EdgeWave iPrism Web Security, Administration Manual

Page 1: ...Administration Guide V7 0 800 782 3762 www edgewave com iPrism Web Security...

Page 2: ...tion in the United States and or other countries Other product and company names mentioned herein may be the trademarks of their respective owners The iPrism software and its documentation are copyrig...

Page 3: ...Profiles 9 Proxy Mode 10 Bridge Transparent Mode 11 Using the Management Interface 12 Logging In and Out of iPrism 13 Restarting and Shutting Down iPrism 14 The iPrism Home Page 14 Chapter 3 Profiles...

Page 4: ...ng a Quota 37 Warnings 37 Adding a Warning 38 Editing a Warning 40 Deleting a Warning 40 Access Control Lists ACLs 40 Creating a New Web ACL 40 Creating a New Application ACL 42 Editing an ACL 43 Dele...

Page 5: ...Admin Roles 70 Adding an Admin Role 71 Editing an Admin Role 74 Deleting an Admin Role 75 Exceptions 75 Adding an Exception 75 Editing an Exception 77 Deleting an Exception 77 Remote Users 77 Adding...

Page 6: ...All Other Pages 98 Reporting Logo 99 Customizable Page Tags 100 Directory Services 101 Choosing an Authentication Mechanism 102 Local Authentication 103 LDAP Authentication 103 Setting up the iPrism...

Page 7: ...131 Proxy and Configuration Ports 132 Redirect and HTTPS Ports 133 Proxy 134 Slaving iPrism to a Parent Proxy Proxy Mode 135 Enabling an Upstream Proxy in Bridge transparent Mode 136 HTML Header Handl...

Page 8: ...r Slave Configuration 152 Designating Slave Systems 152 Designating the Master System 153 Changing the Master System 155 Removing a Slave System 156 Using Standalone Mode 156 Upgrading iPrisms in a Ce...

Page 9: ...169 Phishing 169 Spyware Adware 169 Malware 170 Society Category 170 Alt New Age 170 Art Culture 171 Family Issues 171 Government 172 Politics 172 Social Issues 173 Keywords 173 News 173 Classifieds...

Page 10: ...181 Job Employment Search 181 Professional Services 182 Online Auctions 182 Education Category 182 Continuing Education Colleges 182 History 183 K 12 183 Reference Sites 184 Sci Tech 184 Sex Education...

Page 11: ...nfiguring Internet Explorer for Proxy Mode 194 Appendix C iPrism Error Messages 195 iPrism Rating Error 195 iPrism List Update 195 iPrism List Error 196 iPrism Filter Service Expired 196 Access Denied...

Page 12: ...p by step processes for implementing it in your organization It is important to have a thorough understanding of the iPrism appliance itself as well as the bigger picture of how it functions within yo...

Page 13: ...the iPrism is configured on your network e g topology other hardware networking software etc Have your iPrism serial number and registration key information handy Also to help our support staff solve...

Page 14: ...installation from the iPrism technical support team See Knowledgebase Tutorials and Technical Support If your network uses a firewall or other device that masks IP addresses it is important to install...

Page 15: ...alyst who reviews the site and makes the appropriate category designations e g adult nudity profanity government religion drugs games etc To ensure that each iPrism unit is always operating with the v...

Page 16: ...No Shopping during working hours but during lunch and after work anything goes To implement this policy you may create an ACL called NoShopping which blocks all shopping and online auction sites You c...

Page 17: ...lter web surfing or HTTP HTTPS traffic Application Profiles filter IM and P2P usage Each profile is associated with a group of users One way of identifying users is by the IP address of the machine th...

Page 18: ...n the message Note This is not always true If you configure your iPrism and user computers just right you can create a system where each web access message will contain user identification This comple...

Page 19: ...ongs to a blocked category then the user may see an access denied page instead what the user sees is determined by how the iPrism administrator has chosen to handle requests to blocked categories for...

Page 20: ...files Profiles are the elements within iPrism that determine what information is blocked monitored or passed through There are two types of profiles Web Profiles determine which websites are filtered...

Page 21: ...request to the Internet The reply goes back through the iPrism proxy to the user In this mode the iPrism is not able to detect or regulate P2P traffic Proxy mode is best for testing as since the iPris...

Page 22: ...connections This mode is recommended for full network production deployment In this mode iPrism is installed between the firewall and the switch All network traffic destined for the Internet e g email...

Page 23: ...Guide Older versions of iPrism Versions 3 6 and earlier had an additional mode called Router mode This mode had been discontinued Bridge transparent mode is now used in all situations where the iPris...

Page 24: ...tuation where both iPrisms believe the other is not working which results in both becoming active at the same time For more information on configuring and using the management interface refer to the K...

Page 25: ...l remain invisible depending on how the administrator configures it in their network The system may require them to authenticate themselves and if they encounter a blocked site it allows them to reque...

Page 26: ...ll remain on the iPrism until deleted Upon deletion the URL will revert back to its original iGuard database rating Custom filters allow you to restrict or allow access to any file type or website not...

Page 27: ...rs 2 If you want to search for a custom filter type all or part of the filter name and click Search Adding a Custom Filter 1 In the Custom Filters window click Add Chapter 3 Profiles Filters 16 iPrism...

Page 28: ...r check Apply to all sub URLs of this address 5 If you want to have this URL submitted to the EdgeWave iGuard team for rating check Submit this URL to EdgeWave for rating 6 Select the appropriate acti...

Page 29: ...atches this definition allows the content The safe parameter takes the form parameter definition or just definition Valid characters are A Z a z 0 9 _ 8 When you are finished click OK Editing a Custom...

Page 30: ...users local or remote Profiles assigned to a user are always applied to that user regardless of which workstation they log into iPrism uses two types of profiles Web profiles for filtering web or HTT...

Page 31: ...hich machine they use the user will always get the same profile as it is based on their username User level filtering works well in environments where you want some people to have significantly more o...

Page 32: ...or delete them The preconfigured profiles are as follows PassAll This profile allows access to any site without monitoring BlockOffensive This web filtering profile blocks and monitors access to sites...

Page 33: ...new Access Control Lists ACLs or edit existing ACLs For details see Access Control Lists ACLs 4 For each ACL that is part of this profile assign the days times the ACL is in effect a Select an ACL b C...

Page 34: ...Add new Access Control Lists ACLs or edit the existing ACLs For details see Access Control Lists ACLs Note If any of the ACLs contain quotas and or warnings those are not copied Quotas and warnings mu...

Page 35: ...see iPrism s Default Profiles Figure 10 Deleting a Profile Application Profiles Application profiles filter IM and P2P usage To work with application profiles 1 From the iPrism home page select Profil...

Page 36: ...ile To add a profile 1 In the Application Profiles window click Add 2 Enter a name for the profile 3 Add new Access Control Lists ACLs or edit existing ACLs For details see Access Control Lists ACLs C...

Page 37: ...ACL that is part of this profile assign the days times the ACL is in effect a Select an ACL b Click next to a time and drag to highlight the time blocks when the ACL is in effect Chapter 3 Profiles Fi...

Page 38: ...ofiles window select a profile and click Copy 2 Enter a name for the new profile 3 Add new Access Control Lists ACLs or edit the existing ACLs For details see Access Control Lists ACLs 4 For each ACL...

Page 39: ...to Users Users can be authenticated on iPrism in a number of ways See Directory Services for detailed information and instructions Assigning Profiles to a Set of IP Addresses Workstations For detailed...

Page 40: ...o work with Quotas and Warnings 1 From the iPrism home page select Profiles Filters then Quotas Warnings The Quotas and Warnings window appears By default the Show All tab is shown listing all email a...

Page 41: ...e prompted to do so before logging out of iPrism Email Alerts Email Alerts are notifications about specific Internet related events You set them up based on the kinds of events you want to generate th...

Page 42: ...ividual profile or IP address to be subject to the threshold defined below 6 In the Threshold frame select the criteria value and time span that will cause an email alert to be sent Bandwidth KB An em...

Page 43: ...s es of the users to receive the email alert Use commas to separate multiple email addresses 9 Click OK to save this email alert Figure 17 Adding an Email Alert Editing an Email Alert 1 In the Email A...

Page 44: ...ow select the alert to delete 2 Click Delete 3 Click Yes to confirm Quotas Quotas are defined limits for Internet related events You set them up based on the kinds of access you want to limit Once cre...

Page 45: ...lowing message appears Figure 19 Percentage of Quota Reached This message can be customized See Customizable Pages When a user has reached the quota they are not able to access the requested page The...

Page 46: ...quota Value Enter the number of units depends on the criteria for this quota Reset Choose the duration of each unit for this quota For example if you chose Session Duration as the criteria and 60 for...

Page 47: ...dress es of the users to receive email notification when the quota has been reached Use commas to separate multiple email addresses 7 Click OK to save this quota Figure 21 Adding a Quota Once the quot...

Page 48: ...dow select the quota to delete 2 Click Delete 3 Click Yes to confirm Warnings Warnings are notifications about specific Internet related events You define which events generate warnings and how often...

Page 49: ...ng attached to it the following message appears Figure 23 Warning This message can be customized See Customizable Pages Adding a Warning 1 From the Warnings window click Add 2 Enter a name for the war...

Page 50: ...In the ACL Categories frame click Select and choose the categories to be applied to the warning Click OK to return to the Warnings window Note The warning will appear the first time a page from any c...

Page 51: ...traffic will get blocked monitored and or allowed to be accessed Unlike profiles ACLs are not assignable to users or networks they only exist in the context of a profile When creating a new profile a...

Page 52: ...ed an Access Denied page will not be displayed to users when they access the Internet Force browsers to use safe search If this is enabled the iPrism will enable safe search for Google Yahoo Alltheweb...

Page 53: ...Monitor Web pages are supplied to the user Each access is recorded and can be viewed using the reporting system or the Real Time Monitor Click Monitor All to monitor all categories Block Web traffic i...

Page 54: ...e Global Policy Administrator to globally enforce access restrictions on the same categories By using Lock ACL categories can be marked to be blocked and or monitored e g pornography or nudity Lock AC...

Page 55: ...y the Web Profile setting and restrict the login 6 Select whether the Request access link will appear on the Access Denied page You can specify that it does not appear or you can specify that this is...

Page 56: ...ly active overrides and revoke them as desired Figure 27 Current Overrides The following columns are available on the Current Overrides page Expires The date and time at which the override will expire...

Page 57: ...ct the override s and click Revoke Pending Requests When a user is surfing the Internet and receives an Access Denied message for a blocked page they can click Request Access to send a message to the...

Page 58: ...ide access for an unlimited period of time days By typing a number in the box specifies a certain number of days for which this override will be valid Allow access to Path Allows access only to the gi...

Page 59: ...latency and minimal impact on network bandwidth After mobile laptop and or remote users are provisioned see Remote Users for instructions policies are enforced no matter where the users are physicall...

Page 60: ...ideo tutorials on Remote Filtering go to http edgewave com support web_ security recorded_webinars_ilearn asp Using Remote Filtering To use Remote Filtering 1 Upload a remote filtering license key for...

Page 61: ...le you might choose to also include something like The requested page is currently unavailable Your organization has chosen to limit viewing of this site due to the rating of its content 4 If you have...

Page 62: ...r remote users in Unmonitored Network Ranges Specify the range of target ports you do not want to monitor for remote users in Unmonitored Ports Click OK Figure 30 Remote Filtering Exceptions 9 Remote...

Page 63: ...ult profile from the list and click OK Figure 31 Remote Default Behavior 12 You can now set up remote users see Remote Users Note The status of log downloads and policy uploads can be viewed in the Sy...

Page 64: ...Windows or LDAP authentication systems To add change and delete local users 1 From the iPrism home page select Users Networks then Local Users 2 When you have finished modifying local users click Sav...

Page 65: ...ress of the user s com puter 4 If this user is to have administrator privileges select a type of Admin Privileges from the dropdown list Otherwise selectNo access iPrism s administrator levels are Ext...

Page 66: ...ly This user will be allowed access to iPrism s report interface only Single Override Allows a user to grant access to themselves only They cannot grant access to others Super Admin This allows multip...

Page 67: ...imported file 3 In the Duplicate Policy dropdown list select an option to specify how duplicate policies are handled Prompt for action When a duplicate policy is encountered you will be prompted to te...

Page 68: ...omain in System Settings Directory Services you can map the user groups to iPrism s Web Profiles and administrator privileges if no mapping is defined the user will be assigned the Fallback Profile Us...

Page 69: ...this group by selecting a Domain a Web Profile and an Application Access profile 3 Type a name for the group in the Group field 4 Click OK to save your changes 5 When you are finished adding all grou...

Page 70: ...cular list editor is ordered LDAP mapping profiles use Attributes and Subquery Attributes rather than the DOMAIN groupname notation When mapping groups to profiles keep the following principles in min...

Page 71: ...list is not allowed In summary an effective way to view mappings is to set the default profile as what most users will be controlled by Exceptions to the default profile can be configured via mappings...

Page 72: ...e the profiles or privileges of the direct membership group e g Color Printer Users take effect Figure 38 Nested Groups Example Privileges Once iPrism has successfully joined the domain in System Sett...

Page 73: ...ock Unblock Site interface but cannot access the Configuration interface or the Real time Monitor Global Policy Admin This role is a user or login that is in charge of global filtering policies regard...

Page 74: ...sees network traffic it will go down the list looking for a range which matches the IP address associated with the network request If this address is on the 192 168 x x network the first entry in the...

Page 75: ...k Profile the IP Start and IP End range whether the workstation is proxying to iPrism s external interface e g users are connecting to a firewall VPN when iPrism is in bridge transparent mode and the...

Page 76: ...Figure 42 Network Profile Details 3 Click the Authentication tab Figure 43 Authentication Tab Proxy Mode Chapter 4 Users Networks 65 iPrism Administration Guide...

Page 77: ...elected the network profile will be applied to web filtering 6 Configure your authentication mode and settings For detailed explanations of authentication modes and Auto login in both proxy and bridge...

Page 78: ...trunk If you want to make unique policy decisions on a per VLAN basis it is advisable to create a separate network entry for each VLAN on the networks list This will come into play for non authentica...

Page 79: ...istrative session is affected use your browser to reconnect to the iPrism then log in again to continue Figure 45 VLAN Management To toggle VLAN filtering Click the filtering indicator for the VLAN Re...

Page 80: ...ipation on this VLAN Because user machines will be interacting at a TCP level with this address and name the IP address and DNS name must be unique 5 Click OK Editing a VLAN Description 1 In the VLAN...

Page 81: ...ment policies of the entire iPrism to a user To work with administrator roles 1 From the iPrism home page select Users Networks then Admin Roles 2 Add change or delete roles as needed 3 When you are f...

Page 82: ...hat has full reporting access and overrides for the entire iPrism Super User also referred to as Super Admin The Super User Super Admin is the built in account with the username iprism and has all rig...

Page 83: ...types of overrides are available Cannot Override Cannot override blocked pages If this option is selected no other ACL options can be selected in this window click OK to finish Self Only This role ca...

Page 84: ...n you have specified to be used as the default check Set this duration as default Figure 49 Maximum Duration for Overrides 8 Click OK 9 Back on the Access Control List tab check to whom the Admin Role...

Page 85: ...dministrator is overriding the URL request with his her own profile All URLs The user can override any URL 11 Select the Reporting tab to specify Reporting options None This role has no reporting righ...

Page 86: ...eptions are in the iPrism Knowledgebase section on Exceptions Note HTTPS SSL traffic on port 443 is now strictly enforced by default If you do not use SSL but do use port 443 either change the applica...

Page 87: ...T is that requests look like are coming from iPrism only This setting hides the IP addresses of your internal workstations from the Internet transparent mode only No Authentication Traffic destined fo...

Page 88: ...ncluding ICMP and others At least one must be selected 8 Click OK Editing an Exception 1 In the Exceptions window select an exception and click Edit 2 Make changes as needed 3 Click OK to save your ch...

Page 89: ...ate exceptions to that default profile specify those in Client Exceptions Exceptions are specifically identified Machine IDs whereas the default profile applies to all undefined Machine IDs If excepti...

Page 90: ...gure 51 Add Remote User When Remote Filtering is ON see Remote Filtering this user will be able to take advantage of iPrism including having profiles and filtering rules applied to them downloading fi...

Page 91: ...uplicate policies usernames Prompt for action The administrator will specify how to handle each duplicate policy user name Retain existing Retain the existing policy username on the iPrism the policy...

Page 92: ...vated If there are changes you must click Save then click Activate Changes before you can perform an export 3 If there are no changes select a field delimiter comma pipe or tab for the export file Fig...

Page 93: ...ailable Remote Upgrades 2 Set the defaults as they apply to PC and or Mac systems Select Enabled to turn on remote upgrades or Disabled to turn off remote upgrades If remote upgrades are disabled for...

Page 94: ...enter a range of machine IDs use the wildcard only available at the end of the ID Select Enabled to turn the exception setting on or Disabled to turn off this exception setting Figure 55 Remote Upgrad...

Page 95: ...administrative changes click Activate Changes to activate the changes immediately If you do not Activate Changes now you will be prompted to do so before logging out of iPrism Chapter 4 Users Network...

Page 96: ...om reports for IM P2P and URL events Refer to the iPrism Reporting Guide at http www edgewave com support web_ security documentation asp for detailed instructions on how to manage and use the Report...

Page 97: ...access Appliance Updates To access Appliance Updates 1 From the iPrism home page select Maintenance then Appliance Updates 2 Click Hotfix Manager 3 Click Yes to confirm iPrism automatically checks for...

Page 98: ...uninstalled Rebooting after Installing Hotfixes To enable Hotfixes iPrism typically must be rebooted after the Hotfix has been installed When you are done installing a Hotfix you normally see a messa...

Page 99: ...al Support To access the backup and restore options From the iPrism home page select Maintenance then Backup Restore Figure 56 Backup Restore Backing Up Backing up your iPrism configuration stores all...

Page 100: ...ur current configuration before performing this procedure See Backing Up 1 In the Backup Restore window select Restore Factory Configuration from the dropdown list Note This restores iPrism to its out...

Page 101: ...then Event Log 2 To delete records up to and including a given date type that date in the date field or select a date from the calendar Click Delete OR To delete all records in iPrism click Delete Al...

Page 102: ...lows the administrator to run various diagnostic tasks on the iPrism Self check files are often used by iPrism Technical Support to aid in troubleshooting To perform a self check 1 From the iPrism hom...

Page 103: ...tive filtering profile All of the websites included in iPrism s URL database have a site rating based on their content For example a political website would have a rating that included the category Po...

Page 104: ...e down for any reason the tunnel restarts automatically This maintains the tunnel across reboots 1 From the iPrism home page select Maintenance then Support Tunnel 2 The Remote Host and Port are pre p...

Page 105: ...2 Enter a username and password 3 Select the LDAP server or domain to test 4 Click Test Credentials Chapter 6 Maintenance 94 iPrism Administration Guide...

Page 106: ...iPrism s Customizable Pages allow you to fully customize several of the default pages used by iPrism The following pages can be customized Authentication Access denied Quota notification Warning noti...

Page 107: ...izing pages click Save to save your changes 5 If you have completed all your administrative changes click Activate Changes to activate the changes immediately If you do not Activate Changes now you wi...

Page 108: ...k when you are done editing 4 Click Yes to save the changes Figure 61 Customizing the Quotas Page Specified URL Note that this is not available for the Authentication page 1 Type the URL to be used in...

Page 109: ...Figure 62 Customizing the Other Pages 3 If you want to use a background image enter the URL 4 If you want to use a style sheet enter the URL 5 Select where the HTML code will reside Top Left Right or...

Page 110: ...tion name 8 Click OK Reporting Logo To customize the logo that shows on reports 1 Select Customized Logo from the dropdown list 2 Click Yes to confirm 3 Navigate to the folder containing the logo file...

Page 111: ...P or HTTPS NTLM_DOMAINS The text label NTLM Domains and a dropdown select box of NTLM Domains This tag will get replaced with an HTML table row containing a text label and a dropdown selection box con...

Page 112: ...e information Local Authentication We recommend that you use local authentication only when you initially set up your iPrism It is the simplest form of authentication and is extremely easy to set up T...

Page 113: ...ports the following authentication mechanisms Local Kerberos this uses a Windows Domain Controller 2003 or 2008 with Active Directory with the iPrism in Server 2008 mode NTLM Windows 2000 Windows 2003...

Page 114: ...on an iPrism Access Profile name for those users from an LDAP server Each user object within the LDAP directory may contain many attributes to associate with the user such as password phone number ful...

Page 115: ...tion for the LDAP server to which iPrism will connect OR To use preset information click Presets and select from the following options Active Directory Multi Domain Active Directory Single Domain NDS...

Page 116: ...ts enter incorrect information for both the server and port and click Test Settings When the server test fails due to the incorrect information the backup server is tested The connect and bind process...

Page 117: ...nts on the domain This new account must remain as created by the Join operation for the duration of iPrism s participation within the domain If the account is accidentally removed from the NT server t...

Page 118: ...Directory Authentication Active Directory 2008 iPrism now supports authentication using Kerberos against the Windows Active Directory 2008 domain For a visual representation of how Active Directory 20...

Page 119: ...domains and rejoin Note The DNS server used by iPrism should be the AD2008 server If the AD2008 server is not the organization s DNS server the organization s DNS server must be configured to provide...

Page 120: ...The account will be created with this name and should be defined so as to not conflict with other machine accounts on the domain This new account must remain as created by the Join operation for the...

Page 121: ...name for both its Kerberos keys and for redirection For more information about how DNS works with Auto Login see the iPrism Knowledgebase article How do I resolve iPrism s IP address using DNS 9 If yo...

Page 122: ...s real time monitor gives you instant access to all monitored Web IM and P2P events This is the preferred tool for viewing these events iPrism can export Web IM and P2P events using the syslog protoco...

Page 123: ...cks for events on an hourly basis If there are new events and you have enabled email exporting as described below these events will be emailed as a gzipped file to the address specified Events of the...

Page 124: ...FTP Host FTP Directory FTP Username and FTP Password in their respective fields 4 Click Save 5 If you have completed all your administrative changes click Activate Changes to activate the changes imm...

Page 125: ...ther a crossover cable or a switched network Note Paired iPrisms use the management interface to keep track of each other s current running status Interrupting this link results in a situation where b...

Page 126: ...the iPrism is in standby mode available if needed not currently active These settings combine to determine whether iPrism can pass through traffic in standby mode Turning any one of these settings OF...

Page 127: ...hanges to activate the changes immediately If you do not Activate Changes now you will be prompted to do so before logging out of iPrism Recovery If an iPrism set up for HA fails a new button Recover...

Page 128: ...ormation if you have not already done so in the Installation Wizard If you enter the information here you will be required to Save and Activate Changes before uploading a license key 3 Click Save 4 Cl...

Page 129: ...ate You can select the Common Name to be used in the SSL Certificate Available options are Use IP Address Use Short Name or Use FQDN Fully Qualified Domain Name This common name will also be used for...

Page 130: ...local license key file contact your EdgeWave sales representative for a key Figure 75 Upload License Key Local Categories Local Categories displays a list of the local categories that have been set up...

Page 131: ...ered local categories local1 local2 etc can be used for any filtering purpose For example if you want to block access to the websites of your competitors you could do this 1 Create a custom filter for...

Page 132: ...is the internal interface refer to the iPrism Installation Guide Figure 78 Internal Interface 5 In the Netmask field type the netmask you want to use e g 255 255 255 0 6 Select a mode Auto 10 or 100...

Page 133: ...names to their IP address as well as reverse map IP addresses to their host names If iPrism s installed environment allows direct Internet access it will by default use its built in name resolver to p...

Page 134: ...case the Forwarder field should be left empty Note Although iPrism ships with an internal DNS server it is always preferable i e faster to use a name server instead It is possible to configure iPrism...

Page 135: ...ge packets with workstations and servers at your organization as well as servers on the Internet By default iPrism monitors workstations and servers that are attached to the same IP network However if...

Page 136: ...your changes 25 If you have completed all your administrative changes click Activate Changes to activate the changes immediately If you do not Activate Changes now you will be prompted to do so befor...

Page 137: ...e Network Management Protocol SNMP is used with iPrism to monitor iPrism appliance s for conditions that warrant the iPrism administrator s attention iPrism SNMP is available on the standard SNMP port...

Page 138: ...s to prevent users from adding a multicast IP address i e anything within the range of 224 0 0 0 to 239 255 255 255 The configuration is straightforward and involves deploying iPrism V3 200 or greater...

Page 139: ...word click Set Password Refer to the iPrism Knowledgebase for information on configuring various versions of the WCCP router www edgewave com support web_security knowledgebases asp Configuring SMTP R...

Page 140: ...ate the changes immediately If you do not Activate Changes now you will be prompted to do so before logging out of iPrism Enabling the Co Management Network The ability to administer iPrism is normall...

Page 141: ...anges immediately If you do not Activate Changes now you will be prompted to do so before logging out of iPrism Pending Request Options When a user is surfing the Internet and receives an Access Denie...

Page 142: ...m number of outstanding requests that may be queued The preference pertaining to the pending request grant e g use overrides to grant the access request The assigned categories to which requests are a...

Page 143: ...eaningful to proxy mode clients as well as bridge transparent mode installations where some of the user community is proxied to iPrism e g Terminal Services users This port number does not pertain to...

Page 144: ...ediately If you do not Activate Changes now you will be prompted to do so before logging out of iPrism Redirect and HTTPS Ports Bridge transparent mode redirect ports This setting is no longer used iP...

Page 145: ...lect the port in the HTTPS Ports list and click Delete 6 Click Yes to confirm you want to delete the port 7 Click Save at the bottom of the window 8 If you have completed all your administrative chang...

Page 146: ...Settings then Proxy 2 Define proxy settings as needed See below for details 3 Click Save 4 If you have completed all your administrative changes click Activate Changes to activate the changes immedia...

Page 147: ...tream Proxy 2 Type the upstream proxy domain into the field HTML Header Handling When iPrism is used as a proxy it inserts two headers into HTTP requests Via and X Forwarded For You can specify whethe...

Page 148: ...the Filter List dropdown None Same as Parent Proxy Custom 2 If you chose Custom Type the host IP address and port number into their respective fields An iPrism administrator account username and passw...

Page 149: ...vate the changes immediately If you do not Activate Changes now you will be prompted to do so before logging out of iPrism Backup Settings Backing up your iPrism configuration stores all of your setti...

Page 150: ...selected interval Time The time of day when the config file will be backed up Every x days The number of days in between backups Bypass Authentication Some tools such as Microsoft Windows Update acce...

Page 151: ...d or when iPrism is unable to download a fresh filter list for an extended period of time typically 30 days Note iPrism will send an email to the administrator s email address as defined in the Regist...

Page 152: ...us To determine the last time your system received a filter list update 1 From the iPrism home page select System Status then Security Log 2 The report window should contain the filter list age and th...

Page 153: ...date with the latest software enhancements 1 In the System Preferences window in the System Updates frame click Settings Figure 96 System Update Settings 2 Select an option for how often you want to u...

Page 154: ...the reboot for a later date time To schedule a reboot 1 In the System Preferences window in the Scheduled Reboot frame click Set Figure 97 Scheduled Reboot Settings 2 Select Schedule reboot at 3 Sele...

Page 155: ...is less than 100 all of them are sent to iARP To set up iGuard notifications 1 From the iPrism home page select System Settings then Unrated Pages 2 Check whether you would like to automatically send...

Page 156: ...f a user checked Do not ask me about this again in the following example resetting dialog prompts results in this setting being cleared and the user again being asked to confirm delete Figure 99 Dialo...

Page 157: ...m build number and how to contact Sales and Technical Support From the iPrism home page select System Status then About Administration Log The Administration Log is a read only window that displays re...

Page 158: ...o view the configuration summary From the iPrism home page select System Status then Configuration Summary Connectivity This window provides host tools to ping trace and perform DNS Lookups on IP addr...

Page 159: ...and click DNS Lookup The results are displayed in the Results frame Refreshing the System Updates Server System updates keep your iPrism unit up to date with the latest software enhancements For detai...

Page 160: ...at any time by clicking Clear or Refresh respectively If no update was available the last time iPrism checked the status reads empty update Status The Status window displays the status of iPrism s on...

Page 161: ...erface is being used If the management interface is not being used this shows as Not Available Filtering Displays whether filtering is active and the size of the filter list database in KB Proxy Displ...

Page 162: ...re should be only one master system designated at any given time Other systems need to be set as slaves if they want to participate in the configuration sharing If you do not want them to participate...

Page 163: ...e IP address of the master To set up slave 1 From the iPrism home page select System Settings then Central Management 2 Select Slave from the iPrism Mode dropdown list 3 Click Yes to confirm 4 If the...

Page 164: ...ect Master from the iPrism Mode dropdown list 4 The mode changes to Master and a notification message appears when this is complete 5 If the password has not already been set click Set Password and en...

Page 165: ...nagement Policies for descriptions 8 To add slaves in the Slave iPrism Appliances frame click Add 9 Type the IP address of the slave Note that you must have already designated this iPrism as a slave S...

Page 166: ...nal master will be unavailable for a long period of time due to network problems a hardware failure etc Before you change the master consider the following If you choose an iPrism that was previously...

Page 167: ...m the iPrism home page select System Settings then Central Management 2 Select Standalone from the iPrism Mode dropdown list Figure 104 Standalone iPrism Upgrading iPrisms in a Central Management Conf...

Page 168: ...ystem Settings then Central Management 3 Select Stand Alone from the iPrism Mode dropdown list 4 Click OK 5 Select System Settings then System Preferences 6 In the System Updates frame click Update No...

Page 169: ...abled the user cannot view or request access to the blocked site Override Override allows the user to bypass the Access Denied page and view the blocked page assuming s he has the proper administrativ...

Page 170: ...themselves If they have extended override privileges they can let themselves and other users access a blocked website For information on giving local users override privileges see Pending Requests Ov...

Page 171: ...web pages that would otherwise be blocked by the specified filter categories Categories allowed by profile belonging to user Allows access to all web pages that are allowed by the profile to which the...

Page 172: ...field is prefilled with the URL you are trying to access Complete the remaining fields by entering your email address in the Email field and describing why you need access in the Comments field 3 If y...

Page 173: ...wise be blocked In iPrism override privileges are determined by a user s administrator level assignment From the iPrism home page select Profiles Filters Current Overrides The iPrism administrator can...

Page 174: ...ncountered To see the most current list of categories as well as descriptions of each refer to the online resource at http www edgewave com products web_security technology_iGuard asp Site Rating Cate...

Page 175: ...its garters underwear male and female Nudity This category refers to sites that provide images or representations of nudity They may be in any artistic or non artistic form like magazines pictures pai...

Page 176: ...ut graphic pictures arousal sex escorts erotica Sexuality This category contains sites that provide information images or implications of body piercing tattoos and any form of body art Sites not in th...

Page 177: ...rates com Keywords bootleg illegal copy plagiarize software descrambler serialz warez ripped and free MP3 patent exclusive rights Computer Hacking This category refers to any site promoting questionab...

Page 178: ...nder another more specific questionable category These are sites that could contain information about conspiracy scams or any other suspected fraudulent behavior or activity Examples http www stopwish...

Page 179: ...n specific classifications Examples http www rotten com http www deathgallery com http www freakhole com Keywords mutilation horror grotesque torture scat gross in bad taste in poor taste garish vulga...

Page 180: ...hishing Deceptive websites that trick end users into revealing personal data such as credit card numbers account usernames passwords social security numbers etc These websites pretend to be those of c...

Page 181: ...nformation pertaining to the occult i e witchcraft voodoo black arts astrology ESP or similar forms of telepathy fortune telling out of body experience magic spirituality and UFOs Note that common hor...

Page 182: ...www ago net http www kamat com Keywords clip art museums galleries traditions customs art gallery contemporary art fine art painting sculpture Family Issues This category refers to any site that deals...

Page 183: ...nment agencies regime fire dept post office foreign governments Politics This category refers to any site that is associated with political advocacy of any type or the opinions of the government This...

Page 184: ...control feminism News This category refers to any site that is associated with online newspapers headline news sites news wiring services personalized news services and mainstream publications Some o...

Page 185: ...he use of or membership in cults Cults are defined as a group or movement exhibiting great or excessive devotion or dedication to some person idea or thing Cults employ unethical manipulative or coerc...

Page 186: ...refers to sites that allow the user to send anonymous emails This also includes sites providing proxy bypass information or services Examples http www silentsurf com http www proxify com http www anon...

Page 187: ...yahoo com http chat msn com http www chat net Keywords chat post IRC ICQ Translators This category refers to any site that offers the service of translating a page URL or phrase into various different...

Page 188: ...site that is specifically targeted toward families and children Safe search engines will not allow the child or family member to search for pornography Examples http www yahooligans com http www dibd...

Page 189: ...ting services free or otherwise These sites would usually offer domain names and web spaces to host end user web pages Sites that offer web hosting as one of their services would get rated as web host...

Page 190: ...one or more of several new categories e g Digital Media and Music to provide more accurate categorization Instead use Portals Image Host File Host Peer to Peer Digital Media Radio Stations Previously...

Page 191: ...d to cart purchase Dining Restaurant Sites that list review promote market or advertise food service and eating establishments Included are catering services dining guides and recipes Real Estate Info...

Page 192: ...res options currency estate planning asset planning retirement planning taxes bankruptcy stocks bonds mutual funds banks economics investment funding Job Employment Search This category refers to site...

Page 193: ...ces insurance Online Auctions This category refers to sites that involve participating in online auctions where the site visitor can bid on various items Examples http www ebay com http auctions yahoo...

Page 194: ...rsite com http www thehistorychannel com http www history com Keywords past events historical information genealogy K 12 This category refers to sites dealing with the education of children Also inclu...

Page 195: ...etc Examples http www pcworld com http www astronomy com http www aip org Keywords astronomy computers programming physics NASA Sex Education This category refers to sites that are associated with sex...

Page 196: ...fer to sites that contain educational info about the hazards of alcohol and tobacco products Examples http www budweiser com http www richardsliquors com http www cigarettesexpress com Keywords cigare...

Page 197: ...spas diet clinics ophthalmology Adult Sex Education This category refers to sites that provide sexual education information to anyone who has graduated from high school Topics would include how to put...

Page 198: ...Gambling This category refers to any site that presents information about gambling for the purpose of advocating its practice These sites can provide instruction on any gaming activity that involves g...

Page 199: ...o games contests fantasy sports lotteries bingo Hobbies Leisure This category refers to any site associated with the non competitive active pursuits or interests outside one s regular occupation or an...

Page 200: ...aming media or downloadable files such as previews or trailers should include the rating of digital media Music Sites that promote music for entertainment purposes relating to bands concerts festivals...

Page 201: ...pid com http www friendster com Keywords singles online dating personals connections find make friends matchmakers Special Interests Interest groups clubs that include environmental worker social and...

Page 202: ...ravel related information or activities This includes travel destinations reservation services discount travel listings leisure travel package listings and special events in various cities Also includ...

Page 203: ...ewsletters that can be updated daily usually involving personal thoughts opinions on internet social or political issues Other categories can be added to further classify Appendix A Filtering Categori...

Page 204: ...ptions 3 Select Advanced 4 Select the Network tab and click Settings 5 Select Manual proxy configuration 6 Type the IP address or hostname of the iPrism and default port 3128 Note If you changed the i...

Page 205: ...frame check Use a proxy server 5 In the Address field enter the IP address that you assigned to your iPrism server You do not need to include the http 6 In the Port field enter 3128 Note If you want t...

Page 206: ...et to Block Filter Failover Mode you may see this error If Filter Failover is set to Pass the error will not occur but traffic may pass unfiltered for a few seconds iPrism List Update By default iPris...

Page 207: ...lter Service Expired This error indicates that iPrism s subscription to the filter list update has expired iPrism s registration key must be updated before access is possible Contact Technical Support...

Page 208: ...n error Reload the page and provide your user credentials when prompted Connection Failed If you get the Connection Failed message iPrism is not able to connect to the desired web server This is typic...

Page 209: ...d URL The Invalid URL error occurs if iPrism detects that the request does not respect the HTTP RFC In short the syntax of the URL is incorrect The usual reason this occurs has to do with invalid char...

Page 210: ...his message is shown when iPrism is not able to establish a connection to a web server A common reason is that an upstream firewall is closing connections TCP resets usually because it has reached a t...

Page 211: ...o CA 92128 Phone 858 676 2277 Toll Free 800 782 3762 Fax 858 676 2299 Email info edgewave com 2012 EdgeWave Inc All rights reserved The EdgeWave logois a trademark of EdgeWave Inc All other trademarks...