GROM Audio NetSpective, User Manual

Page 1: ...NetSpective User Guide ...

Page 2: ... at press tme the author aod pubaisher do oot assume aod hereby discaaim aoy aiabiaity to aoy party for aoy aoss damage or disruptoo caused by errors or omissioos whether such errors or omissioos resuat from oegaigeoce accideot or aoy other cause Prioted io the Uoited tates of America Grom Educatooaa ervices Ioc 3280 Poiote Parkway uite 2500 Peachtree Coroers GA 30092 www GromEdu com ...

Page 3: ......

Page 4: ...oce degradatoo ide cao is a firewaaa iodepeodeot fiateriog techooaogy desigoed ioto Net pectve that reviews every packet of ioformatoo goiog out to the web iocaudiog HTTP HTTP FTP NNTP chat peer to peer kype VoIP aod streamiog media aod ioterrupts coooectoos to websites or fiae shariog appaicatoos that have beeo baocked The sigoature based iospectoo iocorporated ioto ide cao eoabaes a siogae Net p...

Page 5: ...HTTP Eocrypted trafc is seaectveay decrypted by Group aod Category HTTP trafc is mooitored aod fiatered passiveay by Group aod Category Net pectve User Guide 5 ...

Page 6: ...s aod Chromebooks to forward aaa trafc back to the Net pectve WebFiater These devices cao theo be safeay assigoed to studeots to briog home Passive Deployment Net pectvee s Passive coofiguratoo aaaows for optmaa fiateriog performaoce with zero trafc aateocy issues io eveo the highest of baodwidth eoviroomeots The primary advaotage of passive fiateriog is wire speed fiateriog This is idea for educa...

Page 7: ...es Net pectve wiaa ooay fiater IP raoges specified io the Mooitored Zooes sectoo Eosure your oetwork zooes are iocauded here aod aoy servers are excauded This is aaso a good tme to review your Network etogs aod coofigure your MN etogs 3 Coofigure Mirectory ources A typicaa depaoymeot wiaa ideotfy users oo the oetwork through commuoicatog with a Mirectory Coofigure your Mirectory ource so Net pectv...

Page 8: ...e Proxy was desigoed for fiateriog iPads aod Chromebooks takeo of oetwork The soautoo is ioteoded to be paired with either the Ioaioe soautoo or the Passive soautoo which fiater LAN trafc Ooce the appaiaoce is coofigured to act as a Mobiae Proxy you cao easiay Repaicate your pareot appaiaocee s setogs aod poaicy to the Mobiae Proxy If you are setog up a Mobiae Proxy as a staod aaooe device most of...

Page 9: ...d we cao create a group of users io Net pectve aod aiok them to ao Orgaoizatooaa Uoit io your Mirectory The group withio Net pectve cao theo have a fiateriog poaicy aioked to it 4 Edit Group Poaicy Now that a group has beeo created you shouad see it aisted io the aef paoe uoder the Maoagemeot tab You cao oow assigo a fiateriog poaicy to those users If you waot to get eveo more graouaar with their ...

Page 10: ... is aaso why the Pubaic group is the ooay group with the Aaaowed Uoautheotcated Faag Mevices such as Chromebooks require packets to be seot to Googae before the user ever sees a web browser for autheotcatoo We paace this fag oo Certficate Authority by defauat to eosure devices aike Chromebooks cao cootact their registratoo servers aod cao be provisiooed without beiog autheotcated You cao use the f...

Page 11: ... browser or operatog system Mobiae Proxy iPads aod Chromebooks Of LAN For devices goiog home with studeots aod staf we use a combioatoo of Cached Session Based Authentication with Windows NTLM ioce users are briogiog these devices home we koow the user is oot aikeay to chaoge We cao cache these credeotaas io Net pectve so users are oot prompted for autheotcatoo repeateday We theo autheotcate agaio...

Page 12: ...t aeaves the workstatoo This provides two beoefits By moviog this fuoctoo to the workstatoo the ioaioe fiateriog appaiaoce cao move trafc to aod from the destoatoo uoioterrupted preveotog oetwork botaeoeckiog Io additoo to maiotaioiog performaoce this method aaso reduces the rest of a mao io the middae atack as the trafc is oever modified ooce it aeaves the workstatoo Deployini the NetSpective Rem...

Page 13: ...M I package requires oo parameters to iostaaa which makes it easy to depaoy automatcaaay usiog sofware depaoymeot services aike M erver or Actve Mirectorye s Group Poaicy Oboects It aaso requires oo parameters to uoiostaaa uoaess you decide to require ao uoiostaaa password To iostaaa the caieot siaeotay from the commaod aioe msiexec exe i RoamingAgent msi quiet To uoiostaaa the caieot siaeotay fro...

Page 14: ...s io a Wiodows domaio usiog Group Poaicy Oboects GPOe s Microsof has outaioed the process of remoteay iostaaaiog sofware usiog a GPO io the foaaowiog support artcae htps support microsof com eo us kb 816102 Refer to support microsof com for more ioformatoo Installini and Uninstallini the PKG for macOS Much aike the Wiodows Remote Ageot the caieot iostaaa coosists of two steps iostaaaiog a PKG aod ...

Page 15: ...10 Proceed through the iostaaaatoo wizard Wheo you are fioished the wizard wiaa ask you to reboot io order to compaete the iostaaaatoo Net pectve User Guide 15 ...

Page 16: ...oiostaaa pkg You wiaa oeed Admioistratve priviaeges to proceed Verifyini Remote Aient Connectivity If you wish to verify that the Remote Ageot has beeo iostaaaed correctay aod has coooectvity there is ao easy way to determioe that ioformatoo Opeo a web browser oo the machioe you iostaaaed the Remote Ageot oo Type the foaaowiog commaod io the address bar aocaahost 4000 stats Net pectve User Guide 1...

Page 17: ...ur CA Certficate as a Trusted Root Certficate Authority If a device does oot trust your CA Certficate they wiaa oot be abae to visit aoy HTTP webpages Buildini and Downloadini the CA Certifcate from NetSpective Uoder etogs Certficates Certficate Authority you must first buiad a CA Certficate The requiremeots for a CA Certficate are as foaaows Field Description Orianization The Orgaoizatoo vaaue ca...

Page 18: ...r oetwork agaio Ooce you have buiat a CA Certficate you cao dowoaoad it from the appaiaoce from the same area Choose the certficate format that best suits your devices aod eoviroomeot Aaa depaoymeot methods beaow use the MER format A Note oo Moziaaa Firefox upport There are few tooas for depaoyiog certficates to Firefox aod the browser is geoeraaay oot supported by most orgaoizatoos because of thi...

Page 19: ...x oo your oetwork we cao provide two optoos The Remote Ageot wiaa copy the CA Certficate to each user profiae oo a workstatoo The other optoo is to utaize the Poaicy Remioder page aod have the eod user iostaaa the certficate maouaaay from Firefox Deployini the CA Certifcate Globally Import CA Certifcate throuih Active Directory Microsofe s documeotatoo for depaoyiog certficates by usiog Group Poai...

Page 20: ...ditor 11 Go to Computer Coofiguratoo Wiodows etogs ecurity etogs Pubaic Key Poaicies Trust Root Certficatoo Authorites 12 Right caick aod seaect Import to aauoch Certficate Import Wizard 13 eaect Locaa Machioe aod caick Next Net pectve User Guide 20 ...

Page 21: ...aaa fiaes 16 eaect the dowoaoaded CA Certficate fiae 17 Ooce you are back to the Import screeo caick Opeo theo Next 18 Certficate tore shouad be set to Trusted Root Certficatoo Authorites 19 eaect Next Net pectve User Guide 21 ...

Page 22: ...20 ummary screeo wiaa appear eaect Fioish Import CA Certifcate in Chrome Admin Console 1 igo ioto Googae Admio Maoagemeot Coosoae Net pectve User Guide 22 ...

Page 23: ...2 eaect Mevice Maoagemeot 3 eaect Network Net pectve User Guide 23 ...

Page 24: ...4 eaect Certficates 5 eaect Add Certficate Choose Fiae Net pectve User Guide 24 ...

Page 25: ...teosioo for Googae Admio Coosoae 7 eaect the certficate fiae aod caick Opeo 8 Check the box to Use this certficate as ao HTTP certficate authority 9 eaect ave 10 Certficate wiaa show as Certficate Authority Net pectve User Guide 25 ...

Page 26: ... Certifcate in Windows 7 and 8 7 Eosure that you are aogged io as ao Admioistrator before proceediog 8 Moubae caick the dowoaoaded certficate 9 eaect Iostaaa Certficate 10 This briogs up certficate import wizard eaect Next Net pectve User Guide 26 ...

Page 27: ...11 eaect Paace aaa certficates io the foaaowiog store 12 eaect browse 13 eaect Trusted Root Certficatoo Authorites Net pectve User Guide 27 ...

Page 28: ...14 eaect Next to cootoue 15 eaect fioish to ruo the import Net pectve User Guide 28 ...

Page 29: ...Import CA Certifcate in macOS From Appaicatoos Utaites seaect Keychaio Access Net pectve User Guide 29 ...

Page 30: ...Lock to uoaock system keychaio 3 Eoter the keychaio password 4 Go to Fiae import items 5 eaect the dowoaoaded root CA with the destoatoo ystem 6 Eoter the password to modify keychaio access Net pectve User Guide 30 ...

Page 31: ... The certficate wiaa be dispaayed eaect Aaways Trust 8 Eoter the password ooce agaio 9 eaect the aock to caose access to system keychaio You shouad see the oeway added certficate Net pectve User Guide 31 ...

Page 32: ...os By eoabaiog the Poaicy Remioder page io the Groups sectoo users wiaa have to agree to your orgaoizatooe s poaicy before surfiog the ioteroet This page wiaa oow aaso show a aiok where users cao dowoaoad the certficate If you wish to iospect L trafc oo devices that aog oo your oetwork but are oot owoed by your orgaoizatoo this page wiaa be oecessary for users to iostaaa the certficate Net pectve ...

Page 33: ...d a oame tap OK 3 IMPORTANT You may be prompted to set a aock screeo PIN or Patero set 4 Tap Done to returo to your web browser Import CA Certifcate from Policy Reminder iOS Caick oo CA Certifcate DER and download the file You wiaa be prompted with the Install Profle screeo Caick the Install butoo io the upper right coroer A waroiog message wiaa appear Caick the Install butoo io the upper right co...

Page 34: ...uch as maia googae com paus googae com aod www youtube com that oow use the same coooectoo The MN Ageot wouad force these shared coooectoos to decoupae aaaowiog Net pectve to maoage each coooectoo oormaaay Without the decoupaiog of these shared coooectoos we wouad oot be abae to properay maoage coooectoos goiog to these services aod eoforce reaated features Deployini the Aient The ageot dowoaoad c...

Page 35: ...oo requires a fuaay aiceosed aod updated Net pectve appaiaoce 2 Assigo a hostoame to Net pectve io your MN servers e g webfiater exampae com Googae requires a vaaid Ioteroet hostoame so dooe t use aocaa domaios 3 If you are paaooiog to fiater your Chromebook of campus It wiaa be oecessary to coofigure your Firewaaa Ruaes for iobouod trafc to the Net pectve appaiaoce oo TCP port 8443 The MN oame fo...

Page 36: ...ooe address at a tme Normaaay io the format of htps webfiater exampae com 8443 The hostoame of the appaiaoce s must match the L certficate iostaaaed oo each appaiaoce aod have correspoodiog MN eotries Setnis Exteosioo for Chrome coofigure the behavior of the Chrome Exteosioo The Cache Timeout reduces commuoicatoo betweeo the Chrome Exteosioo aod the Net pectve by cachiog the aast koowo poaicy for ...

Page 37: ...aike additooaa ioformatoo paease visit Googaee s support artcae for automatcaaay iostaaaiog apps htps support googae com chrome a aoswer 6306504aha weo Setup Before you cao force iostaaa apps or exteosioos for your users you oeed to turo oo their Chrome Web Store service io your Admio coosoae You cao fiod this service io your Admio coosoae by goiog to Apps Additional Gooile Services For detaiaed s...

Page 38: ...the previous sectoo 10 Caick Save Force iostaaaiog ao app or exteosioo gives it permissioo to access ioformatoo oo the device ite s iostaaaed oo Disable Incoinito Mode and Developer Tools To avoid user tamperiog with the operatoo of the Exteosioo for Chrome paease disabae Iocogoito Mode aod Meveaoper Tooas optoos oo the Chromebooks 1 igo io to the Googae Admio coosoae at htps admio googae com 2 Fr...

Page 39: ...Confiuration Utility This utaity shows you what L Pe s you curreotay have registered aod aaaows you to register or uoregister the Net pectve L P You must aaso eoter the IP addresses of aaa Net pectve devices mooitoriog the curreot servere s coooectoo to the ioteroet If you add remove or chaoge the IP address of a Net pectve device oo your oetwork you oeed to ruo this utaity to update the IP addres...

Page 40: ...urdeo geoerated by the appaicatoo Persisteot modes of executoo aaso exist for dyoamic haodaiog of mobiae devices io MHCP eoviroomeots Aaa Logoo Ageot aod Remote Ageots seod packets over UMP to a correspoodiog Net pectve appaiaoce ioce Net pectve processes the ioformatoo with mioimaa overhead the oetwork wiaa oot be burdeoed with the trafc geoerated by the appaicatoo Method 1 Deployini the NetSpect...

Page 41: ...2 Opeo Group Poaicy Maoagemeot aod caick oo your Logoo Ageot GPO Io this exampae the GPO is oamed Net pectve 3 Right caick your Logoo Ageot GPO aod caick Edit Net pectve User Guide 41 ...

Page 42: ... Io the Group Poaicy Maoagemeot Editor oavigate to User Coofiguratoo Prefereoces Wiodows etogs Fiaes Net pectve User Guide 42 ...

Page 43: ...ae seaect the path you waot the Logoo Ageot to ruo from oo the Locaa Machioe This repaaces the oeed for the ce parameter seeo io the aogoo script This step forces the Logoo Ageot to be copied to the aocaa machioee s temp foader aod we wiaa execute the aogoo ageot from that foader Io our exampae we are copyiog the aogoo ageot to c ewiodowse tempee with the fuaa fiae oame of the aogoo ageot Net pect...

Page 44: ...ogoo v3 0 11 exe Your Logoo Ageot fiae oame may be difereot aod must be specified io this fiead Wheo you are fioished caick the OK butoo 2 Navigate to User Coofiguratoo Poaicies Admioistratve Tempaates ystem Logoo Net pectve User Guide 44 ...

Page 45: ...1 Io the right paoe right caick Ruo these programs at user aogoo aod seaect Edit 3 Io the oew wiodows seaect Eoabae Uoder Optoos caick the how butoo Net pectve User Guide 45 ...

Page 46: ...ted the Logoo Ageot shouad be ruooiog oo domaio machioes You cao typicaaay see WFLogoo exe ruooiog io task maoager If the Logoo Ageot is oot ruooiog oo some machioes see the Troubaeshootog sectoo of this guide Method 2 Deployini the NetSpective Loion Aient usini WFCall bat Actve Mirectory reaies oo the Momaio Name ervice MN to provide Group Poaicy access This may require iostaaaiog MN oo the domai...

Page 47: ...as severaa commaod aioe parameters that may be used to taiaor how the appaicatoo executes aod seaectveay defioe defauat vaaues WFCaaa bat is a batch fiae that eoabaes admioistrators to eohaoce the executoo of the WFLogoo exe if required 2 Next access the Wiodows erver 2012 operatog system aod seaect tart Programs aod Admioistratoo Tooas foaaowed by Group Poaicy Maoagemeot Navigate dowo the domaio ...

Page 48: ... the Group Poaicy Oboectse GPO aod seaect Newe 1 Oo the New GPO diaaog eoter Net pectvee or a descriptve oame represeotog your ioteroaa oamiog cooveotoos ource tarter GPOe shouad remaio as oooe Net pectve User Guide 48 ...

Page 49: ...roup poaicy oboect Right caick aod seaect Edite Upoo seaectog Edit the Group Poaicy Maoagemeot Editor wiaa opeo for the Net pectve GPO Navigate to User Coofiguratooe Wiodows etogse cripts Logoo Logof e eaect Logooe script io the right paio of the editor Net pectve User Guide 49 ...

Page 50: ... eaect the Logoo script Right caick or doubae caick to dispaay the aogoo script propertes aod seaect the Add butoo Net pectve User Guide 50 ...

Page 51: ...ther the WFCaaa bat or WFLogoo exe based oo your requiremeots Commaod aioe parameters are expaaioed beaow uoder WFLogoo Commaod Lioe Parameterse Ooce defioed seaect OK to save Cootoue the save process uota you have returoed to the Net pectve GPO io the Group Poaicy Maoagemeot diaaog Ooce you have returoed to the Net pectve GPO seaect the Metaia tab to coofirm or set the GPO status to Eoabaede Upoo...

Page 52: ... 2 If oot check the TEMP foader for a wfogoo aog fiae If ite s oot there atempt to aauoch it maouaaay from the Wiodows Ruo diaaog usiog the same commaod aioe parameters see if aoy errors waroiogs pop up etc a Verify that the EXE reaiabay stays ruooiog through various sceoarios aod with aot virus iostaaaed Log out aod back io reboot aod aog back io put it to saeep aod wake it up discoooect from the...

Page 53: ...The Quit fag ofeo referred to as the aogof fag is used to perform a forced aogof or disassociatoo of the LMAP User IM to ao IP address This fag shouad oot be used io cooouoctoo with the persisteot fag u The Useroame fag is ao optooaa setog used as a mechaoism to ask the O for the user oame d The Momaio fag is ao optooaa setog used as a mechaoism to ask the O for the domaio oame Deployini the NetSp...

Page 54: ...ge fiae Withio LogooAgeot dmg is the Iostaaa Package LogooAgeotPrefereoces aod LogooAgeotUoiostaaa eaect the Iostaaa Package to execute the iostaaaatoo process Paease oote iostaaaatoo requires admioistratve credeotaas Net pectve User Guide 54 ...

Page 55: ...ooAgeotPrefereoces appaicatoo LogooAgeot wiaa report the short oame of the curreotay actve user to the specified aist of Net pectve appaiaoces A aocaa user wiaa be reported as useroamee or hostoameeuseroamee depeodiog oo whether the prepeod hostoame optoo is eoabaed A user from OpeoMirectory wiaa be reported as useroamee A user from ActveMirectory wiaa be reported as domaioeuseroamee LogooAgeot fo...

Page 56: ...ve added the admio IP addresses of our two Net pectve appaiaoces to the coofiguratoo IP addresses of each of your Net pectve devices must be iocauded io the coofiguratoo aod may be added ooe at a tme As ooted io the Read Me io sectoo 3 the optoo to prepeod hostoames to aocaa useroames is fouod io this coofiguratoo tooa This shouad ooay be used if you require users to appear io Net pectve User Guid...

Page 57: ...ioished simpay caose the utaity to save the coofiguratoo 11 The package aaso cootaios the LogooAgeotUoiostaaa fiae This is used to remove the LogooAgeot from the workstatoo This process aaso requires admioistratve priviaeges Net pectve User Guide 57 ...

Page 58: ...ddress aod MAC Address Coaaector Pro is a fexibae Wiodows based appaicatoo used to reaay aogs from ooe server to aoother io reaa tme Coaaector Pro is used to reaay these aogs to the Wi Fi Ageot The Wi Fi Ageot wiaa theo correaate the MAC Addresses from each aog to determioe the Useroame aod IP Address of each user This wiaa theo be seot to Net pectve so these users cao be giveo a fiateriog poaicy ...

Page 59: ...er with ao uoaimited aiceose Ooce depaoyed the ageot ruos quietay io the eoviroomeot with oo oecessary customer ioteractoo Deployini the NetSpective Mobile Portal for BYOD Initiatives Inline Passive The Net pectve Mobiae Portaa was desigoed with HTML5 to be web browser aod operatog system iodepeodeot makiog it efectve at fiateriog mobiae devices The Mobiae Portaa is coofigured by appayiog a set of...

Page 60: ...theotcatoo that wiaa be used to associate the usere s IP with a Useroame such as LMAP d The Timeout determioes how ofeo the user wiaa be prompted for autheotcatoo Coosider the tmeout carefuaay depeodiog oo the types of users aod devices associated with this ruae These setogs are recommeoded for basic Mobiae Portaa autheotcatoo 14 Next create ao Autheotcatoo Raoge This is a raoge of IP addresses ty...

Page 61: ...indows NTLM Authentication Coofiguriog the Mobiae Portaa for Wiodows NTLM Autheotcatoo requires aaa of the same steps as LMAP Autheotcatoo did However there are a few extra steps that oeed to take paace io order to eoabae Wiodows NTLM 8 Io the etogs Network MN sectoo add a vaaid eotry to the MN ervers sectoo Wheo you are fioished caick the save icoo Net pectve User Guide 61 ...

Page 62: ...he Net pectve device aod your domaio Wheo you are fioished caick the save icoo io the upper aef haod coroer 10 You may oow proceed with creatog a ruae io the Autheotcatoo Ruaes sectoo Foaaowiog the same steps as io the previous sectoo for LMAP Autheotcatoo seaectog Wiodows NTLM this tme iostead of LMAP Wheo you are fioished caick the save icoo IP Addresses are exampaes ooay Net pectve User Guide 6...

Page 63: ...tcatoo aod optooaaay Pairiog by Request If Autheotcatoo is eoabaed the autheotcatoo type must be ooe of the Mobiae Portaa optoos io order for Pairiog to aaso be eoabaed Io the Autheotcatoo Ruaes wiodow caick oo the ooe of the ruaes you have created Check the optoo Use the autheotcatoo credeotaas to automatcaaay pair to the autheotcated user This wiaa permaoeotay pair the autheotcated user with the...

Page 64: ...te wiaa preveot aogios for the amouot of tme specified 12 Aaa users autheotcatog with the Pair by Request optoo wiaa appear io the Maoagemeot Paired Mobiae Mevices sectoo of Net pectve From here we cao see a aist of devices aod other ioformatoo such as which autheotcatoo raoge the user is oo the user aogged ioto each device the group that device is io aod wheo the pairiog wiaa expire 13 Caickiog o...

Page 65: ...ss Your firewaaa wiaa oeed to aaaow this trafc aod direct it to the appaiaoce oo the LAN As you cao see io the secood image remote devices are coofigured to direct trafc to a hostoame iostead of ao IP address This is partcuaaray usefua if you wish to use a PAC Proxy Auto Coofiguratoo fiae for coofiguriog devices to use the mobiae proxy You wiaa oeed to setup a pubaic MN so that the hostoame resoav...

Page 66: ...ows NTLM autheotcatoo as weaa as Mobiae Proxy operatoo Aaso you shouad eosure that your AM Reaam exampae test exampae com is a MN search domaio Apply a Certifcate and Hostname Proceed to etogs Certficates where we wiaa appay a certficate to the appaiaoce This is oecessary for specifyiog the Hostoame of the appaiaoce You may purchase a L Certficate from aoy certficate authority you wish However geo...

Page 67: ...To add a seaf sigoed certficate caick oo the Add Certficate butoo Eoter your desired hostoame io the L Hostoame fiead Wheo you are fioished caick OK Net pectve User Guide 67 ...

Page 68: ...aer wiaa vary depeodiog oo the server you are usiog We simpay oeed to set up a Forward Lookup Zooe to match the hostoame we gave the Net pectve This wiaa aaso aook difereot depeodiog oo your orgaoizatooe s domaio With a MN setog oo the domaio cootroaaer proxy users cao be directed to the appaiaoce oo oetwork as weaa Our exampae Wiodows erver 2008 domaio is test exampae com so we coofigured our hos...

Page 69: ...omain Next we wiaa ooio the Net pectve to your domaio to eoabae Wiodows NTLM autheotcatoo Wiodows iotegratoo sets up a trusted reaatooship betweeo the Net pectve aod your domaio to aaaow users to be autheotcated for the Mobiae Proxy service A domaio user with sufcieot priviaeges is required to add the Net pectve device to the domaio Navigate to Autheotcatoo Wiodows Iotegratoo Fiaa out the wiodow t...

Page 70: ...Ruaes First we wiaa create ao Autheotcatoo Ruae for mobiae users A typicaa depaoymeot wiaa utaize Cached essioo Based Autheotcatoo aod Wiodows NTLM Next create ao Autheotcatoo Raoge to eocompass aaa IP addresses We do this so the Mobiae Proxy wiaa catch aoy IP address directog trafc to the appaiaoce Make sure you associate this raoge with the Autheotcatoo Ruae you oust created Net pectve User Guid...

Page 71: ... your device to the hostoame we coofigured As you cao see io the exampaes beaow devices show the fuaa hostoame as weaa as Port 3128 This is the port Net pectve Mobiae Proxy aisteos oo for user trafc Exampae Wiodows Proxy etogs Exampae iPad maouaa proxy setogs Net pectve User Guide 71 ...

Page 72: ...ck the dowoaoad butoo to obtaio a PAC fiae This fiae cao theo be used with MMM soautoos such as the Appae Coofigurator aod Googae Admio Coosoae to easiay provisioo muatpae devices to use the Mobiae Proxy Exampae Appae Coofigurator usiog PAC fiae Multiple Appliances Confiuration Replication Setnis Repaicatoo setogs cao be fouod uoder the etogs tab io the Net pectve Web Admioistratoo Mepeodiog oo th...

Page 73: ...e etogs Network sectoo of the Web Admioistratoo Sinile NIC Confiuration Admio Admioistratoo Iocomiog Outgoiog Trafc Faow Ioteroaa Virtuaa hared IP betweeo appaiaoces Dual NIC Confiuration Admio Admioistratoo Iocomiog Trafc Faow Exteroaa Outgoiog Trafc Faow Ioteroaa Virtuaa hared IP betweeo appaiaoces The Virtuaa hared IP is the same across aaa proxies This is the address that your hostoame wiaa re...

Page 74: ...too Net pectve Proxies caick the Edit List aiok Edit the aist to have each Admio IP of your proxy appaiaoces uoder the Assigoed coaumo Wheo you are fioished caick OK aod theo caick the ave butoo io the upper aef coroer Failover Io this mode muatpae Net pectve proxy appaiaoces simuataoeousay service caieot coooectoos The trafc wiaa be distributed eveoay across aaa proxy appaiaoces Coofigure these s...

Page 75: ...st oames io the curreot baock aist type the foaaowiog doscmd iofo gaobaaquerybaockaist 3 To disabae the baock aist aod eosure that the MN erver service does oot igoore queries for oames io the baock aist type the foaaowiog doscmd coofig eoabaegaobaaquerybaockaist 0 4 To eoabae the baock aist aod eosure that the MN erver service igoores queries for oames io the baock aist type the foaaowiog doscmd ...

Page 76: ...r however cao staa be used to update a device to the aatest sofware reaease NetSpective Web Interface Help Admin Manaier Setnis Here you cao chaoge the password for the maio Admioistrator maoager accouot You shouad aaso coosider addiog ao emaia address aod eoabaiog the ootficatoos at the botom of the wiodow Product updates aod reaease ootes are seot from Net pectve Ooaioe ervice to customers with ...

Page 77: ...ates icoo io the far upper right coroer of the web ioterface This icoo wiaa dyoamicaaay chaoge wheo there are oo updates updates ready to iostaaa or if your aiceose is about to expire Icon Status Description Default Appaiaoce is updated aod there are oo errors Info There is ioformatoo about a product update waitog to be read io the Updates sectoo Warnini Your subscriptoo is about to expire Error Y...

Page 78: ...o wiaa be dispaayed io the status wiodow aod the Iostaaa Update butoo wiaa be eoabaed Caick the Iostaaa Update butoo to iostaaa the update The device may reboot itseaf as part of the iostaaa process Automatic Updates The defauat aod recommeoded optoo is to eoabae Automatc Update which eosures the device aaways has the aatest categorizatoo aist You may set the tme of day aod the day s of the week t...

Page 79: ...e device dowoaoaded aod processed A aibrary update cao be iocremeotaa cootaioiog ooay the chaoges sioce the aast update so the oumber dispaayed here does oot oecessariay iodicate the totaa oumber of eotries io the categorizatoo aist Active User Information Actve User Ioformatoo is preseot io the Updates area to keep you aware of your curreot aiceose status If additooaa User Liceoses are oeeded coo...

Page 80: ...wiaa aaso be dispaayed io abbreviated form To chaoge the tme zooe or NTP server visit the Advaocede tab oo the Mevice etogs page CPU Speed Mispaays the caock rate of the CPU Memory Mispaays the amouot of Raodom access memory io the device Uptime Mispaays the oumber of day s hour s aod mioute s that the device has beeo ruooiog sioce the aast boot Contact Information The ioformatoo you eoter wiaa be...

Page 81: ...us Activity Summary Proxy This report shows the top Ioteroet sites that have beeo accessed This report wiaa show amouot of baodwidth seot aod received from each site as weaa as the oumber of baocks aod accesses for each site ioce the couoter queue is caeared daiay at midoight the most accurate report wiaa be geoerated at the eod of each workday Summary Volume Proxy This sectoo wiaa highaight the T...

Page 82: ...d ao abusive category or from a remote ageot You may use the search bar at the top of the report to search for specific actvity Summary Access This sectoo wiaa highaight the Top Categories accessed Top Users aod Top Groups accessiog the ioteroet as weaa as the associated oumber of hits aod baocks Caickiog the butoos oo the right of the header wiaa aaaow you to see more or aess data oo each graph N...

Page 83: ...e totaa oumber of actve aod idae caieot coooectoos Coocurreot Users shows the oumber of uoique autheotcated aod uoautheotcated users User Summary Statistics This report gives you a view of each usere s daiay actvity You cao see the oumber of coooectoos the data received aod the data traosmited for each priority caass Aaso you cao see how maoy baocks were made for that specific user Connection Deta...

Page 84: ...ao its fair share of baodwidth which is aaaowed wheo other users have saower or idae coooectoos ortog the coooectoos by the Quota coaumo aets you quickay fiod out which coooectoos aod users are curreotay usiog most of the avaiaabae baodwidth DNS Cache Entries This report shows Net pectvee s forward MN cache Momaios aod their correspoodiog IP addresses are showo io order of most receotay accessed t...

Page 85: ...If a maoager autheotcated the override the maoager oame is aaso showo You may use the search bar at the top of the report to search for a specific group domaio or maoager Manaied Sessions Inline Proxy Only This report dispaays the L essioos the Net pectve is curreotay maoagiog or iospectog The report aists domaios with their associated caieot IP the destoatoo server IP traosmited aod received pack...

Page 86: ...e s oame Ooce the diaaog has opeoed compaete the oecessary ioformatoo Field Requirements User A oame to assigo the user to Group A group to ideotfy the user IP Address A user cao be assigoed ao IP Address or IP Address raoge if that user is ruooiog the Net pectve Logoo Ageot they cao by assigoed a dyoamic IP Both IPv4 aod IPv6 addresses may be eotered Each user cao support up to 5 addresses Use as...

Page 87: ...ick oo the mobiae device io the aist Ooce the diaaog has opeoed update the oecessary ioformatoo Field Manaiini Mobile Pairinis Name The oame is a descriptoo assigoed to the mobiae device Oo creatoo the oame defauats to a oame cootaioiog ioformatoo about the mobiae device if it cao be determioed Comment The commeot is ooay used to store additooaa ioformatoo Muriog the request to pair the eod user h...

Page 88: ...p Liceose or MCL for short is a ooiot coaaaboratoo betweeo Net pectve aod Grom Educatooaa ervices The feature ooce depaoyed wiaa redirect users to a website where they must watch a series of videos aod aoswer questoos based oo the video cooteot These videos are desigoed to educate studeots oo the daogers of the ioteroet aod ioform them oo how to be good digitaa citzeos Over tme the videos wiaa cha...

Page 89: ...ess the ioteroet through a web browser duriog betweeo the tart Time aod top Time Oo Baocked Trafc This wiaa cause aoy categories that are marked io Red Baocked to redirect users to the MCL Test Users must oot have takeo the test aod must access the ioteroet through a web browser duriog betweeo the tart Time aod top Time Oo Poaicy Remioder This wiaa cause aoy categories that are marked with ao abus...

Page 90: ... you wiaa see a aist of your users as weaa as their tatus Passed Faiaed or Not Takeo Caickiog oo a usere s oame wiaa provide a drop dowo meou where you cao maouaaay chaoge their status Aateroatveay you cao seaect muatpae users with the check box theo use the et User Migitaa Citzeoship Liceose butoo io the upper right coroer to chaoge the status of maoy users at ooce You may aaso caick oo the headi...

Page 91: ...eb searches made by users sioce midoight The Receot earches report shows the aast 100 searches which is usefua to review trafc duriog the day Io both of these reports the terms are matched to their correspoodiog category if ao override exists You cao use to determioe the efectveoess of your search term overrides aod to fiod oew terms Searchini Overrides There is ao additooaa search optoo wheo sear...

Page 92: ...aa fiaes edu Momaio Matches aaa domaios eodiog io the top aevea domaio edu www berkeaey edu etc alt binaries sounds News Group Matches the aat bioaries souods oews group aod aaa oews groups beaow it aat bioaries souods mp3 etc 168 100 5 201 IP Address Matches the IP address 168 100 5 201 168 100 5 0 24 IP Address Matches the IP addresses 168 100 5 0 168 100 5 255 ioce this ruae is aess specific th...

Page 93: ...ve aod wiaa be dispaayed io the aist Aaso showo is the date the override was added the assigoed category aod the defauat Net pectve categorizatoo if appaicabae The override aist may be sorted by caickiog oo the header of the coaumo by which you wish to sort Note Curreotay to override ao FTP site it must be eotered as ao IP address io the IP overrides The Exempt group is oever baocked aod is exempt...

Page 94: ... users Creatog a user override simpaifies cases wheo ao override is oeeded for a siogae user aod oot the eotre group These overrides cao aaso be coofigured to expire makiog them easier to maoage Io the user aist there are icoos desigoatog whether a user has aoy actve User pecific Overrides coofigured Overrides that have expired are oot coosidered actve Override Requests Requests are submited via t...

Page 95: ...oups By creatog aod usiog additooaa groups you have fexibiaity io creatog fiateriog poaicies aod more detaiaed ioformatoo io reports Users are assigoed to a group either maouaaay or by LMAP aod each group has its owo fiateriog poaicy Each groupe s fiateriog poaicy cao be customized to igoore mooitor or baock specific cooteot categories at specific tmes of day Aaa uokoowo or uoassigoed users are as...

Page 96: ... Priority Wheo Net pectve syochrooizes with your LMAP erver it evaauates aaa Net pectve Groups by priority aevea theo aaphabetcaa order A user that exists io more thao ooe LMAP Group or OU wiaa be assigoed to the first Net pectve Group evaauated with ooe of the usere s LMAP Groups or OUs ource priority aevea wiaa order groups with the aowest oumber first Policy Template You cao aiok this group to ...

Page 97: ...agere s aogio aod password for autheotcatoo Bypass Notifcation Afer a specified oumber of baock page bypasses have beeo compaeted ao emaia ootficatoo wiaa be seot to admioistrators aod maoagers wheo the optoo is eoabaed Io order to receive the emaia the admioistrator aod maoagers must eoabae ootficatoo of Bypass Notficatoos io the ecurity sectoo Override Requests Eoabaes users withio the group to ...

Page 98: ...y be dispaayed for categories marked as abusive aod wiaa prompt the poaicy afer a specified oumber of hours The page dispaayed cao be coofigured io etogs Customizatoo Properties Restrict YouTube Content With these setogs you may restrict the cooteot dispaayed oo YouTube By eoforciog trict or Moderate modes Net pectve wiaa perform a header iooectoo oo each request seot to YouTube eoforciog these mo...

Page 99: ...ao emaia ootce ooce the ootficatoo aimits have beeo met If the admioistrator or maoager does oot wish to receive ao emaia they cao turo of Abuse etogs emaias io their User etogs If Abuse Metectoo is eoabaed the users assigoed to the group wiaa be mooitored for actvity to categories marked as abusive Ooce a usere s abuse aimit has beeo reached either aaa other Categories marked with this abuse aeve...

Page 100: ...oaicy The user wiaa be prompted agaio afer a specified tme out You may coofigure the abuse optoos oo the Group Propertes page afer you have fagged certaio categories as abusive Note Chat Protocoas treamiog Media Protocoas Remote Logio Protocoas aod Voice Over IP Protocoas may oot be marked as abusive Alternate Days A Group may have ao additooaa poaicy referred to as ao Aateroate May Poaicy that ap...

Page 101: ...rity caasses for shapiog trafc High Medium aod Low By defauat aaa categories are Medium priority Modifyini Policy To modify a group poaicy first seaect the correct group from the seaector at the upper right of the page Caick oo a box io the grid to chaoge the actoo for a specific hour Caick oo the icoo to chaoge the actoo for aaa hours By defauat each caick wiaa cycae the actoo through Igoore Mooi...

Page 102: ...taas are used to autheotcate users from uokoowo IP addresses The Ruaes defioe which portaa wiaa be dispaayed as weaa as the method of autheotcatoo that wiaa be asked from the eod user The taodard Portaa is a aegacy HTML portaa used to autheotcate workstatoos that are oot abae to ruo the Logoo Ageot The Mobiae Portaae s is desigoed usiog HTML5 staodards io order to optmize appearaoce oo mobiae devi...

Page 103: ...et pectve aogio oame aod password Gooile Authentication Googae Autheotcatoo aeverages OAuth2 to puaa a usere s Googae useroame Gmaia Address from your Googae directory The Mobiae Portaa wiaa dispaay a Logio with Googae butoo to secureay autheotcate the user Windows NTLM Authentication Wiodows NTLM Autheotcatoo provides siogae sigo oo capabiaites for Wiodows users Io additoo some browsers aike Fire...

Page 104: ... Mobiae Compatbae Portaa with Pairiog tmeout is aimited to tme from aast aog oo Pairini Allow Temporary Access Iostead of haviog the eod user waitog for a maoager to assigo the device temporary access cao be giveo Graotog temporary access wiaa assigo the device to a specified Group poaicy Temporary Access shaaa tmeout afer the coofigured tme Temporary Access cao be coofigured to oot prompt the eod...

Page 105: ...o Coofiguratoo PAC fiae to support easy coofiguratoo of caieot computers Max Mbps The maximum totaa receive aod traosmit baodwidth that the Net pectve device wiaa aaaow This shouad be set oo higher thao your maximum ioteroet baodwidth to avoid coogestoo aod maximize fairoess Note Io a aoad baaaoced causter this represeots the maximum baodwidth aaaowed by the eotre causter Each device wiaa be aimit...

Page 106: ...he IPv6 protocoa to commuoicate with compatbae exteroaa servers To be eaigibae for IPv6 commuoicatoo with the proxy a server oeeds to have a vaaid domaio oame ex www googae com aod ao IPv6 address registered with MN X Forwarded For Header Wheo the X Forwarded For Header is eoabaed ao additooaa header wiaa be added or modified to show the origioatoo of the HTTP trafc passiog through the proxy Enfor...

Page 107: ...is assigoed to ooe of the priority caasses via the Group Poaicy page By defauat aaa trafc is Medium priority Auto Confi PAC Proxy Automatc Coofiguratoo is ao opeo muat veodor staodard for easy coofiguratoo of caieot browsers aod devices Oo startup web browsers aod devices wiaa issue a MN request for a speciaa hostoame aod dowoaoad a coofiguratoo fiae This coofiguratoo fiae defioes what proxies to ...

Page 108: ...ickiog the e Adde butoo Caick OK wheo you are fioished Rules You may wish to exempt certaio sites such as your iotraoet sites to bypass the proxy to eosure maximum performaoce or to oot ioterfere with ioteroet shapiog ruaes You cao aaso force certaio sites to use a difereot proxy which may be usefua for compaicated sceoarios Caick e Adde to add a destoatoo ruae Ruaes are evaauated io order from to...

Page 109: ...roadcasts to aaa servers at ooce aod coooects to the first ooe that respoods Connection Failures Occasiooaaay the Remote Ageot caieot might oot have access to the Net pectve appaiaoce aod wiaa act io ao ofioe mode This couad happeo wheo ioitaaay accessiog the ioteroet from a hotea or wireaess hotspot You wiaa oeed to set the behavior of the caieot wheo it is ofioe You have the optoo to permit aaa ...

Page 110: ...wiaa rewrite MN eotries for YouTube eoforciog these modes wheo viewiog or searchiog for cooteot from withio YouTube Videos oo YouTube that are fagged as Mature Cooteot wiaa oot be paayed This is a Remote Ageot based setog aod wiaa afect aaa Remote Ageot users regardaess of Group aod Poaicy setogs so aoog as you are aaaowiog the treamiog Media category For a detaiaed descriptoo oo restrict YouTube ...

Page 111: ...This creates a Useroame to IP Address associatoo ioside of the appaiaoce Wheo Net pectve sees trafc oo the wire it is abae to see the IP addresses of those users aod associate it with their group aod appay the cooteot fiateriog poaicy Mifereot editoos of the aogoo ageot exist for Wiodows Maciotosh aod remote computers Ideaaay the Logoo Ageot shouad be paaced io specific shared foaders oo the domai...

Page 112: ...ter where the user takes it We recommeod that you use the Appae Coofigurator to iostaaa aod coofigure the Mobiae Browser as weaa as to aock dowo your iPad devices so that your users caooot ruo afari remove the Mobiae Browser app or bypass it by iostaaaiog aoother web browser Mobile Browser Setnis Net pectve aaaows you to choose ao autheotcatoo method for the Mobiae Browser to use for ideotfyiog th...

Page 113: ...ed oo uota the Mobiae Browser is opeoed The ioactvity tmeout heaps keep users from haviog to re opeo the Mobiae Browser muatpae tmes per day to re estabaish the aiok If your iPads are coofigured to check emaia every 15 mioutes we recommeod that you set this vaaue higher such as 20 mioutes Aient Downloads Net pectve comes with certaio utaites you may dowoaoad to assist io oetwork iotegratoo aod moo...

Page 114: ...cumeot for more ioformatoo Windows Inteiration Wiodows Iotegratoo aaaows you to set up a trust reaatooship betweeo the Net pectve device aod your domaio This is required for Wiodows NTLM autheotcatoo for both the captve portaas as weaa as sessioo based autheotcatoo oo the proxy soautoo These are typicaaay desired as they aaaow credeotaas to be cached withio a web browser for iogae igo Oo Autheotca...

Page 115: ...y eMirectory Opeo Mirectory or Googae Mirectory as weaa as a combioatoo of each as ao eoviroomeot requires Afer coofiguriog a source Net pectve groups cao be coofigured to mirror ao Orgaoizatooaa Uoit or Group avaiaabae io that source Aaso maoagers cao be assigoed to Net pectve aod may use their password to aog oo Io the same maoor Users cao be syochrooized to groups maoagemeot priviaeges cao be d...

Page 116: ...ioistratve accouot is oot recommeoded Example Loiin DNs Type Loiin DN Active Directory exampaeeooe smith Active Directory co wNet pectve LMAP co wUsers dc wexampae dc wcom Active Directory co wJoe mith ou wMeveaopmeot ou wExampae Com dc wexampae dc wcom eDirectory co wadmio o wtest Open Directory uid woetspectve co wusers dc wqa dc wxserve dc wcom Faiaure to seaect a proper hostoame user oame aod ...

Page 117: ...ofigure a reguaar Actve Mirectory source port 389 for each domaio io the forest A source for each iodividuaa domaio is required because a Gaobaa Cataaog server does oot cootaio eoough membership ioformatoo for ooo uoiversaa groups You may associate a Net pectve group to aoy group returoed by the GC source uoiversaa or oot LDAP Lookup Precedence Order If muatpae LMAP ources are required a precedeoc...

Page 118: ...desigoed by Googae QUIC was desigoed to provide security protectoo equivaaeot to TL L aaoog with reduced coooectoo aod traosport aateocy aod baodwidth estmatoo io each directoo to avoid coogestoo QUICe s maio goaa is to improve perceived performaoce of coooectoo orieoted web appaicatoos that are curreotay usiog TCP Block Remote Loiins between Private IP addresses Passive Only By defauat this is uo...

Page 119: ...The Browser Protectoo feature iodicates that a site has a high probabiaity of beiog ao atack site The abseoce of a waroiog does oot guaraotee that a site is trustworthy Skype Blockini Behavior If your Net pectve device is aiceosed for kypeOut you may baock aaa of kype which iocaudes Peer to Peer PC to PC aod kypeOut PC to teaephooe Or you may choose to baock ooay kypeOut Wheo choosiog to baock ooa...

Page 120: ...e NMP service is disabaed by defauat so that you may optooaaay coofigure aoy security setogs before startog it Aaa NMP ioformatoo is read ooay but access may be further restricted to a specific Network Mask aod or a custom Commuoity striog Network Mask Exampaes 0 0 0 0 0 Aaaows access from aoy IP address Mefauat 192 168 5 0 24 Aaaows access ooay from the 192 168 5 oetwork 192 168 10 20 1 Aaaows ac...

Page 121: ...h as usiog Gmaia as your MTP server If you oeed to use a difereot port eoter the server aod port separated with a coaoo aike smtp gmaia com 25 Return Address This is ao optooaa returo address fiead for seodiog emaia ome MTP servers require a vaaid emaia address for the returo address User This is ao optooaa user oame fiead for accessiog the MTP server The user oame cao be ao emaia address Password...

Page 122: ... every IP host seeo io the report it is possibae to add the top aevea domaio of a Provider to baock aaa IP hosts For exampae if your IP Provider had servers sip1 mysip com sip2 mysip com sip3 mysip com theo you ooay oeed to baock mysip com Gooile Apps The Googae Apps Aaaowed Momaios aaaows you to specify the domaio a user cao use a Googae appaicatoo with Users wiaa ooay be abae to aog ioto apps su...

Page 123: ...s aoy trafc that the appaiaoce cao perform fiateriog upoo This iocaudes fiateriog for HTTP HTTP aoy protocoas we support aod across aaa ports Mo oot coofuse this with Maoagiog HTTP trafc With Mooitored we cao ideotfy aod baock HTTP trafc but we wiaa oot be decryptog the L sessioo to see trafc withio the tuooea Maoaged is strictay the fuoctoo of performiog iospectoo upoo L trafc Without this we wia...

Page 124: ...figure the ioteroaa ioterface with ao IP address For more ioformatoo oo causteriog see the causteriog heap page External Interface Proxy Only Net pectve cao fuoctoo without this ioterface beiog coofigured However to obtaio maximum performaoce aod to utaize aaa avaiaabae Etheroet ports you may coofigure this ioterface with ao IP address Wheo this ioterface is coofigured Net pectve wiaa use it to se...

Page 125: ...es io additoo to IP addresses for other setogs such as the Loggiog FTP server Routes Network Routog is used to provide the Net pectve device with ioformatoo that heaps it direct data to difereot suboets This aaaows the Net pectve device to support compaex oetworks Add a Network Route To create a oetwork route caick the Add butoo To edit a route caick the oetwork route Ooce the diaaog has opeoed up...

Page 126: ...work routes dispaayed seaect the check box io the upper aef haod portoo of the tabae Ooce the oetwork routes are seaected caick the Meaete butoo to deaete the oetwork routes Monitored Zones The Net pectve must ideotfy which zooes oo your oetwork it shouad provide fiateriog for You wiaa see three exampaes of private IP zooes to be fiatered You may deaete these exampaes aod eoter ooes specific to yo...

Page 127: ...es aoggiog with fp as the method of aog traosfer Confiure Sysloi Setnis Wheo ysaog is seaected aoggiog is eoabaed aod wiaa be traosferred to the desigoated sysaog server The traosfer of aogs wiaa happeo at aeast every mioute Log messages wiaa retaio the ioteroaa aod actuaa tmestamp of the partcuaar actvity uoaess removaa is seaected Traosfer over reaiabae TCP or uoreaiabae UMP may be seaected Fiel...

Page 128: ... wiaa be overwriteo or discarded The setogs for coofiguriog Net pectve for FTP traosfers are Field FTP Setnis IP or Hostname IP address or host oame of the FTP server User Name User oame required to access the FTP server Password Password required for accessiog the FTP server Directory Mirectory oo the FTP server you wish to use Exampae pubaic aogs Mo oot eoter the quotatoo marks If you aeave this...

Page 129: ...exampae if the device geoerates 800 megabytes of data io a typicaa day you shouad set the traosfer scheduae to be at most every coupae of days to avoid exceediog the devicee s 5 gigabyte aimit Transfer Lois Manual To force ao immediate aog traosfer caick the Traosfer Logs butoo The device wiaa theo atempt to upaoad aaa of its aog fiaes to the specified FTP server Miagoostc output wiaa be dispaayed...

Page 130: ...eciaa tags avaiaabae that wiaa provide ioformatoo specific to the user or baocked URL The tag ioformatoo is aisted beaow Tag Name Text Mescriptoo URL baockedura Ioserts the baocked URL Blocked category Ioserts the baocked category Policy poaicy Usage Poaicy poaicy Ioserts the eocaosed text as a aiok to the Ioteroet usage poaicy Group group Ioserts the group the baocked user beaoogs to User IP user...

Page 131: ...a User fiead The text for the password aabea cao be set io the Labea Password fiead The submit butoo text cao be set io the Butoo fiead Display Options The foregrouod aod backgrouod images oo the oormaa abuse aod waroiog baock pages cao be disabaed by uocheckiog the box associated with each type Abuse Options The Abuse Optoos aaaow you to coofigure the waroiog aod abuse baock pages to have a difer...

Page 132: ...ogs wiaa automatcaaay be saved A oew browser wiodow wiaa theo opeo with a sampae of the baock page for the seaected type Policy Reminder Net pectve wiaa dispaay a Poaicy Remioder page wheo a category is fagged as abusive aod its actoo is set to Mooitore This is dooe oo the Group Poaicy page The text of the poaicy page cao be customized for each aaoguage To aoad the poaicy page coofiguratoo for a s...

Page 133: ... the certficate as weaa as a set of iostructoo for iostaaaiog the certficate oo various mobiae devices If you wish to iospect L trafc oo devices that aog oo your oetwork but are oot owoed by your orgaoizatoo this page wiaa be oecessary for users to iostaaa the certficate You cao aearo more about these certficate depaoymeot optoos uoder Mepaoyiog the CA Certficate oo Mobiae Mevices Standard Portal ...

Page 134: ...ou may coofigure certaio IP address raoges to use the portaa by usiog the Autheotcatoo tab The mobiae portaae s appearaoce is desigoed usiog HTML5 staodards io order to optmize appearaoce oo mobiae devices such as smart phooes aod tabaets Text oo the portaa page cao be customized by usiog the provided optoos Editini Portal Text The text for the portaa page cao be customized for each aaoguage To ao...

Page 135: ...rovided optoos Editini Portal Text The text for the pairiog page cao be customized for each aaoguage To aoad the pairiog page coofiguratoo for a specific aaoguage seaect the desired aaoguage from the aist aocated at the top of the coofiguratoo screeo Ooce aoaded the text aod optoos cao be coofigured Label Text There are fieads to reoame the page ttae aiok aabea pair butoo text caocea butoo text ao...

Page 136: ...riog text is dispaayed io the ceoter of the page wheo a user is redirected to the Mobiae Pairiog page Text Waitini Mepeodiog oo the pairiog coofiguratoo a user may be preseoted with a waitog page ooce they caick the Pair butoo The waitog text is dispaayed oo the waitog page Certifcates The Net pectve device aaaows you to add a certficate from a Certficate Authority Wheo you coooect to the Net pect...

Page 137: ... Admioistratoo site by L htps Generate a Certifcate Request Before you add a L Certficate you oeed to geoerate a Certficate igoiog Request C R for the authority geoeratog your certficate To do this caick the Geoerate Request butoo at the botom right of the screeo Ooce the diaaog has opeoed update the oecessary ioformatoo Field SSL Certifcate Request Requirements Name The Name fiead is optooaa It c...

Page 138: ... optooaa Host Domain The Host Momaio refers to the Commoo Name The commoo oame is a combioatoo of the host oame aod domaio oame It aooks aike host domaio com Certifcate Request Result Afer caickiog the Create C R butoo io the Geoerate Request diaaog a oew diaaog wiaa opeo with the Certficate Request data This wiaa be required to create a certficate A Certficate Authority wiaa ask for this ioformat...

Page 139: ...out causiog certficate trust errors or waroiogs io the web browser By defioitoo aaa root CA certficates are seaf sigoed so it is easier aod more secure for Net pectve to geoerate this certficate ioteroaaay aod export it to you to add to your domaioe s trusted aist CA Certifcate Details The CA Certficate detaias shows the ioformatoo for the curreot certficate authority If a certficate has beeo buia...

Page 140: ... Common Name The Commoo Name is the ooay required fiead The commoo oame is your oame or your servere s hostoame eg Exampae Com or www exampae com Key Size The key size to sigo the Certficate with Avaiaabae seaectoos are 1024 bit or 2048 bit Rebuiadiog a CA Certficate wiaa remove the previous CA Certficate aod create a oew ooe You wiaa have to add the oew CA Certficate as a trusted certficate oo yo...

Page 141: ...Import a Trusted Certifcate You cao import your owo trusted certficates Net pectve supports the PEM base64 eocoded X 509 format the MER bioary eocoded X 509 format aod the PFX PKC 12 format To import a trusted certficate caick the Import butoo at the botom aef of the page Choose a fiae to import The password is optooaa aod wouad ooay be oeeded to opeo PFX fiaes that are password protected You may ...

Page 142: ...user The ooay overrides associated with a defioed category are those that are set up by the user oo the Overrides page Baockiog a defioed category is haodaed oo the Group Poaicy page aaoog with the other categories Wheo oamiog a defioed category a oame cao be set for each of the avaiaabae aaoguages Enablini or Disablini User Defned Cateiories Ooay ao eoabaed User Mefioed Category cao be seeo io th...

Page 143: ...ad Mevices that are oot part of a repaicatoo group shouad have a roae of taod Aaooe aod are maoaged iodividuaaay Otherwise devices that are part of a repaicatoo group shouad have a roae of Pareot or Chiad Users groups poaicies aod other coofiguratoo setogs are maoaged ceotraaay oo a pareot device aod are automatcaaay pushed to aaa of its chiad devices A chiad device shouad have ooay ooe pareot dev...

Page 144: ...Replication Setnis Node Name A oame to ideotfy the chiad oode Filterini Mode The mode for which the chiad device is aiceosed This may be Proxy or Passive IP or Hostname The IP or hostoame of the chiad oode A hostoame requires Net pectve to be coofigured to use a vaaid MN server Password The admio accouot password for the chiad oode Public Policy The poaicy that wiaa be used as the Pubaic poaicy oo...

Page 145: ... io difereot oetworks Deletini Replication Nodes To deaete repaicatoo oodes seaect the checkbox oext to each oodee s oame To deaete aaa oodes dispaayed oo the curreot page seaect the checkbox io the upper aef haod portoo of the tabae Caick the Meaete butoo to deaete the seaected oodes If aaa oodes oo a page are seaected the optoo to seaect the oodes oo every page wiaa become avaiaabae Backup Resto...

Page 146: ...ctory Mirectory oo the FTP server you wish to use Exampae pubaic backups Mo oot eoter the quotatoo marks If you aeave this fiead empty aogs wiaa be traosferred to the users defauat directory Backup Setnis Download To dowoaoad a backup of the curreot device setogs caick the Backup etogs icoo oo the tooabar oear the top of the page Wheo your browsere s dowoaoad diaaog appears seaect where you wouad ...

Page 147: ...stem To deactvate aod reactvate your system paease press the power switch oo the Net pectve chassis Afer a shutdowo paease wait 1 mioute before pressiog the power switch Security Io additoo to the buiat io admio maoager you may create other maoagers to deaegate authority of your Net pectve You may create maoager accouots maouaaay or you may use ao LMAP source such as Actve Mirectory to autheotcate...

Page 148: ...oed groups if aaaowed by security optoos 4 Cao move users betweeo maoaged groups but caooot add or remove users or groups 5 Cao authorize a temporary override of the baock page for assigoed groups Mobile Device Manaier 6 Cao edit mobiae pairiogs for assigoed groups Block Paie Override Manaier 1 Cao authorize a temporary override of the baock page for assigoed groups Group Maoagers have additooaa c...

Page 149: ...types iocaude product updates aod abuse detectoo Note The emaia address for LMAP maoagers is queried automatcaaay from the LMAP server Field Notifcation Setnis Email Ao emaia address associated with the maoager You may eoter muatpae emaia addresses separated by commas e e Product Updates If checked the maoager wiaa receive ootficatoo about product updates Abuse Detection If checked the maoager wia...

Page 150: ...curity aevea such as Admioistrator or Baock Page Override Maoager LMAP maoagers who have oot beeo assigoed a specific iodividuaa security aevea wiaa have a security aevea set to the highest of aoy LMAP groups they are a member of For exampae user Tim who is a member of both the aaes aod Net pectve Admios LMAP groups wiaa be ao Admioistrator if the Net pectve Admios LMAP group is set to be Admioist...

Page 151: ...tion If checked the maoager wiaa receive ootficatoo about abuse detectoo Block Paie Overrides If checked the maoager wiaa receive ootficatoo about baock page overrides Security Level You may choose which security aevea a maoager or group of maoagers has Caick the e ecurity Leveae drop dowo to pick Admioistrator Group Maoager or Baock Page Override Maoager For Group aod Baock Page Override maoagers...

Page 152: ...raiok to dowoaoad NetAuditor ave this executabae aod iostaaa it oo a server with sufcieot storage space 6 Ooce the iostaaaatoo of NetAuditor has fioished a wiodow wiaa pop up askiog you how to aiceose the product a If you have beeo aiceosed for Net pectve reportog ooay caick Yes b If you have beeo aiceosed for Net pectve as weaa as reportog oo Firewaaa aogs caick No The wiodow iodicates you wiaa b...

Page 153: ...rom Net pectve aod is processiog them You cao aaso force the creatoo of your Net pectvee process by right caickiog oo Net pectvee uoder ysaog erver aod choosiog Create Mevice If NetAuditor is oot seeiog aogs from Net pectve you may have to disabae Wiodows Firewaaa eosure commuoicatoo is aaaowed io your Firewaaa or that Net pectve is seeiog aoy amouot of trafc to aog Net pectve User Guide 153 ...