(nic configura- tion), ne...
Page 128
G lobal a dministrator s ection c hapter 1: s ystem screen 108 m86 s ecurity u ser g uide command selections ping the ping diagnostic tool is used for verifying whether the web filter can communicate with a machine at a given ip address within the network, and the speed of the network connection. En...
Page 129
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 109 top cpu processes the top cpu processes diagnostic tool is used for analyzing how much memory and cpu power is being consumed by which processes. When execute is clicked, the window displays the following infor...
Page 130
G lobal a dministrator s ection c hapter 1: s ystem screen 110 m86 s ecurity u ser g uide current memory usage when current memory usage is selected and execute is clicked, the window shows the amount of memory being used, and the amount of memory available for three inter- vals of one second each. ...
Page 131
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 111 system uptime the system uptime diagnostic tool is used for showing the amount of time the web filter has been "up" and running. When execute is clicked, the window displays a row of data showing the current ti...
Page 132
G lobal a dministrator s ection c hapter 1: s ystem screen 112 m86 s ecurity u ser g uide view log file window the view log file window displays when view log file is selected from the diagnostics menu. This window is used for viewing the most recent log file results of various activi- ties and for ...
Page 133
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 113 • “error log (error.Log)” - used only if an alternate ip address is being used in the block page route frame of the operation mode window. This log only displays information if the ip address used for sending b...
Page 134
G lobal a dministrator s ection c hapter 1: s ystem screen 114 m86 s ecurity u ser g uide troubleshooting mode window the troubleshooting mode window displays when trouble- shooting is selected from the diagnostics menu. This window is used if the server is not sending or receiving packets as normal...
Page 135
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 115 use the troubleshooting mode 1. Click enable to begin working in the troubleshooting mode. 2. In the packet logging frame, select the packet logging time from the available selections (10 seconds, 30 seconds, 6...
Page 136
G lobal a dministrator s ection c hapter 1: s ystem screen 116 m86 s ecurity u ser g uide 8. After performing the fixes on the web filter, return to this window and click disable to resume filtering the network. Active profile lookup window the active profile lookup window displays when active profi...
Page 137
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 117 verify whether a profile is active 1. In the user ip address field, enter the ip address of the end user. 2. Click lookup to verify whether or not a profile is active for that ip address. If the filtering profi...
Page 138
G lobal a dministrator s ection c hapter 1: s ystem screen 118 m86 s ecurity u ser g uide • global profile - global group profile • override profiles - override account profile • lock profiles - x strikes blocking lock out profile • time profiles - time profile • tar profile - threat analysis report...
Page 139
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 119 message and agreeing to its terms. • block - urls in this category will be blocked. • quota - if a number displays in this column, the corresponding category group/library category was set up as passed but with...
Page 140
G lobal a dministrator s ection c hapter 1: s ystem screen 120 m86 s ecurity u ser g uide • filter options (optional) - filter options to be used in the user’s profile: “x strikes blocking”, “google/bing/ yahoo!/youtube/ask/aol safe search enforcement”, “search engine keyword filter control”, and/or...
Page 141
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 121 specify ftp criteria 1. Enter the ip address of the ftp server . 2. The log will be sent to the current default directory, unless a remote directory is specified. 3. At the transfer mode field, “passive” is sel...
Page 142
G lobal a dministrator s ection c hapter 1: s ystem screen 122 m86 s ecurity u ser g uide view view the log of administrator changes to view the log, click the view tab: fig. 2:1-27 admin audit trail window, view tab click view log to display data on recent activity. For each change made on the serv...
Page 143: Alert
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 123 alert alert includes options for setting up alert emails that notify designated individuals of problems on the network. Click the alert link to view a menu of sub-topics: alert settings, and smtp server setting...
Page 144
G lobal a dministrator s ection c hapter 1: s ystem screen 124 m86 s ecurity u ser g uide trator in troubleshooting the problem. In most cases, the reload procedure will fix the error, and no futher interven- tion will be required. However, if the error is not fixed— such as if a misconfiguration wa...
Page 145
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 125 enable the alert feature by default, the “disable” radio button is selected. To enable the feature for sending automated email notifications: 1. Click the “enable” radio button to activate all elements in the e...
Page 146
G lobal a dministrator s ection c hapter 1: s ystem screen 126 m86 s ecurity u ser g uide smtp server settings window the smtp server settings window displays when smtp server settings is selected from the alert menu. This window is used for entering settings for the simple mail transfer protocol th...
Page 147
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 127 4. By default, authentication is disabled. Click “enable” if a username and password are required for logging into the smtp server. This action activates the fields below. Make the following entries: a. Enter t...
Page 148: Software Update
G lobal a dministrator s ection c hapter 1: s ystem screen 128 m86 s ecurity u ser g uide software update software update includes options for uploading software updates. Click the software update link to view a menu of sub-topics: local software update, and software update log. Local software updat...
Page 149
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 129 tip : click the link (“here”) at the bottom of the window to go to the web page at m86 security’s public site ( http:// www.M86security.Com/support/r3000/documentation.Asp ) where release notes about software u...
Page 150
G lobal a dministrator s ection c hapter 1: s ystem screen 130 m86 s ecurity u ser g uide select and apply a software update notes : software updates must be applied to the server in sequential order. Be sure port 8082 is open on your network. General software installation procedures these instructi...
Page 151
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 131 fig. 2:1-34 eula dialog box 4. After reading the contents of the end user license agreement, click yes if you agree to its terms. This action closes the eula dialog box and opens the alert box veri- fying the s...
Page 152
G lobal a dministrator s ection c hapter 1: s ystem screen 132 m86 s ecurity u ser g uide fig. 2:1-36 connection failure alert box 6. Click ok to close the alert box. 7. In the navigation toolbar, click quit to exit the web filter console. 8. Wait a few minutes, and then log back into the web filter...
Page 153
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 133 first time la/beta software install procedures the steps in this sub-section pertain to the first acceptance and installation of limited availability or beta software updates. 1. In the available software updat...
Page 154
G lobal a dministrator s ection c hapter 1: s ystem screen 134 m86 s ecurity u ser g uide fig. 2:1-38 la software acceptance box fig. 2:1-39 beta software acceptance box 4. Read the description for the software type to be installed (la or beta), and then click yes to close the software acceptance di...
Page 155
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 135 to unapply a software update: 1. Go to the history of software updates frame and select the software update to be unapplied. 2. Click undo . Software update log window the software update log window displays wh...
Page 156
G lobal a dministrator s ection c hapter 1: s ystem screen 136 m86 s ecurity u ser g uide download log, view, print contents download the log 1. Click download log to open the alert box containing a message on how to download the log file to your worksta- tion, if using windows explorer. 2. Click ok...
Page 157
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 137 view the contents of the log once the software update log file has been downloaded to your workstation, you can view its contents. 1. Find the log file in the folder, and right-click on it to open the menu: fig...
Page 158
G lobal a dministrator s ection c hapter 1: s ystem screen 138 m86 s ecurity u ser g uide 3. If using winzip, click i agree to open the window containing the zip file: fig. 2:1-43 winzip window 4. Right-click the zip file to open the menu, and choose “view” to open the view dialog box: fig. 2:1-44 v...
Page 159
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 139 save, print the log file contents with the log file displaying correctly formatted in winzip’s view window, if you wish to save or print the contents of this file: 1. Click clipboard copy , wait for the dialog ...
Page 160: Synchronization
G lobal a dministrator s ection c hapter 1: s ystem screen 140 m86 s ecurity u ser g uide synchronization by default, the synchronization menu includes the setup option that lets you specify the web filter server’s function on the network: whether it will be a stand alone box, or whether it will sen...
Page 161
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 141 setup window the setup window displays when setup is selected from the synchronization menu. This window is used for establishing the function of the web filter, especially if there is more than one web filter ...
Page 162
G lobal a dministrator s ection c hapter 1: s ystem screen 142 m86 s ecurity u ser g uide using more than one web filter on the network using the synchronization process, all target servers are updated with profile/library setting changes, so that no matter which web filter the user’s client pc acce...
Page 163
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 143 2. At the selective synchronization field, by default “all” is selected. This choice includes both profile and library setting changes. Choose “library” if only library category additions/deletions (including s...
Page 164
G lobal a dministrator s ection c hapter 1: s ystem screen 144 m86 s ecurity u ser g uide note : lan 1 and lan 2 ip addresses that display in this menu were previously entered in the lan settings window on this server. 5. In the target ips frame, enter the target ip address of the web filter that wi...
Page 165
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 145 sync all target servers with the same settings if all target servers have been configured and now need to be set with the same settings, click sync all from the source server. This action should only be perform...
Page 166
G lobal a dministrator s ection c hapter 1: s ystem screen 146 m86 s ecurity u ser g uide for the target mode setting: 1. In the mode frame, click “target” to display the target mode view: fig. 2:1-48 setup window, target mode in the ip to send frame, the lan1 and lan2 ip addresses set up in the lan...
Page 167
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 147 6. Click apply after all settings have been made. Note : this test only verifies whether this server can contact the source server. In order for synchronization to be operable on the network, the source server ...
Page 168
G lobal a dministrator s ection c hapter 1: s ystem screen 148 m86 s ecurity u ser g uide view the sync status of targets from the source if the server is set up in the source mode, the web filter system time displays at the top of the target(s) status frame. This is the current date and time from t...
Page 169
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 149 fig. 2:1-50 queue of target window 2. Click close to close the window. View items previously synced to the server to view items previously synced to a specified target server: 1. In the history column for that ...
Page 170
G lobal a dministrator s ection c hapter 1: s ystem screen 150 m86 s ecurity u ser g uide place items in queue for syncing to place new sync items in queue for the target server(s), click test sync . View the sync status of the target server if the server is set up in the target mode, the web filter...
Page 171
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 151 • last successful sync - the date and time of the last successful synchronization displays, using the yyyy/ mm/dd and hh:mm:ss format. • history log - click the details button to open the history of target wind...
Page 172: Mode
G lobal a dministrator s ection c hapter 1: s ystem screen 152 m86 s ecurity u ser g uide mode mode includes options for configuring the web filter to filter the network. Click the mode link to view a menu of sub- topics: operation mode and proxy environment settings. Operation mode window the opera...
Page 173
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 153 set the operation mode the default mode setting is “invisible”. To change this setting, click the radio button corresponding to “router”, “firewall”, “icap”, or “mobile”. Selecting icap would make the web filte...
Page 174
G lobal a dministrator s ection c hapter 1: s ystem screen 154 m86 s ecurity u ser g uide if using the router or firewall mode, at the device to send block page pull-down menu, you may need to choose the network card that will be used to send the block page to client pcs. Notes : after making all se...
Page 175
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 155 notes : the current mac address displays if there is a resolu- tion between the ip address and the mac address of the router or device used for serving block pages. If an alternate ip address is used, that addr...
Page 176
G lobal a dministrator s ection c hapter 1: s ystem screen 156 m86 s ecurity u ser g uide 2. In the uri field, enter the uniform resource identifier that must specify the complete hostname and path of the resource being requested. For example: icap:// icap.Logo.Com:1344/services/icap-services note :...
Page 177
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 157 proxy environment settings window the proxy environment settings window displays when proxy environment settings is selected from the mode menu. This window is used for specifying whether the web filter is in a...
Page 178: Authentication
G lobal a dministrator s ection c hapter 1: s ystem screen 158 m86 s ecurity u ser g uide use proxy port 80 in the proxy port 80 setting frame, the default setting is “disable”. To specify that the public proxy server will channel “https” traffic through port 80: 1. Click the radio button correspond...
Page 179: Backup/restore
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 159 backup/restore backup/restore window the backup/restore window displays when backup/ restore is selected from the navigation panel. This window is used for saving configuration settings and/or custom library ad...
Page 180
G lobal a dministrator s ection c hapter 1: s ystem screen 160 m86 s ecurity u ser g uide tips : the order in which columns display in the grid can be changed by clicking the column header and sliding the column to another position in the grid. To change the sort order, click the header of a column....
Page 181
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 161 perform a backup on demand 1. In the manual backup frame on the backup tab, click backup to open the web filter backup dialog box: fig. 2:1-56 web filter backup dialog box 2. Type in the filename for the backup...
Page 182
G lobal a dministrator s ection c hapter 1: s ystem screen 162 m86 s ecurity u ser g uide schedule a backup configure ftp server settings 1. In the server configuration section of the scheduled backup frame, enter the ip address of the remote server . 2. In the ftp directory field, enter the path wh...
Page 183
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 163 create a backup schedule 1. In the recurrence schedule section of the scheduled backup frame, click schedule to open the scheduled backup box: fig. 2:1-57 scheduled backup box 2. In the recurrence duration time...
Page 184
G lobal a dministrator s ection c hapter 1: s ystem screen 164 m86 s ecurity u ser g uide in this pop-up box you can do the following: • click the left or right arrow at the top of this box to navigate to the prior month or the next month. • double-click a date to select it and to close this box, po...
Page 185
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 165 • monthly - if this selection is made, first enter the interval for the months this time profile will be used, and next specify which day of the month: • if day is chosen, select from “1” - “31”. • if a non-spe...
Page 186
G lobal a dministrator s ection c hapter 1: s ystem screen 166 m86 s ecurity u ser g uide “weekday”, “weekend” - month: “january” - “december”. By default, the “first” “sunday” of “january” are selected. If 2 is entered and the “first” “monday” of “june” are selected, this profile will be used every...
Page 187
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 167 download a file to download a file to your machine: 1. In the restore tab, select the file from the backup config- urations grid: fig. 2:1-58 backup/restore window, restore tab 2. Click download to open the ale...
Page 188
G lobal a dministrator s ection c hapter 1: s ystem screen 168 m86 s ecurity u ser g uide perform a restoration to restore backup data to the server, the backup file must be listed in the backup configurations grid in the restore tab, and the restoration function must be executed. If the backup file...
Page 189
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 169 2. Click browse... To open the choose file window. 3. Select the file to be uploaded. After the file is selected, the choose file window closes. 4. In the window, type in a comment about the file. 5. Select the...
Page 190
G lobal a dministrator s ection c hapter 1: s ystem screen 170 m86 s ecurity u ser g uide view backup and restoration details to view details on backup and/or restoration activities: 1. Click log to open the backup/restore log box: fig. 2:1-60 backup/restore box the box includes rows of data about b...
Page 191: Reset
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 171 reset reset window the reset window displays when reset is selected from the navigation panel. This window is used for resetting the server back to the default settings when the box was first acquired. Fig. 2:1...
Page 192
G lobal a dministrator s ection c hapter 1: s ystem screen 172 m86 s ecurity u ser g uide radius authentication settings radius authentication settings window the radius authentication settings window displays when radius authentication settings is selected from the naviga- tion panel. This window i...
Page 193
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 173 access server or proxy server) that sends accounting request packets to the external radius accounting server. Enable radius the radius mode is “off” by default. To use radius, click the “on” radio button. This...
Page 194
G lobal a dministrator s ection c hapter 1: s ystem screen 174 m86 s ecurity u ser g uide • check the box for use web filter ip as source ip , if the ip address of the web filter (lan1 or lan2) should be used when forwarding packets instead of the ip address of the nas. To disable the forward mode o...
Page 195: Snmp
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 175 snmp snmp window the snmp window displays when snmp is selected from the navigation panel. This feature lets the global adminis- trator use a third party simple network management protocol (snmp) product for mo...
Page 196
G lobal a dministrator s ection c hapter 1: s ystem screen 176 m86 s ecurity u ser g uide specify monitoring settings set up community token for public access enter the password to be used as the community token for public access . This is the password that the manage- ment web filter console would ...
Page 197: Hardware Failure Detection
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 177 hardware failure detection hardware failure detection window the hardware failure detection window displays when hardware failure detection is selected from the navigation panel. This feature shows the status o...
Page 198
G lobal a dministrator s ection c hapter 1: s ystem screen 178 m86 s ecurity u ser g uide 2. Replace the failed drive with your spare replacement drive 3. Click on the “rebuild” button on the gui 4. To return a failed drive to m86 or to order additional replacement drives, please call m86 technical ...
Page 199: X Strikes Blocking
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 179 x strikes blocking x strikes blocking window the x strikes blocking window displays when x strikes blocking is selected from the navigation panel. This feature lets a global administrator set criteria for block...
Page 200
G lobal a dministrator s ection c hapter 1: s ystem screen 180 m86 s ecurity u ser g uide configuration set up blocking criteria 1. At reset the x-strike count upon authentication , “off” is selected by default. To have all strikes reset before an end user is authenticated, click “on”. 2. Enter the ...
Page 201
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 181 to specify a different page, click “custom url” and enter the url in the text box. 7. Click save to save your configuration settings. Reset all workstations the following buttons can be clicked to reset worksta...
Page 202
G lobal a dministrator s ection c hapter 1: s ystem screen 182 m86 s ecurity u ser g uide the following information might also display in the lock page: “you have been denied access according to your organization's internet usage policy. As a result, your internet privileges were temporarily suspend...
Page 203
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 183 her workstation for five minutes. However, since the toler- ance timer is set at four seconds, a user could potentially receive five strikes within 16 seconds if he/she accesses a page with multiple, inappropri...
Page 204
G lobal a dministrator s ection c hapter 1: s ystem screen 184 m86 s ecurity u ser g uide fig. 2:1-67 x strikes blocking window, email alert tab set up email alert criteria 1. In the minutes past midnight before starting time interval (0-59) field, enter the number of minutes past midnight that a lo...
Page 205
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 185 fig. 2:1-68 the daily schedule window click close to close the window. 3. Click save to save the field entries. Set up email alert recipients 1. Enter the email address of an individual who will receive locked ...
Page 206
G lobal a dministrator s ection c hapter 1: s ystem screen 186 m86 s ecurity u ser g uide logon accounts click the logon accounts tab to display logon accounts: fig. 2:1-69 x strikes blocking window, logon accounts tab set up users authorized to unlock workstations 1. Enter the username of a staff m...
Page 207
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 187 deactivate an authorized logon account to deactivate an authorized user’s account: 1. Select the username from the current accessible users list box. 2. Click disable to move the username to the current un- acc...
Page 208
G lobal a dministrator s ection c hapter 1: s ystem screen 188 m86 s ecurity u ser g uide categories click the categories tab to display categories: fig. 2:1-70 x strikes blocking window, categories tab set up categories to receive strikes or no strikes 1. Select library categories from the “no stri...
Page 209
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 189 go to x strikes unlock workstation gui when any administrator clicks the x strikes blocking icon or go to x strikes unlock workstation gui , either the re-login window or the x strikes unlock workstation window...
Page 210
G lobal a dministrator s ection c hapter 1: s ystem screen 190 m86 s ecurity u ser g uide x strikes unlock workstation the following information displays in the x strikes unlock workstation window: ip address, user name, and expire date/time of currently locked workstations. Fig. 2:1-72 x strikes un...
Page 211
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 191 fig. 2:1-73 login window enter the username and password and click ok to open the x strikes unlock workstation window (see fig. 2:1-69). • the web filter introductory window for x strikes simultaneously opens w...
Page 212
G lobal a dministrator s ection c hapter 1: s ystem screen 192 m86 s ecurity u ser g uide set up an email address to receive alerts to send locked workstation information to a designated administrator: 1. Enter the email address in the email address to be subscribed/unsubscribed text box. 2. Click s...
Page 213: Warn Option Setting
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 193 warn option setting warn option setting window the warn option setting window displays when warn option setting is selected from the navigation panel. This feature lets a global administrator specify the number...
Page 214
G lobal a dministrator s ection c hapter 1: s ystem screen 194 m86 s ecurity u ser g uide notes : if using the synchronization feature, the warn option setting window is available in the stand alone and source mode. This topic does not display if this server being configured is set up in the target ...
Page 215: Customization
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 195 customization customization includes options to customize settings for html pages that display for end users who execute a command that triggers the associated window to open. Click the customization link to vi...
Page 216
G lobal a dministrator s ection c hapter 1: s ystem screen 196 m86 s ecurity u ser g uide common customization window the common customization window displays when common customization is selected from the customization menu. This window is used for specifying elements to be included in block, lock,...
Page 217
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 197 enable, disable features 1. Click “on” or “off” to enable or disable the following elements in the html pages, and make entries in fields to display customized text, if necessary: • username display - if enable...
Page 218
G lobal a dministrator s ection c hapter 1: s ystem screen 198 m86 s ecurity u ser g uide • help link url - by default, http:// www.M86security.Com/support/r3000/accessde- nied.Asp displays as the help link url. Enter the url to be used when the end user clicks the help link text (specified in the h...
Page 219
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 199 lock page customization window the lock page customization displays when lock page is selected from the customization menu. This window is used with the x strikes blocking feature, and lets you customize text i...
Page 220
G lobal a dministrator s ection c hapter 1: s ystem screen 200 m86 s ecurity u ser g uide edit entries, setting 1. Make an entry in any of the following fields: • in the header field, enter a static header to be displayed at the top of the lock page. • in the description field, enter a static text m...
Page 221
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 201 preview sample lock page 1. Click preview to launch a separate browser window containing a sample customized lock page, based on entries saved in this window and in the common customization window: fig. 2:1-78 ...
Page 222
G lobal a dministrator s ection c hapter 1: s ystem screen 202 m86 s ecurity u ser g uide • m86 security - clicking this link takes the user to m86’s web site. 2. Click the “x” in the upper right corner of the window to close the sample customized lock page. Tip : if necessary, make edits in the loc...
Page 223
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 203 tip : an entry in any of the fields in this window is optional, but if an entry is made in the link text field, a corresponding entry must also be made in the link url field. Add, edit entries 1. Make an entry ...
Page 224
G lobal a dministrator s ection c hapter 1: s ystem screen 204 m86 s ecurity u ser g uide preview sample block page 1. Click preview to launch a separate browser window containing a sample customized block page, based on entries saved in this window and in the common customization window: fig. 2:1-8...
Page 225
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 205 by default, the following standard links are included in the block page: • help - clicking this link takes the user to m86’s tech- nical support page that explains why access to the site or service may have bee...
Page 226
G lobal a dministrator s ection c hapter 1: s ystem screen 206 m86 s ecurity u ser g uide warn page customization window the warn page customization window displays when warn page is selected from the customization menu. This window is used with the warn option setting feature, and lets you customiz...
Page 227
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 207 add, edit entries 1. Make an entry in any of the following fields: • in the header field, enter a static header to be displayed at the top of the warning page. • in the description field, enter a static text me...
Page 228
G lobal a dministrator s ection c hapter 1: s ystem screen 208 m86 s ecurity u ser g uide preview sample warning page 1. Click preview to launch a separate browser window containing a sample customized warning page, based on entries saved in this window and in the common customization window: fig. 2...
Page 229
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 209 by default, the following standard links are included in the warning page: • help - clicking this link takes the user to m86’s tech- nical support page that explains why access to the site or service may have b...
Page 230
G lobal a dministrator s ection c hapter 1: s ystem screen 210 m86 s ecurity u ser g uide 2. Click the “x” in the upper right corner of the window to close the sample customized warning page. Tip : if necessary, make edits in the warn page customization window or the common customization window, and...
Page 231
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 211 edit entries 1. Make an entry in any of the following fields: • in the header field, enter a static header to be displayed at the top of the profile control pop-up window. • in the warning text field, enter a s...
Page 232
G lobal a dministrator s ection c hapter 1: s ystem screen 212 m86 s ecurity u ser g uide quota block page customization window the quota block page customization window displays when quota block page is selected from the customization menu. This window is used for making customizations to the quota...
Page 233
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 213 • in the link text field, enter text for the link's url, and in the link url field, enter the corresponding hyper- link in plain text using the http:// or https:// syntax. Any entries made in these fields will ...
Page 234
G lobal a dministrator s ection c hapter 1: s ystem screen 214 m86 s ecurity u ser g uide • requested url field - the url the user attempted to access displays. • ip field - the user’s ip address displays. • user/machine field - the username displays for the ldap user. This field is blank for the ip...
Page 235
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 215 quota notice page customization window the quota notice page customization window displays when quota notice page is selected from the customiza- tion menu. This window is used for making customizations to the ...
Page 236
G lobal a dministrator s ection c hapter 1: s ystem screen 216 m86 s ecurity u ser g uide • in the link text field, enter text for the link's url, and in the link url field, enter the corresponding hyper- link in plain text using the http:// or https:// syntax. Any entries made in these fields will ...
Page 237
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 217 by default, the following data displays in the category frame: • category field - the name of the library category containing a url the user accessed—that triggered the quota notice—displays. • requested url fi...
Page 238: Cmc Management
G lobal a dministrator s ection c hapter 1: s ystem screen 218 m86 s ecurity u ser g uide cmc management cmc management displays on a web filter set up in the source mode, and includes centralized management console options for viewing the filtering statuses of this source server and its target serv...
Page 239
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 219 window for the source server's hostname, or the information entered for the target server in the target location field in the setup window); applied date (date the software update was applied to the server, usi...
Page 240
G lobal a dministrator s ection c hapter 1: s ystem screen 220 m86 s ecurity u ser g uide apply or undo a software update to apply a software update: 1. Click to select the row(s) corresponding to the servers to be updated. 2. Click apply . Notes : if the source server is selected for a software upd...
Page 241
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 221 status window the status window displays when status is selected from the cmc management menu. This window is used for viewing the filtering status of the source and target server(s) for troubleshooting purpose...
Page 242
G lobal a dministrator s ection c hapter 1: s ystem screen 222 m86 s ecurity u ser g uide • last library update - most recent date the library was updated on the server, using the yyyy/mm/dd format, if this information is available. Tips : the order in which columns display in the grid can be change...
Page 243: Quota Setting
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 223 quota setting quota setting window the quota setting window displays when quota setting is selected from the navigation panel. This window lets a global administrator configure url hits that—along with quotas s...
Page 244
G lobal a dministrator s ection c hapter 1: s ystem screen 224 m86 s ecurity u ser g uide configure quota hit settings 1. Enter the number of seconds per hit to indicate how much time will be applied towards a “hit” (url access) in any category with a quota. The default is 10 seconds per hit. The en...
Page 245
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 225 reset quotas quotas are automatically reset at midnight, but also can be manually reset on demand or scheduled to be reset at specific times each day. Reset quotas now click reset now to reset all quotas to zer...
Page 246
G lobal a dministrator s ection c hapter 1: s ystem screen 226 m86 s ecurity u ser g uide delete a quota reset time from the schedule 1. Select the quota reset time from the current reset time(s) list box. 2. Click remove to remove the quota reset time from the list box. Tip : after making all confi...
Page 247
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 227 • requested url field - the url that triggered the quota notice page. • ip field - the end user’s ip address. • user/machine field - the username displays for the ldap user. This field is blank for the ip group...
Page 248
G lobal a dministrator s ection c hapter 1: s ystem screen 228 m86 s ecurity u ser g uide quota block page when the end user has spent 100 percent of time in a quota-restricted library group/category, the quota block page displays: fig. 2:1-92 sample quota block page once receiving a quota block pag...
Page 249: Ui Ssl Certificate
G lobal a dministrator s ection c hapter 1: s ystem screen m86 s ecurity u ser g uide 229 by default, the following standard links are included in the quota block page: • help - clicking this link takes the user to m86’s tech- nical support page that explains why access to the site or service may ha...
Page 250
G lobal a dministrator s ection c hapter 1: s ystem screen 230 m86 s ecurity u ser g uide generate an ssl certificate for the web filter 1. Click generate certificate to open the box that asks if you wish to continue, which would restart your server. Tip : click no to close the window and to return ...
Page 251: Chapter 2: Policy Screen
G lobal a dministrator s ection c hapter 2: p olicy screen m86 s ecurity u ser g uide 231 chapter 2: policy screen the policy screen is comprised of windows and dialog boxes used for adding ip groups and/or ldap domains, and for creating filtering profiles for ip/ldap groups and their members. Fig. ...
Page 252
G lobal a dministrator s ection c hapter 2: p olicy screen 232 m86 s ecurity u ser g uide double-click the branch of your selection to display the list of groups/domains previously added to that branch. Keep double-clicking items in the tree list to view additional items. Click an entity in the tree...
Page 253: Global Group
G lobal a dministrator s ection c hapter 2: p olicy screen m86 s ecurity u ser g uide 233 global group global group includes options for creating and maintaining groups. Click the global group link to view a menu of sub- topics: range to detect, rules, global group profile, over- ride account, appro...
Page 254
G lobal a dministrator s ection c hapter 2: p olicy screen 234 m86 s ecurity u ser g uide note : segments of network traffic should not be defined if using the firewall mode. The main window (fig. 2:2-2) lets you add segments to the network, or modify or remove existing segments. The current ranges ...
Page 255
G lobal a dministrator s ection c hapter 2: p olicy screen m86 s ecurity u ser g uide 235 fig. 2:2-4 range to detect settings, second window 2. Click one of the following buttons to select the procedure for adding the segment: • start the setup wizard - clicking this button takes you to the range to...
Page 256
G lobal a dministrator s ection c hapter 2: p olicy screen 236 m86 s ecurity u ser g uide range to detect setup wizard click the start the setup wizard button to display step 1 of the range to detect setup wizard. The wizard is comprised of six steps. An entry is required in step 1, but not in steps...
Page 257
G lobal a dministrator s ection c hapter 2: p olicy screen m86 s ecurity u ser g uide 237 2. Click add to include the segment in the list box above. Note : to modify the segment, select it from the list box and click modify to move the segment to the field(s) below for editing. To remove the segment...
Page 258
G lobal a dministrator s ection c hapter 2: p olicy screen 238 m86 s ecurity u ser g uide step 3: optional in this step you define the source ip address(es) to be excluded from filtering. Fig. 2:2-7 range to detect setup wizard window, step 3 step 4: optional in this step you define the destination ...
Page 259
G lobal a dministrator s ection c hapter 2: p olicy screen m86 s ecurity u ser g uide 239 fig. 2:2-8 range to detect setup wizard window, step 4 step 5: optional in this step you enter destination port numbers to be excluded from filtering. Fig. 2:2-9 range to detect setup wizard window, step 5.
Page 260
G lobal a dministrator s ection c hapter 2: p olicy screen 240 m86 s ecurity u ser g uide 1. In the individual port field, enter the port number to be excluded from filtering. 2. Click add to include the entry in the list box above. Note : to remove the port number, select it from the list box and c...
Page 261
G lobal a dministrator s ection c hapter 2: p olicy screen m86 s ecurity u ser g uide 241 • click finish to accept all your entries. This action takes you to the main range to detect settings window where the segment you entered now displays in the current ranges list box. Range to detect advanced s...
Page 262
G lobal a dministrator s ection c hapter 2: p olicy screen 242 m86 s ecurity u ser g uide modify a segment of the network to modify a segment: 1. In the main range to detect settings window (see fig. 2:2-2), select the segment from the current ranges list box. 2. Click modify to go to the second pag...
Page 263
G lobal a dministrator s ection c hapter 2: p olicy screen m86 s ecurity u ser g uide 243 rules window the rules window displays when rules is selected from the global group menu. This window is used for adding a filtering rule when creating a filtering profile for an entity. Fig. 2:2-12 rules windo...
Page 264
G lobal a dministrator s ection c hapter 2: p olicy screen 244 m86 s ecurity u ser g uide add a rule to create a new rule: 1. Click new rule to populate the rule # field with the next consecutive rule number available. 2. Enter up to 20 characters for a unique rule description that describes the the...
Page 265
G lobal a dministrator s ection c hapter 2: p olicy screen m86 s ecurity u ser g uide 245 note : if a category group does not display any filter setting (i.E. The check mark does not display in any column for the category group), one or more library categories within that group has a filter setting ...
Page 266
G lobal a dministrator s ection c hapter 2: p olicy screen 246 m86 s ecurity u ser g uide • the overall quota field becomes enabled if a quota is entered for any library group/category. By default, the enabled overall quota is turned “off”. If turned “on”, enter the number of minutes in the min fiel...
Page 267
G lobal a dministrator s ection c hapter 2: p olicy screen m86 s ecurity u ser g uide 247 5. Click save rule . Remove a rule to delete a rule: 1. Select the rule from the current rules pull-down menu. 2. Click delete rule . Global group profile window the global group profile window displays when gl...
Page 268
G lobal a dministrator s ection c hapter 2: p olicy screen 248 m86 s ecurity u ser g uide category profile category profile displays by default when global group profile is selected from the global group menu, or when the category tab is clicked. This tab is used for assigning filter settings to cat...
Page 269
G lobal a dministrator s ection c hapter 2: p olicy screen m86 s ecurity u ser g uide 249 • block - urls in this category will be blocked. Note : if a category group does not display any filter setting (i.E. The check mark does not display in any column for the category group), one or more library c...
Page 270
G lobal a dministrator s ection c hapter 2: p olicy screen 250 m86 s ecurity u ser g uide note : see the quota settings window in chapter 1: system screen for more information on configuring quota settings and resetting quotas for end users currently blocked by quotas. • the overall quota field beco...
Page 271
G lobal a dministrator s ection c hapter 2: p olicy screen m86 s ecurity u ser g uide 251 create, edit a list of service ports all service ports are filtered by default. To block a service port from being accessed by global filtering profile users: 1. Enter the port number in the port field. 2. Clic...
Page 272
G lobal a dministrator s ection c hapter 2: p olicy screen 252 m86 s ecurity u ser g uide create, edit the redirect url 1. Specify the type of redirect url to be used: “default block page”, “authentication request form”, or “custom url”. If “custom url” is selected, enter the redirect url in the cor...
Page 273
G lobal a dministrator s ection c hapter 2: p olicy screen m86 s ecurity u ser g uide 253 control”, “url keyword filter control”. If url keyword filter control is selected, the “extend url keyword filter control” option can be selected. 2. Click apply to apply your settings. X strikes blocking with ...
Page 274
G lobal a dministrator s ection c hapter 2: p olicy screen 254 m86 s ecurity u ser g uide search engine keyword filter control with the search engine keyword filter control option enabled, search engine keywords can be set up to be blocked. When a user enters a keyword in the search engine, if that ...
Page 275
G lobal a dministrator s ection c hapter 2: p olicy screen m86 s ecurity u ser g uide 255 url keyword filter control with the url keyword filter control option enabled, url keywords can be set up to be blocked. When a user enters a keyword in the address line of a browser window, if that keyword has...
Page 276
G lobal a dministrator s ection c hapter 2: p olicy screen 256 m86 s ecurity u ser g uide override account window the override account window displays when override account is selected from the global group menu. This window is used for creating an override account that allows an ip group user to by...
Page 277
G lobal a dministrator s ection c hapter 2: p olicy screen m86 s ecurity u ser g uide 257 add an override account to create an override account profile: 1. In the account details frame, enter the username in the name field. 2. Enter the password . 3. Make the same entry again in the confirm password...
Page 278
G lobal a dministrator s ection c hapter 2: p olicy screen 258 m86 s ecurity u ser g uide category profile the rule tab is used for creating the categories portion of the override account profile. Fig. 2:2-18 override account window, rule tab to create the category profile: 1. Select a filtering rul...
Page 279
G lobal a dministrator s ection c hapter 2: p olicy screen m86 s ecurity u ser g uide 259 in the adult content category group some of the library catego- ries have a block setting and other library categories have a warn setting, there would be no category group filter setting, since all library cat...
Page 280
G lobal a dministrator s ection c hapter 2: p olicy screen 260 m86 s ecurity u ser g uide • in the quota column, enter the number of minutes the user will be able to access the library group/category. The minimum number of minutes is “1” and the maximum is “1439” (one day minus one minute). The numb...
Page 281
G lobal a dministrator s ection c hapter 2: p olicy screen m86 s ecurity u ser g uide 261 redirect url the redirect tab is used for specifying the url to be used for redirecting the user if he/she attempts to access a site or service set up to be blocked. Fig. 2:2-19 override account window, redirec...
Page 282
G lobal a dministrator s ection c hapter 2: p olicy screen 262 m86 s ecurity u ser g uide filter options the filter options tab is used for specifying which filter option(s) will be applied to the override account profile. Fig. 2:2-20 override account window, filter options tab 1. Click the checkbox...
Page 283
G lobal a dministrator s ection c hapter 2: p olicy screen m86 s ecurity u ser g uide 263 • “google/bing/yahoo!/youtube/ask/aol safe search enforcement” - with the google/yahoo!/youtube/ask/ aol safe search enforcement option enabled, google, bing.Com, yahoo!, youtube, ask.Com, and aol’s “strict” sa...
Page 284
G lobal a dministrator s ection c hapter 2: p olicy screen 264 m86 s ecurity u ser g uide • “url keyword filter control” - with the url keyword filter control option enabled, url keywords can be set up to be blocked. When the user enters a keyword in the address line of a browser window, if that key...
Page 285
G lobal a dministrator s ection c hapter 2: p olicy screen m86 s ecurity u ser g uide 265 4. Make the same entry again in the confirm password field. 5. Click view/modify to open the window. 6. Click apply . 7. Click close to close the window. Modify an override account to modify an override account...
Page 286
G lobal a dministrator s ection c hapter 2: p olicy screen 266 m86 s ecurity u ser g uide approved content settings window the approved content settings window displays when approved content (incl. Vusafe) is selected from the global group menu. This window is used for granting designated users acce...
Page 287
G lobal a dministrator s ection c hapter 2: p olicy screen m86 s ecurity u ser g uide 267 approved content feature in a user’s profile gives that user access to videos posted to vusafe. Approved content setup and configuration there are two parts to set up in order to use the approved content featur...
Page 288
G lobal a dministrator s ection c hapter 2: p olicy screen 268 m86 s ecurity u ser g uide approved content settings entries once you have passkeys created for the approved videos, you can begin making entries in the approved content settings window. Step 1: enable global group passkey inheritance to...
Page 289
G lobal a dministrator s ection c hapter 2: p olicy screen m86 s ecurity u ser g uide 269 minimum filtering level window the minimum filtering level window displays when minimum filtering level is selected from the global group menu. This window is used for establishing the minimum filtering level t...
Page 290
G lobal a dministrator s ection c hapter 2: p olicy screen 270 m86 s ecurity u ser g uide minimum filtering categories minimum filtering categories displays by default when minimum filtering level is selected from the global group menu, or when the category tab is clicked. This tab is used for makin...
Page 291
G lobal a dministrator s ection c hapter 2: p olicy screen m86 s ecurity u ser g uide 271 create, edit minimum filtering categories to create the categories portion of the minimum filtering level profile: 1. Double-click the column (pass, block) in the row corre- sponding to that category group/libr...
Page 292
G lobal a dministrator s ection c hapter 2: p olicy screen 272 m86 s ecurity u ser g uide port port displays when the port tab is clicked. This tab is used for blocking access to specified ports at the minimum filtering level. Fig. 2:2-23 minimum filtering level window, port tab create, edit a list ...
Page 293
G lobal a dministrator s ection c hapter 2: p olicy screen m86 s ecurity u ser g uide 273 3. Click apply to apply your settings at the minimum filtering level. Minimum filtering bypass options minimum filtering bypass options displays when the min. Filter bypass tab is clicked. This tab is used for ...
Page 294
G lobal a dministrator s ection c hapter 2: p olicy screen 274 m86 s ecurity u ser g uide specify minimum filtering bypass options to allow a user to override settings made at the minimum filtering level: 1. In the override account frame, click the “on” checkbox. Any user who has an override account...
Page 295
G lobal a dministrator s ection c hapter 2: p olicy screen m86 s ecurity u ser g uide 275 ip ip includes options for adding a master ip group and to refresh the tree list. Click the ip link to view a menu of sub- topics: add group, and refresh. Add group add a master ip group from the ip group menu:...
Page 296
G lobal a dministrator s ection c hapter 2: p olicy screen 276 m86 s ecurity u ser g uide 3. Enter the password , and re-enter it in the confirm password field, using eight to 20 characters and at least one alpha character, one numeric character, and one special character. The password is case sensi...
Page 297: Chapter 3: Library Screen
G lobal a dministrator s ection c hapter 3: l ibrary screen m86 s ecurity u ser g uide 277 chapter 3: library screen the library screen is comprised of windows and dialog boxes used for adding and maintaining library categories. Library categories are used when creating or modifying filtering profil...
Page 298
G lobal a dministrator s ection c hapter 3: l ibrary screen 278 m86 s ecurity u ser g uide click library lookup, customer feedback module, cate- gory weight system, nntp newsgroup, or pattern detec- tion whitelist to select that topic. To view the list of category groups, double-click category group...
Page 299: Updates
G lobal a dministrator s ection c hapter 3: l ibrary screen m86 s ecurity u ser g uide 279 updates updates includes options for making configurations for library category activities. Click the updates link to view a menu of sub-topics: configuration, manual update, addi- tional language support, lib...
Page 300
G lobal a dministrator s ection c hapter 3: l ibrary screen 280 m86 s ecurity u ser g uide optional: specify a proxy server 1. In the ftp proxy setting frame, by default “disable” is selected. Click “enable” if the server is in a proxy server environment. This selection activates the fields in this ...
Page 301
G lobal a dministrator s ection c hapter 3: l ibrary screen m86 s ecurity u ser g uide 281 manual update window the manual update to m86 supplied categories window displays when manual update is selected from the updates menu. This window is used for updating specified m86 supplied library categorie...
Page 302
G lobal a dministrator s ection c hapter 3: l ibrary screen 282 m86 s ecurity u ser g uide • full url library update - select this option to update url library categories with core library files, and to update search engine keywords, newsgroup libraries, and im/p2p pattern files. Choose this option ...
Page 303
G lobal a dministrator s ection c hapter 3: l ibrary screen m86 s ecurity u ser g uide 283 additional language support window the additional language support window displays when additional language support is selected from the updates menu. This window is used for including additional m86- supporte...
Page 304
G lobal a dministrator s ection c hapter 3: l ibrary screen 284 m86 s ecurity u ser g uide 3. Click apply to have urls from the selected language(s) included in the library categories. Library update log window the library update log window displays when library update log is selected from the updat...
Page 305
G lobal a dministrator s ection c hapter 3: l ibrary screen m86 s ecurity u ser g uide 285 download log, view, print contents download the log 1. Click download log to open the alert box containing a message on how to download the log file to your worksta- tion, if using windows explorer. 2. Click o...
Page 306
G lobal a dministrator s ection c hapter 3: l ibrary screen 286 m86 s ecurity u ser g uide fig. 2:3-6 folder containing downloaded file 2. Choose “open with” and then select a zip file executable program such as “winzip executable” to launch that application: fig. 2:3-7 winzip executable program 3. ...
Page 307
G lobal a dministrator s ection c hapter 3: l ibrary screen m86 s ecurity u ser g uide 287 fig. 2:3-8 winzip window 4. Right-click the zip file to open the menu, and choose “view” to open the view dialog box: fig. 2:2-9 view dialog box 5. Select “internal ascii text viewer”, and then click view to o...
Page 308
G lobal a dministrator s ection c hapter 3: l ibrary screen 288 m86 s ecurity u ser g uide save, print the log file contents with the log file displaying correctly formatted in winzip’s view window, if you wish to save or print the contents of this file: 1. Click clipboard copy , wait for the dialog...
Page 309
G lobal a dministrator s ection c hapter 3: l ibrary screen m86 s ecurity u ser g uide 289 emergency update log window the emergency update log window displays when emer- gency update log is selected from the updates menu. This window is used for viewing transfer activity of emergency software updat...
Page 310
G lobal a dministrator s ection c hapter 3: l ibrary screen 290 m86 s ecurity u ser g uide download the software update log file note : see library update log window for screen shots pertaining to downloading the software update log file. 1. Click download log to open the alert box containing a mess...
Page 311: Library Lookup
G lobal a dministrator s ection c hapter 3: l ibrary screen m86 s ecurity u ser g uide 291 library lookup library lookup window the library lookup window displays when library lookup is selected from the navigation panel. This window is used for verifying whether a url or search engine keyword or ke...
Page 312
G lobal a dministrator s ection c hapter 3: l ibrary screen 292 m86 s ecurity u ser g uide the following types of url formats also can be entered in this field: • ip address - e.G. "209.247.228.221" in http:// 209.247.228.221 • octal format - e.G. Http://0106.0125.0226.0322 • hexadecimal short forma...
Page 313
G lobal a dministrator s ection c hapter 3: l ibrary screen m86 s ecurity u ser g uide 293 submit an email to the administrator if using a non-web based email client such as outlook, you can send an email to the administrator at your organization regarding a url or search engine keyword that appears...
Page 314: Customer Feedback Module
G lobal a dministrator s ection c hapter 3: l ibrary screen 294 m86 s ecurity u ser g uide reload the library once all changes have been made to library windows, click reload library to refresh. Note : since reloading the library utilizes system resources that impact the performance of the web filte...
Page 315
G lobal a dministrator s ection c hapter 3: l ibrary screen m86 s ecurity u ser g uide 295 warning : this feature is enabled by default. Please refer to the sub-section enable customer feedback module to review the contents of the disclaimer that applies when this feature is enabled. Note : for opti...
Page 316
G lobal a dministrator s ection c hapter 3: l ibrary screen 296 m86 s ecurity u ser g uide 3. Scroll down to read the text in this box: “customer feedback module disclosure statement “customer feedback module shall mean the function installed on m86 security’s products used to transmit selective web...
Page 317
G lobal a dministrator s ection c hapter 3: l ibrary screen m86 s ecurity u ser g uide 297 “your agreement to activate the customer feedback module will be transmitted back to m86 security once you click the ‘accept’ button.” 4. After reading this text, if you agree with the terms, click in the chec...
Page 318: Category Weight System
G lobal a dministrator s ection c hapter 3: l ibrary screen 298 m86 s ecurity u ser g uide category weight system category weight system window the category weight system window displays when cate- gory weight system is selected from the navigation panel. This feature lets you choose which category ...
Page 319
G lobal a dministrator s ection c hapter 3: l ibrary screen m86 s ecurity u ser g uide 299 view the current selections this window contains two list boxes: • “no weight” categories - populated with m86 supplied categories • “weight” categories - pre-populated by default with cate- gories m86 suggest...
Page 320
G lobal a dministrator s ection c hapter 3: l ibrary screen 300 m86 s ecurity u ser g uide weighting library categories 1. Select the category from the "no weight" categories list box. Tip : multiple categories can be selected by clicking each cate- gory while pressing the ctrl key on your keyboard....
Page 321: Nntp Newsgroup
G lobal a dministrator s ection c hapter 3: l ibrary screen m86 s ecurity u ser g uide 301 nntp newsgroup nntp newsgroup window the nntp newsgroup window displays when nntp news- group is selected from the navigation panel. This window is used for adding or removing a newsgroup from the libraries. F...
Page 322
G lobal a dministrator s ection c hapter 3: l ibrary screen 302 m86 s ecurity u ser g uide remove a newsgroup from the library to remove a newsgroup from the library: 1. In the newsgroup frame, enter the newsgroup address. 2. Click remove . After all changes have been made to library windows, click ...
Page 323: Pattern Detection Whitelist
G lobal a dministrator s ection c hapter 3: l ibrary screen m86 s ecurity u ser g uide 303 pattern detection whitelist pattern detection whitelist window the pattern detection whitelist window displays when pattern detection whitelist is selected from the navigation panel. This window is used for cr...
Page 324
G lobal a dministrator s ection c hapter 3: l ibrary screen 304 m86 s ecurity u ser g uide create, maintain a whitelist of ip addresses 1. Enter the ip address to bypass pattern detection filtering. 2. Click add to include the ip address in the ips list box. Tip : to remove an ip address from the li...
Page 325: Category Groups
G lobal a dministrator s ection c hapter 3: l ibrary screen m86 s ecurity u ser g uide 305 category groups category groups is represented by a tree of library category groups, with each group comprised of m86 supplied library categories. M86 supplied library categories are updated regularly with new...
Page 326
G lobal a dministrator s ection c hapter 3: l ibrary screen 306 m86 s ecurity u ser g uide double-click a category group’s envelope to open that segment of the tree and to view library categories belonging to that group. Click the m86 supplied category link to view a menu of sub- topics: library det...
Page 327
G lobal a dministrator s ection c hapter 3: l ibrary screen m86 s ecurity u ser g uide 307 urls window the urls window displays when urls is selected from the library category’s menu of sub-topics. This window is used for viewing, or adding and/or removing a url from a library category. A url is use...
Page 328
G lobal a dministrator s ection c hapter 3: l ibrary screen 308 m86 s ecurity u ser g uide view a list of urls in the library category to view a list of all urls that either have been added or deleted: 1. Click the view tab. 2. Make a selection from the pull-down menu for “addition list”, “deletion ...
Page 329
G lobal a dministrator s ection c hapter 3: l ibrary screen m86 s ecurity u ser g uide 309 add or remove urls, reload the library the action tab is used for making entries in the urls window for adding or removing a url, or reloading the library. Add a url to the library category to add a url to the...
Page 330
G lobal a dministrator s ection c hapter 3: l ibrary screen 310 m86 s ecurity u ser g uide tip : multiple urls can be selected by clicking each url while pressing the ctrl key on your keyboard. Blocks of urls can be selected by clicking the first url, and then pressing the shift key on your keyboard...
Page 331
G lobal a dministrator s ection c hapter 3: l ibrary screen m86 s ecurity u ser g uide 311 remove a url from the library category to remove a url or wildcard url from the library category: 1. Click the action tab. 2. Enter the url in the edit url list frame or edit wild- card url list frame, as pert...
Page 332
G lobal a dministrator s ection c hapter 3: l ibrary screen 312 m86 s ecurity u ser g uide url keywords window the url keywords window displays when url keywords is selected from the library category’s menu of sub-topics. This window is used for adding and removing url keywords from a library catego...
Page 333
G lobal a dministrator s ection c hapter 3: l ibrary screen m86 s ecurity u ser g uide 313 view a list of url keywords to view a list of all url keywords that either have been added or deleted: 1. In the view keyword addition/deletion list frame, make a selection from the pull-down menu for “additio...
Page 334
G lobal a dministrator s ection c hapter 3: l ibrary screen 314 m86 s ecurity u ser g uide upload a list of url keywords to the library before uploading a text file with url keyword additions or deletions, in the upload url keyword file frame, specify whether the contents of this file will add to th...
Page 335
G lobal a dministrator s ection c hapter 3: l ibrary screen m86 s ecurity u ser g uide 315 upload a list of url keyword deletions to upload a text file with url keyword deletions: 1. Click upload to deletion file to open the upload library keyword window (see fig. 2:3-25). 2. Click browse... To open...
Page 336
G lobal a dministrator s ection c hapter 3: l ibrary screen 316 m86 s ecurity u ser g uide search engine keywords window the search engine keywords window displays when search engine keywords is selected from the library cate- gory’s menu of sub-topics. This window is used for adding and removing se...
Page 337
G lobal a dministrator s ection c hapter 3: l ibrary screen m86 s ecurity u ser g uide 317 warning : use extreme caution when setting up search engine keywords for filtering. If a non-offending keyword contains the same consecutive characters as a keyword set up to be blocked, users will be denied t...
Page 338
G lobal a dministrator s ection c hapter 3: l ibrary screen 318 m86 s ecurity u ser g uide remove a search engine keyword from the library to remove a search engine keyword/phrase from the library category: 1. In the edit search keyword list frame, enter up to 75 alphanumeric characters in the keywo...
Page 339
G lobal a dministrator s ection c hapter 3: l ibrary screen m86 s ecurity u ser g uide 319 upload a list of search engine keyword deletions to upload a text file with search engine keyword/phrase deletions: 1. Click upload to deletion to open the upload library keyword window (see fig. 2:3-25). 2. C...
Page 340: Chapter 4: Reporting Screen
G lobal a dministrator s ection c hapter 4: r eporting screen 320 m86 s ecurity u ser g uide chapter 4: reporting screen the reporting screen contains options for transferring and/ or reviewing internet usage data collected by the web filter. Fig. 2:4-1 reporting screen from the navigation panel at ...
Page 341: Report Configuration
G lobal a dministrator s ection c hapter 4: r eporting screen m86 s ecurity u ser g uide 321 report configuration report configuration window the report configuration window displays when report configuration is selected from the navigation panel. This window is used if a reporting application needs...
Page 342
G lobal a dministrator s ection c hapter 4: r eporting screen 322 m86 s ecurity u ser g uide m86 security reporter or enterprise reporter if “m86 security reporter / m86 enterprise reporter” was selected, the m86 security reporter / m86 enterprise reporter tab displays by default. On this tab, you n...
Page 343
G lobal a dministrator s ection c hapter 4: r eporting screen m86 s ecurity u ser g uide 323 execute log transfer now in the initiating log transfer frame, click initiate to transfer the log on demand. View transfer activity to the sr, er after the sr / er has been configured and logs have been tran...
Page 344
G lobal a dministrator s ection c hapter 4: r eporting screen 324 m86 s ecurity u ser g uide fig. 2:4-5 report configuration window, other device option and tab enter or edit server information in the server configuration frame: 1. In the remote server field, enter the ip address of the remote serve...
Page 345
G lobal a dministrator s ection c hapter 4: r eporting screen m86 s ecurity u ser g uide 325 6. Click save . In the ftp log update frame: 1. At the hour field, make a selection from the pull-down menu (1, 2, 3, 4, 6, 8, 12, 24) to specify the interval between hours—in military time—when the update s...
Page 346: Real Time Probe
G lobal a dministrator s ection c hapter 4: r eporting screen 326 m86 s ecurity u ser g uide real time probe real time probe window the real time probe window displays when real time probe is selected from the navigation panel. This feature lets the probe administrator monitor a user's internet usag...
Page 347
G lobal a dministrator s ection c hapter 4: r eporting screen m86 s ecurity u ser g uide 327 set up real time probes 1. Enter the maximum probes to run/schedule simulta- neously , up to 99 probes. The default setting is 10 probes. 2. Enter the maximum probes that can be scheduled , equal to or less ...
Page 348
G lobal a dministrator s ection c hapter 4: r eporting screen 328 m86 s ecurity u ser g uide report recipients click the report recipients tab to display email report: fig. 2:4-7 real time probe window, report recipients tab specify email file criteria 1. Click the radio button corresponding the to ...
Page 349
G lobal a dministrator s ection c hapter 4: r eporting screen m86 s ecurity u ser g uide 329 note : the maximum number of report recipients is 50. If more than 50 recipients need to be included, m86 recommends setting up an email alias list for group distribution. Remove email addresses 1. Select th...
Page 350
G lobal a dministrator s ection c hapter 4: r eporting screen 330 m86 s ecurity u ser g uide 3. Click add to include the username in the current acces- sible users list box. Note : when an authorized staff member is added to this list, that username is automatically added to the current un-accessibl...
Page 351
G lobal a dministrator s ection c hapter 4: r eporting screen m86 s ecurity u ser g uide 331 go to real time probe reports gui when any administrator clicks the real time probe icon or go to real time probe reports gui , either the re-login window or the real time probe reports window opens. Re-logi...
Page 352
G lobal a dministrator s ection c hapter 4: r eporting screen 332 m86 s ecurity u ser g uide real time probe reports the real time probe reports window is comprised of the view and create tabs. The view tab displays by default (see fig. 2:4-11), showing the global administrator information on all ac...
Page 353
G lobal a dministrator s ection c hapter 4: r eporting screen m86 s ecurity u ser g uide 333 fig. 2:4-11 real time probes introductory window this window must be left open during the entire session. Create a real time probe click the create tab to enter and specify criteria for the report you wish t...
Page 354
G lobal a dministrator s ection c hapter 4: r eporting screen 334 m86 s ecurity u ser g uide the current probe count displays the total number of active probes, and the number of probes created under this account. The maximum probes to run/schedule simultaneously entered on the configuration tab dis...
Page 355
G lobal a dministrator s ection c hapter 4: r eporting screen m86 s ecurity u ser g uide 335 • “category”: select the library category to be probed. This selection generates a report with data for the specified library category. Tip : select “approved content” from the drop-down menu to probe instan...
Page 356
G lobal a dministrator s ection c hapter 4: r eporting screen 336 m86 s ecurity u ser g uide view real time probe details click the view tab to view details about active probes: fig. 2:4-13 real time probe reports, view tab the display name shows the name assigned to the probe on the create tab. The...
Page 357
G lobal a dministrator s ection c hapter 4: r eporting screen m86 s ecurity u ser g uide 337 view option if a probe is completed or in progress, clicking view opens the real time information window: fig. 2:4-14 real time information window this window displays the number of minutes left for the prob...
Page 358
G lobal a dministrator s ection c hapter 4: r eporting screen 338 m86 s ecurity u ser g uide • if the probe is currently in progress, clicking stop halts the real time probe and changes this button to “email”. • after the probe is completed, the email button is avail- able instead of the stop button...
Page 359
G lobal a dministrator s ection c hapter 4: r eporting screen m86 s ecurity u ser g uide 339 stop, delete options clicking stop halts the probe and gives it a completed status. This option is also available in the real time infor- mation box via the “stop” button. Clicking delete opens the following...
Page 360: Shadow Log Format
G lobal a dministrator s ection c hapter 4: r eporting screen 340 m86 s ecurity u ser g uide shadow log format shadow log format window the shadow log format window displays when shadow log format is selected from the navigation panel. If the web filter's reporting device is the m86 enterprise repor...
Page 361
G lobal a dministrator s ection c hapter 4: r eporting screen m86 s ecurity u ser g uide 341 auto-detect option by default, “auto-detect” is selected. Using this option, the web filter will search for a connection to an er and identify the software version of the software update applied to that appl...
Page 362
G lobal a dministrator s ection c hapter 4: r eporting screen 342 m86 s ecurity u ser g uide post 2.0 log format option if this web filter currently has the 2.0 or higher software update applied, the post 2.0 log option should be selected, since the er 4.1 or higher software update uses the new log ...
Page 363: Roup
G roup a dministrator s ection i ntroduction m86 s ecurity u ser g uide 343 g roup a dministrator s ection introduction the group administrator section of this user guide is comprised of two chapters that include information on func- tions performed by the group administrator. Chapter 1 includes inf...
Page 364: Chapter 1: Policy Screen
G roup a dministrator s ection c hapter 1: p olicy screen 344 m86 s ecurity u ser g uide chapter 1: policy screen group administrators use policy screen windows to add members to a master ip group, create sub-groups and/or individual ip members, and define and maintain members’ filtering profiles. A...
Page 365
G roup a dministrator s ection c hapter 1: p olicy screen m86 s ecurity u ser g uide 345 ip refresh refresh the master ip group, member click refresh whenever a change has been made to the master ip group or member level of the tree. Fig. 3:1-2 policy screen, ip menu.
Page 366: Master Ip Group
G roup a dministrator s ection c hapter 1: p olicy screen 346 m86 s ecurity u ser g uide master ip group master ip group includes options for defining and main- taining group accounts, setting up an override account and/ or exception urls to bypass global settings, and uploading or downloading ip pr...
Page 367
G roup a dministrator s ection c hapter 1: p olicy screen m86 s ecurity u ser g uide 347 to change the password for this group: 1. Enter the password in the password and confirm pass- word fields , using eight to 20 characters and at least one alpha character, one numeric character, and one special ...
Page 368
G roup a dministrator s ection c hapter 1: p olicy screen 348 m86 s ecurity u ser g uide add the ip address of the member if using the invisible or router mode: 1. Specify whether to add an ip address range with or without a netmask by selecting either “source ip” or “source ip start / end”. • if “s...
Page 369
G roup a dministrator s ection c hapter 1: p olicy screen m86 s ecurity u ser g uide 349 override account window the override account window displays when override account is selected from the menu. This window is used for creating an override account that allows an end user from a master ip group t...
Page 370
G roup a dministrator s ection c hapter 1: p olicy screen 350 m86 s ecurity u ser g uide see appendix c: override pop-up blockers for information on how a user with an override account can authenticate if a pop-up blocker is installed on his/her workstation. Add an override account to create an over...
Page 371
G roup a dministrator s ection c hapter 1: p olicy screen m86 s ecurity u ser g uide 351 category profile the rule tab is used for creating the categories portion of the override account profile. Fig. 3:1-6 override account window, rule tab to create the category profile: 1. Select a filtering rule ...
Page 372
G roup a dministrator s ection c hapter 1: p olicy screen 352 m86 s ecurity u ser g uide in the adult content category group some of the library catego- ries have a block setting and other library categories have a warn setting, there would be no category group filter setting, since all library cate...
Page 373
G roup a dministrator s ection c hapter 1: p olicy screen m86 s ecurity u ser g uide 353 • in the quota column, enter the number of minutes the user will be able to access the library group/category. The minimum number of minutes is “1” and the maximum is “1439” (one day minus one minute). The numbe...
Page 374
G roup a dministrator s ection c hapter 1: p olicy screen 354 m86 s ecurity u ser g uide redirect url the redirect tab is used for specifying the url to be used for redirecting the user if he/she attempts to access a site or service set up to be blocked. Fig. 3:1-7 override account window, redirect ...
Page 375
G roup a dministrator s ection c hapter 1: p olicy screen m86 s ecurity u ser g uide 355 filter options the filter options tab is used for specifying which filter option(s) will be applied to the override account profile. Fig. 3:1-8 override account window, filter options tab click the checkbox(es) ...
Page 376
G roup a dministrator s ection c hapter 1: p olicy screen 356 m86 s ecurity u ser g uide aol’s “strict” safesearch filtering option will be used whenever the end user performs a google, bing.Com, yahoo!, youtube, ask.Com, or aol web search or image search. Warning : if this option is used in conjunc...
Page 377
G roup a dministrator s ection c hapter 1: p olicy screen m86 s ecurity u ser g uide 357 note : to set up url keywords in a url keywords window, see the url keywords window in chapter 2. Edit an override account change the password to change an override account’s password: 1. In the current accounts...
Page 378
G roup a dministrator s ection c hapter 1: p olicy screen 358 m86 s ecurity u ser g uide delete an override account to delete an override account: 1. In the current accounts frame, select the username from the list box. 2. Click remove . Group profile window the group profile window displays when gr...
Page 379
G roup a dministrator s ection c hapter 1: p olicy screen m86 s ecurity u ser g uide 359 fig. 3:1-9 group profile window, profile tab note : in order to use this tab, filtering rules profiles must already have been set up by the global administrator. By default, “rule0 minimum filtering level” displ...
Page 380
G roup a dministrator s ection c hapter 1: p olicy screen 360 m86 s ecurity u ser g uide tip : in the category groups tree, double-click the group enve- lope to open that segment of the tree and to view library catego- ries belonging to that group. Note : if a category group does not display any fil...
Page 381
G roup a dministrator s ection c hapter 1: p olicy screen m86 s ecurity u ser g uide 361 4. To use the quota feature to restrict the end user’s access to a passed library group/category, do the following: • in the quota column, enter the number of minutes the user will be able to access the library ...
Page 382
G roup a dministrator s ection c hapter 1: p olicy screen 362 m86 s ecurity u ser g uide redirect url redirect url displays when the redirect url tab is clicked. This tab is used for specifying the url to be used for redirecting users who attempt to access a site or service set up to be blocked at t...
Page 383
G roup a dministrator s ection c hapter 1: p olicy screen m86 s ecurity u ser g uide 363 filter options filter options displays when the filter options tab is clicked. This tab is used for specifying which filter option(s) will be applied to the group’s filtering profile. Fig. 3:1-11 group profile w...
Page 384
G roup a dministrator s ection c hapter 1: p olicy screen 364 m86 s ecurity u ser g uide note : see the x strikes blocking window in chapter 1: system screen of the global administrator section for information on setting up the x strikes blocking feature. Google/bing/yahoo!/youtube/ask/aol safe sear...
Page 385
G roup a dministrator s ection c hapter 1: p olicy screen m86 s ecurity u ser g uide 365 notes : search engine keyword filtering relies on an exact keyword match. For example, if the word “sex” is set up to be blocked, but “sexes” is not set up to be blocked, a search will be allowed on “sexes” but ...
Page 386
G roup a dministrator s ection c hapter 1: p olicy screen 366 m86 s ecurity u ser g uide exception url window the exception url window displays when exception url is selected from the group menu. This window is used for blocking group members’ access to specified urls and/or for letting group member...
Page 387
G roup a dministrator s ection c hapter 1: p olicy screen m86 s ecurity u ser g uide 367 valid url entries the following types of url entries are accepted in this window: • formats such as: http://www.Coors.Com , www.Coors.Com , or coors.Com • ip address - e.G. "209.247.228.221" in http:// 209.247.2...
Page 388
G roup a dministrator s ection c hapter 1: p olicy screen 368 m86 s ecurity u ser g uide add urls to block url or bypass url frame to block or bypass specified urls, in the block url or the bypass url frame: 1. Type the url to be blocked in the block urls field, or the url to be bypassed in the bypa...
Page 389
G roup a dministrator s ection c hapter 1: p olicy screen m86 s ecurity u ser g uide 369 empty checkbox for each entry in the table. Check the checkbox corresponding to a url entry you want to designate as being case-specific. The url entry made by the end user must exactly match this entry in order...
Page 390
G roup a dministrator s ection c hapter 1: p olicy screen 370 m86 s ecurity u ser g uide • “url cannot be added due to conflicts” - preceded by the red circle icon with a line through it, this type of conflict indicates the url is already included in the exception url list. Url can be added, but con...
Page 391
G roup a dministrator s ection c hapter 1: p olicy screen m86 s ecurity u ser g uide 371 remove urls from block url or bypass url frame to remove urls from the block url or the bypass url frame: 1. Select a url to be removed from the block url / bypass url list box; your selection populates the bloc...
Page 392
G roup a dministrator s ection c hapter 1: p olicy screen 372 m86 s ecurity u ser g uide 3. Click remove selected to close the window and to remove your selection(s) from the appropriate url list box. Apply settings click apply to apply your settings after adding or removing any urls. Time profile w...
Page 393
G roup a dministrator s ection c hapter 1: p olicy screen m86 s ecurity u ser g uide 373 add a time profile to create a time profile: 1. Click add to open the adding time profile box: fig. 3:1-17 adding time profile 2. Type in three to 20 alphanumeric characters—the under- score ( _ ) character can ...
Page 394
G roup a dministrator s ection c hapter 1: p olicy screen 374 m86 s ecurity u ser g uide a. Select from a list of time slots incremented by 15 minutes: “12:00” to “11:45”. By default, the start field displays the closest 15-minute future time, and the end field displays a time that is one hour ahead...
Page 395
G roup a dministrator s ection c hapter 1: p olicy screen m86 s ecurity u ser g uide 375 if 5 is entered, this profile will be used every five days at the specified time. • weekly - if this selection is made, enter the interval for the weeks this time profile will be used, and specify the day(s) of ...
Page 396
G roup a dministrator s ection c hapter 1: p olicy screen 376 m86 s ecurity u ser g uide first enter the year(s) for the interval. By default “ 1 ” displays, indicating this time profile will be used each year. Next, choose from one of two options to specify the day of the month for the interval: • ...
Page 397
G roup a dministrator s ection c hapter 1: p olicy screen m86 s ecurity u ser g uide 377 7. Click each of the tabs (rule, redirect, filter options, exception) and specify criteria to complete the time profile. (see category profile, redirect url, filter options, and exception url in this sub-section...
Page 398
G roup a dministrator s ection c hapter 1: p olicy screen 378 m86 s ecurity u ser g uide category profile the rule tab is used for creating the categories portion of the time profile. Fig. 3:1-19 time profile window, rule tab note : see the override account window, category profile sub- section in t...
Page 399
G roup a dministrator s ection c hapter 1: p olicy screen m86 s ecurity u ser g uide 379 redirect url the redirect tab is used for specifying the url to be used for redirecting users who attempt to access a site or service set up to be blocked. Fig. 3:1-20 time profile window, redirect url tab note ...
Page 400
G roup a dministrator s ection c hapter 1: p olicy screen 380 m86 s ecurity u ser g uide filter options the filter options tab is used for specifying which filter option(s) will be applied to the time profile. Fig. 3:1-21 time profile window, filter options tab note : see the override account window...
Page 401
G roup a dministrator s ection c hapter 1: p olicy screen m86 s ecurity u ser g uide 381 exception url the exception tab is used for allowing users to be blocked from accessing specified urls and/or to be allowed to access specified urls blocked at the minimum filtering level. Fig. 3:1-22 time profi...
Page 402
G roup a dministrator s ection c hapter 1: p olicy screen 382 m86 s ecurity u ser g uide approved content the approved content tab is used for enabling/disabling the approved content feature for users to view specific youtube or schooltube videos from a designated portal or from vusafe. If this feat...
Page 403
G roup a dministrator s ection c hapter 1: p olicy screen m86 s ecurity u ser g uide 383 modify a time profile to modify an existing time profile: 1. Select the time profile from the current time profiles list box. 2. Click view/modify to open the modify time profiles window. 3. Make modifications i...
Page 404
G roup a dministrator s ection c hapter 1: p olicy screen 384 m86 s ecurity u ser g uide approved content settings window the approved content settings window displays when approved content (incl. Vusafe) is selected from the group menu. This window is used for granting users access to a specified s...
Page 405
G roup a dministrator s ection c hapter 1: p olicy screen m86 s ecurity u ser g uide 385 note : if pattern blocking is enabled (system > control > filter > service control frame), then the filtering profile must "allow" the flash video (flv) pattern (category groups > bandwidth > streaming media > f...
Page 406
G roup a dministrator s ection c hapter 1: p olicy screen 386 m86 s ecurity u ser g uide if the global group has the “enable approved content (incl. Vusafe)” option disabled, the message “pass- keys are currently disabled” displays, and any pass- keys listed for the global group will not be inherite...
Page 407
G roup a dministrator s ection c hapter 1: p olicy screen m86 s ecurity u ser g uide 387 upload/download ip profile window the ip profile management window displays when upload/ download ip profile is selected from the group menu. This window is used for uploading or downloading a text file containi...
Page 408
G roup a dministrator s ection c hapter 1: p olicy screen 388 m86 s ecurity u ser g uide note : leave the refresh page open until the file containing the profile has been uploaded. 2. Click browse... To open the choose file window in which you find and select the file containing the ip profiles to b...
Page 409
G roup a dministrator s ection c hapter 1: p olicy screen m86 s ecurity u ser g uide 389 download profile if profiles have been created and/or uploaded to the server: 1. Click download profile to open a browser window containing the profiles: fig. 3:1-28 download ip profiles window the contents of t...
Page 410
G roup a dministrator s ection c hapter 1: p olicy screen 390 m86 s ecurity u ser g uide add sub group add an ip sub group from the group menu: 1. Click add sub group to open the create sub group dialog box: fig. 3:1-29 create sub group box 2. Enter the group name for the sub-group. Notes : the name...
Page 411
G roup a dministrator s ection c hapter 1: p olicy screen m86 s ecurity u ser g uide 391 add individual ip add an individual ip member from the group menu: 1. Click add individual ip to open the create individual ip dialog box: fig. 3:1-30 create individual ip box 2. Enter the member name for the in...
Page 412
G roup a dministrator s ection c hapter 1: p olicy screen 392 m86 s ecurity u ser g uide delete group delete a master ip group profile to delete a group profile, choose delete group from the group menu. This action removes the master ip group from the tree. Paste sub group the paste sub group functi...
Page 413: Sub Group
G roup a dministrator s ection c hapter 1: p olicy screen m86 s ecurity u ser g uide 393 sub group sub group includes options for creating and maintaining the filtering profile for the sub-group. Click the sub-group’s link to view a menu of sub-topics: sub group details, members, sub group profile, ...
Page 414
G roup a dministrator s ection c hapter 1: p olicy screen 394 m86 s ecurity u ser g uide • ip range • member ip address and netmask or ip address range add ip sub-group details if the sub-group was not previously defined, the fields in the ip address frame and the apply button remain activated. Fig....
Page 415
G roup a dministrator s ection c hapter 1: p olicy screen m86 s ecurity u ser g uide 395 members window the members window displays when members is selected from the menu. This window is used for modifying the sub- group’s member ip address, if using the invisible or router mode. Fig. 3:1-34 members...
Page 416
G roup a dministrator s ection c hapter 1: p olicy screen 396 m86 s ecurity u ser g uide modify sub-group members the modify sub group member frame is comprised of the ip address frame. 1. Specify whether to add or edit an ip address range with or without a netmask by selecting either “member ip” or...
Page 417
G roup a dministrator s ection c hapter 1: p olicy screen m86 s ecurity u ser g uide 397 exception url window the exception url window displays when exception url is selected from the sub-group menu. This window is used for blocking sub-group members’ access to specified urls and/or for letting sub-...
Page 418
G roup a dministrator s ection c hapter 1: p olicy screen 398 m86 s ecurity u ser g uide approved content settings window the approved content settings window displays when approved content (incl. Vusafe) is selected from the sub- group menu. This window is used for granting access to a specified se...
Page 419
G roup a dministrator s ection c hapter 1: p olicy screen m86 s ecurity u ser g uide 399 delete sub group delete an ip sub-group to delete a sub-group, choose delete sub group from the sub-group menu. This action removes the sub-group from the tree. Copy sub group the copy sub group function is used...
Page 420: Individual Ip
G roup a dministrator s ection c hapter 1: p olicy screen 400 m86 s ecurity u ser g uide individual ip individual ip includes options for creating and maintaining the filtering profile for the individual ip member. Click the individual ip member’s link to view a menu of sub-topics: members, individu...
Page 421
G roup a dministrator s ection c hapter 1: p olicy screen m86 s ecurity u ser g uide 401 enter the ip address of the member in the modify individual group member frame: 1. Enter the ip address in the member field. 2. Click modify to apply your changes. Individual ip profile window the individual ip ...
Page 422
G roup a dministrator s ection c hapter 1: p olicy screen 402 m86 s ecurity u ser g uide note : see the time profile window in the master ip group sub- section of this chapter for information on entries that can be made for the following components of the filtering profile: category profile, redirec...
Page 423: Chapter 2: Library Screen
G roup a dministrator s ection c hapter 2: l ibrary screen m86 s ecurity u ser g uide 403 chapter 2: library screen group administrators use windows and dialog boxes in the library screen to look up urls and to add and maintain custom library categories for a group. Library categories are used when ...
Page 424: Library Lookup
G roup a dministrator s ection c hapter 2: l ibrary screen 404 m86 s ecurity u ser g uide library lookup library lookup window the library lookup window displays when library lookup is selected from the navigation panel. This window is used for verifying whether or not a url or search engine keyword...
Page 425
G roup a dministrator s ection c hapter 2: l ibrary screen m86 s ecurity u ser g uide 405 look up a url 1. In the url lookup frame, enter the url . For example, enter http://www.Coors.Com , coors.Com , or use a wild- card by entering *.Coors.Com . A wildcard entry finds all urls containing text that...
Page 426: Custom Categories
G roup a dministrator s ection c hapter 2: l ibrary screen 406 m86 s ecurity u ser g uide look up a search engine keyword to see if a search engine keyword or keyword phrase has been included in any library category: 1. In the search engine keyword lookup frame, enter the search engine keyword or ke...
Page 427
G roup a dministrator s ection c hapter 2: l ibrary screen m86 s ecurity u ser g uide 407 warning : the maximum number of categories that can be saved is 512. This figure includes both m86 supplied categories and custom categories. Add category a unique custom library category should be created only...
Page 428
G roup a dministrator s ection c hapter 2: l ibrary screen 408 m86 s ecurity u ser g uide new custom category, the group name displays in paren- theses after the long name. Tip : if this is the first custom category you are adding, you may need to double-click “custom categories” to open the tree li...
Page 429: Custom Library Category
G roup a dministrator s ection c hapter 2: l ibrary screen m86 s ecurity u ser g uide 409 custom library category when a custom library category is created, its long name displays in the custom categories tree list. Click the custom library category link to view a menu of sub-topics: library details...
Page 430
G roup a dministrator s ection c hapter 2: l ibrary screen 410 m86 s ecurity u ser g uide fig. 3:2-6 library details window view, edit library details the following display and cannot be edited: custom cate- gories group name and library category short name . 1. The long description name displays an...
Page 431
G roup a dministrator s ection c hapter 2: l ibrary screen m86 s ecurity u ser g uide 411 urls window the urls window displays when urls is selected from the custom library category’s menu of sub-topics. This window is used for viewing, adding and/or removing a url from a custom library category’s m...
Page 432
G roup a dministrator s ection c hapter 2: l ibrary screen 412 m86 s ecurity u ser g uide view a list of urls in the library category to view a list of all urls that either have been added or deleted from the master url list or master wildcard url list: 1. Click the view tab. 2. Make a selection fro...
Page 433
G roup a dministrator s ection c hapter 2: l ibrary screen m86 s ecurity u ser g uide 413 add or remove urls or wildcard urls the action tab is used for making entries in the urls window for adding or removing a url or wildcard url, uploading a master url list or master wildcard url list, or reloadi...
Page 434
G roup a dministrator s ection c hapter 2: l ibrary screen 414 m86 s ecurity u ser g uide tip : multiple urls can be selected by clicking each url while pressing the ctrl key on your keyboard. Blocks of urls can be selected by clicking the first url, and then pressing the shift key on your keyboard ...
Page 435
G roup a dministrator s ection c hapter 2: l ibrary screen m86 s ecurity u ser g uide 415 remove a url from the library category to remove a url or wildcard url from the library category: 1. Click the action tab. 2. Enter the url in the edit url list frame or edit wild- card url list frame, as perti...
Page 436
G roup a dministrator s ection c hapter 2: l ibrary screen 416 m86 s ecurity u ser g uide tip : a url text file must contain one url per line. Warning : the text file uploaded to the server will overwrite the current file. Note : before the file is uploaded to the server, it will first be vali- date...
Page 437
G roup a dministrator s ection c hapter 2: l ibrary screen m86 s ecurity u ser g uide 417 a. Go to the ip lookup options section and click the radio button corresponding to the option to be used when uploading the file: • “upload the file with ip lookup” - if this option is selected, ip addresses th...
Page 438
G roup a dministrator s ection c hapter 2: l ibrary screen 418 m86 s ecurity u ser g uide 3. Select the file to be uploaded. Tip : a wildcard url text file must contain one wildcard url per line. Warning : the text file uploaded to the server will overwrite the current file. Note : before the file i...
Page 439
G roup a dministrator s ection c hapter 2: l ibrary screen m86 s ecurity u ser g uide 419 note : in order for the urls to take effect, library categories must be reloaded. Reload the library after all changes have been made to library windows, click reload library to refresh. Note : since reloading ...
Page 440
G roup a dministrator s ection c hapter 2: l ibrary screen 420 m86 s ecurity u ser g uide note : if the feature for url keyword filtering is not enabled in a filtering profile, url keywords can be added in this window but url keyword filtering will not be in effect for the user(s). (see the filter o...
Page 441
G roup a dministrator s ection c hapter 2: l ibrary screen m86 s ecurity u ser g uide 421 upload a list of url keywords to the library to upload a text file containing url keyword additions: 1. In the upload master url keyword file frame, click upload master to open the upload library keyword window...
Page 442
G roup a dministrator s ection c hapter 2: l ibrary screen 422 m86 s ecurity u ser g uide search engine keywords window the search engine keywords window displays when search engine keywords is selected from the custom library category’s menu of sub-topics. This window is used for adding and removin...
Page 443
G roup a dministrator s ection c hapter 2: l ibrary screen m86 s ecurity u ser g uide 423 able to run a search on a subject such as “cotton gin”. However, if the word “sex” is set up to be blocked, a search will be allowed on “sexes” but not “sex” since a search engine keyword must exactly match a w...
Page 444
G roup a dministrator s ection c hapter 2: l ibrary screen 424 m86 s ecurity u ser g uide upload a master list of search engine keywords to upload a master list containing search engine keyword/ phrase additions: 1. In the upload search keywords file frame, click upload master to open the upload lib...
Page 445: Ppendices
A ppendices s ection a ppendix a m86 s ecurity u ser g uide 425 a ppendices s ection appendix a filtering profile format and rules a filtering profile must be set up in a specified format, containing the following items: 1. The username or group name 2. Ip address 3. Filtering profile criteria: • ru...
Page 446
A ppendices s ection a ppendix a 426 m86 s ecurity u ser g uide rule criteria rule criteria consists of selections made from the following lists of codes that are used in profile strings: • port command codes: a = filter all ports b = filter the defined port number(s) i = open all ports j = open the...
Page 447
A ppendices s ection a ppendix a m86 s ecurity u ser g uide 427 • category command codes: category command codes must be entered in the following order: j, r, m, i. “passed” should either be entered after j, r, or m, or after a string of category codes following j, r, or m. J = positioned before the...
Page 448
A ppendices s ection a ppendix a 428 m86 s ecurity u ser g uide • filter option codes: • 0x1 = exception url query (always enabled) • 0x2 = x strikes blocking • 0x4 = google/bing/yahoo!/youtube/ask/aol safe search enforcement • 0x100 = search engine keyword • 0x200 = url keyword • 0x1000= extend url...
Page 449: Appendix B
A ppendices s ection a ppendix b m86 s ecurity u ser g uide 429 appendix b create a custom block page m86 offers ways for you to customize the block page so that the page can have a different look while retaining the infor- mation/functionality provided in m86’s default block page. Note : the soluti...
Page 450
A ppendices s ection a ppendix b 430 m86 s ecurity u ser g uide http://[:]/ ?Url=&ip= ip>&cat=&user= 2. Exclude filtering ip 1. Go to: gui: policy > global group > range to detect 2. Input the ip address under “destination ip” > ”exclude ip” without excluding this ip address, the web filter may capt...
Page 451
A ppendices s ection a ppendix b m86 s ecurity u ser g uide 431 show m86’s information in the block page (optional) the following information is passed to the through the query string: implement the “further option” (optional) the “further option” is included in m86’s default block page. If used, th...
Page 452
A ppendices s ection a ppendix b 432 m86 s ecurity u ser g uide customized block page examples the examples in the reference portion of this appendix illustrate how form data is parsed and posted in the custom- ized block page. Examples include: 1. Html (using java script to parse/post form data) 2....
Page 453
A ppendices s ection a ppendix b m86 s ecurity u ser g uide 433 reference html function parsedata(str, start, end) { result = ""; i = str.Indexof(start); if (i >= 0) { len = str.Length; substr = str.Substr(i+start.Length, len - start.Length); j = substr.Indexof(end); if ( j > 0) { result = substr.Su...
Page 454
A ppendices s ection a ppendix b 434 m86 s ecurity u ser g uide user = parsedata(query, "user=", "&"); document.Block.User.Value = user; } } function showdata(){ document.Write("url:" + document.Block.Url.Value + ""); document.Write("ip:" + document.Block.Ip.Value + ""); document.Write("cat:" + docu...
Page 455
A ppendices s ection a ppendix b m86 s ecurity u ser g uide 435 cgi written in perl there are two methods for cgi written in perl: one lets you embed data in the query string to pass data to the options cgi, and the other lets you use java script to post form data to the options cgi. Embed data in q...
Page 456
A ppendices s ection a ppendix b 436 m86 s ecurity u ser g uide print "for further options, :81/ cgi/ block.Cgi?Url=$url&ip=$ip&cat=$cat&user=$user&step=step2\">click here"; print " "; print " "; use java script to post form data #!/usr/bin/perl # original filename: cusp_block2.Cgi # file type...
Page 457
A ppendices s ection a ppendix b m86 s ecurity u ser g uide 437 print " print " print " value=\"_block_site_\">"; print ""; print ""; print ""; print ""; print ""; print "web filter customized block page (cgi written with perl using java script to post form data)"; print "url: $url";...
Page 458
A ppendices s ection a ppendix b 438 m86 s ecurity u ser g uide cgi written in c /* * cusc_block.C * description: sample c source code of cgi for customized block page * replace with real ip and recompile before using * revision: 1 * date: 03/08/2004 */ #include struct { char *name; char *val; } ent...
Page 459
A ppendices s ection a ppendix b m86 s ecurity u ser g uide 439 unescape_url(paramv); paramn = (char *)makeword(paramv, '='); to_upper(paramn); if (strcmp(paramn, "ip") == 0) strcpy(szip, paramv); else if (strcmp(paramn, "url") == 0) strcpy(szurl, paramv); else if (strcmp(paramn, "cat") == 0) strcpy...
Page 460
A ppendices s ection a ppendix b 440 m86 s ecurity u ser g uide { printf(""); printf(" printf(""); printf("function do_options()"); printf("{"); printf("document.Block.Action=\"http://:81/cgi/ block.Cgi\""); printf("document.Block.Submit()"); printf("}"); printf(""); printf(""); pr...
Page 461
A ppendices s ection a ppendix b m86 s ecurity u ser g uide 441 { url[x] = x2c(&url[y+1]); y+=2; } } url[x] = '\0'; } char x2c(char *what) { register char digit; digit = (what[0] >= 'a' ? ((what[0] & 0xdf) - 'a')+10 : (what[0] - '0')); digit *= 16; digit += (what[1] >= 'a' ? ((what[1] & 0xdf) - 'a')...
Page 462
A ppendices s ection a ppendix b 442 m86 s ecurity u ser g uide char *word; int ll; wsize = 102400; ll=0; word = (char *) malloc(sizeof(char) * (wsize + 1)); while(1) { word[ll] = (char)fgetc(f); if(ll==wsize) { word[ll+1] = '\0'; wsize+=102400; word = (char *)realloc(word,sizeof(char)*(wsize+1)); }...
Page 463
A ppendices s ection a ppendix b m86 s ecurity u ser g uide 443 } void getquery(char *paramd, char **paramv) { if (paramd == null) *paramv = null; else *paramv = (char *)strtok(paramd, "&"); } void getnextquery(char **paramv) { *paramv = (char *)strtok(null, "&"); }.
Page 464: Appendix C
A ppendices s ection a ppendix c 444 m86 s ecurity u ser g uide appendix c override pop-up blockers an override account user with pop-up blocking software installed on his/her workstation will need to temporarily disable pop-up blocking in order to authenticate him/herself via the options page: fig....
Page 465
A ppendices s ection a ppendix c m86 s ecurity u ser g uide 445 yahoo! Toolbar pop-up blocker if pop-up blocking is enabled 1. In the options page (see fig. C-1), enter your username and password . 2. Press and hold the ctrl key on your keyboard while simultaneously clicking the override button—this...
Page 466
A ppendices s ection a ppendix c 446 m86 s ecurity u ser g uide fig. C-3 allow pop-ups from source 3. Select the source from the sources of recently blocked pop-ups list box to activate the allow button. 4. Click allow to move the selected source to the always allow pop-ups from these sources list b...
Page 467
A ppendices s ection a ppendix c m86 s ecurity u ser g uide 447 google toolbar pop-up blocker if pop-up blocking is enabled 1. In the options page (see fig. C-1), enter your username and password . 2. Press and hold the ctrl key on your keyboard while simultaneously clicking the override button—this...
Page 468: Adwaresafe Pop-Up Blocker
A ppendices s ection a ppendix c 448 m86 s ecurity u ser g uide adwaresafe pop-up blocker if pop-up blocking is enabled 1. In the options page (see fig. C-1), enter your username and password . 2. Press and hold the ctrl key on your keyboard while simultaneously clicking the override button—this act...
Page 469
A ppendices s ection a ppendix c m86 s ecurity u ser g uide 449 mozilla firefox pop-up blocker add override account to the white list 1. From the firefox browser, go to the toolbar and select tools > options to open the options dialog box. 2. Click the content tab at the top of this box to open the ...
Page 470
A ppendices s ection a ppendix c 450 m86 s ecurity u ser g uide fig. C-7 mozilla firefox pop-up window exceptions 4. Enter the address of the web site to let the override account window pass. 5. Click allow to add the url to the list box section below. 6. Click close to close the allowed sites - pop...
Page 471
A ppendices s ection a ppendix c m86 s ecurity u ser g uide 451 windows xp sp2 pop-up blocker set up pop-up blocking there are two ways to enable the pop-up blocking feature in the ie browser. Use the internet options dialog box 1. From the ie browser, go to the toolbar and select tools > internet o...
Page 472
A ppendices s ection a ppendix c 452 m86 s ecurity u ser g uide use the ie toolbar in the ie browser, go to the toolbar and select tools > pop- up blocker > turn on pop-up blocker : fig. C-9 toolbar setup when you click turn on pop-up blocker, this menu selec- tion changes to turn off pop-up blocker...
Page 473
A ppendices s ection a ppendix c m86 s ecurity u ser g uide 453 add override account to the white list there are two ways to disable pop-up blocking for the over- ride account and to add the override account to your white list. Use the ie toolbar 1. With pop-up blocking enabled, go to the toolbar an...
Page 474
A ppendices s ection a ppendix c 454 m86 s ecurity u ser g uide use the information bar with pop-up blocking enabled, the information bar can be set up and used for viewing information about blocked pop- ups or allowing pop-ups from a specified site. Set up the information bar 1. Go to the toolbar a...
Page 475
A ppendices s ection a ppendix c m86 s ecurity u ser g uide 455 3. Click the information bar for settings options: fig. C-12 information bar menu options 4. Select always allow pop-ups from this site—this action opens the allow pop-ups from this site? Dialog box: fig. C-13 allow pop-ups dialog box 5...
Page 476: Appendix D
A ppendices s ection a ppendix d 456 m86 s ecurity u ser g uide appendix d configure the web filter for reporting when configuring the web filter to be used with an sr or er unit, the following procedures must be completed in order for the sr or er to receive logs from the web filter. Entries in the...
Page 477
A ppendices s ection a ppendix d m86 s ecurity u ser g uide 457 note : to remove an ip address from the list box, select it and click remove. 4. After the sr / er has been configured, and logs have been transferred from the web filter to the sr / er, click the log tab to view transfer activity. 5. O...
Page 478
A ppendices s ection a ppendix d 458 m86 s ecurity u ser g uide entries in the sr, er administrator console to see if log files have transferred: 1. Access the sr / er’s administrator console. 2. From the database pull-down menu, choose tools to display the tools screen. 3. From the database status ...
Page 479: Appendix E
A ppendices s ection a ppendix e m86 s ecurity u ser g uide 459 appendix e raid and hardware maintenance this appendix is divided into three parts: hardware compo- nents, server interface, and troubleshooting—in the event of a failure in one of the drives, power supplies, or fans. Note : as part of ...
Page 480
A ppendices s ection a ppendix e 460 m86 s ecurity u ser g uide • fltr = filtering status • libr = library update status • raid = hard drive status • updt = software update status led indicator chart below is a chart of led indicators in the “sl” and “hl” unit: led indicator color condition descript...
Page 481
A ppendices s ection a ppendix e m86 s ecurity u ser g uide 461 front control panels on sl and hl units control panel buttons, icons, and led indicators display on the right side of the front panel. The buttons let you perform a function on the unit, while an led indicator corresponding to an icon a...
Page 482
A ppendices s ection a ppendix e 462 m86 s ecurity u ser g uide nic2 (icon) – a flashing green led indicates net- work activity on lan2. The led is a steady green with link connectivity, and unlit if there with no link connectivity. Nic1 (icon) – a flashing green led indicates net- work activity on ...
Page 483
A ppendices s ection a ppendix e m86 s ecurity u ser g uide 463 rear panels on hl units uid (led indicator) – on the rear of the “hl” chassis, to the left of the power supplies, a steady blue uid led indicator displays when the uid button on the control panel is pressed. This led remains lit until t...
Page 484
A ppendices s ection a ppendix e 464 m86 s ecurity u ser g uide part 3: troubleshooting the text in this section explains how the server alerts the administrator to a failed component, and what to do in the event of a failure. Hard drive failure step 1: review the notification email if a hard drive ...
Page 485
A ppendices s ection a ppendix e m86 s ecurity u ser g uide 465 step 2: verify the failed drive in the admin console the hardware failure detection window in the adminis- trator console is accessible via the system > hardware failure detection menu selection: fig. E-1 hardware failure detection wind...
Page 486
A ppendices s ection a ppendix e 466 m86 s ecurity u ser g uide step 3: replace the failed hard drive after verifying the failed hard drive in the administrator console, go to the server to replace the drive. Press the red release button to release the handle on the carrier, and then extend the hand...
Page 487
A ppendices s ection a ppendix e m86 s ecurity u ser g uide 467 step 4: rebuild the hard drive once the failed hard drive has been replaced, return to the hardware failure detection window in the administrator console, and click rebuild to proceed with the rebuild process. Warning : when the raid ar...
Page 488
A ppendices s ection a ppendix e 468 m86 s ecurity u ser g uide step 3: replace the failed power supply remove the failed power supply by locating the red release tab (1) and pushing it to the right (2), then lifting the curved metal handle and pulling the power supply module towards you (3). Note t...
Page 489
A ppendices s ection a ppendix e m86 s ecurity u ser g uide 469 fan failure identify a fan failure a flashing red led indicates a fan failure. If this displays on your unit, contact technical support for an rma (return merchandise authorization) number and for instructions on returning the unit to m...
Page 490: Appendix F
A ppendices s ection a ppendix f 470 m86 s ecurity u ser g uide appendix f glossary this glossary includes definitions for terminology used in this user guide. Always allowed - a filter category or port given this desig- nation in a profile will be included in the white list. However, this setting i...
Page 491
A ppendices s ection a ppendix f m86 s ecurity u ser g uide 471 global administrator - an authorized administrator of the network who maintains all aspects of the web filter, except for managing master ip groups and their members, and their associated filtering profiles. The global administrator con...
Page 492
A ppendices s ection a ppendix f 472 m86 s ecurity u ser g uide (ldap) is a directory service protocol based on entries (distinguished names). M86 supplied category - a library category that was created by m86, and includes a list of urls, url keywords, and search engine keywords to be blocked. Mach...
Page 493
A ppendices s ection a ppendix f m86 s ecurity u ser g uide 473 net use - a command that is used for connecting a computer to—or disconnecting a computer from—a shared resource, or displaying information about computer connec- tions. The command also controls persistent net connec- tions. Netbios - ...
Page 494
A ppendices s ection a ppendix f 474 m86 s ecurity u ser g uide protocol - a type of format for transmitting data between two devices. Ldap and smb are types of authentication method protocols. Proxy server - an appliance or software that accesses the internet for the user’s client pc. When a client...
Page 495
A ppendices s ection a ppendix f m86 s ecurity u ser g uide 475 search engine - a program that searches web pages for specified keywords and returns a list of the pages or services where the keywords were found. Service port - service ports can be set up to blocked. Examples of these ports include f...
Page 496
A ppendices s ection a ppendix f 476 m86 s ecurity u ser g uide virtual ip address - the ip address used for communi- cating with all users who log on the network. Vlan - virtual local area network is a network of computers that may be located on different segments of a lan but communicate as if the...
Page 497: Ndex
M86 s ecurity u ser g uide 477 i ndex a account password security 98 setup 95 active connections diagnostic tool 109 active filtering profiles 23 active profile lookup window 116 additional language support window 283 admin audit trail window 120 administrator menu 95 administrator window 95 alert b...
Page 498
I ndex 478 m86 s ecurity u ser g uide block page device 153 block page route table window 93 block setting 27 definition 470 button, terminology 4 c calculator 66 category codes 427 custom categories 406 custom category 25 library 25 m86 supplied category 306 category codes 427 category groups menu ...
Page 499
I ndex m86 s ecurity u ser g uide 479 customer feedback module window 294 customization menu 195 d diagnostics menu 106 dialog box, terminology 4 disk usage diagnostic tool 111 e emergency update log window 289 enterprise reporter 322 , 456 environment requirements 10 eula 220 exception url 381 exce...
Page 500
I ndex 480 m86 s ecurity u ser g uide frame, terminology 5 ftp cfm 294 change log ftp setup 121 proxy setting 280 report configuration 325 g general availability 128 global administrator 1 , 2 add account 95 definition 471 global filtering profile 23 global group 18 category profile 248 default redi...
Page 501
I ndex m86 s ecurity u ser g uide 481 help screen 55 help topics 56 how to configure filtering 72 configure the minimum filtering level 269 bypass options 273 configure the warn option setting 193 customize pages 195 set up a custom category 406 set up a time profile 372 set up an override account g...
Page 502
I ndex 482 m86 s ecurity u ser g uide proxy environment 157 https filtering 75 i individual ip 400 individual ip member add to group 391 definition 471 delete 402 profile type 22 individual ip profile window 401 installation guide 50 instant messaging 31 , 306 definition 471 internet explorer 10 inv...
Page 503
I ndex m86 s ecurity u ser g uide 483 l lan settings window 88 ldap definition 471 led indicators 459 library full url update 282 lookup 291 , 404 manual updates 281 search engine keywords, custom category 422 search engine keywords, m86 supplied category 316 software update 282 update categories 28...
Page 504
I ndex 484 m86 s ecurity u ser g uide er 456 library update 284 out of the r3000 55 r3000 log transfer 321 realtime traffic, usage 112 software updates 135 log off administrator gui 68 log on administrator gui 50 logon management window 102 logon script path block page authentication 80 logon settin...
Page 505
I ndex m86 s ecurity u ser g uide 485 mobile mode definition 472 mode menu 152 n name resolution, definition 472 nat 38 , 142 , 145 definition 473 navigation panel 59 terminology 5 navigation tips 54 net use definition 473 netbios definition 473 network address translation (nat), definition 473 netw...
Page 506
I ndex 486 m86 s ecurity u ser g uide yahoo! Toolbar popup blocking 445 override account window 256 , 349 p p2p definition 473 password expiration 51 , 99 override account 349 unlock ip address 104 unlock username 103 pattern detection whitelist menu 303 pattern detection whitelist window 303 peer-t...
Page 507
I ndex m86 s ecurity u ser g uide 487 q quota definition 474 format 428 quota block page customization window 212 quota notice page customization window 215 quota setting menu 223 quota setting window 223 r radio button, terminology 6 radius definition 474 radius authentication settings menu 172 rad...
Page 508
I ndex 488 m86 s ecurity u ser g uide router mode 15 definition 474 diagram 15 routing table diagnostic tool 109 rule 26 definition 474 rules window 243 s safari 10 screen, terminology 6 search engine definition 475 search engine keyword custom category 422 m86 supplied category 316 search engine ke...
Page 509
I ndex m86 s ecurity u ser g uide 489 software update log window 135 software update management window 218 software update menu 128 software updates 128 source mode 37 , 72 , 142 stand alone mode 37 , 72 , 140 static filtering profiles 22 status window 147 status window, cmc management 221 sub group...
Page 510
I ndex 490 m86 s ecurity u ser g uide threat analysis reporter 29 time profile add 373 definition 475 delete 383 modify 383 profile type 23 time profile window 372 , 397 , 401 time-based profile 79 tolerance timer 182 , 253 , 263 , 356 , 364 tooltips 57 top cpu processes diagnostic tool 109 topic 59...
Page 511
I ndex m86 s ecurity u ser g uide 491 url, same url in multiple categories 298 urls window 307 custom category 411 m86 supplied category 307 usage logs 112 v view log file window 112 virtual ip address, definition 476 vlan 476 vusafe 266 , 470 w warn option setting window 193 warn page customization...
Page 512
I ndex 492 m86 s ecurity u ser g uide.