Getting Started Guide

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Getting Started Guide"

Transcription

1 Getting Started Guide CensorNet Professional Copyright CensorNet Limited, This document is designed to provide information about the first time configuration and testing of the CensorNet Professional web content filtering software. Every effort has been made to make this document as complete and accurate as possible, but no warranty or fitness is implied. CensorNet Ltd does not accept any liability for poorly designed or malfunctioning networks. 1

2 CONTENTS Getting started... 6 Logging in to the web control panel... 6 Navigation and assistance... 7 Product activation... 8 Common problems... 9 Cloud mode Downloading the URL database (CSRV) Common problems Locale settings Time zone Common problems Language Parent proxy configuration Web browser configuration Securing the network User authentication Transparent Kerberos Configuring Transparent Kerberos authentication Verify that Transparent Kerberos is working Common problems with Transparent Kerberos Transparent NTLM Configuring transparent NTLM authentication Verify that NTLM authentication is working Common problems with NTLM Censornet Active Directory Agent Installing the Censornet Active Directory Agent Configuring the CensorNet Active Directory Agent Verify that user identification is working with the Active Directory Agent

3 Active Directory (Kerberos) Configuring Active Directory (Kerberos) Verify that Active Directory (Kerberos) authentication is working Common problems Windows NT or SAMBA server Configuring Windows NT or SAMBA server authentication Verify that Windows NT or SAMBA server authentication is working NetwareNDS (E-Directory) LDAP server authentication Internal authentication Managing user accounts Managing user passwords No user authentication Global user authentication settings Active Directory integration Synchronising with Active Directory Installing the Censornet Synchronisation Service Configuring the CensorNet Synchronisation Service Verify that the CensorNet Synchronisation Service is working Replicating the Active Directory structure Replicating by Organisational Unit (OU) Replicating by Primary Group Computer identification Configuring the computer identification method MAC Address method Import computers automatically Import computers from CSV Common problems IP Address method

4 Import computers automatically Hostname method Import computers automatically SSL Intercept mode Enabling SSL Intercept mode Installing web browser SSL certificate Bypassing SSL intercept mode Completely bypass SSL web sites Disabling SSL intercept mode Filtering policies Default policy The default policy explained Creating new policies Applying policies to groups of users or Computers Global filtering modules Custom URL module Creating a Custom URL category Adding Custom URLs Custom URL Patterns Administrators Bypassing non-proxy-aware sites / applications Common error messages The upstream proxy did not respond in time Unable to retrieve MAC address of the peer The authenticity of the web site could not be verified Content length exceeded YOUR REQUEST COULD NOT BE PROCESSED AT THIS TIME, THIS IS PROBABLY DUE TO NETWORK CONGESTION Troubleshooting

5 Single-sign-on with Transparent Kerberos prompts me to login Allow or block instant messaging applications Web sites such as youtube no longer stream correctly Web pages do not load correctly missing styles and images Problem authenticating users using Apple OSX Intermittent access to web sites or slow web Sites Citrix notes Summary Technical support

6 GETTING STARTED This document is designed to guide you through the steps needed to set up and configure CensorNet Professional for the first time. It is not meant to be an exhaustive reference to all the features and functionality available this can be found within the product documentation under the HELP menu or in our online KNOWLEDGE BASE. LOGGING IN TO THE WEB CONTROL PANEL The CensorNet product is administered using a Web based graphical user interface, known as the CONTROL PANEL. To access the Control Panel, you will need to use a Web browser on a machine that is on the same network as the CensorNet server. Open the Web browser, and in the address bar type: Where IP.OF.CENSORNET is replaced with the IP address you configured for the CensorNet server, e.g. You will be presented with the CONTROL PANEL LOGIN SCREEN, as shown in the figure below. The default credentials are:- Username admin Password password N.B. Case sensitivity is important 6

7 NAVIGATION AND ASSISTANCE CensorNet has been designed to be easy to use and entirely manageable from a Web browser. Navigating to the various sections of the application is achieved via the drop down menu at the top of the browser window, as shown below:- IF YOU NAVIGATE AWAY FROM A PAGE WITHOUT SAVING THE SETTINGS, THEN THE SETTINGS WILL BE LOST. AT THE BOTTOM OF EVERY PAGE THERE IS A SET OPTIONS BUTTON WHICH CAN BE USED TO SAVE CHANGES. The product manual is integrated into the product and from each page you can click the taken to the relevant page of the manual based on the current page you are viewing. help icon to be Tooltips are also available next to each option and provide a quick way to understand what should be entered in the required text box. Simply roll the mouse pointer over the field name to reveal the tooltip, as shown below:- Additional help can also be found in the HELP menu where you can access the full product manual, visit the KNOWLEDGE BASE or access the LIVE SUPPORT DESK where you can speak to an operator in real time for assistance. See the Technical Support section for more details. 7

8 PRODUCT ACTIVATION It is necessary to activate CensorNet with a valid license in order to start the proxy service and accept connections. You can generate an Activation Key by logging into MY ACCOUNT at and choosing MANAGE ACTIVATION KEYS. To activate the software:- 1. Enter the Activation Code which was you have created at 2. Click ACTIVATE FOR 10 DAYS. Activation can take up to 30 seconds. Once activated, you will see the green dialogue box below, indicating that the 10 day license has been installed successfully. After a few seconds you will see the CensorNet proxy service attempting to start. As there is no local URL database installed, CensorNet will attempt to contact one of the online lookup servers. 8

9 If successful, the Filtering Proxy will change from orange to green and CLOUD MODE will be active. Please see the section on Cloud Mode below. COMMON PROBLEMS If the activation fails, it may be for a number of reasons:- 1. The CensorNet server does not have access to the Internet. Please double check DNS and gateway settings by using the SETUP program. Refer to the Installation Guide for network configuration. 2. You have already used the activation code on a different machine. Once the activation code has been used on a particular machine, you cannot use it again on a different piece of hardware. Contact Technical Support for a new activation code. 9

10 CLOUD MODE During the evaluation period CensorNet will operate in CLOUD MODE. This is a special mode that CensorNet uses when it does not have a locally installed copy of the URL database. When in CLOUD MODE, CensorNet will use DNS to rate URL's on the fly for every web request. For evaluation purposes this is acceptable however in production, it is much better to cache the most frequently visited web sites in a local URL database so that the proxy only needs to connect to the cloud when it encounters a new web site for the first time. It is possible to exit CLOUD MODE during your evaluation period by requesting to download the URL database using the link within the green dialogue box. You will be required to complete a short form with your contact details and then a username/password will be issued to you within 24hrs. The database is approximately 1GB and may take several hours to download depending on the speed of your Internet connection. DOWNLOADING THE URL DATABASE (CSRV) Once you receive your username and password, you will need to configure CensorNet to download the database. To do this:- 1. Go to the FILTERS menu and select URL DATABASE UPDATES. 2. Set the Update Mode to DOWNLOAD ALL UPDATES 3. Select the closest geographical download site from the Source list. 10

11 4. Enter the username and password provided to you. 5. Select an update time for daily updates to occur. It is recommended that these updates happen outside of office hours. 6. Click SET OPTIONS and then click UPDATE NOW. You can verify that the download has started by refreshing the System Overview page. To do this, go to the SYSTEM menu and then select OVERVIEW and scroll down to the URL DATABASE UPDATE SUBSCRIPTION panel, as shown below. Whilst the database is downloading please do not switch off or reboot the CensorNet server. The update status will change to IDLE when successful. COMMON PROBLEMS The message Update failed appears instead of the download status. 1. Check that the CensorNet server has Internet access ensure DNS and gateway settings are correct. Try pinging csrv.censornet.com and if it doesn t reply, look again at the network configuration. 2. Double check the username and password entered and click UPDATE NOW again. 3. Do you have to use a parent / upstream proxy server for web access? If so, you must configure this under System -> Configuration -> Parent Proxy settings before attempting to download the database. Once configured, attempt the download again. 4. If the problem persists, try a different update Source. 5. Contact Technical Support for assistance. The message Download in progress is displayed but there is no % complete. This usually happens when a parent proxy is being used because CensorNet is unable to generate a progress counter. It is working; it just cannot tell you how much has been downloaded. 11

12 LOCALE SETTINGS It is important to configure the locale settings for your CensorNet server. These may have been set during installation however you should verify they are correct and make any changes that you need to now. TIME ZONE Time is very important to CensorNet. Everything relies on accurate time therefore you should verify the date, time and time zone is correct. To do this, go to SYSTEM -> CONFIGURATION -> TIME ZONE. Current Timezone this is the time zone that CensorNet is currently using and is based on the time zone selected during installation. If this is incorrect, select the correct time zone from the drop down list and press Set Options. Current Server Local Time this is the current time and date based on the clock in the CensorNet server. It is important to check that the date and time are correct and that they stay correct. If you need to change the time, alter it here and press Set Date & Time and then monitor it to ensure the clock stays correct. COMMON PROBLEMS The clock keeps drifting on a virtual machine this is common especially on Virtual Machines which do not have the required tools installed to synchronise the virtual clock with the host machine. Please see this Knowledge Base article: The clock drifts on a physical server on some hardware, there is a problem with Linux communicating with the real time clock. Please see this Knowledge Base article: 12

13 LANGUAGE CensorNet supports viewing the Web control panel in different languages. The language can be chosen when you login to the control panel or a default language can be set for all users. To select the default language, go to SYSTEM -> CONFIGURATION -> LANGUAGE. Click SET OPTIONS to set the default language. You will need to logout and log back for the changes to take effect. PARENT PROXY CONFIGURATION If there is an existing proxy server on the network or a proxy server upstream at your ISP, and you are forced to use it, then you should configure the proxy server on CensorNet. To do this, go to SYSTEM -> CONFIGURATION -> PARENT PROXY SETTINGS. 13

14 WEB BROWSER CONFIGURATION NOTE: IF YOU HAVE CONFIGURED CENSORNET IN INLINE MODE IT IS NOT NECESSARY TO CONFIGURE YOUR WEB BROWSER PROXY SETTINGS. PLEASE IGNORE THIS SECTION. In order to use the CensorNet proxy server you need to configure your web browser to use CensorNet. This is a straightforward step which you can do individually on each browser or automatically using Active Directory Group Policy or Web Proxy Auto Discovery (WPAD). For the purposes of this guide, the following steps can be followed to configure Internet Explorer to use CensorNet: Start Internet Explorer Select the TOOLS menu and then INTERNET OPTIONS Click the CONNECTIONS tab and then LAN SETTINGS Tick the box to USE A PROXY SERVER and enter in the CensorNet IP address into the ADDRESS field. Enter port 8080 into the PORT field. Tick the box to BYPASS PROXY SERVER FOR LOCAL ADDRESSES Click the ADVANCED button Enter the IP of CensorNet into the EXCEPTIONS box. Click OK, OK and OK on each dialogue box to return to the browser window. 14

15 SECURING THE NETWORK Please review this Knowledge Base article on securing the network so that users cannot bypass the proxy:- 15

16 USER AUTHENTICATION CensorNet can identify users browsing the web, apply different policies to them and include the usernames in reports. To achieve this, you must configure a method of user authentication for CensorNet to use. The following methods are supported:- Transparent Kerberos for networks with Windows Server 2003 and above with clients running Internet Explorer 7 or above. Transparent Kerberos is a single sign-on authentication method compatible with the latest Windows Server and Windows desktop operating systems (Vista, Windows 7). Compatible with Citrix or Terminal Services environments and SIDEWAYS mode where you do not want users to be prompted to login when they open a Web browser. Transparent NTLM (pre Windows Server 2003) CensorNet creates a trust relationship with the Active Domain controller and transparently authenticates users using the NTLM protocol. This is particularly useful in Citrix or Terminal Services networks and in SIDEWAYS mode where you do not want users to be prompted to login when they open a Web browser. NTLM is only supported by Internet Explorer and Firefox web browsers. This authentication method is not available when operating in Inline mode. CensorNet Active Directory Agent The Agent is a small piece of software that is installed on your Active Directory domain controller(s) that provides user identification between CensorNet and the Active Directory agent. The agent runs as a system service and must be installed on all domain controllers for the domain. The agent is ideal for providing user identification when in INLINE mode, however is not suitable for Citrix or Terminal Services networks. For Citrix or Terminal Services please use Transparent NTLM. For further information about the agent please visit Windows NT or Samba for use with Windows NT or Samba (Linux or Apple). CensorNet will prompt for a username/password to be entered when the web browser is opened. This authentication method is not available when operating in INLINE mode. Netware NDS (edirectory) for use with Novell NDS or edirectory. CensorNet will prompt for a username/password to be entered when the web browser is opened. This authentication method is not available when operating in INLINE mode. LDAP for use with OpenLDAP and similar directories. CensorNet will prompt for a username/password to be entered when the web browser is opened. This authentication method is not available when operating in INLINE mode. Internal Authentication allows you to create a list of usernames and passwords on the CensorNet server which are used to login with when a web browser is opened. Useful if you require user identification but do not have a domain controller. This authentication method is not available when operating in INLINE mode. No User Authentication Do not require users to authenticate to access the Web. 16

17 TRANSPARENT KERBEROS Transparent Kerberos is a single sign-on authentication method compatible with Windows Server 2003 and above. This method supersedes NTLM Authentication and is compatible with the latest Windows desktop operating systems such as Vista and Windows 7. Transparent Kerberos allows users to authenticate with CensorNet without prompting to re-enter network login credentials. In order to use Transparent Kerberos authentication your network needs to meet the following requirements: Windows Server 2003 or above Internet Explorer 7 or above, Firefox 2 or above or Safari on Mac OSX 10.4 or above on all client machines. CONFIGURING TRANSPARENT KERBEROS AUTHENTICATION IMPORTANT: If you have previously configured CensorNet Professional with NTLM Authentication It is important that you remove the CensorNet machine account in Active Directory on all domain controllers before attempting to configure Transparent Kerberos. You can do this from the Windows Server by running the Active Directory Users & Computers manager and then deleting the CensorNet machine account from the Computers folder. The machine account name will be same as the CensorNet servers hostname. To find this, login as root and type hostname to display the hostname. To configure Transparent Kerberos, go to SYSTEM -> CONFIGURATION -> USER AUTHENTICATION and select the Transparent Kerberos radio button. You will need the following information: Server IP Address This is the IP address of your Active Directory server or Primary Domain Controller if there are more than one domain controllers on the network. Server Hostname This is the hostname of your Active Directory server or Primary Domain Controller. This is just the name of the server, not the fully qualified domain name. AD Domain This is the fully qualified Active Directory domain name without the hostname or computer name at the beginning. Domain Admin Username This is the username of a user account on the Active Directory server with administrator privileges (member of DOMAIN\ADMINS). Domain Admin Password This is the password of the admin username specified in Domain Admin Username. The password cannot contain any special characters (e.g. % & $, etc). If your password does contain special characters and you do not wish to change it, create a new user account for CensorNet (e.g. username: censornet) and set its password to something in standard characters. AFTER CREATING THE NEW USER ACCOUNT, RESET ITS PASSWORD AGAIN TO WORK AROUND A KNOWN ISSUE WITH LINUX AND ACTIVE DIRECTORY. The new account is only required to establish the trust relationship and after which can be removed if necessary. 17

18 Click SET OPTIONS to enable Transparent Kerberos authentication. After a few seconds, you should receive a SUCCESS message if CensorNet was able to establish a trust relationship with the Active Directory server (see below). UPDATE WEB BROWSER PROXY SETTINGS Transparent Kerberos requires that the proxy server address is specified with its fully qualified domain name (FQDN) rather than its IP address in the web browser proxy settings. You can find the FQDN by logging into the CensorNet server as root and typing hostname f. You should see an output similar to this: In the above example censornet.ad2008r2.local is the FQDN and this should be configured in your browser proxy server settings see Web Browser Configuration. On a network, this can be updated using a group policy object if you use Internet Explorer. 18

19 Please ensure that the FQDN can be resolved to the IP address of the CensorNet server. You can verify this by typing NSLOOKUP CENSORNET.AD2008R2.LOCAL on a client desktop machine. If it fails to resolve to the CensorNet server IP address, you will need to create a forward facing DNS record (A) on your internal DNS server (usually the primary domain controller). VERIFY THAT TRANSPARENT KERBEROS IS WORKING IMPORTANT After configuring Transparent Kerberos authentication it is important that the network user logs out and logs back into the domain. This will create a new authentication token for the user. This procedure is only required once. You should now verify that CensorNet is correctly authenticating users. Log into the domain with a user account from the Active Directory (the test user ) and open a Web browser that is configured to use CensorNet as a proxy server (see section on Web Browser Configuration and ensure if Internet Explorer that it is using the FQDN described in the note above). Try visiting a web site (e.g. to verify that the test user can access the Internet. The browser should not prompt the test user to login if this happens please see Common Problems below. If the web site loads as expected, you should now verify that CensorNet has correctly identified the test user by going to REPORTS -> WHO S BROWSING within the CensorNet web control panel. This will list the currently active Internet users and the test user should appear here as shown in the example below. Click on the test user, in this case foo to drill-down into the recent web site visits. Here you should see the test sites that you accessed using the web browser, e.g. If this is correct, then you should move on to Active Directory Integration for details on how to replicate your Active Directory structure within CensorNet. If you do not see any user names in the WHO S BROWSING report then please read the section Common Problems below. 19

20 COMMON PROBLEMS WITH TRANSPARENT KERBEROS If the trust relationship fails you will receive a FAILURE message (see below). This can happen for a number of reasons. o The most common cause of this problem (especially when using a Virtual Appliance) is that the clock on the CensorNet server is not in synch with the clock on the Active Directory server. The two clocks must be within 5 MINUTES of each other, otherwise the Kerberos handshake will fail. The time zone should also match on both servers. For information on how to set the clock correctly please visit the Knowledge Base: o If you have previously configured NTLM on this CensorNet server, you should remove the censornet machine account from all the domain controllers on the network. o The administrator password contains special characters, e.g. å, $, _, \%, ^,, etc. Please change the administrator password or create a new user account with administrator privileges that does not use these characters. o If you have created a new administrator account for CensorNet, please ensure you reset its password TWICE to work around a known issue with Linux and Active Directory. o Please ensure that the hostname on CensorNet does not use a reserved word, such as internet. We recommend the CensorNet hostname stays as cnadmin to avoid any conflicts. o Ensure that the hostname of your CensorNet server is not the same as your Windows domain name. The BROWSER HANGS whenever you try and configure Transparent Kerberos authentication. o This can happen if there is a user or machine account with the same name as the CensorNet server in Active Directory. Please delete or rename this account and try again. The trust relationship is SUCCESSFUL but users are prompted to login o Ensure that you have specified the fully qualified domain name (FQDN) in Internet Explorer s proxy server settings (see the Important Note under Verify Transparent Kerberos is working) o Ensure that the FQDN can be resolved from client machines. Type: nslookup <FQDN> in a Command Prompt and ensure it resolves to the CensorNet IP address. If it does not, you will need to add a forward facing A record to your internal DNS server (usually the primary domain controller). o Ensure the user logs out of the domain and logs back in again the first time Transparent Kerberos is configured. The web browser hangs whilst trying to set up the trust relationship. This can happen if there is a user account with the same name as the machine account that is created by the trust relationship. Look for the name of the CensorNet machine record and then delete any user accounts with the same name, then retry creating the trust relationship. TRANSPARENT NTLM NTLM (NT Lan Manager) is a Microsoft authentication protocol that is supported by Internet Explorer and Mozilla Firefox as a means to transparently authenticate client browsers with a server side proxy. NTLM uses the Windows logon network credentials and encodes them within each HTTP request in a 4 way handshake 20

21 with the proxy server. This provides a transparent way of identifying users without requiring them to login every time a browser window is opened. CONFIGURING TRANSPARENT NTLM AUTHENTICATION To configure Transparent NTLM, go to SYSTEM -> CONFIGURATION -> USER AUTHENTICATION and select the Transparent NTLM radio button. You will need the following information: Server IP Address This is the IP address of your Active Directory server or Primary Domain Controller if there are more than one domain controllers on the network. Server Hostname This is the hostname of your Active Directory server or Primary Domain Controller. This is just the name of the server, not the fully qualified domain name. AD Domain This is the fully qualified Active Directory domain name without the hostname or computer name at the beginning. NetBIOS Domain The short domain name, often called the Pre-Windows 2000 or workgroup style name. This is usually the first part of the Active Directory domain name (before the first dot), written in upper case. Domain Admin Username This is the username of a user account on the Active Directory server with administrator privileges (member of DOMAIN\ADMINS). Domain Admin Password This is the password of the admin username specified in Domain Admin Username. The password cannot contain any special characters (e.g. % & $, etc). If your password does contain special characters and you do not wish to change it, create a new user account for CensorNet (e.g. username: censornet) and set its password to something in standard characters. AFTER CREATING THE NEW USER ACCOUNT, RESET ITS PASSWORD AGAIN TO WORK AROUND A KNOWN ISSUE WITH LINUX AND ACTIVE DIRECTORY. The new account is only required to establish the trust relationship and after which can be removed if necessary. 21

22 Click SET OPTIONS to enable Transparent NTLM authentication. After a few seconds, you should receive a SUCCESS message if CensorNet was able to establish a trust relationship with the Active Directory server (see below). VERIFY THAT NTLM AUTHENTICATION IS WORKING You should now verify that CensorNet is correctly authenticating users. Log into the domain with a user account from the Active Directory (the test user ) and open a Web browser that is configured to use CensorNet as a proxy server (see section on Web Browser Configuration). Try visiting a web site (e.g. to verify that the test user can access the Internet. The browser should not prompt the test user to login if this happens please see Common Problems below. If the web site loads as expected, you should now verify that CensorNet has correctly identified the test user by going to REPORTS -> WHO S BROWSING within the CensorNet web control panel. This will list the currently active Internet users and the test user should appear here as shown in the example below. 22

23 Click on the test user, in this case foo to drill-down into the recent web site visits. Here you should see the test sites that you accessed using the web browser, e.g. If this is correct, then you should move on to Active Directory Integration for details on how to replicate your Active Directory structure within CensorNet. If you do not see any user names in the WHO S BROWSING report then please read the section Common Problems below. COMMON PROBLEMS WITH NTLM If the trust relationship fails you will receive a FAILURE message (see below). This can happen for a number of reasons. o o o o The most common cause of this problem (especially when using a Virtual Appliance) is that the clock on the CensorNet server is not in synch with the clock on the Active Directory server. The two clocks must be within 5 MINUTES of each other, otherwise the Kerberos handshake will fail. The time zone should also match on both servers. For information on how to set the clock correctly please see the Knowledge Base: The administrator password contains special characters, e.g. å, $, _, \%, ^,, etc. Please change the administrator password or create a new user account with administrator privileges that does not use these characters. If you have created a new administrator account for CensorNet, please ensure you reset its password TWICE to work around a known issue with Linux and Active Directory. Please ensure that the hostname on CensorNet does not use a reserved word, such as internet. We recommend the CensorNet hostname stays as censornet to avoid any conflicts. 23

24 o Ensure that the hostname of your CensorNet server is not the same as your Windows domain name. If the web browser prompts you to login even though the trust was successful, it is usually due to the following: o o The clock has drifted more than 5 minutes apart from the Active Directory clock. Please see the Common Problems section above for more detail. The web browser is using NTLMv2 rather than NTLMv1. This is the default on Windows Vista and Windows 7 computers. You can roll back the version of NTLM using a group policy registry edit. For further information please see: CENSORNET ACTIVE DIRECTORY AGENT The CensorNet Active Directory Agent is a system service that sends network login credentials to CensorNet for the purposes of identifying users and computers. The software should be installed on Windows 2000, 2003 or 2008 domain controller(s) and will run as a system service with administrator rights. Currently the software supports a single domain. The CensorNet Active Directory agent can provide user identification when CensorNet is running in Inline mode and it can also provide a faster alternative to NTLM. NOTE: THE SERVICE IS NOT DESIGNED TO WORK IN CITRIX / TERMINAL SERVICES ENVIRONMENTS. IN THIS CASE, PLEASE CONFIGURE TRANSPARENT KERBEROS OR TRANSPARENT NTLM AS THE USER AUTHENTICATION OPTION WITHIN CENSORNET. INSTALLING THE CENSORNET ACTIVE DIRECTORY AGENT Please visit for download and installation instructions. Please make a note of the secret key that you set during installation. CONFIGURING THE CENSORNET ACTIVE DIRECTORY AGENT After installing the Active Directory agent on each of your Windows Domain Controllers you will need to configure the secret within the CensorNet server. To do this, go to SYSTEM -> CONFIGURATION -> USER AUTHENTICATION and enter the secret key as shown below. The secret keys must match exactly on both the Agent and the CensorNet server for the authentication to work. 24

25 Press SET OPTIONS to enable the use of the CensorNet Active Directory Agent. VERIFY THAT USER IDENTIFICATION IS WORKING WITH THE ACTIVE DIRECTORY AGENT On the domain controllers, use the Start menu to find and open the CENSORNET AUTHENTICATION SERVICE MONITOR. The status should show as RUNNING, as shown below:- NOTE: THE CENSORNET ACTIVE DIRECTORY AGENT ACTS AS THE PRIMARY AUTHENTICATION METHOD FOR CENSORNET. YOU CAN ALSO CONFIGURE A SECONDARY AUTHENTICATION METHOD USING ANY OF THE OTHER SUPPORTED METHODS (E.G. NTLM, LDAP, ETC). IF THE AGENT FAILS FOR ANY REASON, CENSORNET WILL FALL BACK TO THE SECONDARY METHOD OF AUTHENTICATION. PLEASE SEE THE SECTION CONFIGURING USER AUTHENTICATION FOR THE AVAILABLE SECONDARY METHODS. ACTIVE DIRECTORY (KERBEROS) 25

26 CensorNet supports standard Kerberos authentication with Active Directory. This is useful if you require users from Active Directory to log in with a username and password when they open a web browser. CONFIGURING ACTIVE DIRECTORY (KERBEROS) To configure Active Directory authentication using Kerberos, go to SYSTEM -> CONFIGURATION -> USER AUTHENTICATION and select the Active Directory (Kerberos) radio button. You will need the following information: Server IP Address This is the IP address of the primary Active Directory server on the network. Server Hostname This is the computer name of the primary Active Directory server. This is just the computer name and not the fully qualified domain name. AD Domain The full Active Directory domain name without the computer name or hostname included at the start. Press SET OPTIONS to enable the use of Active Directory (Kerberos) authentication. VERIFY THAT ACTIVE DIRECTORY (KERBEROS) AUTHENTICATION IS WORKING You should now verify that CensorNet is correctly authenticating users. Log into the domain with a user account from the Active Directory (the test user ) and open a Web browser that is configured to use CensorNet as a proxy server (see section Web Browser Configuration). Try visiting a web site (e.g. to verify that the test user can access the Internet. The browser should prompt the test user to login see below and after you enter a valid username and password access to the Web page should be granted. 26

27 If the web site loads as expected, you should now verify that CensorNet has correctly identified the test user by going to REPORTS -> WHO S BROWSING within the CensorNet web control panel. This will list the currently active Internet users and the test user should appear here as shown in the example below. Click on the test user, in this case FOO to drill-down into the recent web site visits. Here you should see the test sites that you accessed using the web browser, e.g. COMMON PROBLEMS After entering the username and password three times you receive a LOGIN FAILED message: 27

28 The most common cause of this problem (especially when using a Virtual Appliance) is that the clock on the CensorNet server is not in synch with the clock on the Active Directory server. The two clocks must be within 5 minutes of each other, otherwise the Kerberos handshake will fail. The time zone should also match on both servers. For information on how to set the clock correctly please see: The user account on the Active Directory server has been set to Change password on next logon. This will cause CensorNet to fail the authentication until the password has been reset. The username or password provided is actually incorrect. WINDOWS NT OR SAMBA SERVER CensorNet supports authentication with Windows NT or Samba servers using the SMB protocol. This should be used in legacy environments where Active Directory is not yet available or Samba does not support NTLM (some Linux and Apple networks). CONFIGURING WINDOWS NT OR SAMBA SERVER AUTHENTICATION To configure Windows NT or Samba Authentication, go to SYSTEM -> CONFIGURATION -> USER AUTHENTICATION and select the Windows NT or Samba Server radio button You will need the following information: PDC Address This is the IP address of the Primary Domain Controller. BDC Address This is the IP of the Backup Domain Controller (optional) Domain Name This is the Windows Domain on your network. Click SET OPTIONS to enable Windows NT or Samba authentication. 28

29 VERIFY THAT WINDOWS NT OR SAMBA SERVER AUTHENTICATION IS WORKING You should now verify that CensorNet is correctly authenticating users. Log into the domain with a user account from the domain (the test user ) and open a Web browser that is configured to use CensorNet as a proxy server (see section Web Browser Configuration). Try visiting a web site (e.g. to verify that the test user can access the Internet. The browser should prompt the test user to login see below and after you enter a valid username and password access to the Web page should be granted. If the web site loads as expected, you should now verify that CensorNet has correctly identified the test user by going to REPORTS -> WHO S BROWSING within the CensorNet web control panel. This will list the currently active Internet users and the test user should appear here as shown in the example below. Click on the test user, in this case FOO to drill-down into the recent web site visits. Here you should see the test sites that you accessed using the web browser, e.g. 29

30 NETWARENDS (E-DIRECTORY) CensorNet supports NDS authentication against a Novell Netware directory server, such as Netware 6.5. To configure Windows NT or Samba Authentication, go to SYSTEM -> CONFIGURATION -> USER AUTHENTICATION and select the Netware NDS (e-directory) radio button You will need the following information: Server IP address the IP address of the main Netware server used to authenticate users on your network. Click SET OPTIONS to enable Netware NDS authentication. LDAP SERVER AUTHENTICATION The LDAP Server Authentication method enables the use of a vanilla (non-active Directory) LDAP server, such as Open LDAP, as a source for user authentication. To configure Windows NT or Samba Authentication, go to SYSTEM -> CONFIGURATION -> USER AUTHENTICATION and select the LDAP Server Authentication radio button 30

31 You will need the following information: Server IP address - The address of the server running the LDAP service. Server Port number - The port that the LDAP server is listening on. The default is port 389 Base DN - This is the root of the directory tree. For example dc=ldap, dc=example, dc=com. You should enter the correct values for your LDAP server. Queries from the CensorNet server to your LDAP server will start from here. Bind DN - This is an entity authorised to query the LDAP tree. All queries from CensorNet to the LDAP server will use this entity. NOTE: Ensure the BINDDN entity has suitable rights on the LDAP server. Bind DN Password - The password associated with the Bind DN entity. Login Attribute - This attribute within the LDAP tree specifies the username. Most Unix installations use the uid attribute, though it is possible to configure an alternate one. Consequently, CensorNet permits a choice of which attribute is to be used to define the users. NOTE: This attribute must be correct in order for CensorNet to retrieve users from the tree. Object Class Filter - In most installations, this field can safely be left blank. It is provided for those users who have a more complex LDAP configuration. INTERNAL AUTHENTICATION Internal Authentication allows CensorNet to store a list of usernames and passwords to authenticate users when they attempt to browse the web. This is useful for environments where there is no central domain controller or other suitable user authentication source. When in Internal Authentication mode, CensorNet also provides a portal for users themselves to manage their own passwords. To configure Internal Authentication, go to SYSTEM -> CONFIGURATION -> USER AUTHENTICATION and select the Internal Authentication radio button. Click SET OPTIONS to enable Internal Authentication. 31

32 With Internal Authentication enabled, users will be prompted to login when they open a web browser, as shown in the following screenshot. MANAGING USER ACCOUNTS You must create user accounts on the CensorNet server for each of the users that require access to the Internet. To create a new user account, go to OBJECTS -> USERS -> NEW USER. You will be prompted for the following information: 32

33 Username this is a unique username for the account. Group this is the group that the new user account will belong to. If there are no groups defined, you will be asked to create one. Password this is the password for the new account. Confirm Password this is the password for the new account. Click ADD USER to create the new user account. You should then test that you can access the Web by entering the new username and password when prompted. To change the password or delete the user, go to OBJECTS -> USERS -> MANAGE USERS and find the username in the list of accounts, e.g. To delete the account, click the tick box and click COMMIT CHANGES. To move the account, select the new group from the groups drop down list and then click COMMIT CHANGES. To change the password, click the CHANGE PASSWORD button and enter a new password. MANAGING USER PASSWORDS CensorNet includes a self-service password management page, which makes managing passwords easier. To access the password page, point a web browser at: Where X.X.X.X is the IP address or hostname of the CensorNet server. 33

34 The password page will be displayed: This page can be used by a user to reset their own password without needing to contact the network administrator. Furthermore, only users that have an existing account that know their own password can use this page. NO USER AUTHENTICATION It is possible to configure CensorNet without any user authentication or identification at all. In this mode, filtering policies will be applied based on the computer information. The reports will not contain any user details. To enable this mode, go to System -> CONFIGURATION -> USER AUTHENTICATION and click the No User Authentication radio button and then click SET OPTIONS. GLOBAL USER AUTHENTICATION SETTINGS CensorNet has two global authentication settings which are enabled by default: 34

35 Multiple Login Detection selecting this option prevents the same username from being used to browse the Internet from more than one computer at once. There is a 5 minute timeout, so after finishing a browsing session on one computer users must wait 5 minutes before browsing from another computer. Anonymous Browsing on Inline Intercepted Connections applies to Inline mode only. Selecting this option allows anonymous browsing which effectively disables all the authentication options except for the CensorNet Active Directory Agent. For further information please refer to this Knowledge Base article: 35

36 ACTIVE DIRECTORY INTEGRATION CensorNet is compatible with Active Directory running on: Windows 2000 Server Windows 2003, 2003r2 Server Windows 2008, 2008r2 (64-bit) Server It is possible to synchronise or replicate your Active Directory structure with CensorNet. Synchronise (Windows Server 2003 and above) this requires the CensorNet Synchronisation Service to be installed on your domain controller and the structure of your Active Directory will be automatically imported and then kept synchronised on CensorNet. If you create, delete or move user accounts on your Active Directory, CensorNet will automatically update with the changes. Replicate this does not require any software installing on the domain controller. Replication is a manual process of importing the Active Directory structure into CensorNet. Each time a change is made to the Active Directory, you should replicate the structure within CensorNet again. SYNCHRONISING WITH ACTIVE DIRECTORY The CensorNet Synchronisation Service is a system service that runs on Windows Server 2003 and above. The purpose of the service is to synchronise the Active Directory structure with the CensorNet server, specified during installation. With the service running, you do not need to manually update CensorNet with changes to the Active Directory (users, groups, etc). The service can synchronise based on Organisational Unit (OU) or Primary Group. INSTALLING THE CENSORNET SYNCHRONISATION SERVICE Please visit for download and installation instructions. CONFIGURING THE CENSORNET SYNCHRONISATION SERVICE After installing the CensorNet Synchronisation Service on your domain controller you will need to configure a shared secret key on the CensorNet server. To do this, go to OBJECTS -> SYNCHRONISE -> WITH ACTIVE DIRECTORY and enter a secret key as shown below. The secret keys must match exactly on both the Synchronisation Service and the CensorNet server for the synchronisation to work. Press SET OPTIONS to enable the use of the CensorNet Synchronisation Service. 36

37 On the domain controller, go to START -> ALL PROGRAMS -> CENSORNET SYNCHRONISATION MONITOR to configure the service. Enter the IP address of the CensorNet server, the shared secret key (exactly as you set it on the CensorNet server), select the domain to synchronise and the method to group users by. Then press START SERVICE. If the service fails to start, check the IP address and shared secret are correct and try again. VERIFY THAT THE CENSORNET SYNCHRONISATION SERVICE IS WORKING After a few seconds, the service will synchronise CensorNet with Active Directory. Please check the user manager under OBJECTS -> USERS -> MANAGE GROUPS to verify that the Active Directory structure has been synchronised. Any changes that are made to the Active Directory server will be visible within CensorNet a few seconds later. You are now ready to apply filtering policies to the group or make changes to the group name and/or its members if required. REPLICATING THE ACTIVE DIRECTORY STRUCTURE It is possible to replicate your Active Directory structure within CensorNet. This makes it easy to apply policies to your existing groups. If you change the structure, move users between groups or add new users to groups, you should re synchronise with CensorNet. For automatic synchronization please see Synchronising with Active Directory. You should configure an appropriate User Authentication method before attempting to import user and group information from Active Directory. 37

38 You can replicate your Active Directory structure based on OU or Primary Group. Most Active Directories use OU containers so this is the most common method. REPLICATING BY ORGANISATIONAL UNIT (OU) Go to OBJECTS -> IMPORT -> USERS FROM ACTIVE DIRECTORY BY OU. You will be prompted to enter the following details: Server Address this is the IP address of the primary Active Directory server on your network. Active Directory Domain this is the full Active Directory domain for the network excluding the hostname or server name of the Active Directory. Admin Username this is a username that has administrator rights on the Active Directory server. Admin Password this is the password for the username specified in Admin Username. Press SYNCHRONISE USER LIST to start the replication. 38

39 If the credentials have been entered correctly, CensorNet will display a list of OU groups and users within those groups. Review the list and ensure they are correct and then press CREATE/MOVE USERS AS ABOVE. If the list is empty, try using the Import by Primary Group method instead. You will be prompted to confirm this action, which will create new groups and users as per the structure shown above. The replication may take several seconds depending on the size and complexity of your Active Directory server. You will receive a confirmation message, like the one below, once the replication has completed. 39

40 Click CONTINUE to view the newly imported groups and users. You are now ready to apply filtering policies to the group or make changes to the group name and/or its members if required. REPLICATING BY PRIMARY GROUP Go to OBJECTS -> IMPORT -> USERS FROM ACTIVE DIRECTORY BY PRIMARY GROUP. You will be prompted to enter the following details: Server Address this is the IP address of the primary Active Directory server on your network. Active Directory Domain this is the full Active Directory domain for the network excluding the hostname or server name of the Active Directory. Admin Username this is a username that has administrator rights on the Active Directory server. Admin Password this is the password for the username specified in Admin Username. Press SYNCHRONISE USER LIST to start the replication. 40

41 If the credentials have been entered correctly, CensorNet will display a list of Primary Groups and users within those groups. Review the list and ensure they are correct and then press CREATE/MOVE USERS AS ABOVE. If the list is empty, try using the Import by OU method instead. You will be prompted to confirm this action, which will create new groups and users as per the structure shown above. The replication may take several seconds depending on the size and complexity of your Active Directory server. You will receive a confirmation message, like the one below, once the replication has completed. 41

42 Click CONTINUE to view the newly imported groups and users. You are now ready to apply filtering policies to the group or make changes to the group name and/or its members if required. 42

43 COMPUTER IDENTIFICATION CensorNet is capable of logging and filtering based on the computer credentials as well as the user credentials. A computer can be identified in a number of ways and it is worthwhile deciding on the best method to use up front, as changing the mode later will require you to import the computers again. CensorNet can identify computers in three ways:- Method When to use MAC Address (default) On a LAN when using DHCP IP Address On a WAN or with multiple subnets Hostname On a LAN/WAN with DNS to resolve computers to hostname The COMPUTER IDENTIFICATION methods are described in detail in this section. CONFIGURING THE COMPUTER IDENTIFICATION METHOD To set the Computer Identification method, go to SYSTEM -> CONFIGURATION -> COMPUTER IDENTIFICATION. Press SET OPTIONS to enable the specified Identification Method. NOTE: CHANGING THE COMPUTER IDENTIFICATION MODE WILL REMOVE ANY EXISTING COMPUTER OBJECTS FROM CENSORNET 43

44 MAC ADDRESS METHOD By default, CensorNet is configured to identify computers by their MAC address. In order for computer details to appear in the reports and to apply filtering rules specifically to computers, you must tell CensorNet about the computers on your network. There are two ways you can do this. The first is an automatic PROBE LAN which will scan the entire subnet and attempt to auto-detect any computers that are connected to the network and add their MAC address and hostname. The second way is to import the computer information from a compatible file, such as CSV. IMPORT COMPUTERS AUTOMATICALLY You must have at least one computer group defined. To create a new group, go to OBJECTS -> COMPUTERS -> NEW GROUP. Group Name this should be a plain text name for the group, e.g. Computers. Require User Authentication Select Yes to force authentication when accessing the Internet from computers in this group (if you have enabled User Authentication, see section User Authentication). Select No if you do not require authentication for this group of computers, for example, if it is a suite of guest computers or public access computers. Click ADD GROUP to create the new computer group. To probe the network for computer information, go to OBJECTS -> IMPORT -> COMPUTERS FROM LAN. Scan on interface select the network Interface to use for scanning the network. If your CensorNet server has more than one NIC then you can select which one to use for the probe. Import into group select the group to import computer information into. All automatically discovered computers will appear in this group. Later, you can move the computers into different groups if you require different filtering rules for different groups of machines. Click RUN PROBE to start the automatic detection. The progress bar will be shown on the screen: 44

45 NOTE: IF YOUR SUBNET IS PARTICULARLY LARGE, THE PROBE MAY TAKE A WHILE TO RUN AND MAY CAUSE AN UNEXPECTED PEAK IN NETWORK TRAFFIC. After the probe has completed you will be able to view the computers that have been detected. Go to OBJECTS ->COMPUTERS -> MANAGE COMPUTER page to make changes to the hostnames, MAC address information and group membership for the imported computers. IMPORT COMPUTERS FROM CSV CensorNet supports a number of CSV formats for importing computer information. HOSTNAME,MAC ADDRESS this is a simple CSV format containing the hostname and MAC address separated by a comma, one per line, without any header. E.g. samurai,00:0c:29:7f:5f:6f sword,00:02:e3:0a:8f:72 ANGRYIP AngryIP is a free network scanner that can probe the network for connected devices and export the contents to CSV. This CSV file can be imported directly into CensorNet. CSVDE CSVDE is a tool provided by Microsoft to export user and computer information from Active Directory. The exported file can be imported directly into CensorNet. COMMON PROBLEMS The Probe LAN option does not detect all of the computers on the network this can happen for a number of reasons: 45

46 o Ensure that all the computers are powered on and connected to the network and re-run the probe. o If the computers do not respond to NetBIOS requests then the Probe cannot detect them. You will need to enter the hostname and MAC address manually or import them from CSV (see Import Computers from CSV). o If the computers have a secure firewall running this may block the NetBIOS requests. The Probe LAN takes too long If your subnet is larger than then we recommend that you import computer information via CSV. IP ADDRESS METHOD IP address mode can be used if you have a network topology consisting of multiple routers, VLANs, VPNs or you identify computers based on static IP addresses rather than DHCP. In order for computer information to appear in the reports you must import all or part of the subnet into CensorNet. IMPORT COMPUTERS AUTOMATICALLY To automatically import computer information, go to OBJECTS -> IMPORT -> COMPUTERS FROM LAN. You can import by IP address range or by subnet. This allows you to import different ranges into different groups if required. Optionally, CensorNet can attempt to resolve the IP address to a hostname using NetBIOS. If this is selected, the import will take slightly longer. PLEASE NOTE: IF YOU TICK TO USE NETBIOS AND THE IP ADDRESS CANNOT BE RESOLVED IT WILL NOT BE ADDED TO CENSORNET. 46

47 Go to OBJECTS ->COMPUTERS -> MANAGE COMPUTER page to make changes to the hostnames, IP address information and group membership for the imported computers. HOSTNAME METHOD The Hostname method should be used on networks with single or multiple subnets where the internal DNS servers are configured to return a hostname for each IP address on the network. If the IP address does not resolve to a hostname, CensorNet will deny access to the Internet from this computer as a security measure. In order for computer information to appear in the reports you must import all or part of the subnet into CensorNet. IMPORT COMPUTERS AUTOMATICALLY To automatically import computer information, go to OBJECTS -> IMPORT -> COMPUTERS FROM LAN. You can import by IP address range or by subnet. This allows you to import different ranges into different groups if required. CensorNet will attempt to resolve all IP addresses to a hostname. 47

48 NOTE: IF CENSORNET CANNOT RESOLVE THE IP ADDRESS TO A HOSTNAME IT WILL NOT IMPORT IT AND THE COMPUTER MAY BE DENIED ACCESS TO THE INTERNET UNTIL THERE IS A VALID PTR RECORD, OR YOU MANUALLY ADD THE INFORMATION TO CENSORNET 48

49 SSL INTERCEPT MODE CensorNet has the ability to intercept, decrypt and filter secure SSL web sites. This option is off by default when CensorNet is configured in SIDEWAYS mode and on by default when CensorNet is configured in INLINE mode. SSL sites can harbour web based threats such as anonymous proxy servers and malware. They are also used legitimately to transfer confidential and secure information. You should decide whether you wish to allow SSL completely with no filtering (bypass), block it completely, or allow CensorNet to intercept and filter it regardless of the type of content on the site. ENABLING SSL INTERCEPT MODE To enable SSL Intercept mode, go to SYSTEM -> CONFIGURATION -> SSL INTERCEPT MODE. Select Enabled and press SET OPTIONS. INSTALLING WEB BROWSER SSL CERTIFICATE The act of SSL interception replaces the requested Web server certificate with a certificate signed by the CensorNet server. This causes a browser warning to appear when viewing SSL web sites. It is necessary for you to install the CensorNet root certificate authority (CA) into each of the browsers on your network to avoid the browser warning from appearing. This can be achieved in one of two ways: Using an Active Directory group policy update to install the certificate (see Knowledge Base article) Manual installation Please refer to the guide SSL Certificate Installation for detailed information and installation instructions. BYPASSING SSL INTERCEPT MODE If you do not want to filter any SSL web sites you can configure CensorNet to completely ignore any SSL enabled web requests (e.g. This is a global setting and will apply to all users and computers. It is also possible to allow or deny SSL sites on a per policy basis, please see the section on Policies. 49

50 COMPLETELY BYPASS SSL WEB SITES First of all, you should disable the SSL Intercept Mode. Go to SYSTEM -> CONFIGURATION -> SSL INTERCEPT MODE, select Disabled and press SET OPTIONS. Next, you need to create a Bypass rule to ignore SSL sites. GO TO FILTERS -> FILTER BYPASS MODULE -> BYPASS CATEGORIES. WARNING: This will allow all HTTPS/SSL enabled web sites regardless of their content which may be legitimate or harmful. Create a new category called SSL Bypass and click ADD. Click on the category name from the EXISTING CATEGORIES list. Add the pattern: :443 to the new category (without the quotes) and press ADD URL, as shown below: DISABLING SSL INTERCEPT MODE Disabling SSL mode will prevent CensorNet from intercepting and filtering SSL enabled web sites. As a result, by default, CensorNet will block all SSL web sites unless you specifically allow access to them in a filtering policy. To disable SSL Intercept, go to SYSTEM -> CONFIGURATION -> SSL INTERCEPT MODE, select Disabled and press SET OPTIONS. 50

51 NOTE: If you disable SSL Intercept Mode, SSL web sites will be blocked by default unless you bypass filtering for SSL or add explicit URL s to allow in the Custom URL module. 51

52 FILTERING POLICIES CensorNet provides a powerful and granular way of filtering Web content in the form of policies. Policies are sets of rules which instruct the filtering modules to act in a certain way (ALLOW / IGNORE / BLOCK) and these policies can be applied to user groups or computer groups. The filtering modules are plug-in components that provide a specific type of filtering, e.g. URL matching, image filtering, real time classification, streaming content, etc. By building a policy, you can control what can be accessed online, by whom and at what time. Policies can operate in one of five modes. The modes decide the base functionality of the policy and, depending on the mode, can be further customised by the administrator. The five filtering modes are: OPEN An open mode policy provides unfiltered, but logged, access to the Web. CLOSED The closed mode policy prevents access to the Web. RESTRICTED The restricted mode policy creates a walled garden and only allows access to a specified list of Web sites or web site categories. FILTERED The filtered mode policy allows you to specify granular filtering rules for each of the filter modules. ADVISORY This is the same as the filtered mode but any web site that is blocked can be overridden by the user. This is a coaching mode. A policy can be applied to more than one group of users or computers, but only one policy can be active at any one time for any particular group. Combinations of policies can be scheduled to activate and deactivate at certain times during the week for a specified group. DEFAULT POLICY At least one policy must exist on the CensorNet server. CensorNet comes pre-configured with a default policy. This policy operates in the filtered mode and contains common rules, which you should use as a basis to customise to meet your exact requirements as an organisation. The default policy is meant to be an example from which you can build rules to match your requirements. The default policy is applied to any user or computer that does not already have a policy assigned to their group or to an unknown user or computer trying to use CensorNet. It is a useful catch all policy that will provide the minimum level of filtering on the network. THE DEFAULT POLICY EXPLAINED The default policy is a good starting point to familiarise yourself with how filtering policies work within CensorNet. Go to POLICIES -> MANAGE POLICIES and click on the Default Policy entry. After a few moments, the rules will load and you will be able to make changes to the policy if you require. Under the Policy Details section there are several import configuration options for the policy, as described below. 52

53 Name this is a plain text name for the policy. It is useful to give meaningful names to the policies as it makes administering them easier. Description this is a plain text description of the policy, which is useful to tell other administrators the purpose of the policy. Colour Label this is the colour that will identify the policy when you create a policy schedule. Mode this defines the filtering mode that this policy will use (please see Policies section for a description of the five modes). If rules conflict Web sites can be classified into more than one category by the filtering modules. If a module has conflicting block and allow rules, then CensorNet will use this option to resolve the conflict. The choices are Block rules override allow rules or Allow rules override block rules. Dynamic sites Web sites categorised as having highly dynamic content (e.g. Google, Wikipedia) may contain unsuitable content even though they are in a legitimate category (e.g. Search Engines, Reference). Forcing the real-time analysis will attempt to block adult, obscene or explicit pages that may exist within the dynamic site even though the category they are in has been set to allow. The choices are Force real-time content analysis or URL database categories override real-time content analysis. The latter will disable any real-time analysis of dynamic web sites and allow or deny the web site based upon the rules configured in the Content Classifier module, which is explained below. Time Quota a policy can contain a Time Quota for categories of web site that you choose. Every time you access a web site that is in a category which is part of the time quota, the time will be reduced. When the time quota has reached zero, access to the web sites in those categories will be blocked until the next day. The quotas are reset at midnight. NOTE: The Time Quota feature only works if User Authentication is enabled. For more information on Time Quotas please see: The Filter modules section provides a way to set the rules for each of the filter modules that are available to the Filtered Mode policy. With the exception of the Active Image Control, the modules use categories which can be set to trigger ALLOW, DENY or IGNORE. The categories may contain lists of URL s or represent a single entity, such as a file extension. 53

54 The three triggers, ALLOW, DENY and IGNORE are used to instruct CensorNet what to do if it encounters a match with the category configured in the filtering module. Allow allow the request. Processing of the policy stops as soon as a match is triggered. Block block the request. Processing of the policy stops as soon as a match is triggered. Ignore pass the request to the next filter module and continue running the policy. Within a policy there are five modules which can be configured:- Custom URL The Custom URL module allows you to maintain categories of web site yourself, which override or compliment those provided in the URL database. The Custom URL module uses patterns to match URL s so you can also use it to block keywords in the URL or to match multiple addresses with a wildcard. Categories that are set to allow can also be placed into a Time Quota. For more information on Custom URL patterns please see Content Classifier The Content Classifier allows you to specify which categories from the URL database should be matched as part of the policy and what action should be taken. There are over 70 categories, in multiple languages, which contain over 65,000,000 individual web sites. Categories that are set to allow can also be placed into a Time Quota. File Extension Filter The File Extension Filter contains a list of file extensions which you can control using the policy. MIME Type Filter The MIME Type Filter contains a list of MIME types which you can control using the policy. Setting a MIME type to allow will also allow it to stream properly through CensorNet without being cached first. Active Image Control The Active Image Control uses image recognition techniques to attempt to block explicit images from being displayed in the web browser. Upload Filter The upload filter inspects any HTTP POST requests for specific file types being uploaded When a policy is processed, the modules are executed in order from top to bottom as they appear under the Filter Modules section. This means, for example, that if a rule is matched in the Custom URL module to block the request, it will not reach any of the other modules for processing. For further information on policy parsing please see this Knowledge Base article: Any changes that you make to the policy must be confirmed by pressing the UPDATE POLICY button at the bottom of the page. CREATING NEW POLICIES To create a new policy, go to POLICIES -> NEW POLICY. Alternatively, you can clone an existing policy. Go to POLICIES -> MANAGE POLICIES and click on the policy to clone. Select a new COLOUR LABEL for the new policy otherwise it will be the same as the existing one, which 54

55 could cause confusion when setting up schedules, and then scroll to the bottom of the page and click the CLONE POLICY button. You will be prompted to provide a name for the new policy. Enter the new name and press enter or click OK. The policy will be cloned and the new policy will appear in the Manage Policies list. After creating a new policy you need to apply the policy to a group of users or computers. APPLYING POLICIES TO GROUPS OF USERS OR COMPUTERS Policies must be applied to groups in order for them to be active, with the exception of the Default Policy which is active for any group that does not have a policy assigned to it. Assigning policies in CensorNet is straight forward. After creating your policy, decide whether you wish to apply it to a group of users or a group of computers. The method is the same for both; however you should note that computer policies override user policies. To apply a policy, go to OBJECTS -> USERS (OR COMPUTERS) -> MANAGE GROUP. Click the SCHEDULE POLICY button for the group that you wish to apply a policy to. This will load the SCHEDULE EDITOR. 55

56 The schedule editor allows you to specify when policies will be active for the chosen group. Each small square represents a 5 MINUTE TIME PERIOD. Along the bottom of the editor is a legend which shows the policy names and their associated colours. From the POLICY PAINT BRUSH drop down box, you can select the policy to apply. You can then apply the policy in a number of ways: Draw when the policy will be active using the mouse. Hover over a time period, press and hold the left mouse button, and drag the policy until it reaches the end time. The policy will be active between each start and end point on the editor. You can increase the number of time blocks each mouse press will add by using the second drop down list the default is 5 MINUTE BLOCKS. Clone a schedule you have drawn for a specific day by clicking the radio button to the right of the day and click Clone. This will replicate the day s schedule on all other days. To apply the policy all day every day, select the policy to apply and click the Fill All button. The policy will be active 24x7 for that group. To apply the policy to a specific day of the week, click the radio button to the right of the day and click Fill Selected. You must click UPDATE SCHEDULE for the changes to take effect. GLOBAL FILTERING MODULES There are three global modules that apply to all policies, which are found under the Filters menu: 56

57 Safe Search enforces Google, Yahoo! and Bing image safe search on regardless of whether the user tries to disable it in their web browser. On-demand Anti-Virus (optional extra) powered by AVG, the anti-virus module scans web pages in real time for threats such as viruses, Trojans, spyware, etc. Filter Bypass a list of trusted sites that you do not ever want to filter with CensorNet. Sites in the bypass list are not logged and are not authenticated in any way. This list should be kept to a minimum. 57

58 CUSTOM URL MODULE The Custom URL module allows you to maintain your own categories of URLs for use within filtering policies. You can create an unlimited number of categories and they can contain an unlimited number of URL s. The Custom URL module is generally used to override the categories provided in the URL database or to control access to specific URLs from within a filtering policy. CREATING A CUSTOM URL CATEGORY Go to FILTERS -> CUSTOM URL MODULE -> CATEGORIES. Enter the name of the new category and press ADD. The category will appear in the EXISTING CATEGORIES list where you can click on it to start adding URLs. ADDING CUSTOM URLS Go to FILTERS -> CUSTOM URL MODULE -> URL MANAGER or click on a category name from the EXISTING CATEGORIES list. NOTE: CUSTOM URLS IN CENSORNET DO NOT USE THE OR PREFIX Add the new URL pattern and select a category to add the URL to and then click ADD URL. At this point, the category containing the URL is just a container for the URL and does not block or allow it. To decide how the category and its URLs will be handled, the category must be activated within a filtering policy. Go to POLICIES -> MANAGE POLICIES and select a policy to use the new URL category with, e.g. default policy. Scroll down to the CUSTOM URL MODULE and the new category will be displayed in the list. 58

59 By default the URL category is set to IGNORE. To block the URLs in the custom category change the trigger to BLOCK or to allow the URLs change the trigger to ALLOW. If you allow a category in the Custom URL module then all URLs within the category will be allowed and no further filtering will take place. Scroll to the bottom of the policy page and click UPDATE POLICY to save the changes. CUSTOM URL PATTERNS For more information on Custom URL patterns please see this Knowledge Base article: 59

60 ADMINISTRATORS It is possible to define multiple administrator users that can login and administer the CensorNet system. The administrator users can have different roles and be restricted to only accessing certain parts of the system. To create a new administrator, go to OBJECTS -> ADMINISTRATORS -> NEW ADMINISTRATOR. You will be required to enter: Username a username for the new administrator. Password a password for the new administrator. Confirm confirmation of the password for the new administrator. Rights select the rights that this administrator should have over the system. At least one right should be applied to the new administrator. 60

Virtual Appliance for VMware Server. Getting Started Guide. Revision 2.0.2. Warning and Disclaimer

Virtual Appliance for VMware Server. Getting Started Guide. Revision 2.0.2. Warning and Disclaimer Virtual Appliance for VMware Server Getting Started Guide Revision 2.0.2 Warning and Disclaimer This document is designed to provide information about the configuration and installation of the CensorNet

More information

User Guide. Cloud Gateway Software Device

User Guide. Cloud Gateway Software Device User Guide Cloud Gateway Software Device This document is designed to provide information about the first time configuration and administrator use of the Cloud Gateway (web filtering device software).

More information

PineApp Surf-SeCure Quick

PineApp Surf-SeCure Quick PineApp Surf-SeCure Quick Installation Guide September 2010 WEB BASED INSTALLATION SURF-SECURE AS PROXY 1. Once logged in, set the appliance s clock: a. Click on the Edit link under Time-Zone section.

More information

Click Studios. Passwordstate. Installation Instructions

Click Studios. Passwordstate. Installation Instructions Passwordstate Installation Instructions This document and the information controlled therein is the property of Click Studios. It must not be reproduced in whole/part, or otherwise disclosed, without prior

More information

Configuring Sponsor Authentication

Configuring Sponsor Authentication CHAPTER 4 Sponsors are the people who use Cisco NAC Guest Server to create guest accounts. Sponsor authentication authenticates sponsor users to the Sponsor interface of the Guest Server. There are five

More information

800-782-3762 www.stbernard.com. Active Directory 2008 Implementation. Version 6.410

800-782-3762 www.stbernard.com. Active Directory 2008 Implementation. Version 6.410 800-782-3762 www.stbernard.com Active Directory 2008 Implementation Version 6.410 Contents 1 INTRODUCTION...2 1.1 Scope... 2 1.2 Definition of Terms... 2 2 SERVER CONFIGURATION...3 2.1 Supported Deployment

More information

Configuring your email client to connect to your Exchange mailbox

Configuring your email client to connect to your Exchange mailbox Configuring your email client to connect to your Exchange mailbox Contents Use Outlook Web Access (OWA) to access your Exchange mailbox... 2 Use Outlook 2003 to connect to your Exchange mailbox... 3 Add

More information

Quick Start Guide for VMware and Windows 7

Quick Start Guide for VMware and Windows 7 PROPALMS VDI Version 2.1 Quick Start Guide for VMware and Windows 7 Rev. 1.1 Published: JULY-2011 1999-2011 Propalms Ltd. All rights reserved. The information contained in this document represents the

More information

Installing and Configuring vcloud Connector

Installing and Configuring vcloud Connector Installing and Configuring vcloud Connector vcloud Connector 2.7.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new

More information

NETASQ SSO Agent Installation and deployment

NETASQ SSO Agent Installation and deployment NETASQ SSO Agent Installation and deployment Document version: 1.3 Reference: naentno_sso_agent Page 1 / 20 Copyright NETASQ 2013 General information 3 Principle 3 Requirements 3 Active Directory user

More information

Quick Start Guide for Parallels Virtuozzo

Quick Start Guide for Parallels Virtuozzo PROPALMS VDI Version 2.1 Quick Start Guide for Parallels Virtuozzo Rev. 1.1 Published: JULY-2011 1999-2011 Propalms Ltd. All rights reserved. The information contained in this document represents the current

More information

Using Logon Agent for Transparent User Identification

Using Logon Agent for Transparent User Identification Using Logon Agent for Transparent User Identification Websense Logon Agent (also called Authentication Server) identifies users in real time, as they log on to domains. Logon Agent works with the Websense

More information

How to Configure Captive Portal

How to Configure Captive Portal How to Configure Captive Portal Captive portal is one of the user identification methods available on the Palo Alto Networks firewall. Unknown users sending HTTP or HTTPS 1 traffic will be authenticated,

More information

Configuration Guide. BES12 Cloud

Configuration Guide. BES12 Cloud Configuration Guide BES12 Cloud Published: 2016-04-08 SWD-20160408113328879 Contents About this guide... 6 Getting started... 7 Configuring BES12 for the first time...7 Administrator permissions you need

More information

NetSpective Global Proxy Configuration Guide

NetSpective Global Proxy Configuration Guide NetSpective Global Proxy Configuration Guide Table of Contents NetSpective Global Proxy Deployment... 3 Configuring NetSpective for Global Proxy... 5 Restrict Admin Access... 5 Networking... 6 Apply a

More information

Click Studios. Passwordstate. Installation Instructions

Click Studios. Passwordstate. Installation Instructions Passwordstate Installation Instructions This document and the information controlled therein is the property of Click Studios. It must not be reproduced in whole/part, or otherwise disclosed, without prior

More information

User Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream

User Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream User Manual Onsight Management Suite Version 5.1 Another Innovation by Librestream Doc #: 400075-06 May 2012 Information in this document is subject to change without notice. Reproduction in any manner

More information

BaseManager & BACnet Manager VM Server Configuration Guide

BaseManager & BACnet Manager VM Server Configuration Guide BaseManager & BACnet Manager VM Server Configuration Guide For Self-Hosted BaseManager & BACnet Manager Servers Deployed as Virtual Machines August 27, 2015 Customer Service 1-866-294-5847 i Baseline Inc.

More information

Professional Mailbox Email Software Setup Guide

Professional Mailbox Email Software Setup Guide Professional Mailbox Email Software Setup Guide Table of contents Download and Install Microsoft Outlook 2010 or 2011... 2 Enabling access from email software... 4 Setting up Outlook 2010... 6 Before you

More information

Configuration Manual English version

Configuration Manual English version Configuration Manual English version Frama F-Link Configuration Manual (EN) All rights reserved. Frama Group. The right to make changes in this Installation Guide is reserved. Frama Ltd also reserves the

More information

SchoolBooking SSO Integration Guide

SchoolBooking SSO Integration Guide SchoolBooking SSO Integration Guide Before you start This guide has been written to help you configure SchoolBooking to operate with SSO (Single Sign on) Please treat this document as a reference guide,

More information

F-Secure Messaging Security Gateway. Deployment Guide

F-Secure Messaging Security Gateway. Deployment Guide F-Secure Messaging Security Gateway Deployment Guide TOC F-Secure Messaging Security Gateway Contents Chapter 1: Deploying F-Secure Messaging Security Gateway...3 1.1 The typical product deployment model...4

More information

www.stbernard.com Active Directory 2008 Implementation Guide Version 6.3

www.stbernard.com Active Directory 2008 Implementation Guide Version 6.3 800 782 3762 www.stbernard.com Active Directory 2008 Implementation Guide Version 6.3 Contents 1 INTRODUCTION... 2 1.1 Scope... 2 1.2 Definition of Terms... 2 2 SERVER CONFIGURATION... 3 2.1 Supported

More information

The SSL device also supports the 64-bit Internet Explorer with new ActiveX loaders for Assessment, Abolishment, and the Access Client.

The SSL device also supports the 64-bit Internet Explorer with new ActiveX loaders for Assessment, Abolishment, and the Access Client. WatchGuard SSL v3.2 Release Notes Supported Devices SSL 100 and 560 WatchGuard SSL OS Build 355419 Revision Date January 28, 2013 Introduction WatchGuard is pleased to announce the release of WatchGuard

More information

Exchange 2013 mailbox setup guide

Exchange 2013 mailbox setup guide Fasthosts Customer Support Exchange 2013 mailbox setup guide This article covers the setup of Exchange 2013 mailboxes in Microsoft Outlook 2013, 2010 and Outlook 2011 for Mac. Contents Exchange 2013 Mailbox

More information

NSi Mobile Installation Guide. Version 6.2

NSi Mobile Installation Guide. Version 6.2 NSi Mobile Installation Guide Version 6.2 Revision History Version Date 1.0 October 2, 2012 2.0 September 18, 2013 2 CONTENTS TABLE OF CONTENTS PREFACE... 5 Purpose of this Document... 5 Version Compatibility...

More information

Citrix Access Gateway Plug-in for Windows User Guide

Citrix Access Gateway Plug-in for Windows User Guide Citrix Access Gateway Plug-in for Windows User Guide Access Gateway 9.2, Enterprise Edition Copyright and Trademark Notice Use of the product documented in this guide is subject to your prior acceptance

More information

Initial Access and Basic IPv4 Internet Configuration

Initial Access and Basic IPv4 Internet Configuration Initial Access and Basic IPv4 Internet Configuration This quick start guide provides initial and basic Internet (WAN) configuration information for the ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

More information

Investment Management System. Connectivity Guide. IMS Connectivity Guide Page 1 of 11

Investment Management System. Connectivity Guide. IMS Connectivity Guide Page 1 of 11 Investment Management System Connectivity Guide IMS Connectivity Guide Page 1 of 11 1. Introduction This document details the necessary steps and procedures required for organisations to access the Homes

More information

User Guide. Hosted Web Security. Copyright CensorNet Limited, 2007-2012

User Guide. Hosted Web Security. Copyright CensorNet Limited, 2007-2012 User Guide Hosted Web Security Copyright CensorNet Limited, 2007-2012 This document is designed to provide information about the first time configuration and administrator use of the Hosted Web Security

More information

Intel Entry Storage System SS4200-E Active Directory Implementation and Troubleshooting

Intel Entry Storage System SS4200-E Active Directory Implementation and Troubleshooting Intel Entry Storage System SS4200-E Active Directory Implementation and Troubleshooting 1 Active Directory Overview SS4200-E Active Directory is based on the Samba 3 implementation The SS4200-E will function

More information

Parallels Plesk Panel

Parallels Plesk Panel Parallels Plesk Panel Copyright Notice Parallels Holdings, Ltd. c/o Parallels International GMbH Vordergasse 49 CH8200 Schaffhausen Switzerland Phone: +41 526320 411 Fax: +41 52672 2010 Copyright 1999-2011

More information

User-ID Best Practices

User-ID Best Practices User-ID Best Practices PAN-OS 5.0, 5.1, 6.0 Revision A 2011, Palo Alto Networks, Inc. www.paloaltonetworks.com Table of Contents PAN-OS User-ID Functions... 3 User / Group Enumeration... 3 Using LDAP Servers

More information

System Administration Training Guide. S100 Installation and Site Management

System Administration Training Guide. S100 Installation and Site Management System Administration Training Guide S100 Installation and Site Management Table of contents System Requirements for Acumatica ERP 4.2... 5 Learning Objects:... 5 Web Browser... 5 Server Software... 5

More information

WINDOWS 7 & HOMEGROUP

WINDOWS 7 & HOMEGROUP WINDOWS 7 & HOMEGROUP SHARING WITH WINDOWS XP, WINDOWS VISTA & OTHER OPERATING SYSTEMS Abstract The purpose of this white paper is to explain how your computers that are running previous versions of Windows

More information

Websense Support Webinar: Questions and Answers

Websense Support Webinar: Questions and Answers Websense Support Webinar: Questions and Answers Configuring Websense Web Security v7 with Your Directory Service Can updating to Native Mode from Active Directory (AD) Mixed Mode affect transparent user

More information

READYNAS INSTANT STORAGE. Quick Installation Guide

READYNAS INSTANT STORAGE. Quick Installation Guide READYNAS INSTANT STORAGE Quick Installation Guide Table of Contents Step 1 Connect to FrontView Setup Wizard 3 Installing RAIDar on Windows 3 Installing RAIDar on Mac OS X 3 Installing RAIDar on Linux

More information

PC and Mac Setup Guide and Outlook Web Access

PC and Mac Setup Guide and Outlook Web Access PC and Mac Setup Guide and Outlook Web Access Hello and welcome to myemail, powered by Micro Technology Group. The purpose of this document is to provide set up instructions for configuring your new myemail

More information

Steps for Basic Configuration

Steps for Basic Configuration 1. This guide describes how to use the Unified Threat Management appliance (UTM) Basic Setup Wizard to configure the UTM for connection to your network. It also describes how to register the UTM with NETGEAR.

More information

ReadyNAS Setup Manual

ReadyNAS Setup Manual ReadyNAS Setup Manual NETGEAR, Inc. 4500 Great America Parkway Santa Clara, CA 95054 USA October 2007 208-10163-01 v1.0 2007 by NETGEAR, Inc. All rights reserved. Trademarks NETGEAR, the NETGEAR logo,

More information

Security Provider Integration RADIUS Server

Security Provider Integration RADIUS Server Security Provider Integration RADIUS Server 2015 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property

More information

Setting Up Scan to SMB on TaskALFA series MFP s.

Setting Up Scan to SMB on TaskALFA series MFP s. Setting Up Scan to SMB on TaskALFA series MFP s. There are three steps necessary to set up a new Scan to SMB function button on the TaskALFA series color MFP. 1. A folder must be created on the PC and

More information

WebSpy Vantage Ultimate 2.2 Web Module Administrators Guide

WebSpy Vantage Ultimate 2.2 Web Module Administrators Guide WebSpy Vantage Ultimate 2.2 Web Module Administrators Guide This document is intended to help you get started using WebSpy Vantage Ultimate and the Web Module. For more detailed information, please see

More information

IBM Remote Lab Platform Citrix Setup Guide

IBM Remote Lab Platform Citrix Setup Guide Citrix Setup Guide Version 1.8.2 Trademarks IBM is a registered trademark of International Business Machines Corporation. The following are trademarks of International Business Machines Corporation in

More information

iboss Enterprise Deployment Guide iboss Web Filters

iboss Enterprise Deployment Guide iboss Web Filters iboss Enterprise Deployment Guide iboss Web Filters Copyright Phantom Technologies, Inc. All rights reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval

More information

www.nexuswebsites.co.uk Professional Mailbox Email Software Setup Guide

www.nexuswebsites.co.uk Professional Mailbox Email Software Setup Guide Professional Mailbox Email Software Setup Guide Table of contents Before you start... 2 Setting up Outlook 2010... 2 Using Autodiscover to configure Outlook 2010... 2 The Autodiscover wizard has not worked...

More information

Security Provider Integration RADIUS Server

Security Provider Integration RADIUS Server Security Provider Integration RADIUS Server 2015 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property

More information

2X Cloud Portal v10.5

2X Cloud Portal v10.5 2X Cloud Portal v10.5 URL: www.2x.com E-mail: info@2x.com Information in this document is subject to change without notice. Companies, names, and data used in examples herein are fictitious unless otherwise

More information

Simple Scan to Email Setup Guide

Simple Scan to Email Setup Guide Simple Scan to Email Setup Guide Document Centre 555/545/535 Dc04cc0336 Scan to Email Scanning to email from a Xerox DC 555/545/535 requires the support of external email services on a network. These services

More information

Configuring HP Integrated Lights-Out 3 with Microsoft Active Directory

Configuring HP Integrated Lights-Out 3 with Microsoft Active Directory Configuring HP Integrated Lights-Out 3 with Microsoft Active Directory HOWTO, 2 nd edition Introduction... 2 Integration using the Lights-Out Migration Utility... 2 Integration using the ilo web interface...

More information

Citrix Access on SonicWALL SSL VPN

Citrix Access on SonicWALL SSL VPN Citrix Access on SonicWALL SSL VPN Document Scope This document describes how to configure and use Citrix bookmarks to access Citrix through SonicWALL SSL VPN 5.0. It also includes information about configuring

More information

Managing Identities and Admin Access

Managing Identities and Admin Access CHAPTER 4 This chapter describes how Cisco Identity Services Engine (ISE) manages its network identities and access to its resources using role-based access control policies, permissions, and settings.

More information

Configuring SonicWALL TSA on Citrix and Terminal Services Servers

Configuring SonicWALL TSA on Citrix and Terminal Services Servers Configuring on Citrix and Terminal Services Servers Document Scope This solutions document describes how to install, configure, and use the SonicWALL Terminal Services Agent (TSA) on a multi-user server,

More information

2X ApplicationServer & LoadBalancer & VirtualDesktopServer Manual

2X ApplicationServer & LoadBalancer & VirtualDesktopServer Manual 2X ApplicationServer & LoadBalancer & VirtualDesktopServer Manual 2X VirtualDesktopServer Contents 1 2X VirtualDesktopServer Contents 2 URL: www.2x.com E-mail: info@2x.com Information in this document

More information

SSL Intercept Mode. Certificate Installation Guide. Revision 1.0.0. Warning and Disclaimer

SSL Intercept Mode. Certificate Installation Guide. Revision 1.0.0. Warning and Disclaimer SSL Intercept Mode Certificate Installation Guide Revision 1.0.0 Warning and Disclaimer This document is designed to provide information about the configuration of CensorNet Professional. Every effort

More information

User Identification and Authentication

User Identification and Authentication User Identification and Authentication Vital Security 9.2 Copyright Copyright 1996-2008. Finjan Software Inc.and its affiliates and subsidiaries ( Finjan ). All rights reserved. All text and figures included

More information

Contents. Platform Compatibility. Directory Connector SonicWALL Directory Services Connector 3.1.7

Contents. Platform Compatibility. Directory Connector SonicWALL Directory Services Connector 3.1.7 Directory Connector SonicWALL Directory Services Connector 3.1.7 Contents Platform Compatibility... 1 New Features... 2 Known Issues... 3 Resolved Issues... 4 Overview... 7 About SonicWALL Single Sign-On

More information

Installation Notes for Outpost Network Security (ONS) version 3.2

Installation Notes for Outpost Network Security (ONS) version 3.2 Outpost Network Security Installation Notes version 3.2 Page 1 Installation Notes for Outpost Network Security (ONS) version 3.2 Contents Installation Notes for Outpost Network Security (ONS) version 3.2...

More information

SonicWALL SSL VPN File Shares Applet

SonicWALL SSL VPN File Shares Applet SonicWALL SSL VPN File Shares Applet Document Scope This document describes how to use and manage the SonicWALL SSL VPN File Shares Applet feature. This document contains the following sections: Feature

More information

CONNECT-TO-CHOP USER GUIDE

CONNECT-TO-CHOP USER GUIDE CONNECT-TO-CHOP USER GUIDE VERSION V8 Table of Contents 1 Overview... 3 2 Requirements... 3 2.1 Security... 3 2.2 Computer... 3 2.3 Application... 3 2.3.1 Web Browser... 3 2.3.2 Prerequisites... 3 3 Logon...

More information

Wireless LAN Controller Web Authentication Configuration Example

Wireless LAN Controller Web Authentication Configuration Example Wireless LAN Controller Web Authentication Configuration Example Document ID: 69340 Contents Introduction Prerequisites Requirements Components Used Conventions Web Authentication Web Authentication Process

More information

Active Directory Integration

Active Directory Integration Active Directory Integration Last updated March 2016 Contents Introduction:... 2 Administration configuration set up:... 2 Configuring for a single OU import... 3 User Importing... 3 Active Directory and

More information

Single Sign-On in SonicOS Enhanced 5.6

Single Sign-On in SonicOS Enhanced 5.6 Single Sign-On in SonicOS Enhanced 5.6 Document Scope This document describes how to install and configure the Single Sign-On feature in the SonicOS Enhanced 5.6 release. This document contains the following

More information

Configuring SSL VPN on the Cisco ISA500 Security Appliance

Configuring SSL VPN on the Cisco ISA500 Security Appliance Application Note Configuring SSL VPN on the Cisco ISA500 Security Appliance This application note describes how to configure SSL VPN on the Cisco ISA500 security appliance. This document includes these

More information

ReadyNAS Duo Setup Manual

ReadyNAS Duo Setup Manual ReadyNAS Duo Setup Manual NETGEAR, Inc. 4500 Great America Parkway Santa Clara, CA 95054 USA February 2008 208-10215-01 v1.0 2008 by NETGEAR, Inc. All rights reserved. Trademarks NETGEAR, the NETGEAR logo,

More information

VMware Identity Manager Administration

VMware Identity Manager Administration VMware Identity Manager Administration VMware Identity Manager 2.4 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new

More information

Quick Start Guide. Sendio Email System Protection Appliance. Sendio 5.0

Quick Start Guide. Sendio Email System Protection Appliance. Sendio 5.0 Sendio Email System Protection Appliance Quick Start Guide Sendio 0 Sendio, Inc. 4911 Birch St, Suite 150 Newport Beach, CA 92660 USA +949.274375 www.sendio.com QUICK START GUIDE SENDIO This Quick Start

More information

SINGLE SIGN-ON FOR MTWEB

SINGLE SIGN-ON FOR MTWEB SINGLE SIGN-ON FOR MTWEB FOR MASSTRANSIT ENTERPRISE WINDOWS SERVERS WITH DIRECTORY SERVICES INTEGRATION Group Logic, Inc. November 26, 2008 Version 1.1 CONTENTS Revision History...3 Feature Highlights...4

More information

Connection Broker Managing User Connections to Workstations, Blades, VDI, and More. Quick Start with Microsoft Hyper-V

Connection Broker Managing User Connections to Workstations, Blades, VDI, and More. Quick Start with Microsoft Hyper-V Connection Broker Managing User Connections to Workstations, Blades, VDI, and More Quick Start with Microsoft Hyper-V Version 8.1 October 21, 2015 Contacting Leostream Leostream Corporation http://www.leostream.com

More information

MITA End-User VPN Troubleshooting Guide

MITA End-User VPN Troubleshooting Guide 01. Introduction MITA VPN users can be assigned one of two types of profiles Client-Based or Web-Based, depending on the type of access required. When logging on to the MITA VPN Portal https://vpn.secure.gov.mt,

More information

Administering Cisco ISE

Administering Cisco ISE CHAPTER 8 This chapter describes the administrative activities for the Cisco Identity Services Engine (ISE) and how to perform them. The following topics are covered: Logging In, page 8-1 System Time and

More information

VERALAB LDAP Configuration Guide

VERALAB LDAP Configuration Guide VERALAB LDAP Configuration Guide VeraLab Suite is a client-server application and has two main components: a web-based application and a client software agent. Web-based application provides access to

More information

User Source and Authentication Reference

User Source and Authentication Reference User Source and Authentication Reference ZENworks 11 www.novell.com/documentation Legal Notices Novell, Inc., makes no representations or warranties with respect to the contents or use of this documentation,

More information

v7.8.2 Release Notes for Websense Content Gateway

v7.8.2 Release Notes for Websense Content Gateway v7.8.2 Release Notes for Websense Content Gateway Topic 60086 Web Security Gateway and Gateway Anywhere 12-Mar-2014 These Release Notes are an introduction to Websense Content Gateway version 7.8.2. New

More information

Siteminder Integration Guide

Siteminder Integration Guide Integrating Siteminder with SA SA - Siteminder Integration Guide Abstract The Junos Pulse Secure Access (SA) platform supports the Netegrity Siteminder authentication and authorization server along with

More information

2X ApplicationServer & LoadBalancer Manual

2X ApplicationServer & LoadBalancer Manual 2X ApplicationServer & LoadBalancer Manual 2X ApplicationServer & LoadBalancer Contents 1 URL: www.2x.com E-mail: info@2x.com Information in this document is subject to change without notice. Companies,

More information

How-to: Single Sign-On

How-to: Single Sign-On How-to: Single Sign-On Document version: 1.02 nirva systems info@nirva-systems.com nirva-systems.com How-to: Single Sign-On - page 2 This document describes how to use the Single Sign-On (SSO) features

More information

Dell SonicWALL SRA 7.5 Citrix Access

Dell SonicWALL SRA 7.5 Citrix Access Dell SonicWALL SRA 7.5 Citrix Access Document Scope This document describes how to configure and use Citrix bookmarks to access Citrix through Dell SonicWALL SRA 7.5. It also includes information about

More information

LifeCyclePlus Version 1

LifeCyclePlus Version 1 LifeCyclePlus Version 1 Last updated: 2014-04-25 Information in this document is subject to change without notice. Companies, names and data used in examples herein are fictitious unless otherwise noted.

More information

Chapter 2 Connecting the FVX538 to the Internet

Chapter 2 Connecting the FVX538 to the Internet Chapter 2 Connecting the FVX538 to the Internet Typically, six steps are required to complete the basic connection of your firewall. Setting up VPN tunnels are covered in Chapter 5, Virtual Private Networking.

More information

Other documents in this series are available at: servernotes.wazmac.com

Other documents in this series are available at: servernotes.wazmac.com Wazza s Snow Leopard Server QuickStart 2. Configuring DNS About this Document This document is the second in a series of documents describing the process of installing and configuring a Mac OS X 10.6 Server

More information

How to Enable LDAP Directory Services Authentication to Microsoft Active Directory in the HP cclass Onboard Administrator

How to Enable LDAP Directory Services Authentication to Microsoft Active Directory in the HP cclass Onboard Administrator How to Enable LDAP Directory Services Authentication to Microsoft Active Directory in the HP cclass Onboard Administrator I. Certificate Services a. Install a Certificate Authority onto a Windows server

More information

Secure Web Appliance. SSL Intercept

Secure Web Appliance. SSL Intercept Secure Web Appliance SSL Intercept Table of Contents 1. Introduction... 1 1.1. About CYAN Secure Web Appliance... 1 1.2. About SSL Intercept... 1 1.3. About this Manual... 1 1.3.1. Document Conventions...

More information

Enabling Kerberos SSO in IBM Cognos Express on Windows Server 2008

Enabling Kerberos SSO in IBM Cognos Express on Windows Server 2008 Enabling Kerberos SSO in IBM Cognos Express on Windows Server 2008 Nature of Document: Guideline Product(s): IBM Cognos Express Area of Interest: Infrastructure 2 Copyright and Trademarks Licensed Materials

More information

Customer Tips. Basic E-mail Configuration and Troubleshooting. for the user. Overview. Basic Configuration. Xerox Multifunction Devices.

Customer Tips. Basic E-mail Configuration and Troubleshooting. for the user. Overview. Basic Configuration. Xerox Multifunction Devices. Xerox Multifunction Devices Customer Tips November 24, 2003 This document applies to these Xerox products: x WC Pro 32/40 Color x WC Pro 65/75/90 x WC Pro 35/45/55 WC M35/M45/M55 x DC 555/545/535 x DC

More information

Installing and Configuring vcloud Connector

Installing and Configuring vcloud Connector Installing and Configuring vcloud Connector vcloud Connector 2.0.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new

More information

ECAT SWE Exchange Customer Administration Tool Web Interface User Guide Version 6.7

ECAT SWE Exchange Customer Administration Tool Web Interface User Guide Version 6.7 ECAT SWE Exchange Customer Administration Tool SWE - Exchange Customer Administration Tool (ECAT) Table of Contents About this Guide... 3 Audience and Purpose... 3 What is in this Guide?... 3 CA.mail Website...

More information

PREFACE http://www.okiprintingsolutions.com 07108001 iss.01 -

PREFACE http://www.okiprintingsolutions.com 07108001 iss.01 - Network Guide PREFACE Every effort has been made to ensure that the information in this document is complete, accurate, and up-to-date. The manufacturer assumes no responsibility for the results of errors

More information

Smart Card Authentication Client. Administrator's Guide

Smart Card Authentication Client. Administrator's Guide Smart Card Authentication Client Administrator's Guide April 2013 www.lexmark.com Contents 2 Contents Overview...3 Configuring Smart Card Authentication Client...4 Configuring printer settings for use

More information

Windows XP Exchange Client Installation Instructions

Windows XP Exchange Client Installation Instructions WINDOWS XP with Outlook 2003 or Outlook 2007 1. Click the Start button and select Control Panel: 2. If your control panel looks like this: Click Switch to Classic View. 3. Double click Mail. 4. Click show

More information

Quick Scan Features Setup Guide. Scan to E-mail Setup. See also: System Administration Guide: Contains details about E-mail setup.

Quick Scan Features Setup Guide. Scan to E-mail Setup. See also: System Administration Guide: Contains details about E-mail setup. Quick Scan Features Setup Guide XE3024EN0-2 This guide includes instructions for: Scan to E-mail Setup on page 1 Scan to Mailbox Setup on page 6 Network Scanning Setup on page 9 Scan to PC Setup on page

More information

VMware Identity Manager Connector Installation and Configuration

VMware Identity Manager Connector Installation and Configuration VMware Identity Manager Connector Installation and Configuration VMware Identity Manager This document supports the version of each product listed and supports all subsequent versions until the document

More information

User guide. Business Email

User guide. Business Email User guide Business Email June 2013 Contents Introduction 3 Logging on to the UC Management Centre User Interface 3 Exchange User Summary 4 Downloading Outlook 5 Outlook Configuration 6 Configuring Outlook

More information

Installation Guide for Pulse on Windows Server 2008R2

Installation Guide for Pulse on Windows Server 2008R2 MadCap Software Installation Guide for Pulse on Windows Server 2008R2 Pulse Copyright 2014 MadCap Software. All rights reserved. Information in this document is subject to change without notice. The software

More information

Load Balancing. Outlook Web Access. Web Mail Using Equalizer

Load Balancing. Outlook Web Access. Web Mail Using Equalizer Load Balancing Outlook Web Access Web Mail Using Equalizer Copyright 2009 Coyote Point Systems, Inc. Printed in the USA. Publication Date: January 2009 Equalizer is a trademark of Coyote Point Systems

More information

RLP Citrix Setup Guide

RLP Citrix Setup Guide RLP Citrix Setup Guide M Version 2.1 Trademarks IBM is a registered trademark of International Business Machines Corporation. The following are trademarks of International Business Machines Corporation

More information

qliqdirect Active Directory Guide

qliqdirect Active Directory Guide qliqdirect Active Directory Guide qliqdirect is a Windows Service with Active Directory Interface. qliqdirect resides in your network/server and communicates with qliqsoft cloud servers securely. qliqdirect

More information

Hosted Microsoft Exchange Client Setup & Guide Book

Hosted Microsoft Exchange Client Setup & Guide Book Hosted Microsoft Exchange Client Setup & Guide Book Section 1 Microsoft Outlook Web Access (OWA) access directions Section 2 Windows 10 Mail App setup & configuration Section 3 Windows Mobile Phone ActiveSync

More information

Configure thin client settings locally

Configure thin client settings locally This chapter contains information to help you set up your thin client hardware, look and feel, and system settings using the Control Center. Tip While it is not recommended to use dialog boxes for configuring

More information

Installing, Uninstalling, and Upgrading Service Monitor

Installing, Uninstalling, and Upgrading Service Monitor CHAPTER 2 Installing, Uninstalling, and Upgrading Service Monitor This section contains the following topics: Preparing to Install Service Monitor, page 2-1 Installing Cisco Unified Service Monitor, page

More information