8e6 Technologies Enterprise Filter Authentication R3000 User Manual

Size:
6.79 Mb
Download

CHAPTER 5: AUTHENTICATION DEPLOYMENT ACTIVATEAUTHENTICATION ON THENETWORK

Step 2: Modify the Global Group Profile

1.Click Global Group in the tree to open the pop-upmenu.

2.Select Global Group Profile to display the Category tab of the Profile window:

Fig. 5-34Global Group Profile window, Category tab

a.Block all categories and specify that uncategorized sites should be blocked.

b.Click Apply.

8E6 TECHNOLOGIES, R3000 ENTERPRISEFILTERAUTHENTICATIONUSERGUIDE

199

CHAPTER 5: AUTHENTICATION DEPLOYMENT ACTIVATEAUTHENTICATION ON THENETWORK

3. Click the Port tab to display the Port page:

Fig. 5-35Global Group Profile window, Port tab

a.Enter the Port number to be blocked, and then clickAdd to include the port number in the Block Port(s) list box.

b.After entering all port numbers to be blocked, click

Apply.

200

8E6 TECHNOLOGIES, R3000 ENTERPRISEFILTERAUTHENTICATIONUSERGUIDE

CHAPTER 5: AUTHENTICATION DEPLOYMENT ACTIVATEAUTHENTICATION ON THENETWORK

4.Click the Default Redirect URL tab to display the Default Redirect URL page:

Fig. 5-36Global Group Profile window, Redirect URL tab

a. Select “Authentication Request Form”.

NOTE: Since the Authentication Request Form radio button selection uses the host name of theserver—notthe IP address— be sure there is a DNS resolution for the host name.

b. Click Apply.

8E6 TECHNOLOGIES, R3000 ENTERPRISEFILTERAUTHENTICATIONUSERGUIDE

201

CHAPTER 5: AUTHENTICATION DEPLOYMENT ACTIVATEAUTHENTICATION ON THENETWORK

5.Click the Filter Options tab to display the Filter Options page:

Fig. 5-37Global Group Profile window, Filter Options tab

a.Select filter options to be enabled.

b.Click Apply.

As a result of these entries, a user who does not have a filtering profile will be served the Authentication Request Form so he/she can be authenticated.

202

8E6 TECHNOLOGIES, R3000 ENTERPRISEFILTERAUTHENTICATIONUSERGUIDE

CHAPTER 5: AUTHENTICATION DEPLOYMENT ACTIVATEAUTHENTICATION ON THENETWORK

Activate NT authentication

After testing the NET USE command, the next step is to add the NET USE command to users’ login scripts. We recommend that you add the 3-trylogin script to the existing domain login script.

The 3-trylogin script is used for attempting to log in the user to the authentication server in three separate attempts, in case of a login failure.

Step 1: Modify the 3-trylogin script

Place a copy of the 3-trylogin script in the netlogon folder on your Domain Controller. Note that this sample script should be modified to use your own Virtual IP address instead of the IP address (192.168.0.20) in the sample script. This script lets users bere-authenticatedfrom the block page withoutre-runningthe whole domain login script.

The script is as follows:

echo off :start cls

net use \\192.168.0.20\r3000$ /delete

:try1

echo "Running net use..."

net use \\192.168.0.20\r3000$ if errorlevel 1 goto :try2

if errorlevel 0 echo code 0: Success goto :end

:try2

echo Running net use...

net use \\192.168.0.20\r3000$ if errorlevel 1 goto :try3

8E6 TECHNOLOGIES, R3000 ENTERPRISEFILTERAUTHENTICATIONUSERGUIDE

203

CHAPTER 5: AUTHENTICATION DEPLOYMENT ACTIVATEAUTHENTICATION ON THENETWORK

if errorlevel 0 echo code 0: Success goto :end

:try3

echo Running net use...

net use \\192.168.0.20\r3000$ if errorlevel 1 goto :error

if errorlevel 0 echo code 0: Success goto :end

:error

if errorlevel 1 echo code 1: Failed!

:end

Once this updated login script has been added to the domain, each time users log in to Windows they will also log in to the R3000. Users will be blocked according to the profiles set up on the domain.

Step 2: Modify the Global Group Profile

The last step of the activation process is to adjust the Global Group Profile to set the policy for members of an IP-basedprofile, or for users who are not authenticated.

If you set a restrictive profile, unauthenticated users will not be able to obtain access until they are successfully authenticated.

If you set up a less restrictive profile to allow access, a user can still be authenticated, but won't be prompted to authenticate him/herself unless attempting to access a site that is blocked. Since the login script will automatically run when the user logs in, a less restrictive profile might be used to allow logging with the user’s name without forced blocking.

204

8E6 TECHNOLOGIES, R3000 ENTERPRISEFILTERAUTHENTICATIONUSERGUIDE

CHAPTER 5: AUTHENTICATION DEPLOYMENT ACTIVATEAUTHENTICATION ON THENETWORK

1.Click Global Group in the tree to open the pop-upmenu.

2.Select Global Group Profile to display the Category tab of the Profile window.

3.In the Category Profile page, select categories to block, pass, or white list, and indicate whether uncategorized sites should pass or be blocked.

4.Click Apply.

5.Click the Port tab to display the Port page.

6.Enter the Port number to be blocked, and then click Add to include the port number in the Block Port(s) list box.

7.After entering all port numbers to be blocked, click

Apply.

8.Click the Default Redirect URL tab to display the Default Redirect URL page. Your options on this tab will vary, based on whether your network will be using net use based authentication only, or both Web-based and net use based authentication.

9.Click the Filter Options tab to display the Filter Options page. If necessary, select appropriate filter options to be enabled, and click Apply.

8E6 TECHNOLOGIES, R3000 ENTERPRISEFILTERAUTHENTICATIONUSERGUIDE

205

CHAPTER6: TECHNICALSUPPORTHOURS

CHAPTER6: TECHNICALSUPPORT

For technical support, visit 8e6 Technologies’s Technical Support Web page at http://www.8e6.com/support/ index.htm, or contact us by phone, bye-mail,or in writing.

Hours

Regular office hours are from Monday through Friday, 8 a.m. to 5 p.m. PST.

After hours support is available for emergency issues only. Requests for assistance are routed to a senior-leveltechnician through our forwarding service.

Contact Information

Domestic (United States)

1.Call 1-888-786-7999

2.Select option 2

International

1.Call +1-714-282-6111

2.Select option 2

E-Mail

For non-emergencyassistance,e-mailus atsupport@8e6technologies.com

206

8E6 TECHNOLOGIES, R3000 ENTERPRISEFILTERAUTHENTICATIONUSERGUIDE

CHAPTER6: TECHNICALSUPPORTCONTACT INFORMATION

Office Locations and Phone Numbers

8e6 Corporate Headquarters (USA)

828 West Taft Avenue

Orange, CA 92865-4232

USA

Local

:

714.282.6111

Fax

:

714.282.6116

Domestic US

:

1.888.786.7999

International

:

+1.714.282.6111

8e6 Taiwan

RM B2, 13F, No. 49, Sec. 3, Minsheng E. Rd.

Taipei 104

Taiwan, R.O.C.

Taipei Local

:

2501-5285

Fax

:

2501-5316

Domestic Taiwan

: 02-2501-5285

International

:

886-2-2501-5285

8e6 China

Beijing Room 909, 9 Floor

Tower 1, Bright China Chang An Building

No. 7, Jian Guo Men Nei Dajie

Beijing 100005, China

Beijing Local

:

65180088

Fax

:

65180328

Domestic China

:

010-65180088

International

:

86-10-65180088

8E6 TECHNOLOGIES, R3000 ENTERPRISEFILTERAUTHENTICATIONUSERGUIDE

207

CHAPTER6: TECHNICALSUPPORTSUPPORT PROCEDURES

Support Procedures

When you contact our technical support department:

You will be greeted by a technical professional who will request the details of the problem and attempt to resolve the issue directly.

If your issue needs to be escalated, you will be given a ticket number for reference, and a senior-leveltechnician will contact you to resolve the issue.

If your issue requires immediate attention, such as your network traffic being affected or all blocked sites being passed, you will be contacted by a senior-leveltechnician within one hour.

Your trouble ticket will not be closed until your permission is confirmed.

208

8E6 TECHNOLOGIES, R3000 ENTERPRISEFILTERAUTHENTICATIONUSERGUIDE