FAQs for ProtexLocal Administrators



Similar documents
Name Services (DNS): This is Quick rule will enable the Domain Name Services on the firewall.

User Guide. Hosted Web Security. Copyright CensorNet Limited,

How-to: HTTP-Proxy and Radius Authentication and Windows IAS Server settings. Securepoint Security System Version 2007nx

How to configure your Windows PC post migrating to Microsoft Office 365

Configuring your client to connect to your Exchange mailbox

Allworx OfficeSafe Operations Guide Release 6.0

How to Join QNAP NAS to Microsoft Active Directory (AD)

Movie Cube. User s Guide to Wireless Function

FAQ. How does the new Big Bend Backup (powered by Keepit) work?

isupplier PORTAL ACCESS SYSTEM REQUIREMENTS

Use the below instructions to configure your wireless settings to connect to the secure wireless network using Microsoft Windows Vista/7.

A Guide to New Features in Propalms OneGate 4.0

Configuring SSL VPN on the Cisco ISA500 Security Appliance

Weston Public Schools Virtual Desktop Access Instructions

Getting Started Guide

Configuration Manual English version

WINDOWS 7 & HOMEGROUP

client configuration guide. Business

Introduction to the AirWatch Browser Guide

Creating a User Profile for Outlook 2013

Exchange 2013 mailbox setup guide

CC File Transfer. User Manual

Troubleshooting AVAYA Meeting Exchange

EZblue BusinessServer The All - In - One Server For Your Home And Business

User Guide. You will be presented with a login screen which will ask you for your username and password.

Reason 8 Multi Licenses

How To Set Up Dataprotect

VPN Web Portal Usage Guide

EZblue BusinessServer The All - In - One Server For Your Home And Business

SCADA Security. Enabling Integrated Windows Authentication For CitectSCADA Web Client. Applies To: CitectSCADA 6.xx and 7.xx VijeoCitect 6.xx and 7.

Collax Web Security. Howto. This howto describes the setup of a Web proxy server as Web content filter.

Allworx Installation Course

MultiSite Manager. Setup Guide

WA1791 Designing and Developing Secure Web Services. Classroom Setup Guide. Web Age Solutions Inc. Web Age Solutions Inc. 1

Hosted Microsoft Exchange Client Setup & Guide Book

Infor Xtreme Browser References

QUANTIFY INSTALLATION GUIDE

Citrix Access on SonicWALL SSL VPN

The PostBase Connectivity Wizard

Configuring a Softphone for Windows for Virtual Contact Center

Download and Launch Instructions for WLC Client App Program

8x8 Virtual Office Telephony Interface for Salesforce

USER GUIDE WWPass Security for Windows Logon

Professional Mailbox Software Setup Guide

ComTrader Technical Requirements

ENABLING RPC OVER HTTPS CONNECTIONS TO M-FILES SERVER

Dell SonicWALL SRA 7.5 Citrix Access

Sophos UTM Software Appliance

Release Notes. SonicOS is the initial release for the Dell SonicWALL NSA 2600 network security appliance.

The SSL device also supports the 64-bit Internet Explorer with new ActiveX loaders for Assessment, Abolishment, and the Access Client.

Quickstart guide to Configuring WebTitan

How To Set Up A Vpn Tunnel Between Winxp And Zwall On A Pc 2 And Winxp On A Windows Xp 2 On A Microsoft Gbk2 (Windows) On A Macbook 2 (Windows 2) On An Ip

F-Secure Internet Gatekeeper Virtual Appliance

Web Security Service

How to Remotely View Security Cameras Using the Internet

Introduction. Installation of SE S AM E BARCODE virtual machine distribution. (Windows / Mac / Linux)

Configuring the WT-4 for ftp (Infrastructure Mode)

Version Devolutions inc.

Secure Web Appliance. SSL Intercept

Introduction Requesting a VPN Account Accessing the Citrix Access Gateway (CAG) Tips and Tricks... 9

SELF SERVICE RESET PASSWORD MANAGEMENT WEB INTERFACE GUIDE

Network Connect Installation and Usage Guide

HELP DOCUMENTATION SSRPM WEB INTERFACE GUIDE

DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014

RMS Cloud - Setup Instructions for Windows Computers

Sharp Remote Device Manager (SRDM) Server Software Setup Guide

Hosted Microsoft Exchange Client Setup & Guide Book

CYAN SECURE WEB HOWTO. NTLM Authentication

How to Configure Active Directory based User Authentication

User Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream

VNC User Guide. Version 5.0. June 2012

2X Cloud Portal v10.5

(1) Network Camera

SSL-VPN 200 Getting Started Guide

If you have questions or find errors in the guide, please, contact us under the following address:

Stealth OpenVPN and SSH Tunneling Over HTTPS

DESKTOP CLIENT CONFIGURATION GUIDE BUSINESS

Instructions for Configuring Your Browser Settings and Online Security FAQ s. ios8 Settings for iphone and ipad app

If you are not using a network environment (i.e. USB connection only) If you are using the printer in a network environment

Safe internet for business use: Getting Started Guide

HomeNet. Gateway User Guide

MaaS360 Mobile Enterprise Gateway

Maintaining the Content Server

USG40HE Content Filter Customization

Using a custom certificate for SSL inspection

XStream Remote Control: Configuring DCOM Connectivity

Quick-Start Guide

TROUBLESHOOTING INFORMATION

MaaS360 Mobile Enterprise Gateway

Lytecube Technologies. EnCircle Automation. User Guide

SSL Intercept Mode. Certificate Installation Guide. Revision Warning and Disclaimer

OPC Server Machine Configuration

Docufide Client Installation Guide for Windows

Cloud Help for Community Managers...3. About Jive Anywhere...4. Jive Anywhere System Requirements...5. Managing Jive Anywhere...6

Wireless G Broadband quick install

SecuraLive ULTIMATE SECURITY

Quick Installation Guide

Astaro Security Gateway V8. Remote Access via SSL Configuring ASG and Client

AVG Business SSO Partner Getting Started Guide

Transcription:

FAQs for ProtexLocal Administrators How do I set up a banned user group? Setting up a sin-bin group is straightforward as long as you remember a few key points. The sequence is: 1. Set up an AD group which will be banned. Users will be added to this group only when they are being denied Internet access. There is no need to remove users from their usual AD group - the profile given to this group will override their normal filter setting 2. In the Protex interface assign the E2BN:Banned profile to this group 3. Make sure this group/profile pair is at the top of the list. Filters are assigned from the top down: the profile assigned to the first group the user is a member of will be applied 4. Apply the changes and restart Protex We use Macs - is this a problem? No - the use of a proxy to make connections to the originating web site is completely transparent to the operating system. The only difference between Mac, Linux & Windows clients will be how to configure the browsers to use the Protex server on each desktop connected to the LAN: and this will also depend upon which network operating system and browser are being used. What about viruses? While Protex does have the facility to provide virus checking, and may do so in future, it is not currently implemented as this is a very resource-intensive operation which can have a marked impact on filtering performance. All files downloaded to a PC (whether via the Internet, email or a USB stick) should be virus checked by the PC itself. In addition most webmail systems also perform virus and spam checking as do many Local Authorities and ISPs. Staff want pupils to use Blogger... Staff should set up the blogs for their students using the STAFF profile (which allows blogger/blogspot) then once they are all created give the network/filter manager a list of them. They should be of the form blogname.blogspot.com - then these individual blogs can be added 1 / 8

to the ContentCheck or Trusted sites lists to give pupils access to them. Trusting the whole of blogspot.com should be avoided as there are some very unsuitable blogs hosted under this domain. There are similar blogging sites (tumblr.com for example) where individual blogs may be made available but the whole site should not be listed as some of these blogs are certainly not suitable for students to view. Staff want pupils to use Flickr... The structure of the site makes it impossible to allow single accounts (e.g. a school or teacher account) to be unfiltered while still blocking the rest of the site. In order to make flickr.com available it must be added to a Trusted sites list. Which category it is added to will determine which users can access it: for example, adding it to Teaching will allow all users access while Post-16 will restrict access to users of the Sixth Form profile. Whether a site chooses to allow flickr.com to be un-filtered will depend on the ethos of the school, the level of supervision, etc. It can certainly be a useful resource and one that students may be using at home but if allowed the Academy or School's senior management must be aware that there are some images on the site which may be considered unsuitable for viewing in school. Students have used a Site Builder at home - why can't they work on their site in school? If your students have their created their own sites hosted on one one of the many free Site Builders which are currently blocked you can make it available in several ways. Preferably you should look at the URL of the site and see whether this particular site/account can be made available without unblocking the whole Site Builder. However, the way companies create and maintain accounts on such sites varies (and changes from time to time) so it is not always possible to unblock individual accounts and/or sites. In this case the whole site would need to be listed which will make all others sites built and hosted 2 / 8

there available as well. You will need to investigate the other sites' content and then decide whether making it available in school is appropriate. As an added complication most of these sites require some of all of it to be available over https which will require the site to be Trusted and not merely ContentChecked so that no filtering at all will be possible on any of the other hosted sites. Admin menu not working with IE9 The Protex menu is designed to work in IE9, Firefox and Chrome but it will not display correctly in IE9's compatibility mode. If IE9's Intranet Settings have been enabled previously then it is likely that the page is being displayed in compatibility mode as this is the IE9 default security setting for intranet sites. The exact setting to change depends to some extent on what setting have already been selected but the following options may help find one that works for you. (1) Go to the Tools -> Compatibility View dialog box to uncheck the item "Display intranet sites in Compatibility View" (2) Go to Tools -> Internet options -> Security. Click on Local Intranet then on Sites. In the dialog box uncheck the item "Include all sites that bypass the proxy server". You may need to reload the page and/or restart IE9 to enable the changes. Pupils cannot download files... Protex will prevent certain file types from being downloaded from non-trusted sites (see here for more about Trusted sites, etc.). Which file types are blocked is controlled by the filter profile in use - the STAFF profile is much less strict than the student profiles. 3 / 8

For sites listed as Trusted no filtering at all is applied and all file types can be downloaded by all profiles. If there are some file types you would like your pupils to be able to download that are currently blocked (.zip for example) you can create a Local Profile to allow this. See the Protex documentation for details on how to create and edit a Local Profile. How can staff see effect of student profile? If you are using AD/NTLM authentication then it is possible to allow any Group/Profile pair to change their current profile to another. This could be useful for staff to, for example, check that a site they want to use is available to their students. In the Documentation (v3) go to Profiles -> Assign by... -> NTLM based filtering for more details. Checking the "Override" box will cause a drop down menu of configured profiles to be available in the "Logged in" window. Selecting a profile here will swap the profile in use for subsequent requests. How do I block or allow a URL for a specific profile? There are age/profile specific categories to allow you to modify the URLs that specific profiles can access: - Pre-9 Block: block PRIMARY profile only - Pre-12 Block: block MIDDLE, PRIMARY profile - Pre-16 Block: block SECONDARY, MIDDLE, & PRIMARY - Pre-18 Block: block SIXTH FORM, SECONDARY, MIDDLE, & PRIMARY - Post-16 Only: allow for SIXTH FORM & STAFF only - Post-12 Only: allow for SECONDARY, SIXTH FORM & STAFF only - Post-9 Only: allow for MIDDLE, SECONDARY, SIXTH FORM & STAFF only As an example, suppose that you want to modify the sites that sixth formers can access. To do this, add the URL as normal in the appropriate category: To BLOCK a URL: Add the URL to block lists under category 'Pre-18 Block'. To ALLOW a URL: Add the URL to allow lists (Tusted or ContentChecked) under category 'Post-16 Only'. Then 4 / 8

restart Protex to confirm the list changes. For other profiles the process is similar but you must remember that the (un)blocking is cumulative. For example, blocking a URL to the MIDDLE profile will also block it to the PRIMARY one. Similarly, allowing a URL to MIDDLE will allow it for the SECONDARY, SIXTH FORM and STAFF ones but not the PRIMARY profile. How do I block a site (e.g facebook.com) to staff facebook.com is set up as a ContentChecked site for adults in the central lists. To block it for all users including staff put facebook.com in the 'LocalBlockAll' category. Restart to confirm the list change. How do I block BBC's iplayer The BBC site - bbc.co.uk - is listed centrally as a trusted site so no local changes to block parts of the BBC site will have any effect as its Trusted status will take precedence. As iplayer will fall back to running over port 80 (by default it uses port 1935 but will try 80 an 443 if it cannot connect over that one) blocking 1935 on the firewall will have no effect. It is possible to block iplayer but only by removing the BBC's Trusted status and having it subject to the normal Protex filter rules so parts of the site may be blocked depending upon the content of the page. Also some file downloads will be blocked in common with other untrusted sites. Whether you see this as an advantage or disadvantage will depend upon your school. If you still wish to block iplayer then: - go to 'Add items to lists' and add bbc.co.uk to a content check category - this will override the central "trusted" status. - go to 'Add items to lists' and add bbc.co.uk/iplayer to the 'to block' list in the appropriate category. For example, to block to students but allow staff access then add it to the Adult category 5 / 8

- Restart protex to confirm list changes Windows clients need to log in to protex By default these operating systems use NTLMv2 with NTLMv1 turned off. In order for these clients to communicate with the Protex server they must be able to use NTLMv1 when requested. WinXP(SP2) using AD Group Policy: Computer config > Policies > Security Settings > Local Policies > Security Options Find Network security: LAN Manager authentication level and set to Send LM & NTLM responses Find Network security: Minimum session security for NTLM SSP based (including secure RPC) Clients - check "define these policy settings" - uncheck all other options Windows 7 / Vista Click Start -> Run 6 / 8

In the Run field type: secpol.msc - that will bring you to Vista's security policy system. Then go to: Local Policies > Security Options Navigate to the policy Network Security: LAN Manager authentication level and open it. Then change the Setting from Send NTLMv2 response only to Send LM & NTLM -- use NTLMv2 session security if negotiated. Alternatively another very similar solution (Windows 7/Vista) appears to be: Control Panel -> Administrative Tools -> Local Security Policy Local Policies - Security Options Network security: LAN Manager authentication level Send LM & NTLM -- use NTLMv2 session security if negotiated set: Minimum session security for NTLM SSP and Disable Require 128-bit encryption 7 / 8

ENDFAQ {accordionfaq faqid=accordion2 faqclass="smoothnessfaq defaulticon headerbackground headerborder contentbackground contentborder round5"} 8 / 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information