SmartFilter DA 4.0 Administration Guide

Transcription

SmartFilter DA 4.0 Administration Guide
ADMINISTRATION
GUIDE
www.securecomputing.com
Copyright
© 2005 Secure Computing Corporation. All rights reserved. No part of this publication may be reproduced, transmitted,
transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written
permission of Secure Computing Corporation.
Trademarks
Secure Computing, SafeWord, Sidewinder, Sidewinder G2, SmartFilter, Type Enforcement, SofToken, Enterprise Strong,
Mobile Pass, G2 Firewall, PremierAccess, SecureSupport, SecureOS, Bess and Strikeback are trademarks of Secure
Computing Corporation, registered in the U.S. Patent and Trademark Office and in other countries. G2 Enterprise
Manager, SmartReporter, On-Box, Application Defenses, RemoteAccess, Sentian, Securing connections between people,
applications and networks are trademarks of Secure Computing Corporation. All other trademarks, tradenames, service
marks, service names, product names, and images mentioned and/or used herein belong to their respective owners.
Software License Agreement
The following is a copy of the Software License Agreement as shown in the software:
CAREFULLY READ THE FOLLOWING TERMS AND CONDITIONS BEFORE LOADING THE SOFTWARE. BY CLICKING
"I ACCEPT" BELOW, OR BY INSTALLING, COPYING, OR OTHERWISE USING THE SOFTWARE, YOU ARE SIGNING
THIS AGREEMENT, THEREBY BECOMING BOUND BY ITS TERMS. IF YOU DO NOT AGREE WITH THIS
AGREEMENT, THEN CLICK "I DO NOT ACCEPT" BELOW AND RETURN ALL COPIES OF THE SOFTWARE AND
DOCUMENTATION TO SECURE COMPUTING CORPORATION ("SECURE COMPUTING") OR THE RESELLER FROM
WHOM YOU OBTAINED THE SOFTWARE.
If this Software is being installed by a third party (for example, a value-added reseller, consultant, employee, or agent),
such third party represents that it has the authority to bind the person or entity for whom the Software is being
installed, and that its acceptance of this Agreement in the manner set forth above does bind such person or entity.
1. Grant of License. Secure Computing grants to you, and you accept, a non-exclusive, and non-transferable license
(without right to sub-license) to use the Software Products and Control List as defined herein, for a predefined set
number of users.
2. Software Products. "Software Product(s)" means (i) the machine-readable object-code versions of the SmartFilter®
software contained in the media (the "Software"), (ii) the published user manuals and documentation that are made
available for the Software (the "Documentation"), and (iii) any updates or revisions of the Software or Documentation
that you may receive (the "Update"). Under no circumstances will you receive any source code of the Software.
Software Products provided for use as "backup" in the event of failure of a primary unit may be used only to replace
the primary unit after a failure in fact occurs. They may not be used to provide any capability in addition to the
functioning primary system that they backup.
3. SmartFilter Control List Subscription Service. Secure Computing provides access to available updates to the
SmartFilter Control List (the "Control List") on a subscription basis measured from the delivery of the Software Product
to you. Sixty (60) days prior to the expiration of each subscription term, Secure Computing shall invoice you the then
prevailing annual renewal fees for the Control List subscription. Payment of the annual renewal fees for the Control List
shall entitle you to receive these services for the following year. Either party may terminate the Control List subscription
at the end of any annual term by providing sixty (60) days advance written notice to the other party.
4. Limitation of Use. You may not: 1) copy, except to make one copy of the Software or Control List solely for backup or archival purposes; 2) transfer, distribute, rent, lease or sublicense all or any portion of the Software Product or
Control List to any third party; 3) translate, modify, adapt, decompile, disassemble, or reverse engineer any Software
Product or Control List in whole or in part; or 4) modify or prepare derivative works of the Software Product or Control
List.
5. Limited Warranty and Remedies. Secure Computing warrants that the medium/media on which its Software is
recorded is/are free from defects in material and workmanship under normal use and service for a period of ninety
(90) days from the date of shipment to you.
Secure Computing does not warrant that the functions contained in the Software will meet your requirements or that
operation of the program will be uninterrupted or error-free. The Software is furnished "AS IS" and without warranty as
to the performance or results you may obtain by using the Software. The entire risk as to the results and performance
of the Software is assumed by you. If you do not receive media which is free from defects in materials and
workmanship during the 90-day warranty period, you will receive a refund for the amount paid for the Software
i
Product returned.
6. Limitation Of Warranty And Remedies. THE WARRANTIES STATED HEREIN ARE IN LIEU OF ALL OTHER
WARRANTIES, EXPRESS OR IMPLIED, INCLUDING ANY WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A
PARTICULAR PURPOSE. SOME STATES AND COUNTRIES DO NOT ALLOW THE EXCLUSION OF IMPLIED
WARRANTIES, SO THE ABOVE EXCLUSION MAY NOT APPLY TO YOU. THIS WARRANTY GIVES YOU SPECIFIC
LEGAL RIGHTS. YOU MAY HAVE OTHER RIGHTS WHICH VARY BY STATE OR COUNTRY.
SECURE COMPUTING'S AND ITS LICENSORS ENTIRE LIABILITY UNDER, FOR BREACH OF, OR ARISING OUT OF
THIS AGREEMENT, IS LIMITED TO A REFUND OF THE PURCHASE PRICE OF THE PRODUCT OR SERVICE THAT
GAVE RISE TO THE CLAIM. IN NO EVENT SHALL SECURE COMPUTING OR ITS LICENSORS BE LIABLE FOR YOUR
COST OF PROCURING SUBSTITUTE GOODS. IN NO EVENT WILL SECURE COMPUTING OR ITS LICENSORS BE
LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, INCIDENTAL, EXEMPLARY, OR OTHER DAMAGES
WHETHER OR NOT SECURE COMPUTING HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGE.
7. Term and Termination. This license is effective until terminated. You may terminate it at any time by destroying
the Software Product, including all computer programs and documentation, and erasing any copies residing on
computer equipment. This Agreement also will automatically terminate if you do not comply with any terms or
conditions of this Agreement. Upon such termination you agree to destroy the Software Product and erase all copies
residing on computer equipment.
8. Ownership. The Software and Control List are licensed (not sold) to you. All intellectual property rights including
trademarks, service marks, patents, copyrights, trade secrets, and other proprietary rights in or related to the Software
Products and Control List are and will remain the property of Secure Computing or its licensors, whether or not
specifically recognized or protected under local law. You will not remove any product identification, copyright notices,
or other legends set forth on the Software Product or Control List.
9. Export Restrictions. You agree to comply with all applicable United States export control laws and regulations,
including without limitation, the laws and regulations administered by the United States Department of Commerce and
the United States Department of State.
10. U.S. Government Rights. Software Products furnished to the U.S. Government are provided on these commercial
terms and conditions as set forth in DFARS 227.7202-1(a).
11. Entire Agreement. This Agreement is our offer to license the Software Product and Control List to you exclusively
on the terms set forth in this Agreement, and is subject to the condition that you accept these terms in their entirety. If
you have submitted (or hereafter submit) different, additional, or other alternative terms to Secure Computing or any
reseller or authorized dealer, whether through a purchase order or otherwise, we object to and reject those terms.
Without limiting the generality of the foregoing, to the extent that you have submitted a purchase order for the
Software Product, any shipment to you of the Software Product is not an acceptance of your purchase order, but rather
is a counteroffer subject to your acceptance of this Agreement without any objections or modifications by you. To the
extent that we are deemed to have formed a contract with you related to the Software Product prior to your acceptance
of this Agreement, this Agreement shall govern and shall be deemed to be a modification of any prior terms in their
entirety.
12. General. Any waiver of or modification to the terms of this Agreement will not be effective unless executed in
writing and signed by Secure Computing. If any provision of this Agreement is held to be unenforceable, in whole or
in part, such holding shall not affect the validity of the other provisions of this Agreement. You may not assign this
License or any associated transactions without the written consent of Secure Computing. This License shall be
governed by and construed in accordance with the laws of California, without regard to its conflicts of laws provisions.
ii
Technical Support information
Secure Computing works closely with our Channel Partners to offer worldwide Technical Support services. If you
purchased this product through a Secure Computing Channel Partner, please contact your reseller directly for support
needs.
To contact Secure Computing Technical Support directly, telephone +1.800.700.8328 or +1.651.628.1500. If you prefer,
send an e-mail to support@securecomputing.com. To inquire about obtaining a support contract, refer to our "Contact
Secure" Web page for the latest information at www.securecomputing.com.
Customer Advocate information
To suggest enhancements in a product or service, or to request assistance in resolving a problem, please contact a
Customer Advocate at +1.877.851.9080. If you prefer, send an e-mail to customer_advocate@securecomputing.com.
If you have comments or suggestions you would like to make regarding this document or any other Secure Computing
document, please send an e-mail to techpubs@securecomputing.com.
Printing history
Date
Part number
Software release
March 2005
86-0944653-A
SmartFilter DA v4.0.
iii
iv
Table of Contents
T
Preface: About this Guide. . . . . . . . . . . . . . . . . . . . . . . . . . .vii
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii
Who should read this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii
How to use this guide. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii
Tips for finding information . . . . . . . . . . . . . . . . . . . . . . . . . . . . viii
Printing this book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viii
Related information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viii
Chapter 1: Introducing SmartFilter DA . . . . . . . . . . . . . . . 1-1
What is SmartFilter DA? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2
Comprehensive, accurate Web content categorization . . . . . . 1-2
Simple, secure, network-based administration . . . . . . . . . . . . 1-2
Accessing SmartFilter DA settings . . . . . . . . . . . . . . . . . . . . . . . 1-3
Logging on to the Control Center . . . . . . . . . . . . . . . . . . . . . . 1-4
Browsing the Web with SmartFilter DA . . . . . . . . . . . . . . . . . . . . 1-6
Viewing the redirect page . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-6
Submitting site review requests . . . . . . . . . . . . . . . . . . . . . . . 1-6
Overriding filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7
Getting help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8
Viewing the online guides . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8
Looking at SmartFilter DA Help . . . . . . . . . . . . . . . . . . . . . . . . 1-9
Contacting technical support . . . . . . . . . . . . . . . . . . . . . . . . . 1-10
Chapter 2: Configuring SmartFilter DA . . . . . . . . . . . . . . . 2-1
Overview of setting general options . . . . . . . . . . . . . . . . . . . . . . 2-2
Changing personal settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4
Setting Monitor with Warning options . . . . . . . . . . . . . . . . . . . . . 2-6
Choosing a redirect page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-9
Customizing a redirect page . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-11
Chapter 3: Delegating Administration . . . . . . . . . . . . . . . . 3-1
Overview of delegating administration . . . . . . . . . . . . . . . . . . . . 3-2
How delegated administration works . . . . . . . . . . . . . . . . . . . 3-2
Table of Contents
v
Table of Contents
The differences between super- and subadministrators . . . . . 3-4
Delegating zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5
Managing zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-7
Managing administrators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-9
Chapter 4: Customizing Web Filtering. . . . . . . . . . . . . . . . 4-1
Overview of customizing Web filtering . . . . . . . . . . . . . . . . . . . . 4-2
How Web content categorization works . . . . . . . . . . . . . . . . . 4-2
Using filters to manage Web access . . . . . . . . . . . . . . . . . . . . 4-2
Creating custom block and allow lists . . . . . . . . . . . . . . . . . . . 4-3
Defining filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-5
Creating custom categories . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-8
Blocking specific Web content . . . . . . . . . . . . . . . . . . . . . . . . . 4-10
Tips on using Virtual Reviewer . . . . . . . . . . . . . . . . . . . . . . . 4-12
Allowing specific Web content . . . . . . . . . . . . . . . . . . . . . . . . . . 4-13
Filtering using keywords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-15
Tips for entering keywords using Boolean operators . . . . . . 4-16
Filtering using file types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-18
Guidelines for specifying URLs to filter . . . . . . . . . . . . . . . . . . . 4-20
General guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-20
Optimizing the block list for Virtual Reviewer™ . . . . . . . . . . 4-20
Syntax for entering Web sites, file types, and keywords . . . . 4-22
Chapter 5: Applying Filters. . . . . . . . . . . . . . . . . . . . . . . . . 5-1
Overview of applying Web filters . . . . . . . . . . . . . . . . . . . . . . . . . 5-2
Handling multiple filter assignments . . . . . . . . . . . . . . . . . . . . 5-2
Applying a global filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-4
Assigning filters to users and groups . . . . . . . . . . . . . . . . . . . . . 5-6
Scheduling filter changes for users and groups . . . . . . . . . . . . . 5-8
Assigning filters to IP address ranges . . . . . . . . . . . . . . . . . . . . 5-10
Scheduling filter changes for IP address ranges . . . . . . . . . . . . 5-12
Authorizing users to override filtering . . . . . . . . . . . . . . . . . . . . 5-15
Chapter 6: Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . 6-1
Introduction to troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . 6-2
Problems with the Control Center . . . . . . . . . . . . . . . . . . . . . . . . 6-2
Problems with Web access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-3
Problems with delegating administration . . . . . . . . . . . . . . . . . . . 6-5
vi
Table of Contents
P
R E F A C E
P
About this Guide
Introduction
This guide contains information on SmartFilter DA options and
features and how to use them.
Who should read
this guide
You should read this guide if you are responsible for evaluating,
installing or configuring SmartFilter to run on a network. This guide
assumes you are familiar with SmartFilter and your organization’s
internal network and the operating system on which the SmartFilter
software will reside. You should also have some knowledge of the
Internet, HTTP (Hypertext Transfer Protocol), and FTP (File Transfer
Protocol).
How to use this
guide
This guide is organized in the following main sections.
Section
Description
Chapter 1
Provides SmartFilter DA overview information.
Introducing SmartFilter DA
Chapter 2
Configuring SmartFilter
DA
Provides SmartFilter DA configuration information.
Chapter 3
Delegating Administration
Provides SmartFilter Delegating Administration
configuration information.
Chapter 4
Customizing Web Filtering
Provides information on selecting the Web filter
content to block or allow.
Chapter 5
Applying Filters
Provides information on applying filters to users
and groups.
Chapter 6
Troubleshooting
Provides basic SmartFilter troubleshooting
information.
Preface: About this Guide
vii
Related information
Tips for finding information
Check the Table of Contents for the primary topics covered in this
guide. When viewing this guide online, you can use Acrobat’s Find
feature to search for every instance of any word or phrase that you
want. Also, the entries in the Table of Contents are active links;
clicking on an entry will jump to that topic.
P
Printing this book
For the best results, print this PDF book using Acrobat Reader Version
5 or greater and print using a PostScript printer driver.
Š If your printer understands PostScript but does not have a
PostScript driver installed, you need to install a PostScript driver.
You can download one from www.adobe.com.
Š If your printer is not a PostScript printer, and the book does not
print out as expected, try one of the following:
— If your printer has the option, Print as Image, set this option on
and then try printing.
— Print specific page(s) one at a time rather than sending the
entire book to the printer.
Related
information
viii
Preface: About this Guide
For all SmartFilter DA and SmartReporter 1.1 information, review the
appropriate documentation (PDF document, Release Notes, etc.).
CH
APTER
1
Introducing SmartFilter DA
1
This chapter provides an introduction to SmartFilter and how to
access the help. It contains the following topics:
Š “What is SmartFilter DA?” on page 1-2
Š “Accessing SmartFilter DA settings” on page 1-3
Š “Browsing the Web with SmartFilter DA” on page 1-6
Š “Getting help” on page 1-8
Introducing SmartFilter DA
1-1
What is SmartFilter DA?
What is
SmartFilter DA?
1
SmartFilter DA gives users in your organization access to Internet
resources while minimizing the legal, productivity, and bandwidth
concerns that the Web often introduces. Easy to administer and fully
integrated with Red Hat Linux, SmartFilter DA prevents inappropriate
Web content from reaching users on your network.
Comprehensive, accurate Web content categorization
SmartFilter DA helps you manage your organization’s Internet use by
giving you access to Secure Computing’s comprehensive database of
Web sites. Secure Computing adds thousands of new entries per day
to this database through a combination of techniques, including:
Š Sophisticated artificial intelligence technology that gathers suspect
URLs and analyzes their content.
Š A team of human reviewers that analyzes the Web site content of
the suspect URLs, and then categorizes sites accordingly.
Š Customer suggestions, which Secure Computing evaluates and
adds to its database as appropriate.
Once you download the database of Web sites, you can create filters
that block or allow specific categories of URLs, and then apply the
filters to users on your network.
Simple, secure, network-based administration
SmartFilter DA is not a software program installed on individual
computers. Instead, it operates at the server level, providing filtering
for every computer on the network. For the administrator, this means
improved security and simplified maintenance. And, because it’s
configured locally, you can customize SmartFilter DA to meet the
specific needs of your organization.
Using SmartFilter DA, you can create a variety of filters tailored to
your organization’s Internet policies and preferences, and then assign
these filters to users, groups, and IP addresses on your network. You
can also schedule filters to apply during certain times of the day,
block and allow particular Web sites, keywords, and file types, and
authorize specific users to temporarily override filtering. And if you
choose, you can delegate administrative tasks to other individuals in
your organization.
1-2
Introducing SmartFilter DA
Accessing SmartFilter DA settings
With SmartFilter DA, you can manage filtering for your organization
through a single Web-based interface. This central, server-based
approach provides a Web filtering solution that is flexible and easy to
maintain, and that gives you more precise control over how the
Internet is used within your organization.
Accessing
SmartFilter DA
settings
To define and manage your organization’s filtering policy, open
SmartFilter DA and click a tab to access a particular set of features.
Superadministrators see all of the following tabs; subadministrators
see only those tabs that correspond with their administrator rights.
Š Home is the main welcome tab.
Š Define Filters lets you implement a filtering policy using filters and
custom categories. For information on defining filters and custom
categories, see “Defining filters” on page 4-5 and “Creating custom
categories” on page 4-8.
Š Assign Filters lets you apply filters to users, groups, and IP
addresses in your organization. For information on assigning
filters, see “Applying a global filter” on page 5-4, “Assigning filters
to users and groups” on page 5-6, and “Assigning filters to IP
address ranges” on page 5-10.
Š Create Custom Lists lets you block and allow specific Web sites,
keywords, and file types. For information on creating custom lists,
see “Blocking specific Web content” on page 4-10 and “Allowing
specific Web content” on page 4-13.
Š Assign Overrides lets you give certain users the ability to temporarily
override filtering. For information on assigning override privileges,
see “Authorizing users to override filtering” on page 5-15.
Š Choose Redirect Page lets you select and customize the page that
appears when users try to access blocked Web content. For
information on selecting a redirect page, see “Choosing a redirect
page” on page 2-9.
Š Delegate Tasks lets you give administrator responsibilities to other
individuals within your organization. For information on
delegating administrator tasks, see “Overview of delegating
administration” on page 3-2.
Š Change My Profile lets you specify your e-mail address, change your
logon name and password, and choose how to display IP ranges.
For information on changing profile settings, see “Changing
Introducing SmartFilter DA
1-3
Accessing SmartFilter DA settings
personal settings” on page 2-4.
Š Configure System lets you manage system settings, as well as
download the latest Control List from Secure Computing. For
information on setting system options, see the SmartFilter DA
Installation Guide.
Logging on to the Control Center
To access the Control Center, use a Web browser on any computer on
your network that has access to the computer where SmartFilter DA is
installed.
Note: For optimal viewing, open the Control Center with Microsoft Internet Explorer 5.5
or later, or Mozilla 1.0 or later. Note that you must enable JavaScript in your browser to
take advantage of all SmartFilter DA features.
To log on to the Control Center
1.
Open a new browser window.
2.
In the Address box or Location box, type:
https://Address/controlcenter
Note: For Address, type the IP address or fully qualified domain name (FQDN) of the
computer where SmartFilter DA is installed.
3.
In the Look In list, click the directory service where your user profile
resides. If you didn’t specify the logon using a directory service, click
Local.
4.
Type your administrator name and password.
5.
Click OK.
Note: When working in the Control Center, it’s recommended that you don’t click the
browser’s Back button or Refresh (Reload) button.
By default, if the Control Center is inactive for 10 minutes or longer,
you must log back on to the Control Center. To change the default
time-out period, see the SmartFilter DA Installation Guide.
1-4
Introducing SmartFilter DA
Accessing SmartFilter DA settings
Figure 1-1. Logging on to
the Control Center
To open SmartFilter
DA, select your
network location.
Type your
administrator name
and password, and
Click here to log off
or access help.
Click a tab on the
navigation bar to
access a particular
set of features.
Introducing SmartFilter DA
1-5
Browsing the Web with SmartFilter DA
Browsing the Web
with SmartFilter
DA
SmartFilter DA prevents users from accessing inappropriate Web sites
without detracting from their normal Web browsing experience. If a
user tries to access a blocked site, SmartFilter DA rejects the request
and displays a redirect page. If a site isn’t in a blocked or warned
category, the user accesses the site without any interference.
Viewing the redirect page
If users request a Web page that’s in a category you’ve chosen to
block, SmartFilter DA displays a redirect page. The redirect page
provided by SmartFilter DA displays the page’s URL and filter
category. The user can then choose to submit a site review request to
the administrator; override filtering using an authorized name and
password; or go to another site.
You choose the redirect page that appears in users’ browsers—either
SmartFilter DA’s redirect page, a customized version of SmartFilter
DA’s redirect page, or a specific Web address. For information on
specifying a redirect page, see “Choosing a redirect page” on page 29.
Submitting site review requests
If a user needs to access a blocked Web site, he or she can click a link
on the redirect page to send a site review request to the administrator.
This request lets the user explain why access to a particular site is
necessary.
Note that if a subadministrator doesn’t specify an e-mail address on
the Change My Profile tab, SmartFilter DA forwards site review requests
from users in that subadministrator’s zone to the next administrator up
in the hierarchy.
Note: If users are abusing the review request feature, you can remove the request link
from the redirect page. For information on removing the request link, see “Choosing a
redirect page” on page 2-9.
To submit a site review request
1-6
Introducing SmartFilter DA
1.
On the redirect page, click Submit a Site Review Request.
2.
To ensure that the administrator can reply to the request if necessary,
Browsing the Web with SmartFilter DA
type your e-mail address.
3.
Type a message in the Comments box if necessary, and then click
Submit.
Overriding filtering
The superadministrator has override privileges for the entire network.
Subadministrators have override privileges on all computers with IP
addresses in their assigned zone(s). Note that all administrators use
the same name and password for overriding filtering as they do for
logging on to the Control Center.
Administrators can also grant override privileges to users on a caseby-case basis. However, subadministrators can only assign overrides
to users in their zones if they have the appropriate administrator
rights. For information on assigning override privileges, see
“Authorizing users to override filtering” on page 5-15.
To override filtering
1.
On the redirect page, click Temporarily Bypass Filtering.
2.
Type your override name and password.
Note: If you’re an administrator, simply type your Control Center logon name and
password.
3.
Specify the length of time to override filtering.
4.
Click Begin Override.
After the override time expires, the user continues to see the
requested page until he or she refreshes the page or enters another
Web address.
Introducing SmartFilter DA
1-7
Getting help
Figure 1-2. Redirct page
The administrator
or an authorized
user can choose to
temporarily bypass
filtering on this
computer. This lets
the user view the
blocked page.
Note: This redirect page is displayed if you don’t specify a custom redirect page.
Getting help
Use this guide, the SmartFilter DA Installation Guide, the
SmartReporter Administration Guide, and online help to learn more
about SmartFilter DA and SmartReporter.
Viewing the online guides
There are three online guides included with SmartFilter DA:
Š This SmartFilter DA Administration Guide is geared toward
filtering administrators and others responsible for implementing
your organization’s filtering policy. It includes overviews of
product concepts and features, as well as step-by-step procedures.
Š The SmartFilter DA Installation Guide is geared toward system
administrators and others responsible for installing SmartFilter DA
and configuring it to run on a network. It includes step-by-step
procedures and a troubleshooting section.
Š The SmartReporter Administration Guide is geared toward filtering
administrators and others responsible for viewing Web activity
statistics. It includes overviews of reporting concepts and features,
as well as step-by-step procedures.
Use Adobe Acrobat® to view the guides online or to print them. You
can access the guides in the /opt/n2h2/docs folder or the docs folder
of your SmartFilter DA tar file.
1-8
Introducing SmartFilter DA
Getting help
Looking at SmartFilter DA Help
SmartFilter DA Help provides instructions for performing various tasks
in the Control Center. You can access online help from within the
Control Center (see Figure 1-3).
To access SmartFilter DA Help
Š To view the complete list of help topics, click Help in the top right
corner of the Control Center Home page. Click Contents to view a
list of topics by feature, click Index to locate a topic by keyword, or
click Search to view all topics that match the search criteria you
type.
Š To access help that’s specific to a particular page, click Help in the
top right corner of that page.
In addition, you can access help for SmartReporter from within the
SmartReporter interface.
Introducing SmartFilter DA
1-9
Getting help
Figure 1-3. Accessing
Help
You can access help through the Control
Center.
Click Contents to view a list of topics by feature, click Index to locate a
topic by keyword, or click Search to view all topics that match the
search criteria you type.
Contacting technical support
Technical support for SmartFilter DA is available on the Web. You can
access Secure Computing support resources at the following Web
address: www.securecomputing.com/goto/support.
If you’re still unable to resolve a problem, call +1.800.700.8328 or
+1.651.628.1500.
1-10
Introducing SmartFilter DA
CH
APTER
2
Configuring SmartFilter DA
2
This chapter provides SmartFilter DA configuration information. It
contains the following topics:
Š “Overview of setting general options” on page 2-2
Š “Changing personal settings” on page 2-4
Š “Setting Monitor with Warning options” on page 2-6
Š “Choosing a redirect page” on page 2-9
Š “Customizing a redirect page” on page 2-11
Configuring SmartFilter DA
2-1
Overview of setting general options
2
Overview of
setting general
options
Configuring SmartFilter DA is easy. Simply click the appropriate tab
on the left side of the Control Center to access the settings you want
to modify.
Note: Superadministrators can access additional system settings on the Configure
System tab. For information on these additional settings, see the SmartFilter DA
Installation Guide.
Click the Warnings tab under Define Filters to:
Š Specify how the Monitor with Warning feature works, including
whether to receive e-mail notifications when users bypass the
warning page and how often to display the warning page in users’
browsers. For step-by-step instructions, see “Setting Monitor with
Warning options” on page 2-6.
Click Choose Redirect Page to:
Š Specify the page that users see when they try to view blocked Web
content. This can be the default page provided by SmartFilter DA,
a custom page that you create, or a specific URL. For step-by-step
instructions, see “Choosing a redirect page” on page 2-9.
Click Change My Profile to:
Š Specify the e-mail address where site review requests, override
notifications, and warning notifications should be sent. For stepby-step instructions, see “Changing personal settings” on page 2-4.
Š Change your logon name and password for accessing SmartFilter
DA settings. For step-by-step instructions, see “Changing personal
settings” on page 2-4.
Š Choose to view IP ranges using descriptive text or numeric
addresses. For step-by-step instructions, see “Changing personal
settings” on page 2-4.
2-2
Configuring SmartFilter DA
Overview of setting general options
Figure 2-1. General
filtering options
Click Define Filters
and then the
Warnings subtab
to specify Monitor
with Warning
options.
Click Choose
Redirect Page to
select the page
that appears in
users’ browsers
when they try to
access blocked
Web content.
Click Change My Profile to set basic system
options, including your logon information and
e-mail address.
Configuring SmartFilter DA
2-3
Changing personal settings
Changing
personal settings
Use the Change My Profile tab to change your e-mail address, as well as
your logon name and password. You can also choose whether to
display IP ranges in the Control Center using descriptive text or
numeric addresses.
To change your personal settings
1.
On the navigation bar, click Change My Profile.
2.
In the Administrator list, click the administrator to change settings for.
Note: This list only appears if there are subadministrators below you.
3.
In the E-mail Address box, type the e-mail address where notifications
should be sent.
If you don’t type an e-mail address, site review requests are sent to the
administrator one level up in the hierarchy.
Note: SmartFilter DA sends site review requests, override notifications, and warning
notifications related to users in your assigned zone(s) to this address. (System
notifications are sent to the superadministrator only.)
4.
Select one of the following options:
Š Display IP Ranges Using Descriptions. This option displays IP ranges
in the Control Center using the description specified for each IP
range.
Š Display IP Ranges Using IP Addresses. This option displays IP ranges
in the Control Center using their numeric addresses.
5.
Click Save.
To change the Control Center logon
Note: Before changing your logon name and password, save the changes you made
during this session. In most cases, confirming the change logs you off from the Control
Center. To log on again, you must use the new administrator name and password.
1.
On the navigation bar, click Change My Profile.
2.
In the Administrator list, click the administrator to change logon settings
for.
Note: This list only appears if there are subadministrators below you.
3.
Click Change Logon.
4.
Select one of the following options:
Š Log on Using a Local Name and Password. This option lets you
access the Control Center using a name and password you create.
2-4
Configuring SmartFilter DA
Changing personal settings
Type the name and password you want to use, and then retype
the password to confirm it.
Š Log on Using This User’s Network Logon Information. This option
lets you access the Control Center using your network logon name
and password. Click the directory service where your name resides.
In the User/Group box, type the first letters of your name, and then
click Search. Then in the list of matching users and groups, click
your network logon name. Note that if you choose a group
network name, each member of the group can access the Control
Center using his or her individual network name and password.
Note: If the superadministrator didn’t specify one or more directory services under
Configure System, this option does not appear.
Note: To display all of the users and groups in the selected directory service, leave
the User/Group box empty and click Search. Note that if your directory service
contains a large number of users, SmartFilter DA may not be able to display all of the
users in a single list.
5.
Type your full name as you want it to appear in the Control Center. This
name helps you distinguish your settings from your subadministrators’
settings.
6.
Click Save, and then click Yes to confirm the change.
If necessary, you can change your logon without accessing the
Control Center. For step-by-step instructions, see the SmartFilter DA
Installation Guide.
Figure 2-2. Changing
your profile
Type the e-mail address
you want SmartFilter DA
to send site review
requests, override
notifications, and
warning notifications to.
Specify how to display IP range information in the Control Center.
Configuring SmartFilter DA
2-5
Setting Monitor with Warning options
Setting Monitor
with Warning
options
Choose how SmartFilter DA responds when users view sites that fit
into categories you’ve set to Monitor with Warning.
When you create a filter, you can set categories within that filter to
Monitor with Warning. Then, when a user you’ve assigned that filter
to attempts to access a site in a category set to Monitor with Warning,
he or she sees a warning page. The user can bypass the warning page
and view the site if he or she chooses, or go to another site.
Note: If you specify a logo and/or links for your redirect page, they also appear on the
warning page. For step-by-step instructions on modifying the redirect page, see
“Customizing a redirect page” on page 2-11.
SmartFilter DA lets you customize Monitor with Warning options. You
specify whether to receive e-mail notifications when users bypass the
warning page. You can also choose how long to turn off additional
warnings for sites in a specific category after the initial warning page
is bypassed.
For example, let’s say that Mary, a user on your network, tries to
access www.espn.com. Because the Sports category is set to Monitor
with Warning under the filter you’ve assigned to her, SmartFilter DA
displays a warning page. Mary decides to bypass the warning page
and view the site.
If you’ve turned off multiple warnings, Mary can navigate to different
areas within www.espn.com, as well as to other sites in the Sports
category, without encountering additional warning pages for the
length of time you’ve specified. If you haven’t turned off multiple
warnings, Mary sees a warning page each time she tries to access a
different page within www.espn.com, as well as when she tries to
access other sports-related sites.
Note: You must have the appropriate administrator rights to set Monitor with Warning
options. If you don’t have these rights, the Define Filters tab and its subtabs do not
appear.
2-6
Configuring SmartFilter DA
Setting Monitor with Warning options
To set Monitor with Warning options
1.
On the navigation bar, click Define Filters.
2.
On the Warnings tab, in the Administrator list, click the administrator to
change warning settings for.
Note: This list only appears if there are subadministrators below you.
3.
Check Send Me Warning Notifications to receive e-mail notifications
when users choose to bypass the warning page and access sites in
categories that you’ve chosen to “Monitor with Warning.”
4.
If you chose to receive warning notifications, check Only If User
Bypasses the Warning Page to receive notifications only after a user
bypasses the warning page a specific number of times within a certain
period.
Specify the number of times that a user must bypass the warning page
within a certain period in order to trigger the e-mail notification. Then
specify the number of minutes in that period.
5.
Check Don’t Show Warning Page Again to turn off additional warnings
for sites in the same category after a user bypasses the initial warning
page.
Specify how long to turn off additional warnings after a user bypasses
the initial warning page.
6.
Click Save.
Configuring SmartFilter DA
2-7
Setting Monitor with Warning options
Figure 2-3. Setting
Monitor with Warning
options
Choose whether to receive
e-mail notifications when
users bypass the warning
page. If you chose to
receive notifications,
specify under what
circumstances the
notifications are sent to
you.
To turn off multiple warnings, check Don’t Show
Warning Page Again, and then specify how long
to turn off warnings after a user bypasses an initial
warning page.
2-8
Configuring SmartFilter DA
Choosing a redirect page
Choosing a
redirect page
Specify the redirect page (also called block page) that users see when
they try to access blocked Web sites. This redirect page can be the
redirect page provided by SmartFilter DA, a custom redirect page, or
any URL you specify.
If you're a subadministrator, you can also choose to use the exact
redirect page specified by the parent administrator directly above you.
This redirect page can be a custom redirect page, SmartFilter DA's
redirect page, or a URL; it can also be a redirect page specified by an
administrator above your parent administrator. You can view your
parent administrator's redirect page before choosing to display it.
Note: You must have the appropriate administrator rights to specify a redirect page. If
you don’t have these rights, the Choose Redirect Page tab does not appear.
To specify a redirect page
1.
On the navigation bar, click Choose Redirect Page.
2.
In the Administrator list, click the administrator to specify a redirect
page for.
If you're a subadministrator who manages multiple zones, or if you
choose a subadministrator from the Administrator list who manages
multiple zones, the page automatically refreshes and shows you a list of
delegated zones, as well as the redirect pages associated with those
zones. Click the zone to specify a redirect page for, and then click
Modify.
3.
Select one of the following options:
Š Display Redirect Page of Administrator Above Me. This option
displays the exact redirect page specified by the parent
administrator directly above the subadministrator you selected,
whether that redirect page is a custom redirect page, SmartFilter
DA's redirect page, or a URL. To view the parent administrator's
redirect page, click View Admin's Page. (This option only appears
for subadministrators, not for the superadministrator.)
Š Display Default Redirect Page. This option displays SmartFilter DA's
redirect page when users try to access blocked Web content. To
view SmartFilter DA's redirect page in a separate browser window,
click View Default Page. To include a link on SmartFilter DA’s page
for submitting site review requests to the administrator, check
Include Review Request Link.
Note: For more information on submitting site review requests, see
“Submitting site review requests” on page 1-6.
Configuring SmartFilter DA
2-9
Choosing a redirect page
Š Display This Customized Redirect Page. This option displays a
customized version of SmartFilter DA's redirect page when users try to
access blocked Web content. To specify the logo, text, and/or links that
appear on this page, click Customize Page.
Note: For more information on creating a custom redirect page, see
“Customizing a redirect page” on page 2-11.
Š Display This URL. This option displays the URL you specify when users try
to access blocked Web content. Note that the URL you specify must be
located on a Web server.
4.
Click Save.
Figure 2-4. Specifying a
redirect page
Specify the redirect page to display when users try to access
blocked Web content. You can choose SmartFilter DA’s page, a
customized version of SmartFilter DA’s page, or a URL. If you’re a
subadministrator, you can also choose the page of the
administrator directly above you.
2-10
Configuring SmartFilter DA
Customizing a redirect page
Customizing a
redirect page
Creating a custom redirect page using SmartFilter DA's template lets
you easily tailor the redirect page for your organization. You can
specify the logo, text, and links to appear on the page.
Note that if you specify a custom logo for the redirect page, that logo
also appears on all other predefined pages. In addition, any custom
links you add appear on the warning page as well. Custom text
appears on the redirect page only.
Note: You can further customize other predefined pages (for example, the warning page
and request review pages) in a text editor. For step-by-step instructions on customizing
predefined pages, see the SmartFilter DA Installation Guide.
Note: You must have the appropriate administrator rights to specify a redirect page. If
you don’t have these rights, the Choose Redirect Page tab does not appear.
To customize SmartFilter DA’s redirect page
1.
On the navigation bar, click Choose Redirect Page.
2.
In the Administrator list, click the administrator to specify a redirect
page for.
If you're a subadministrator who manages multiple zones, or if you
choose a subadministrator from the Administrator list who manages
multiple zones, the page automatically refreshes and shows you a list of
delegated zones, as well as the redirect pages associated with those
zones. Click the zone to specify a redirect page for, and then click
Modify.
3.
Click Display This Customized Redirect Page, and then click Customize
Page.
4.
To view the redirect page template, click View Template.
5.
Select one of the following options for displaying a logo:
Š Display SmartFilter DA's Logo. This option displays SmartFilter DA's
default logo in the top right corner of the redirect page.
Š Display My Logo. This option displays the logo you specify in the
top right corner of the redirect page. Type the location of the logo
file, or click Browse to locate and select the logo file.
Note: The optimum logo size is 235 by 104 pixels; the logo you specify will be
stretched or compressed to fit this size. If you want your logo to blend in with
the redirect page’s background, set the background color of your logo to this
RGB value: Red 231, Green 231, Blue 223. (This is equivalent to the hexadecimal
value E7E7DF.)
Configuring SmartFilter DA
2-11
Customizing a redirect page
6.
To display customized text on the redirect page, type the text in the box
provided.
The text you type appears as a single paragraph between the blocked
URL and the list of categories that the URL was blocked under.
7.
Specify the link(s) to include on the redirect page.
To include the link for submitting site review requests to the
administrator, check Include Review Request Link.
Note: Use the arrow buttons to order the links as you want them to appear on the
redirect page.
Figure 2-5. Creating a
custom redirect page
8.
To preview the customized page before saving it, click Preview.
9.
Click Save, and then click Save again.
Create a custom redirect page by adding or changing just
one or all of the following items: logo, custom text, links.
Click View Template to
see where the new
logo, text, and links
will appear.
Type or browse for the
location of your
custom logo.
Type the text to display
at the top of the
redirect page.
Add, change, and
remove links. You can
also choose whether
to display the request
review link.
Preview your changes,
and then save your
custom page.
2-12
Configuring SmartFilter DA
CH
APTER
3
Delegating Administration
3
This chapter provides SmartFilter Delegating Administration (DA)
configuration information. It contains the following topics:
Š “Overview of delegating administration” on page 3-2
Š “Delegating zones” on page 3-5
Š “Managing zones” on page 3-7
Š “Managing administrators” on page 3-9
Delegating Administration
3-1
Overview of delegating administration
3
Overview of
delegating
administration
To manage filtering more effectively across a large or multilevel
organization, you can delegate tasks to other administrators.
Delegating administration lets you distribute filter management
responsibilities as appropriate to administrators within different areas
of your organization. It lets those who are closest to specific groups of
users administer filtering for those users on a daily basis, while
allowing you to retain supervisory control over how your
organization's filtering policy is implemented.
To delegate filtering tasks, you must first create zones—distinct ranges
of IP addresses associated with computers on your network—and
then assign those zones to administrators. You specify what tasks each
administrator can perform when managing his or her assigned
zone(s). You can also modify filter settings for zones assigned to
administrators below you at any time.
How delegated administration works
Here are two examples of how delegated administration can work in
different organizational settings.
In an educational setting. Let's say you're the superintendent of a large
school district. You want to implement a standard Internet filtering
policy for the entire district, but you also want principals, teachers,
and librarians to be able to customize that policy as necessary to meet
certain educational goals, as well as the specific needs of students at
various grade levels.
As the top-level filtering administrator—or superadministrator—you
can apply a global filter to your entire school district. If you choose,
you can set this global filter as the minimum level of filtering for all
computers and users on your school district's network; this prevents
administrators below you from applying filters that are less restrictive
than the global filter you specify.
You can then create zones for the different schools in your district,
and assign them to the principals of those schools. As
subadministrators, the principals can then create zones for specific
classrooms, labs, and libraries within their schools, and delegate the
administration of those zones to the appropriate teachers and
librarians. This lets those who are closest to students tailor filtering to
students' day-to-day needs, while giving you the ability to prevent
misuse and ensure the integrity of your school district's filtering
3-2
Delegating Administration
Overview of delegating administration
policy.
In a corporate setting. Let's say you're the HR director for a large
company. You want to implement a standard Internet filtering policy
that protects your company and its employees, but you also want to
empower department managers to give their employees the Web
access they need to meet your company's goals.
As the top-level filtering administrator—or superadministrator—you
can apply a global filter to your entire corporate network. Unless you
specify this as the minimum level of filtering for your company, this
filter applies only to users, groups, and IP addresses that filters haven't
been assigned to.
You can then create zones for the different departments in your
company, and assign them to the department managers. As
subadministrators, the managers can create and assign filters to IP
addresses within their zones, or delegate administration of the zones
to team leaders or other department leads. This lets department
managers provide the types of Internet access that are most useful for
their employees, while giving you the ability to prevent misuse and
ensure the integrity of your company's filtering policy.
Delegating Administration
3-3
Overview of delegating administration
The differences between super- and subadministrators
As the superadministrator, you can perform all filter and system
administration tasks within the Control Center, including tasks that
cannot be performed by other administrators. These tasks include:
Š Apply a global filter
Š Assign filters to users and groups defined in your local directory
service
Š Set system options
All other administrators are considered subadministrators. When you
delegate zones to subadministrators, you choose which tasks they can
perform by selecting from this list of administrator rights:
Š Create and assign filters. Lets the subadministrator add, change, and
remove filters and custom categories; assign filters to IP addresses;
create custom block and allow lists; and choose a redirect page.
Š Assign override privileges. Lets the subadministrator assign override
privileges to users.
Š Delegate tasks to other administrators. Lets the subadministrator
create zones and delegate tasks to other administrators.
In addition, all subadministrators can specify an e-mail address for site
review requests, override notifications, and warning notifications.
They can also change their own logon names and passwords and
specify settings for the Monitor with Warning feature and IP range
display.
3-4
Delegating Administration
Delegating zones
Delegating zones
To delegate portions of your organization to other administrators, you
must first define a zone consisting of a range of IP addresses. Then,
delegate authority of the zone to a subadministrator so that he or she
can manage filtering for that zone.
When delegating zones, keep in mind the following:
Š You must have the appropriate administrator rights to create zones
and delegate tasks. If you don’t have these rights, the Delegate
Tasks tab does not appear.
Š When you delegate a zone to an administrator, that administrator
receives copies of any filters you’ve created. From then on, your
filters and the subadministrator’s filters are independent of each
other; changes you make to your filters are not reflected in his
or her filters and vice versa.
Š You can only delegate those IP ranges that fall within the zone(s)
assigned to you. In addition, you can’t create zones that overlap
with other zones.
To create a zone
1.
On the navigation bar, click Delegate Tasks.
2.
In the Administrator list, click the administrator to add a zone for.
Note: This list only appears if there are subadministrators below you.
3.
Click Add Zone.
4.
Type the IP address range of the new zone in the From and To boxes,
and then type an optional description.
Note: To specify a single IP address, just type that address in the From box.
5.
Click Save.
Once you’ve created a zone, assign an administrator to manage it.
To assign a zone to an administrator
1.
On the navigation bar, click Delegate Tasks.
2.
In the Administrator list, click the administrator to assign a zone for.
Note: This list only appears if there are subadministrators below you.
3.
Click Add Admin.
Delegating Administration
3-5
Delegating zones
4.
Select one of the following:
Š Log on Using a Local Name and Password. Type the name and
password of the new administrator, and then retype the password.
Š Log on Using This User’s Network Logon Information. Click the
directory service where the administrator’s name resides. In the
User/Group box, type the first letters of the administrator’s name,
and then click Search. Then in the list of matching users and
groups, click the administrator’s name.
Note: If the superadministrator didn’t specify one or more directory services under
Configure System, this option does not appear.
Note: To display all of the users and groups in the selected directory service, leave
the User/Group box empty and click Search. Note that if your directory service
contains a large number of users, SmartFilter may not be able to display all of the
users in a single list.
5.
Type the full name you want to display in the Control Center for the
administrator. This name helps you identify the subadministrator’s
settings.
6.
Type the e-mail address to send review request, override, and warning
notifications to.
Note: If you don’t type an e-mail address, review requests from users in this
administrator’s zone are sent to you.
Figure 3-1. Assigning a
zone to an administrator
7.
Specify the zone(s) you want the subadministrator to manage.
8.
Check the tasks that the subadministrator can perform.
9.
Click Save.
To delegate zones to
subadministrators, click
Delegate Tasks.
Click Add Zone, and
then create your new
zone.
Then, click Add Admin
to delegate the zone to
an administrator.
3-6
Delegating Administration
Managing zones
Managing zones
When managing zones, it’s important to remember that after you’ve
delegated a zone to a subadministrator, removing or modifying it can
significantly affect the filtering hierarchy. For example, say you assign
a zone containing 100 IP addresses to subadministrator JSmith. If you
remove 80 of those IP addresses from the zone, all 80 of those IP
addresses lose the filter assignments JSmith gave them. In addition, if
JSmith delegated any of the IP addresses to subadministrators, those
subadministrators are also affected.
Note: You must have the appropriate administrator rights to create zones and delegate
tasks. If you don’t have these rights, the Delegate Tasks tab does not appear.
Even after you’ve delegated responsibility for a zone to a
subadministrator, you can still modify it.
To modify a zone
1.
On the navigation bar, click Delegate Tasks.
2.
In the Administrator list, click the administrator to modify a zone for.
Note: This list only appears if there are subadministrators below you.
3.
Click the zone to modify, and then click Change Zone.
4.
Type the zone’s new IP address range in the From and To boxes, and
then type an optional description.
Note: To specify a single IP address, just type that address in the From box.
5.
Click Save.
You can also remove a zone altogether.
To remove a zone
1.
On the navigation bar, click Delegate Tasks.
2.
In the Administrator list, click the administrator to remove a zone for.
Note: This list only appears if there are subadministrators below you.
Delegating Administration
3-7
Managing zones
Figure 3-2. Removing a
zone
3.
Click the zone to remove, and then click Remove Zone.
4.
Confirm that you want to remove this zone.
On the Delegate
Tasks tab, select the
zone to change
settings for, and then
click Change Zone.
Type the zone’s new IP
range. A description is
optional.
3-8
Delegating Administration
Managing administrators
Managing
administrators
You can modify your subadministrators’ settings, including changing
the zones they control and the rights they have within those zones.
For example, if you find that a subadministrator is abusing the assign
overrides right, simply remove it from his or her list of rights.
You can also prevent subadministrators from accessing the Control
Center. By disabling a subadministrator’s logon account, his or her
filter settings stay intact, but the subadministrator cannot open the
Control Center and change settings.
Note: You must have the appropriate administrator rights to create zones and delegate
tasks. If you don’t have these rights, the Delegate Tasks tab does not appear.
To modify administrator settings
1.
On the navigation bar, click Delegate Tasks.
2.
In the Administrator list, click the administrator to modify settings for.
Note: This list only appears if there are subadministrators below you.
3.
Click the administrator to change settings for, and then click Change
Admin.
4.
Select one of the following:
Š Log on Using a Local Name and Password. Type the name and
password of the administrator, and then retype the password.
Š Log on Using This User’s Network Logon Information. Click the
directory service where the administrator’s name resides. In the
User/Group box, type the first letters of the administrator’s name,
and then click Search. Then in the list of matching users and
groups, click the administrator’s name.
Note: If the superadministrator didn’t specify one or more directory services
under Configure System, this option does not appear.
Note: To display all of the users and groups in the selected directory service,
leave the User/Group box empty and click Search. Note that if your directory
service contains a large number of users, SmartFilter may not be able to display
all of the users in a single list.
Š Disable Logon.
5.
Type the full name you want to display in the Control Center for the
administrator. This name helps you identify the subadministrator’s
settings.
6.
Type the e-mail address to send review request, override, and warning
notifications to.
Delegating Administration
3-9
Managing administrators
Note: If you don’t type an e-mail address, review requests from users in this
administrator’s zone are sent to you.
7.
Specify the zone(s) you want the subadministrator to manage.
8.
Check or clear the tasks that the subadministrator can perform.
9.
Click Save.
You can remove settings for any administrator that you manage.
Removing an administrator’s settings deletes all filter settings for the
zones assigned to that administrator, as well as all filter settings for
zones assigned to any subadministrators created by the administrator.
To remove administrator settings
1.
On the navigation bar, click Delegate Tasks.
2.
In the Administrator list, click the administrator to remove
subadministrator settings for.
Note: This list only appears if there are subadministrators below you.
Figure 3-3. Removing
administrator settings
3.
Click the administrator to remove settings for, and then click Remove
Admin.
4.
Confirm that you want to remove settings for this administrator.
On the Delegate Tasks
tab, select the
administrator to
change settings for,
and then click Change
Admin.
Select new settings for
the administrator, and
then click Save.
3-10
Delegating Administration
CH
APTER
4
Customizing Web Filtering
4
This chapter provides Web filtering customization information. It
contains the following topics:
Š “Overview of customizing Web filtering” on page 4-2
Š “Defining filters” on page 4-5
Š “Creating custom categories” on page 4-8
Š “Blocking specific Web content” on page 4-10
Š “Allowing specific Web content” on page 4-13
Š “Filtering using keywords” on page 4-15
Š “Filtering using file types” on page 4-18
Š “Guidelines for specifying URLs to filter” on page 4-20
Customizing Web Filtering
4-1
Overview of customizing Web filtering
4
Overview of
customizing Web
filtering
SmartFilter blocks inappropriate and distracting Web content based on
the filtering criteria you specify. You can choose to apply the default
filters provided by SmartFilter, or custom filters that you create, to all
or part of your organization.
Create Web filters, or modify existing ones, by choosing categories of
content from a predefined list, as well as any custom categories that
you define.
Note: To view a list of SmartFilter categories and their descriptions, go to
www.securecomputing.com/goto/controllist
During installation, you can apply a global filter to your entire
network. After you create filters, you can apply a different global filter
to your network, and/or assign specific filters to individual users,
groups, and IP addresses.
Note: Only the superadministrator can apply a global filter and assign filters to users and
groups. Subadministrators with the appropriate rights can assign filters to IP addresses in
their zones.
How Web content categorization works
To categorize Web content, Secure Computing uses a combination of
advanced artificial intelligence technology and human analysis,
locating Web content as it becomes available and then categorizing it
according to predefined filter categories. This information is then
stored in Secure Computing’s database of Web sites called the Control
List.
SmartFilter downloads the Control List on a daily or weekly basis,
ensuring that Web access on your network is filtered according to the
most accurate and up-to-date information possible.
Using filters to manage Web access
A filter is a collection of settings specifying the Web content that users
can and cannot view. Create custom filters or use predefined filters
provided by SmartFilter to manage your organization’s Internet access.
When a user tries to access a Web page, SmartFilter checks the
request against the Control List downloaded from Secure Computing.
If the requested page is categorized as a type of content you’ve
4-2
Customizing Web Filtering
Overview of customizing Web filtering
chosen to block, SmartFilter denies the request. The user sees a
redirect page in the browser rather than the requested page. If the
requested page is categorized as a type of content you’ve chosen to
allow, SmartFilter approves the request. The user sees the requested
page.
SmartFilter lets you apply a global filter to your entire network, as
well as assign specific filters to individual users, groups, and IP
addresses. You can also schedule filters to apply during different times
of the day. This lets you give users less restrictive Web access during
lunch breaks, or before and after business hours.
In addition, subadministrators can apply filters to the zones of IP
addresses that they manage.
Creating custom block and allow lists
In addition to using category-based filters to manage Web access, it’s
possible to block specific Web sites, file types, and keywords. You can
also let users access Web sites, file types, and keywords that
SmartFilter would normally block.
Note: Unlike filters, which you can assign to specific users, groups, and IP addresses, the
Web sites, file types, and keywords in the custom lists are blocked or allowed for all users,
groups, and IP addresses on your network. (If you’re a subadministrator, the items in the
custom lists are blocked or allowed for all IP addresses in your zones.)
Customizing Web Filtering
4-3
Overview of customizing Web filtering
Figure 4-1. Web filtering
Secure Computing locates and
categorizes Web content into
the Control List.
SmartFilter downloads the
updated Control List from
Secure Computing.
The Web
Secure
Computing
As users request Web pages,
SmartFilter checks the
requests against the Control
List, as well as the filters
assigned to the requestors.
If the requested
page is not blocked
under the user’s
filter assignment,
the user can view it.
SmartFilter
User 1
User 2
If the requested Web page is
categorized as the type of content
blocked for this user, the request is
denied and a redirect page appears.
4-4
Customizing Web Filtering
Defining filters
Defining filters
A filter is a collection of settings that defines what Web content users
can access and how that access is tracked. When you create a filter,
you can include:
Š Categories of Web content to block, such as pornography or
violence. This option prevents access to any content in this
category.
Š Categories of Web content to monitor with warning, or “soft block.”
This option displays warning pages that help discourage certain
types of Web activity without completely blocking access to
content.
Š Categories of Web content to monitor. This option lets you track
Web usage by category without blocking sites.
Š Categories of Web content to allow regardless of other filter
settings. (These categories are called exceptions.) For example,
you can let users view historically significant Web pages, even if
they contain violent content.
When you create a filter, you choose the predefined and custom
categories of Web content to block, warn, or monitor when the filter is
applied, as well as any exceptions to the types of content blocked,
warned, or monitored.
Note: You must have the appropriate administrator rights to define filters. If you don’t
have these rights, the Define Filters tab does not appear.
To create or modify a Web filter
1.
On the navigation bar, click Define Filters.
2.
On the Filters tab, in the Administrator list, click the administrator to add
a filter for.
Note: This list only appears if there are subadministrators below you.
3.
Click Add. Or, to modify an existing filter, click the filter to modify, and
then click Change.
4.
In the Filter Name box, type a name for the filter you want to add or
change.
5.
Next to each category you want to block, warn, or monitor, click the
appropriate option.
Š Block. Click this option to block access to sites in this category.
Customizing Web Filtering
4-5
Defining filters
Š Warn. Click this option to display a warning when users attempt to
access sites in this category. Users can choose to view the site by
clicking a link on the warning page. If you choose, you can receive
an e-mail notification when a user bypasses the warning page.
Š Monitor. Click this option to allow access to sites in this category
and log the categories they fall into.
Š Don’t Block. Click this option to allow access to sites in this
category.
6.
To allow access to certain content regardless of other filter settings, next
to each exception category, click the appropriate option.
Š Allow As Exception. Click this option to allow access to sites in this
category, even if they’re blocked, warned, or monitored under
other settings.
Š Don’t Allow As Exception. Click this option to base the block/
monitor decision on other filter settings.
7.
Click Save.
Note: If a site falls into multiple categories, one or more of which you’ve chosen to block,
the site is always blocked. For example, if you set the Sexual Materials category to Block
and the Sports category to Monitor, and a user tries to view a site that falls into both
categories, the site is blocked.
Figure 4-2. Creating a
filter
To create a new
filter, click
Define Filters...
...and then click Add.
4-6
Customizing Web Filtering
Defining filters
You can also remove filters that you no longer need. If the filter is
currently assigned to users, groups, and/or IP addresses as the default
(primary) filter, removing it will delete all of their filter settings. If the
filter is currently applied as the global filter, removing it gives full
Internet access to those users, groups, and IP addresses without
individual filter assignments.
To remove a Web filter
1.
On the navigation bar, click Define Filters.
2.
On the Filters tab, in the Administrator list, click the administrator to
remove a filter for.
Note: This list only appears if there are subadministrators below you.
3.
Click the filter to remove, and then click Remove.
4.
Confirm that you want to remove the filter.
Customizing Web Filtering
4-7
Creating custom categories
Creating custom
categories
When you create a filter, you choose the categories of Web content to
block or allow from a comprehensive list of categories provided by
SmartFilter. You can also create your own custom block and
exception categories that contain Web content not found in any of the
predefined block or exception categories.
For example, you can create a block category that contains the Web
addresses of popular travel sites. When applied as part of a filter, this
category prevents users from accessing these sites.
Once created, custom categories automatically show up in all filters as
categories of content that you can block or allow. Like other
categories, the content contained in each custom category is not
blocked or allowed until you select the category when creating or
modifying a filter. To help you differentiate custom categories from
SmartFilter’s predefined categories, custom categories appear in bold
text.
Š You must have the appropriate administrator rights to create
custom categories. If you don’t have these rights, the Define Filters
tab does not appear.
Š If you want to view reports on blocked media files (such as MP3
and WAV files), create a custom category for media instead of
adding these file types to a custom block list.
To create or modify a custom category
1.
On the navigation bar, click Define Filters.
2.
On the Custom Categories tab, click Add. Or, to modify an existing
custom category, click the category you want to change, and then click
Change.
3.
In the Name box, type a name for the category you want to add. Or, type
a new name for the existing category.
4.
Click Block or Exception to indicate the category type.
5.
Type the URLs (one per line) to block or allow when you apply this
category as part of a filter. You can also copy items from a text editor
and paste them into the custom category. Be sure to separate each item
with a hard return.
To block or allow URLs that contain specific keywords, click Add
Keyword. To block or allow specific file types, click Add File Type.
4-8
Customizing Web Filtering
Creating custom categories
Note: For more information on entering Web sites, file types, and keywords, see
“Guidelines for specifying URLs to filter” on page 4-20.
6.
Click Save.
Figure 4-3. Modifying a
custom category
Type the sites,
file types, and
keywords to
block or allow in
this custom
category.
To remove a custom block or exception category
Note: When you remove a category, it is no longer applied under any filter.
1.
On the navigation bar, click Define Filters.
2.
On the Custom Categories tab, click the category you want to remove,
and then click Remove.
3.
Confirm that you want to remove this category.
Customizing Web Filtering
4-9
Blocking specific Web content
Blocking specific
Web content
With SmartFilter, you can block specific Web sites that are otherwise
allowed under the filters you’ve defined. For example, if you find that
users on your network are spending too much time viewing a car
buying Web site, simply add the site to your custom block list.
SmartFilter blocks access to that site for as long as it remains in your
custom block list.
If your organization uses the delegate tasks feature, each administrator
with the right to create and assign filters can create his or her own
custom block list. When a user requests a Web site, SmartFilter checks
the custom block list of the administrator closest to the user for a
match. If no match is found, SmartFilter checks the custom block list
of the next administrator up in the hierarchy, and so on.
Note: You must have the appropriate administrator rights to create custom lists. If you
don’t have these rights, the Create Custom Lists tab does not appear.
Note: If you want to view reports on blocked media files (such as MP3 and WAV files),
create a custom category for media instead of adding these file types to the block list.
To create a custom block list
1.
On the navigation bar, click Create Custom Lists.
2.
On the Block List tab, in the Administrator list, click the administrator to
create a custom block list for.
Note: This list only appears if there are subadministrators below you.
3.
Type the URLs to block, one per line. You can also copy items from a text
editor and paste them into the custom block list. Be sure to separate
each item with a hard return.
To block URLs that contain specific keywords, click Add Keyword. To
block specific file types, click Add File Type.
Note: For more information on entering Web sites, file types, and keywords, see
“Guidelines for specifying URLs to filter” on page 4-20.
4.
To let SmartFilter review the custom block list each night and
automatically remove URLs categorized by Secure Computing, check
Turn on Virtual Reviewer.™
If you select this option, you’ll be notified via e-mail when URLs are
removed from the block list. Removing categorized URLs helps keep
your block list as compact and efficient as possible.
Note: Virtual Reviewer also forwards the URLs in your custom lists to Secure
Computing for review. Forwarding these URLs to Secure Computing lets the Secure
4-10
Customizing Web Filtering
Blocking specific Web content
Computing review team analyze the URLs and categorize them as appropriate.
5.
Click Save.
Figure 4-4. Creating a
custom block list
On the Block List tab, type
the sites, pages, file types,
and keywords you want to
block.
Choose whether
to clean up the
block list each
night.
To remove an entry from the custom block list
1.
On the navigation bar, click Create Custom Lists.
2.
On the Block List tab, in the Administrator list, click the administrator to
remove a site from the custom block list for.
Note: This list only appears if there are subadministrators below you.
3.
Select the Web site, file type, or keyword to remove, and then press
Delete.
4.
Click Save.
Note: Removing an item from the custom block list doesn’t automatically allow it; it
simply bases the block/allow decision on filters applied under SmartFilter.
Customizing Web Filtering
4-11
Blocking specific Web content
Tips on using Virtual Reviewer
Š To prevent SmartFilter from removing an item from the block list,
type [lock] before the item. For example, if you type [lock]
www.sports.com, www.sports.com cannot be automatically deleted
from your block list.
Š Virtual Reviewer also skips URLs that contain a wildcard (such as
an asterisk) in the host name or path, as well as items preceded
with [keycgi], [keyurl], and [ftype].
Note: Because Virtual Reviewer skips URLs that contain a wildcard, it’s recommended
that you replace wildcard entries with the specific sites and domains you want to block.
Minimizing wildcard usage in the block list also improves filtering performance.
4-12
Customizing Web Filtering
Allowing specific Web content
Allowing specific
Web content
With SmartFilter, you can allow specific Web sites that are otherwise
blocked under the filters you’ve defined. For example, if your
organization conducts research on hate crimes, users may need access
to certain sites with content usually considered inappropriate. Rather
than changing filter settings to allow access to all hate and
discrimination content, just add the specific sites needed to your
custom allow list.
If your organization uses the delegate tasks feature, each administrator
with the right to create and assign filters can create his or her own
custom allow list. When a user requests a Web site, SmartFilter checks
the custom allow list of the administrator closest to the user for a
match. If no match is found, SmartFilter checks the custom allow list
of the next administrator up in the hierarchy, and so on.
Note: You must have the appropriate administrator rights to create custom lists. If you
don’t have these rights, the Create Custom Lists tab does not appear.
To create a custom allow list
1.
On the navigation bar, click Create Custom Lists.
2.
On the Allow List tab, in the Administrator list, click the administrator to
create a custom allow list for.
Note: This list only appears if there are subadministrators below you.
3.
Type the URLs to allow, one per line. You can also copy items from a text
editor and paste them into the custom allow list. Be sure to separate
each item with a hard return.
To allow URLs that contain specific keywords, click Add Keyword. To
allow specific file types, click Add File Type.
Note: For more information on entering Web sites, file types, and keywords, see
“Guidelines for specifying URLs to filter” on page 4-20.
4.
Click Save.
Customizing Web Filtering
4-13
Allowing specific Web content
Figure 4-5. Creating a
custom allow list
On the Allow List tab,
type the sites, pages, file
types, and keywords you
want to allow.
To remove an entry from the custom allow list
1.
On the navigation bar, click Create Custom Lists.
2.
On the Allow List tab, in the Administrator list, click the administrator to
remove a site from the custom allow list for.
Note: This list only appears if there are subadministrators below you.
3.
Select the Web site, file type, or keyword to remove, and then press
Delete.
4.
Click Save.
Note: Removing an item from the custom allow list doesn’t automatically block it; it
simply bases the block/allow decision on filters applied under SmartFilter.
4-14
Customizing Web Filtering
Filtering using keywords
Filtering using
keywords
You can further modify your custom categories and custom block and
allow lists by filtering URLs that contain specific keywords. For
example, you can type travel + vacation in the custom block list to keep
users from accessing Web sites with both “travel” and “vacation” in
their URLs.
Note: You can also add keywords directly to custom categories and the custom lists. For
information on manually entering keywords, see “Guidelines for specifying URLs to filter”
on page 4-20.
To block or allow specific keywords
1.
Choose whether to block or allow the keyword for your entire
organization or for select users and IP addresses.
Š To block or allow a keyword for your entire organization, on the navigation
bar, click Create Custom Lists.
Note: For more information on creating custom lists, see “Blocking specific
Web content” on page 4-10 and “Allowing specific Web content” on page 4-13.
Š To block or allow a keyword for select users and IP addresses, click
Define Filters. On the Custom Categories tab, click Add.
Note:For more information on creating custom categories, see “Creating
custom categories” on page 4-8.
2.
Click Add Keyword.
3.
In the Keyword box, type the word or phrase you want to block or allow.
You can use Boolean operators when specifying more than one word.
4.
In the Block Using list or Allow Using list, click the appropriate option.
Š All Words. Click this option to block or allow URLs that contain all of
the words in the phrase you typed.
Š Any Words. Click this option to block or allow URLs that contain at
least one of the words in the phrase you typed. This is the least
specific type of matching.
Š Boolean. Click this option to block or allow URLs using any Boolean
operators you specified in the Keyword box.
5.
Specify whether SmartFilter should block or allow the keyword if it
appears anywhere in the URL (Entire URL) or only in the CGI portion of
the URL (CGI Portion Only).
Note: To block or allow this keyword only in Web searches, click CGI Portion Only.
6.
Click Save, and then click Save again to save the custom category or
custom list.
Customizing Web Filtering
4-15
Filtering using keywords
Tips for entering keywords using Boolean operators
Š Boolean operators include AND (and, +); OR (or, |); NOT (not, -)
Š Operator precedence is as follows: 1) OR; 2) AND, NOT. (AND
and NOT have equal precedence.) So birds AND dogs OR cats is
equal to birds AND (dogs OR cats)
Š You can include parentheses to force operator precedence. For
example,
(birds AND dogs) OR cats will match URLs that contain both “birds”
and “dogs” and URLs that contain “cats”.
Š The NOT operator is logically treated as AND NOT. So dogs NOT
cats will match URLs that contain “dogs” but don’t contain “cats”. It
won’t match URLs that contain “dogs” or don't contain “cats”.
Š If you click Boolean and don’t separate multiple words with
operators, AND is implied. So dogs cats is equal to dogs AND cats
Š An operator can’t be proceeded by another operator. So dogs AND
NOT cats is an invalid phrase.
Š Symbolic operators can separate words with or without spaces. So
dogs+cats is equal to dogs + cats However, dogsANDcats is not equal
to dogs AND cats
Š All comparisons are done on a case-insensitive basis. So birds and
Dogs AND CATS is equal to Birds AND DOGS AND CATS
Š To match a phrase exactly as you’ve typed it, surround the phrase
in quotes. For example, “cats+dogs” will match URLs that contain
“cats+dogs” in the CGI query string.
4-16
Customizing Web Filtering
Filtering using keywords
Figure 4-6. Keyword
block or allow
Type the
keyword you
want to block or
allow.
If you typed a phrase, choose how to match the phrase.
For both words and phrases, choose which URLs to match based
on the location of the keyword in the URL.
Customizing Web Filtering
4-17
Filtering using file types
Filtering using file
types
Fine-tune your filtering policy by blocking and allowing specific file
types. For example, if users on your network are wasting valuable
bandwidth resources by downloading MP3 audio files, you can block
all URLs ending in “mp3”.
Note: You can also add file types directly to custom categories and the custom lists. For
information on manually entering file types, see “Guidelines for specifying URLs to filter”
on page 4-20.
To block or allow specific file types
1.
Choose whether to block or allow the file types for your entire
organization or for select users and IP addresses.
Š To block or allow a file type for your entire organization, on the
navigation bar, click Create Custom Lists.
Note:For more information on creating custom lists, see “Blocking specific
Web content” on page 4-10 and “Allowing specific Web content” on page 4-13.
Š To block or allow a file type for select users and IP addresses, click
Define Filters. On the Custom Categories tab, click Add.
Note: For more information on creating custom categories, see “Creating
custom categories” on page 4-8.
2.
Click Add File Type.
3.
Use the top arrow button to move the file type(s) you want to block or
allow to the list on the right.
4.
To block or allow a new file type, type the file extension, and then click
Add.
For example, to block or allow QuickTime movie clips, type mov
Click Save, and then click Save again to save the custom category or
custom list.
4-18
Customizing Web Filtering
Filtering using file types
Figure 4-7. File type
block or allow
Move the file types you
want to block or allow to
the list on the right.
To block or allow file types not included in the predefined list,
type the appropriate file extension and click Add.
Customizing Web Filtering
4-19
Guidelines for specifying URLs to filter
Guidelines for
specifying URLs to
filter
When you create a custom category, or add items to the block list or
allow list, you specify the Web addresses (sites, folders, pages), file
types, and keywords to block or allow. To ensure that filtering works
as expected, review the guidelines and syntax examples on the
following pages before adding items to a custom category, custom
block list, or custom allow list. Note that you must have the
appropriate administrator rights to create custom categories and
custom lists.
General guidelines
Š To avoid overblocking or overallowing Web content, be as specific
as possible when creating your custom categories and custom lists.
Š SmartFilter supports all protocols (including HTTP, HTTPS, and
FTP).
Š For HTTPS addresses, SmartFilter can only base filtering on the
host name. Thus, you can block or allow an entire HTTPS site, but
not specific sections or pages within an HTTPS site or file types
from HTTPS sources.
Š SmartFilter supports two wildcard characters: * matches zero or
more characters; ? matches any character, but there must be a
character present.
Note: It’s recommended that you minimize wildcard usage in the custom lists and
custom categories. Wildcard entries slow filtering performance. In addition, Virtual
Reviewer skips URLs that contain a wildcard.
Š You can enter URLs in uppercase or lowercase. However,
SmartFilter automatically converts to lowercase all URLs included
as part of a custom category or the custom lists.
Optimizing the block list for Virtual Reviewer™
Use SmartFilter's Virtual Reviewer to manage your custom block list
more efficiently. Virtual Reviewer compares the URLs in your custom
block list each night with Secure Computing's database of categorized
Web sites. If Virtual Reviewer finds a URL in your block list that is
categorized by Secure Computing, it removes the URL from your
block list and sends you an e-mail notification that includes category
information for that URL.
4-20
Customizing Web Filtering
Guidelines for specifying URLs to filter
Note: For information on turning on Virtual Reviewer to help you manage your custom
block list, see “Blocking specific Web content” on page 4-10.
To ensure you're receiving the full benefits of Virtual Reviewer, keep
in mind the following when you add items to your custom block list:
Š To prevent Virtual Reviewer from removing an item from the block
list, type [lock] before the item. For example, if you type [lock]
www.sports.com, www.sports.com cannot be automatically
removed from your block list.
Š Virtual Reviewer also skips URLs that contain a wildcard (such as
an asterisk) in the host name or path, as well as items preceded
with [keycgi], [keyurl], and [ftype]. For example, Virtual Reviewer
would skip these items when reviewing the block list:
*.yahoo.com
http://www.cnn.com/*/travel/
[keycgi] sports
[keyurl] stock prices
[ftype] mp3
If you want to use Virtual Reviewer, look over your existing block list
and remove asterisks from URL host names and paths as appropriate.
(Note that removing asterisks from URL host names and paths also
improves filtering performance.) For example, the following sets of
URLs are functionally equivalent; however, while Virtual Reviewer will
skip the URLs in the first column, it will compare the URLs in the
second column against Secure Computing's database.
Table 4-1. Virtual Reviewer URL information.
To review this URL
Change it to this format
*geocities.*
http://geocities.com
*cnn.*/*
http://cnn.com
If you want Virtual Reviewer to review URLs such as *.yahoo.com,
replace this URL with the specific domains you want to block. For
example, in place of *.yahoo.com, you might type these URLs:
http://finance.yahoo.com
http://chat.yahoo.com
http://www.yahoo.com
Customizing Web Filtering
4-21
Guidelines for specifying URLs to filter
Syntax for entering Web sites, file types, and keywords
Use the following syntax guidelines when adding items to a custom
category, custom block list, or custom allow list.
Table 4-2. Syntax guidelines
To block or allow
Type
Notes
An entire Web site
<protocol>://<host name>
For greater flexibility, just type the site's
domain: site.com. This blocks or allows the
site under HTTP, HTTPS, and FTP, as well as
with any host (such as www).
http://www.ergo.net
An entire Web site (including its
associated IP addresses)
[ipmap] <protocol>://<host name>
[ipmap] http://www.ergo.net
Typing [ipmap] before the URL blocks or
allows all sites hosted on the same server as
the URL. So other sites sharing the same IP
address(es) are also blocked or allowed.
Be selective when typing [ipmap] before a
URL: typing [ipmap] before a URL will also
block or allow all URLs matching the entry
on this virtual host.
Particular sections of a Web site
(HTTP only)
http://<host name>/<path>
Particular pages in a Web site
(HTTP only)
http://<host name>/<path>/
<page>
http://www.ergo.net/about
http://www.ergo.net/about/
info.html
An IP address
http://<IP address>
http://64.58.79.230
Use paths to block or allow specific
sections or pages within an HTTP site. If you
don't specify a path, the entire site is
blocked or allowed.
You can block a page within an allowed
path, and vice versa. For example, you can
allow http://www.ergo.net/about/info.html
even if you've blocked
http://www.ergo.net/about.
Only the IP address you specify is blocked
or allowed. It is not mapped to a specific
URL or another IP address.
More...
4-22
Customizing Web Filtering
Guidelines for specifying URLs to filter
To block or allow
Type
Notes
A file type (from any HTTP
source)
[ftype] <file extension>
You can also block or allow file types from
any HTTP source by clicking Add File Type
and then selecting the file type. For more
information, see “Filtering using file types”
on page 4-18.
[ftype] jpg
Note that SmartFilter doesn’t support
wildcards as part of the file extension. So if
you want to block or allow both mp3 and
mpeg, type [ftype] mp3 and
[ftype] mpeg on separate lines.
A file type (from a particular
HTTP
location)
http://<host name>/*.<file
extension>
URLs that contain a particular
keyword or phrase anywhere
in the URL
[keyurl] <word>
http://www.ergo.net/*.jpg
[keyurl] travel vacation
[keyurl] stocks
URLs that contain a particular
keyword in the CGI portion of
the URL
[keycgi] <word>
[keycgi] sexyphotos
[keycgi] stocks
You can also block or allow keywords by
clicking Add Keyword and then typing the
word or phrase. For more information, see
“Filtering using keywords” on page 4-15.
You can also block or allow keywords by
clicking Add Keyword and then typing the
word or phrase. For more information, see
“Filtering using keywords” on page 4-15.
Use [keycgi] to block or allow particular
keywords when used for Web searches.
A URL that contains * or ?
characters that are not used
as wildcards
http://www.ergo.net/forsale/
default.cgi\?q=\*
If a ? or * appears in a URL, and you don’t
want to treat the character as a wildcard,
precede the ? or * with a backslash. (This
may be necessary to block or allow URLs
that contain parameters.)
Customizing Web Filtering
4-23
Guidelines for specifying URLs to filter
4-24
Customizing Web Filtering
CH
APTER
5
5
Applying Filters
This chapter provides information on applying filters. It contains the
following topics:
Š “Overview of applying Web filters” on page 5-2
Š “Applying a global filter” on page 5-4
Š “Assigning filters to users and groups” on page 5-6
Š “Scheduling filter changes for users and groups” on page 5-8
Š “Assigning filters to IP address ranges” on page 5-10
Š “Scheduling filter changes for IP address ranges” on page 5-12
Š “Authorizing users to override filtering” on page 5-15
Applying Filters
5-1
Overview of applying Web filters
5
Overview of
applying Web
filters
Once you’ve created filters, you can assign them to the users, groups,
and IP addresses defined on your network.
To provide basic Web filtering for your network, apply a global filter.
This filter applies to all users, groups, and IP addresses on your
network and ensures that Web content accessed through your
network is filtered according to criteria you’ve specified.
To manage Web access more closely, assign filters to individual users
and groups, as well as specific IP addresses and address ranges. This
lets you customize Web access according to the particular needs of
users within your organization.
Note: SmartFilter supports directory services accessed via Lightweight Directory Access
Protocol (LDAP), including Windows Active Directory, Novell eDirectory (formerly Novell
Directory Services), and Sun ONE Directory (formerly iPlanet). If you use a directory service
other than those listed above, you can apply filter settings to IP addresses only.
You can also schedule filter changes to occur at certain times of the
day. Use this feature to allow less restrictive Web access before or
after work, during lunch, and so on.
Note: Only the superadministrator can apply a global filter and assign filters to users and
groups. Subadministrators with the appropriate rights can assign filters to IP addresses.
Handling multiple filter assignments
Some users on your network may belong to multiple groups with
filter assignments. Others may have filter assignments for their
individual user profiles and belong to one or more groups. And
others may use computers that have filter assignments associated with
their IP addresses.
In these situations, SmartFilter uses a protocol to determine which
filter settings are applied (see Table 5-1). Under this protocol, filters
assigned to specific users always override other filter settings, while
the least restrictive filter settings apply to users or IP addresses within
multiple groups or IP address ranges.
5-2
Applying Filters
Overview of applying Web filters
Table 5-1. Filter assignments
If
Then SmartFilter applies
A user without an individual
filter assignment belongs to
more than one group with
filter assignments
The least restrictive filter settings of those
assigned to the groups.
A user with an individual filter
assignment belongs to one or
more groups with filter
assignments
The filter settings associated with that user’s
filter assignment, even if those settings are
more restrictive than the filter settings for the
group or groups.
A user with an individual filter
assignment logs on to the
network domain using a
computer with a filter
assignment for its IP address
The filter settings associated with that user’s
filter assignment.
A user with a group filter
assignment logs on to a
computer with a filter
assignment for its IP address
The filter settings associated with that group’s
filter assignment.
An IP address is in one or more
IP address ranges that have
been assigned filters
The least restrictive filter settings of those
assigned to the IP address ranges.
An IP address with an
individual filter assignment
falls into one or more IP
address ranges with filter
assignments
The filter settings associated with that IP
address’s filter assignment, even if those
settings are more restrictive than the filter
settings for the IP address range or ranges.
Applying a global filter also affects how filter settings are applied to
users, groups, and IP addresses.
Š If you've applied a global filter and then assign a filter to an
individual user, group, or IP address, the global filter no longer
applies to that user, group, or IP address.
Š If you've applied a global filter as the minimum level of filtering
for the entire network and then assign a filter to an individual user,
group, or IP address, the global filter continues to apply to that
user, group, or IP address as the minimum level of filtering. Thus,
the filter settings applied to that user or group can never be less
restrictive than the global filter.
Applying Filters
5-3
Applying a global filter
Applying a global
filter
Use a global filter to apply a single Web filter to all users, groups, and
IP addresses on your network. This filter ensures that Web content
accessed through your network is always filtered according to certain
criteria. The global filter applies to all users, groups, and IP addresses
that don't have individual filter assignments. (However, if you chose
to apply the global filter as the minimum level of filtering for your
network, the global filter applies to all users, groups, and IP
addresses, even if individual filters have been assigned to them, and
its settings take precedence over less restrictive filters.)
Note: Only the superadministrator can apply a global filter to the entire network.
Subadministrators with the appropriate rights can assign filters to IP addresses in their
zones.
To apply a global filter to the entire network
1.
On the navigation bar, click Assign Filters.
2.
On the Global tab, check Global Filter, and then click a global filter to
apply.
3.
To provide a minimum level of filtering for your entire network, check
Apply to Entire Network As the Minimum Level of Filtering.
4.
Click Save.
To schedule a global filter change
5-4
Applying Filters
1.
On the navigation bar, click Assign Filters.
2.
On the Global tab, under Schedule Global Filter Changes, click Add to
schedule a new filter change. Or click an existing filter change, and then
click Change.
3.
In the Filter list, click the filter you want to apply during the period you
specify.
4.
Next to Start, choose the hour, 15-minute increment, and time of day
(A.M. or P.M.) to start the filter change and override the default global
filter.
5.
Next to End, choose the hour, 15-minute increment, and time of day
(A.M. or P.M.) to end the filter change and apply the default global filter.
6.
Check the day(s) of the week to apply the filter change.
7.
Click Save, and then click Save again.
Applying a global filter
Figure 5-1. Applying a
global filter
To apply a global filter to
your network, select
Global Filter and click a
filter to apply. (Select
Apply to Entire Network
As the Minimum Level of
Filtering if you want the
filter to apply to all users,
groups, and IP
addresses—even those
with individual filter
assignments.)
To schedule a new filter change, click Add. To modify or delete an existing
filter change, click the scheduled change in the list, and then click Change
or Remove.
To remove a global filter change
1.
On the navigation bar, click Assign Filters.
2.
On the Global tab, under Schedule Global Filter Changes, click the
scheduled filter change you want to remove, and then click Remove.
3.
Confirm that you want to delete this scheduled filter change, and then
click Save.
Applying Filters
5-5
Assigning filters to users and groups
Assigning filters
to users and
groups
SmartFilter helps you manage Internet access for your organization by
letting you assign filters to individual users and groups.
Note: Only the superadministrator can apply filters to individual users and groups.
Subadministrators with the appropriate rights can assign filters to IP addresses in their
zones.
When you assign a filter to a user or group, you select a default filter,
which serves as the primary filter for that user or group. You can then
schedule other filters to override the default filter at specific times,
such as during non-work hours.
Note: To ensure that Web activity is filtered for your entire network, specify a global filter.
For more information on applying a global filter, see “Applying a global filter” on page 5-4.
To assign a filter to a user or group
1.
On the navigation bar, click Assign Filters.
2.
On the Users tab, click Add.
3.
In the Look In list, click the directory service that contains the user or
group to assign a filter to.
4.
In the User/Group box, type the first letters of the user or group's name,
and then click Search.
Note: To display all of the users and groups in the selected directory service, leave
the User/Group box empty and click Search. Note that if your directory service
contains a large number of users, SmartFilter may not be able to display all of the
users in a single list.
5.
In the list of matching users and groups, click the user or group to
assign a filter to.
6.
In the Default Filter list, click the primary filter to apply to this user or
group.
7.
To schedule filter changes, under Schedule Filter Changes for This User/
Group, click Add.
Note: For information on scheduling filters, see “Scheduling filter changes for users
and groups” on page 5-8.
8.
5-6
Applying Filters
Click Save.
Assigning filters to users and groups
Figure 5-2. Assigning a
filter to a user or group
To assign a filter to a user or
group, select the location of
the user or group. Then
type the first few letters of
the user or group’s name
and click Search.
Choose the default filter
for this user or group.
This filter can be
overridden by other
filters you’ve scheduled
for specific times of day.
To modify a filter assignment for a user or group
1.
On the navigation bar, click Assign Filters.
2.
On the Users tab, click the user or group whose filter settings you want
to modify, and then click Change.
3.
In the Default Filter list, click the primary filter to apply to this user or
group.
4.
To schedule filter changes, under Schedule Filter Changes for This User/
Group, click Add. Or click an existing filter change, and then click
Change.
Note: For information on scheduling filters, see “Scheduling filter changes for users
and groups” on page 5-8.
5.
Click Save.
To remove a filter assignment from a user or group
1.
On the navigation bar, click Assign Filters.
2.
On the Users tab, click the user or group you want to remove the filter
assignment for, and then click Remove.
3.
Confirm that you want to remove the filter assignment for this user or
group.
Applying Filters
5-7
Scheduling filter changes for users and groups
Scheduling filter
changes for users
and groups
To let users and groups view certain types of Web content at specific
times of the day, schedule filter changes.
Note: Only the superadministrator can apply filters to individual users and groups.
Subadministrators with the appropriate rights can assign filters to IP addresses in their
zones.
When you schedule a filter change, you choose a filter to override the
user or group’s default filter during the period you specify. When that
period is over, SmartFilter applies the default filter again.
You can use scheduled filter changes to provide less restrictive Web
access before or after work hours, during lunch, or at other times.
Note: Scheduled filter changes occur based on local proxy server time.
To schedule a filter change for a user or group
1.
On the navigation bar, click Assign Filters.
2.
On the Users tab, choose the user or group to schedule the filter change
for:
Š To schedule a filter change for a new user or group, click Add, click
a network location, click the user or group to add, and then click a
default filter.
Š To schedule a filter change for an existing user or group, click the
user or group in the list, and then click Change.
5-8
Applying Filters
3.
Under Schedule Filter Changes for This User/Group, click Add to schedule
a new filter change. Or click an existing filter change, and then click
Change.
4.
In the Filter list, click the filter you want to apply during the period you
specify.
5.
Next to Start, choose the hour, 15-minute increment, and time of day
(A.M. or P.M.) to start the filter change and override the default filter for
the user or group.
6.
Next to End, choose the hour, 15-minute increment, and time of day
(A.M. or P.M.) to end the filter change and apply the default filter for the
user or group.
7.
Check the day(s) of the week to apply the filter change.
8.
Click Save, and then click Save again.
Scheduling filter changes for users and groups
Figure 5-3. Scheduling a
filter change for a user or
group
To schedule a new filter
change, click Add. To
modify or delete an
existing filter change, click
the scheduled change in
the list, and then click
Change or Remove.
Choose the filter you want to apply, and then specify the
times and days to apply the filter change.
To remove a filter change for a user or group
1.
On the navigation bar, click Assign Filters.
2.
On the Users tab, click the user or group to remove the filter change for,
and then click Change.
3.
Under Schedule Filter Changes for This User/Group, click the scheduled
filter change you want to remove, and then click Remove.
4.
Confirm that you want to delete this scheduled filter change, and then
click Save.
Applying Filters
5-9
Assigning filters to IP address ranges
Assigning filters
to IP address
ranges
In addition to assigning filters to specific users and groups, you can
assign filters to computers on your network using their IP addresses.
Note: You must have the appropriate administrator rights to assign filters to IP addresses.
If you don’t have these rights, the Assign Filters tab does not appear.
When you assign a filter to an individual IP address or address range,
you select a default filter, the primary filter assigned to that address or
range. You can also schedule other filters to apply at specific times.
Note: To ensure that Web activity is filtered for your entire network, specify a global filter.
For more information on assigning a global filter, see “Applying a global filter” on page 54.
To assign or modify a filter for an IP range
1.
On the navigation bar, click Assign Filters.
2.
On the IP Addresses tab, in the Administrator list, click the administrator
who manages the IP address/range you want to assign a filter to or
modify a filter for.
Note: This list only appears if there are subadministrators below you.
3.
Click Add. Or if you want to modify an assigned filter, click the IP address
or IP range to modify, and then click Change.
4.
Type the IP address range in the From and To boxes, and then type an
optional description.
Note: To assign a filter to a single IP address, just type the address in the From box.
5.
In the Default Filter list, click the primary filter to apply to this IP address
range.
6.
To schedule filter changes, under Schedule Filter Changes for This IP
Address Range, click Add. Or click an existing filter change, and then click
Change.
Note: For information on scheduling filter changes, see “Scheduling filter changes
for IP address ranges” on page 5-12.
7.
5-10
Applying Filters
Click Save.
Assigning filters to IP address ranges
Figure 5-4. Assigning a
filter to an IP range
Type the IP address or
address range to assign a
filter to. You can also enter
a description of the
address or address range.
Choose the default filter for this IP address or address range.
This filter can be overridden by other filters you’ve scheduled
for specific times of day.
To remove a filter assignment from an IP address or address range
1.
On the navigation bar, click Assign Filters.
2.
On the IP Addresses tab, in the Administrator list, click the administrator
who manages the IP address/range you want to remove a filter from.
Note: This list only appears if there are subadministrators below you.
3.
Click the IP address or address range you want to remove the filter
assignment for, and then click Remove.
4.
Confirm that you want to remove the filter assignment for this IP
address or address range.
Applying Filters
5-11
Scheduling filter changes for IP address ranges
Scheduling filter
changes for IP
address ranges
To let users of specific computers view certain types of Web content
at specific times of the day, schedule filter changes.
When you schedule a filter change, you choose a filter to override the
default filter assigned to an IP address or address range during the
period you specify. When that period is over, SmartFilter applies the
default filter again.
Note: Scheduled filter changes occur based on local proxy server time.
You can use scheduled filter changes to provide less restrictive Web
access before or after work hours, during lunch, or at other times.
Note: You must have the appropriate administrator rights to assign filters or filter
changes to IP addresses. If you don’t have these rights, the Assign Filters tab does not
appear.
To schedule a filter change for an IP address or address range
1.
On the navigation bar, click Assign Filters.
2.
On the IP Addresses tab, in the Administrator list, click the administrator
who manages the IP address/range you want to schedule filter changes
for.
Note: This list only appears if there are subadministrators below you.
3.
Choose the IP address or address range to schedule the filter change
for:
Š To schedule a filter change for an IP address or address range
without a filter assignment, click Add. Specify the address or
address range to add and a default filter to apply.
Š To schedule a filter change for an existing IP address or address
range, click the address or address range in the list, and then click
Change.
5-12
Applying Filters
4.
Under Schedule Filter Changes for This IP Address Range, click Add to
schedule a new filter change. Or click an existing filter change, and then
click Change.
5.
In the Filter list, click the filter you want to apply during the period you
specify.
6.
Next to Start, choose the hour, 15-minute increment, and time of day
(A.M. or P.M.) to start the filter change and override the default filter for
the IP address or address range.
7.
Next to End, choose the hour, 15-minute increment, and time of day
Scheduling filter changes for IP address ranges
(A.M. or P.M.) to end the filter change and apply the default filter for the
IP address or address range.
8.
Check the day(s) of the week to apply the filter change.
9.
Click Save, and then click Save again.
Figure 5-5. Scheduling
filter changes for an IP
range
To schedule a new filter
change, click Add. To
modify or delete an existing
filter change, click the
scheduled change in the
list, and then click Change
or Remove.
Choose the filter you want to apply, and then specify
the times and days to apply the filter change.
Applying Filters
5-13
Scheduling filter changes for IP address ranges
To remove a filter change for an IP address or address range
1.
On the navigation bar, click Assign Filters.
2.
On the IP Addresses tab, in the Administrator list, click the administrator
who manages the IP address/range you want to schedule filter changes
for.
Note: This list only appears if there are subadministrators below you.
5-14
Applying Filters
3.
Click the IP address or address range to remove the filter change for, and
then click Change.
4.
Under Schedule Filter Changes for This IP Address Range, click the
scheduled filter change you want to remove, and then click Remove.
5.
Confirm that you want to delete this scheduled filter change, and then
click Save.
Authorizing users to override filtering
Authorizing users
to override
filtering
To let users temporarily turn off filtering on individual computers,
assign override privileges. A user with override privileges can bypass
filtering on a computer for a short period of time by entering a name
and password on the redirect page.
For example, let's say you create a filter that blocks sites in the
Electronic Commerce category and assign it to the Customer Support
group. One of the users in this group then finds that he needs to
check a competitor's e-commerce site for their support policy. But
when he attempts to access the site, the redirect page appears. The
user then notifies a supervisor with override privileges, who clicks the
Temporarily Bypass Filtering link on the redirect page and enters her
override name and password. The user can then access the
competitor's site on his workstation within the period of time
specified by the administrator.
Note: The superadministrator has override privileges for the entire network.
Subadministrators have override privileges on all computers with IP addresses in their
assigned zone(s). Note that all administrators use the same name and password for
overriding filtering as they do for logging on to the Control Center.
You can also be notified by e-mail each time a user with override
privileges bypasses filtering. You choose under what conditions
e-mails are sent to you. For more information on overriding filtering,
see “Browsing the Web with SmartFilter DA” on page 1-6.
Note: You must have the appropriate administrator rights to assign override privileges. If
you don’t have these rights, the Assign Overrides tab does not appear.
To assign or modify override privileges
1.
On the navigation bar, click Assign Overrides.
2.
In the Administrator list, click the administrator that you want to create
or modify override settings for.
Note: This list only appears if there are subadministrators below you.
3.
Under Users with Override Privileges, click Add. Or, if you want to modify
a user’s override privileges, click the user you want to modify privileges
for, and then click Change.
4.
Type the name and password this user must enter to override filtering.
5.
Retype the password to confirm it.
6.
To receive e-mail notifications when this user overrides filtering, check
Applying Filters
5-15
Authorizing users to override filtering
Notify Me When This User Overrides Filtering.
Note: E-mail notifications are sent to the user’s immediate administrator.
7.
If you chose to receive e-mail notifications, check Only If User Overrides
Filtering to receive notifications only after this user overrides filtering a
specific number of times within a certain period.
Specify the number of times that this user must override filtering within
a certain period in order to trigger the e-mail notification. Then specify
the number of minutes in that period.
8.
Click Save.
To remove override privileges for a user
1.
On the navigation bar, click Assign Overrides.
2.
In the Administrator list, click the administrator that you want to remove
override settings for.
Note: This list only appears if there are subadministrators below you.
Figure 5-6. Authorizing
overrides
3.
Under Users with Override Privileges, click the user to remove override
privileges for.
4.
Click Remove.
5.
Confirm that you want to remove these override privileges.
To give a user override privileges, click Assign
Overrides on the navigation bar, and then click Add.
Type the override
name and password for
this user.
Choose whether to receive e-mail
notifications when this user overrides
filtering.
5-16
Applying Filters
CH
APTER
6
6
Troubleshooting
This chapter provides suggestions for resolving problems related to
SmartFilter. It contains the following topics:
Š “Introduction to troubleshooting” on page 6-2
Š “Problems with the Control Center” on page 6-2
Š “Problems with Web access” on page 6-3
Š “Problems with delegating administration” on page 6-5
Troubleshooting
6-1
Introduction to troubleshooting
6
Introduction to
troubleshooting
If you’re unable to resolve a problem on your own, access online
support resources at www.securecomputing.com/goto/support, or
call +1.800.700.8328.
Problems with the
Control Center
I can’t access the Control Center.
First, make sure you entered the correct address in your browser:
https://Address/controlcenter
For Address, type the IP address or fully qualified domain name of
the computer where you installed SmartFilter.
Second, on the Log On page, confirm that you selected the correct
network location in the Look In box. (This is the domain where your
user profile is stored.) Then confirm that you entered the logon name
and password as they appear in that network location. If you didn’t
specify the administrator logon using a directory service, click Local.
Note: If you’re a subadministrator, a higher-level administrator may have disabled your
logon. Contact your managing administrator to find out if your logon is disabled.
Third, confirm that the Web server hosting the Control Center is
operational.
I accidentally changed my logon name and password, and now I
can’t access the Control Center.
You can change your administrator logon without opening the Control
Center. To do this you’ll need access to the computer where
SmartFilter is installed. For information on changing your
administrator logon without opening the Control Center, see the
SmartFilter DA Installation Guide.
I can’t save my changes in the Control Center.
If the Control Center is inactive for 10 minutes or longer, you must log
back on to the Control Center. This lets you save new filter changes.
For information on changing the default time-out period, see the
SmartFilter DA Installation Guide.
6-2
Troubleshooting
Problems with Web access
Problems with
Web access
I added a Web page to the custom allow list and users can’t access it.
The browser may be trying to access a copy of the Web page saved in
the browser’s cache. To access the Web page, force the proxy server
to retrieve the page from the Internet rather than from the cache: In
Mozilla, hold down the SHIFT key, and then click Reload. In Internet
Explorer, hold down the CTRL key, and then click Refresh.
I added a Web page to the custom block list and users can still access
it.
The browser may be accessing a copy of the Web page saved in the
browser’s cache. To prevent this, you must force the proxy server to
retrieve the page from the Internet rather than from the cache: In
Mozilla, hold down the SHIFT key, and then click Reload. In Internet
Explorer, hold down the CTRL key, and then click Refresh.
I want to view reports on blocked media files.
To view reports on blocked media files (such as MP3 and WAV files),
create a custom category for media instead of adding these file types
to a custom block list. For information on creating a custom category,
see “Creating custom categories” on page 4-8.
I want to give users access to only a handful of Web sites.
To give your users access to a limited number of Web sites, create a
filter and apply it to your network as follows:
1.
On the navigation bar, click Define Filters.
2.
On the Custom Categories tab, click Add.
3.
In the Name box, type a name to identify this category as the block
category that prevents access to all Web sites, except the few that you
specify.
4.
Click Block.
5.
Type an asterisk (*), and then click Save.
6.
On the Custom Categories tab, click Add to create another custom
category.
7.
In the Name box, type a name to identify this category as the exception
Troubleshooting
6-3
Problems with Web access
category that includes the list of sites you want to allow.
8.
Click Exception.
9.
Type the Web sites, file types, and keywords you want to allow, and then
click Save.
Note: For information on entering Web sites, file types, and keywords, see
“Guidelines for specifying URLs to filter” on page 4-20.
10. On the Filters tab, click Add.
11. In the Filter Name box, type a name for the filter.
12. Next to the block category you created, click Block.
13. Next to the exception category you created, click Allow As Exception.
Set all other exception categories to Don’t Allow As Exception.
14. Click Save.
15. On the navigation bar, click Assign Filters.
16. On the Global tab, check Global Filter, and then click the filter you just
created.
17. To provide a minimum level of filtering for your entire network, check
Apply to Entire Network As the Minimum Level of Filtering.
18. Click Save.
6-4
Troubleshooting
Problems with delegating administration
Problems with
delegating
administration
I removed IP addresses from a subadministrator’s zone. Are those IP
addresses still filtered?
The global filter applied by the superadministrator is now the only
filter applied to those addresses. If the superadministrator hasn’t
applied a global filter, those IP addresses have full access to the
Internet. (To see whether a global filter is applied to your network,
click Assign Filters, and then view the settings on the Global Filter tab.)
If you want additional filtering applied to these IP addresses, you
must either assign filters to them directly, or delegate the IP addresses
to a subadministrator who can then assign filters to them.
I’m a subadministrator and can’t access the Control Center.
There are several possible reasons why you can’t access the Control
Center, including problems caused by server issues within your
network. It is also possible that the superadministrator, or a
subadministrator above you, disabled your logon. Contact your
managing administrator to find out if your logon has been disabled.
I’m a subadministrator and want to give the subadministrators I
manage some rights (such as creating filters and delegating tasks). I
can’t seem to do this. Why?
You can only give subadministrators those rights that you yourself
have. If your managing administrator didn’t give you these rights, you
can’t pass them on to your subadministrators.
I’m a subadministrator and just noticed that some of the filter
settings for my zones have changed. I didn’t make the changes. What
happened?
Any administrator above you, including the superadministrator, has
the authority to change settings for your zones. For example, if the
superadministrator thinks that the filter settings you’ve applied are too
lenient, he or she can alter those setting by blocking additional
categories.
Troubleshooting
6-5
Problems with delegating administration
6-6
Troubleshooting
www.securecomputing.com
Corporate Headquarters
4180 Harwood Road
San Jose, CA 95124 USA
Tel: +1.800.379.4944
Tel: +1.408.979.6100
Fax: +1.408.979.6501
European Headquarters
East Wing, Piper House
Hatch Lane
Windsor SL4 3QP UK
Tel: +44.1753.410900
Fax: +44.1753.410901
Asia/Pac Headquarters
1604-5 MLC Tower
248 Queen’s Road East
Wan Chai Hong Kong
Tel: +852.2520.2422
Fax: +852.2587.1333
Japan Headquarters
Level 15 JT Bldg.
2-2-1 Toranomon Minato-Ku
Tokyo 105-0001 Japan
Tel: +81.3.5114.8224
Fax: +81.3.5114.8226
© 2005 Secure Computing Corporation. All Rights Reserved. Secure Computing, SafeWord, Sidewinder, SmartFilter, Type Enforcement, SofToken, SecureSupport, SecureOS, MobilePass, G2 Firewall, Bess, Sidewinder
G2, enterprise strong, PremierAccess, and Strikeback are trademarks of Secure Computing Corporation, registered in the U.S. Patent and Trademark Office and in other countries. G2 Enterprise Manager, Application
Defenses, RemoteAccess, On-Box, Power-It-On!, Sentian, and Securing connections between people, applications, and networks are trademarks of Secure Computing Corporation. All other trademarks used herein
belong to their respective owners.