8e6 Technologies Enterprise Filter Authentication R3000 User Manual

Size:
6.79 Mb
Download

CHAPTER4: LDAP AUTHENTICATIONSETUPCREATE, MAINTAIN LDAP PROFILES

TIP: Multiple categories can be selected by clicking each category while pressing the Ctrl key on your keyboard. Blocks of categories can be selected by clicking the first category, and then pressing the Shift key on your keyboard while clicking the last category.

2.Click the “Pass” or “Block” radio button to specify whether all Uncategorized Sites should pass or be blocked.

3.Click Apply to apply your settings at the entity’s filtering level.

Redirect URL

Click the Redirect URL tab to display the Redirect URL page of the Profile window:

Fig. 4-24Group Profile window, Redirect URL tab

8E6 TECHNOLOGIES, R3000 ENTERPRISEFILTERAUTHENTICATIONUSERGUIDE

159

CHAPTER4: LDAP AUTHENTICATIONSETUPCREATE, MAINTAIN LDAP PROFILES

Redirect URL is used for specifying the URL to be used for redirecting users who attempt to access a site or service set up to be blocked.

1.Specify the type of redirect URL to be used: “Default Block Page”, or “Custom URL”.

If “Custom URL” is selected, enter the redirect URL in the corresponding text box. Users will be redirected to the designated page at this URL instead of the block page.

2.Click Apply to apply your settings.

Filter Options

Click the Filter Options tab to display the Filter Options page of the Profile window:

Fig. 4-25Group Profile window, Filter Options tab

160

8E6 TECHNOLOGIES, R3000 ENTERPRISEFILTERAUTHENTICATIONUSERGUIDE

CHAPTER4: LDAP AUTHENTICATIONSETUPCREATE, MAINTAIN LDAP PROFILES

Filter Options is used for specifying which filter option(s) will be applied to the entity’s filtering profile.

1.Click the checkbox(es) corresponding to the option(s) to be applied to the filtering profile: “X Strikes Blocking”, “Google/Yahoo! Safe Search Enforcement”, “Search Engine Keyword Filter Control”, “URL Keyword Filter Control”, and “Extend URL Keyword Filter Control”.

NOTE: See the R3000 User Guide for information about Filter Options.

2. Click Apply to apply your settings.

Remove an entity’s profile from the tree

To remove a group or member’s profile from the tree, select the profile in order to open the pop-upmenu, and choose Remove.

8E6 TECHNOLOGIES, R3000 ENTERPRISEFILTERAUTHENTICATIONUSERGUIDE

161

CHAPTER5: AUTHENTICATIONDEPLOYMENTTEST AUTHENTICATION SETTINGS

CHAPTER5: AUTHENTICATION

DEPLOYMENT

This final step of the authentication setup process includes testing authentication settings and activating authentication on the network.

Test Authentication Settings

Before deploying authentication on the network, you should test your settings to be sure the Authentication Request Form login page can be accessed. If properly set up, the Authentication Request Form opens on a user’s workstation if the user has been blocked from accessing specified Internet content. This form allows the user to authenticate him/herself in order to access Web content permitted by his/ her filtering profile.

Fig. 5-1Authentication Request Form

162

8E6 TECHNOLOGIES, R3000 ENTERPRISEFILTERAUTHENTICATIONUSERGUIDE

CHAPTER5: AUTHENTICATIONDEPLOYMENTTEST AUTHENTICATION SETTINGS

NOTE: In order to complete the test process, you should besure you have your own filtering profile set up.

To verify that authentication is working, do either of the following, based on the Tier you selected:

If Tier 2 or Tier 3 Web-basedauthentication will be used: Go to the Test Web-based authentication settings sub-section for instructions on testing the Authentication Request Form login page from a single workstation. For this test, you will create an IP profile for the test machine’s IP address, and set the Redirect URL for the profile to access the Authentication Request Form.

NOTE: Before testingWeb-basedauthentication settings, besure the SSL certificate you created via the System > Authentication > Authentication SSL Certificate window (in Chapter 2) is placed on all workstations of users who will be authenticated. This ensures that users will not receive the Security Alert warning message from the server.

If Tier 1 net use based authentication will be used: Go to the Test net use authentication settings sub-section for instructions on testing the net use based login command to see if you can access the assigned profile.

If you (the administrator) can be successfully authenticated in the domains that were set up, the test process is complete, and you are ready to activate authentication on the network (see Activate Authentication on the Network).

8E6 TECHNOLOGIES, R3000 ENTERPRISEFILTERAUTHENTICATIONUSERGUIDE

163

CHAPTER5: AUTHENTICATIONDEPLOYMENTTEST AUTHENTICATION SETTINGS

Test Web-basedauthentication settings

To verify that authentication is working properly, make the following settings in the Group section of the console:

Step 1: Create an IP Group, “test”

1.Click the IP branch of the tree.

2.Select Add Group from the pop-upmenu to open the Create New Group dialog box:

Fig. 5-2Create New Group box

3.Enter test as theGroup Name.

4.Enter the password in the Password andConfirm Password fields.

5.Click OK to add the group to the tree.

164

8E6 TECHNOLOGIES, R3000 ENTERPRISEFILTERAUTHENTICATIONUSERGUIDE

CHAPTER5: AUTHENTICATIONDEPLOYMENTTEST AUTHENTICATION SETTINGS

Step 2: Create a Sub-Group,“workstation”

1.Select the IP Group from the tree.

2.Click Add Sub Group in the pop-upmenu to open the Create Sub Group dialog box:

Fig. 5-3Create Sub Group box

3.Enter workstation as theGroup Name.

4.Click OK to add theSub-Groupto the IP Group.

8E6 TECHNOLOGIES, R3000 ENTERPRISEFILTERAUTHENTICATIONUSERGUIDE

165

CHAPTER5: AUTHENTICATIONDEPLOYMENTTEST AUTHENTICATION SETTINGS

Step 3: Set up “test” with a 32-bitnet mask

1.Select the IP Group named “test” from the tree.

2.Click Members in the pop-upmenu to display the Members window:

Fig. 5-4Group Members window

3.Click the radio button corresponding to “Source IP”.

4.Enter the Source IP address of the workstation, and select255.255.255.255 as the subnet mask.

5.Click Add to include the IP address in the Current Memberslist box.

166

8E6 TECHNOLOGIES, R3000 ENTERPRISEFILTERAUTHENTICATIONUSERGUIDE

CHAPTER5: AUTHENTICATIONDEPLOYMENTTEST AUTHENTICATION SETTINGS

Step 4: Give “workstation” a 32-bitnet mask

1.Select the IP Sub-Group“workstation” from the tree.

2.Click Members in the pop-upmenu to display the Members window:

Fig. 5-5Sub Group Members window

3.Click the radio button corresponding to “Member”.

4.In the Member fields, enter the IP address of the workstation, and select255.255.255.255 as the subnet mask.

5.Click Modify.

8E6 TECHNOLOGIES, R3000 ENTERPRISEFILTERAUTHENTICATIONUSERGUIDE

167

CHAPTER5: AUTHENTICATIONDEPLOYMENTTEST AUTHENTICATION SETTINGS

Step 5: Block everything for the Sub-Group

1.Select the IP Sub-Group“workstation” from the tree.

2.Click Sub Group Profile in the pop-upmenu to display the Sub Group Profile window:

Fig. 5-6Sub Group Profile window, Category tab

3.In the Category Profile page, move all categories to the Blocked Categories list box by selecting categories from the Pass Categories and/or Always Allowed list box(es) and using the left arrow (<) to move them to the Blocked Categories list box.

TIP: Blocks of categories can be selected by clicking the firstcategory, and then pressing the Shift key on your keyboard while clicking the last category.

4. For Uncategorized Sites, click “Block”.

168

8E6 TECHNOLOGIES, R3000 ENTERPRISEFILTERAUTHENTICATIONUSERGUIDE