User Guide. You will be presented with a login screen which will ask you for your username and password.

Similar documents
IIS, FTP Server and Windows

Quick Instructions Installing on a VPS (Virtual Private Server)

MultiSite Manager. User Guide

User Guide. Hosted Web Security. Copyright CensorNet Limited,

Configuring your client to connect to your Exchange mailbox

What is the Barracuda SSL VPN Server Agent?

WhatsUp Gold v16.3 Installation and Configuration Guide

Central Administration User Guide

Exchange 2013 mailbox setup guide

Setting Up Scan to SMB on TaskALFA series MFP s.

MailEnable Connector for Microsoft Outlook

Professional Mailbox Software Setup Guide

Your Archiving Service

User guide. Business

Introduction to Google Apps for Business Integration

Websense Web Security Gateway: Integrating the Content Gateway component with Third Party Data Loss Prevention Applications

Preparing for GO!Enterprise MDM On-Demand Service

REQUIREMENTS AND INSTALLATION OF THE NEFSIS DEDICATED SERVER

SSL Intercept Mode. Certificate Installation Guide. Revision Warning and Disclaimer

Fus - Exchange ControlPanel Admin Guide Feb V1.0. Exchange ControlPanel Administration Guide

MultiSite Manager. Setup Guide

Windows XP Exchange Client Installation Instructions

From a Finder window choose Applications (shown circled in red) and then double click the Tether icon (shown circled in green).

Introweb Remote Backup Client for Mac OS X User Manual. Version 3.20

WestermoConnect User Guide. VPNeFree Service

LDAP Authentication and Authorization

Configuring SonicWALL TSA on Citrix and Terminal Services Servers

Configuring IBM HTTP Server as a Reverse Proxy Server for SAS 9.3 Web Applications Deployed on IBM WebSphere Application Server

Installation Guide For Choic Enterprise Edition

IBM Aspera Add-in for Microsoft Outlook 1.3.2

Version 1.0 January Xerox Phaser 3635MFP Extensible Interface Platform

PREMIUM MAIL USER GUIDE

DIGIPASS Authentication for Citrix Access Gateway VPN Connections

User's Guide. Product Version: Publication Date: 7/25/2011

SecuraLive ULTIMATE SECURITY

DOSarrest Security Services (DSS) Version 4.0

Quick Start Guide. Hosting Your Domain

A D M I N I S T R A T O R V 1. 0

Reporting works by connecting reporting tools directly to the database and retrieving stored information from the database.

Name Services (DNS): This is Quick rule will enable the Domain Name Services on the firewall.

Sophos UTM Web Application Firewall for Microsoft Exchange connectivity

Livezilla How to Install on Shared Hosting By: Jon Manning

Secure Web Service - Hybrid. Policy Server Setup. Release Manual Version 1.01

Talk-101 User Guides Web Content Filter Administration

SSL SSL VPN

Infor Xtreme Browser References

Quadro Configuration Console User's Guide. Table of Contents. Table of Contents

Choic Small Business Installation Guide DigiPortal Software, Inc.

Outlook Profile Setup Guide Exchange 2010 Quick Start and Detailed Instructions

Web Hosting Control Panel Guide

Eclipse.Net Hosted Librarian Guide

Test Case 3 Active Directory Integration

Professional Mailbox Software Setup Guide

FTP Service Reference

CONFIGURING AND USING WEBDAV IN LENOVO EMC LIFELINE

Load Balancing. Outlook Web Access. Web Mail Using Equalizer

BlackBerry Enterprise Service 10. Universal Device Service Version: Administration Guide

MadCap Software. Upgrading Guide. Pulse

Astaro Security Gateway V8. Remote Access via SSL Configuring ASG and Client

Business mail 1 MS OUTLOOK CONFIGURATION... 2

Manual Password Depot Server 8

Campus VPN. Version 1.0 September 22, 2008

2X Cloud Portal v10.5

User Identification and Authentication

Microsoft Outlook Setup With Exchange Server. Outlook

5. At the Windows Component panel, select the Internet Information Services (IIS) checkbox, and then hit Next.

the barricademx end user interface documentation for barricademx users

Kaseya 2. User Guide. Version 6.1

Agile ICT Website Starter Guides

Using Barracuda Spam Firewall

Acunetix Web Vulnerability Scanner. Getting Started. By Acunetix Ltd.

Mobile Device Management Version 8. Last updated:

Installation and Troubleshooting Guide for SSL-VPN CONNECTIONS Access

+27O.557+! RM Auditor Additions - Web Monitor. Contents

Safe internet for business use: Getting Started Guide

Content Filtering Client Policy & Reporting Administrator s Guide

Customer Control Panel Manual

Managed Security Web Portal USER GUIDE

FOR PARALLELS / PLESK PANEL

DSI File Server Client Documentation

XIA Configuration Server

NeoMail Guide. Neotel (Pty) Ltd

Evoko Room Manager. System Administrator s Guide and Manual

Eduroam wireless network - Windows 7

Securing access to Citrix applications using Citrix Secure Gateway and SafeWord. PremierAccess. App Note. December 2001

Introduction to the AirWatch Browser Guide

SMART Vantage. Installation guide

MultiSite Manager. Using HTTPS and SSL Certificates

How To Install A New Database On A 2008 R2 System With A New Version Of Aql Server 2008 R 2 On A Windows Xp Server 2008 (Windows) R2 (Windows Xp) (Windows 8) (Powerpoint) (Mysql

In this topic we will cover the security functionality provided with SAP Business One.

NEFSIS DEDICATED SERVER

Comodo LoginPro Software Version 1.5

Connecting to Delta College Exchange services off-campus

Active Directory Self-Service FAQ

BlackBerry Enterprise Service 10. Version: Configuration Guide

F-Secure Messaging Security Gateway. Deployment Guide

Aventail Connect Client with Smart Tunneling

Web Manual: October 2015

Transcription:

User Guide Overview SurfProtect is a real-time web-site filtering system designed to adapt to your particular needs. The main advantage with SurfProtect over many rivals is its unique architecture that provides real-time classification of any unknown site, ensuring a safe and responsive browsing experience. The experience can be further improved by making use of the website classification procedure which allows you to select the type of websites you want to block and which ones you want to continue having access to. By default, SurfProtect automatically limits access to a reasonable standard; you may not need to change anything. However, if you want that extra control, you can. SurfProtect Control Panel In order to tailor your service to your access requirements, the first step required is to login to the SurfProtect control panel. You can access the login panel by clicking here: Click Here - panel.surfprotect.co.uk. You will be presented with a login screen which will ask you for your username and password. These details should have been given to you already by your sales contact, if you do not have them please contact our sales or technical team on 0845 145 1234. Setup of SurfProtect is controlled by the menu which is shown at the top of the browser after logging in. Exa Networks January 2013 V2.2-1 -

Profiles To change the default configuration, the first step is to set up a number of profiles. One profile for each different filter configuration. e.g. You may require for example two, one for each of the following areas: Staff and Pupil Networks The configuration of each profile allows you to define a specific range; or ranges, of IP addresses that will then have each profiles filtering options. This allows you to enforce the policies as required. e.g. on a site by site basis or based on job function. To create a new profile name, type a unique name into the empty box and click on the 'Create New Profile' button. Once you have created a new profile, it will be visible in the list. You can then select the 'Edit' link to administer each profile. Alternatively if you have entered the profile name incorrectly or it is no longer required, you can select the Delete link to remove the item from the list. The profile selection screen indicates if you have included any Active Directory Usernames/User Groups or Internal address ranges against a particular profile this indicates that you are using the Internet Content Adaptation Protocol (ICAP) option with SurfProtect. The ICAP option enables SurfProtect to apply settings to Active Directory Usernames/User Groups or individual private range addresses from the customer s network. Exa Networks January 2013 V2.2-2 -

Profile Administration The profile administration screen is split into four sections. The fourth section is hidden by default as the options are only applicable when you are using the ICAP option with SurfProtect. The first section allows you to adjust the name for the profile you are editing. Simply type the new name and select the Update button to save the change. The second section allows you to associate a list of search keywords that should be blocked when your users attempt a search for them. Please note that the feature only works if you have selected the Safe Search category within the Banned Categories list associated with the profile in this case Default Banned Cats list. When you create a new Blocked Search Keywords list we will add some choice words. We have attempted to try and detect where users have obfuscated their search words to circumvent the filtering but there is a fine balance between performance and functionality. The third section, allows you to specify the Public IP Address Ranges that you want to be affected by your chosen profile. You are only permitted to enter IP s within your own Public IP address ranges. If you have difficulty adding IP addresses please contact Exa Networks and we will assist you with this. Below the Public IP Ranges are the options to configure the filtering to apply to the listed Public addresses Banned Categories Blocked Lists Allowed Lists The Automatically Banned Sites based on Classification Settings Your specific list of Banned Sites Your specific list of Permitted Sites One of the benefits of SurfProtect is that when a web page is requested page is classified automatically. Since the categorisation of certain types of content as either good or bad can be extremely subjective, it may be dependant on the particular user or group accessing it. The Allowed and Blocked Lists provide you with the ability to grant or deny access to sites. This overrides the default behaviour of SurfProtect for the defined sites. Exa Networks January 2013 V2.2-3 -

After you have selected a list from any of the drop down lists please remember to select the Activate link to make that list live before you leave the Edit Profile web page. Please Note: The activation of your changes can take around 5 minutes to become live, as SurfProtect caches some information to improve your experience as a user. There is no limit to the number of lists you can create with the 'Create New List' button, but only one of each type can be active on a profile at any one time. You can apply the same list simultaneously to as many profiles as you wish. ICAP Configuration The ICAP section should only be configured if you are using our ICAP option with SurfProtect. This option provides much greater granularity of control over who can access what from your network. Please consult Exa Networks to check if this is the case. ICAP provides more information from your network about:- The Active Directory username of the user who is making the web request The Active Directory groups that the user is a member of who is making the web request The internal network IP of the person making the web request Note you can only use Active Directory information OR internal IP addresses not both!! Internal IP s or Active Directory which route is for me??? For some networks with static IP s, using the internal IP against a profile is sufficiently granular if the machines are always used by pupils or teachers. Issues tend to come when this is not strictly true or you wish to lock down the internet access based on some form of credentials or grouping of people. Active Directory integration allows us to achieve this granular control. Exa Networks January 2013 V2.2-4 -

Internal IP Example We will first look at an example profile that has internal IP addresses configured. In the example screen shot above the user has indicated that any web activity requests from the internal network for the range 10.0.0.1 10.0.0.50 will apply the selected Staff based lists rather than the Public IP Range lists referred to as Public... Now to control the Pupil access we would create a similar profile as shown below which has 2 differences to the previous profile different Internal Address Ranges and different internal lists selected. Exa Networks January 2013 V2.2-5 -

If you are using a non-standard internal IP range the IP address will be displayed in red to bring it to your attention. If for any reason you have internet access from your network that is not providing an internal IP address to SurfProtect, the Public Address Ranges Policy lists will still be in force as a safe guard. Any internal IP presented to SurfProtect that is NOT against a profile will have the recommended banned categories applied as a safe guard these categories are shown in the next section on Category Lists. Exa Networks January 2013 V2.2-6 -

Active Directory Example Passing Active Directory information for a user from your network provides a much better controllable way of deciding who can access what on your internet connection. It is now possible to associated Active Directory Usernames and User groups to a SurfProtect Profile. So using our example scenario from earlier that had static internal IP s to determine the appropriate profile, we could free ourselves of this IP restriction by adding all our Pupils to Pupil users AD group and our Staff to a Staff Users group. Then we simple add these group names against our existing profiles and remove the internal IP references. Revised Staff Profile Revised Pupil Profile NOTE: You can add many AD users/groups to the same profile if necessary. Also remember to tick the Group? checkbox otherwise SurfProtect will think you are referring to an AD Username There may be situations where the use of groups is not specific enough. In the same way that you can associate AD user groups to a profile you can also associate AD usernames. You can mix and match both on the same profile but if you have got your user groups correctly setup this is probably not needed. Exa Networks January 2013 V2.2-7 -

In the example below I have created a profile that relates to an AD username and this profile settings will apply to them directly. Exa Networks January 2013 V2.2-8 -

Category Lists The category administration page shows two lists of the current categories that can be selected or not. If a category has a tick next to its name, that category of sites will be blocked by SurfProtect. There are two lists Recommended Banned Categories and Other Categories. The first section of categories is more commonly used and so there are two buttons to aide in selection of these categories Select All and Deselect All. The categories in this section are the default categories used when you have a profile and have not selected ANY categories to ban. These categories will be applied by default for your protection. A note at the top of the screen has been added to remind customers of this fact. To change the current list of sites that are banned, please select or deselect each of the relevant tick boxes and then press the Save Categories button. Exa Networks January 2013 V2.2-9 -

Allowed and Blocked Lists The Allowed and Blocked lists, provide you with more control than the website automatic categorisation of permitted sites. The Public or Internal Section you are editing the Allowed or Blocked for will be shown to remind you which area of the profile this list applies. Adding a website URL to an active Allowed List will override the normal categorisation rules and permit access to the site. Alternatively adding to the Blocked List will deny access to the site. Any existing websites will appear in the list, you can then add and remove websites from the list as you require. Each website URL must appear on a separate line. Also, blocking a higher level domain will automatically block the lower levels. e.g. will also block:.somedomain.com images.somedomain.com graphics.somedomain.com Clicking on the 'Save List' button will store any changes you have made. Exa Networks January 2013 V2.2-10 -

Blocked Search Keywords This feature provides some basic blocking of words in search engines. When a user has requested a search from a website categorised as a search engine by SurfProtect, a check of the search criteria is done against a list of words relating to the Public IP address range associated with a profile. If any word on the search criteria matches a word on the Blocked Search Keywords list, the search will be halted and a banned page displayed. Please note this will not block the search website outright, as this would penalise all users for the mistakes of another. Please note you must have the Safe Search Category selected for this feature to be enabled. To use this feature simply create a new list, modify the list of keywords as required and then select the list and click Activate. Exa Networks January 2013 V2.2-11 -

Proxy Support One of the most attractive properties of SurfProtect is it s plug and play nature. Sitting in between your internet connection and the remote web server, it can protect every host on your network without the need for any extra configuration on your behalf. More important than the obvious convenience provided is the added security this introduces; there are no configuration options or software to be installed on you hardware. There may, however, be situations where you would like the benefits of SurfProtect but you are not on a connection purchased through Exa Networks. For such a scenario, we have a HTTP proxy server which any popular web browser or proxy can be configured to use to request its web pages. Please talk to us if this is something you think you may want to use. Exa-Proxy Our standard filtering has a restrictive dialog with SurfProtect and can only selected SurfProtect profiles based on your allocated public IP addresses. We have worked to change this and develop a proxy that delivers great performance and has features beyond that of our existing third-party proxy software. Exa-Proxy has the ability to intercept HTTPS requests (if web browsers are configure for SSL Proxy) and thus block https websites that have been added to your profile like facebook.com. And because we have access to the full body of the HTTP request, we can also inject additional information to further filter results from websites such as YouTube and Dailymotion. Eventually this will be the default proxy used by SurfProtect, but at this stage we are migrating interested customers onto this service and enhancing/bug fixing as customers experience problems. If you want to use our proxy for your own needs, it can be downloaded at http://code.google.com/p/exaproxy/ SurfProtect ICAP Service Our ICAP service has really made a great difference to how specifically we can filter web traffic to customer needs. Using this service with an approved ICAP enable client, SurfProtect can control filtering based on your internal network information which is passed with the requests because of the ICAP protocol. It is possible to tell SurfProtect what: Internal IP address the request originated from in your network Active Directory Username of the person making the request Active Directory Groups that the person making the request is a member of Internet Content Adaptation Protocol (ICAP) integration has been developed to enable ICAP compliant clients (NETASQ U Range devices, Squid Proxy, ProxySG and others) to communicate with SurfProtect via our ICAP Server software. For more details on using this service please give us a call. Exa Networks January 2013 V2.2-12 -

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information