® R3000 | Internet Filter
USER
GUIDE
for Authentication
Model: R3000
Release 2.1.10 • Manual Version 1.01
ii 8E6 TECHNOLOGIES, R3000 INTERNET FILTER AUTHENTICATION USER GUIDE
R3000 INTERNET FILTER
A
UTHENTICATION USER GUIDE
© 2008 8e6 Technologies
All rights reserved.
828 W. Taft Ave., Orange, CA 92865, USA
Version 1.01, published September 2008
To be used with R3000 User Guide version 1.01 for software
release 2.1.10
Printed in the United States of America
This document may not, in whole or in part, be copied, photocopied, reproduced, translated, or reduced to any electronic
medium or machine readable form without prior written consent from 8e6 Technologies.
Every effort has been made to ensure the accuracy of this
document. However, 8e6 Technologies makes no warranties
with respect to this documentation and disclaims any implied
warranties of merchantability and fitness for a particular purpose. 8e6 Technologies shall not be liable for any error or for
incidental or consequential damages in connection with the
furnishing, performance, or use of this manual or the examples herein. Due to future enhancements and modifications of
this product, the information described in this documentation
is subject to change without notice.
The latest version of this document can be obtained from
http://www.8e6.com/docs/r3000_auth2_ug.pdf.
Trademarks
Other product names mentioned in this manual may be trademarks or registered trademarks of their respective companies
and are the sole property of their respective manufacturers.
Part# R3.2.1_AUG_v1.01-0809
8E6 TECHNOLOGIES, R3000 INTERNET FILTER AUTHENTICATION USER GUIDE iii
iv 8E6 TECHNOLOGIES, R3000 INTERNET FILTER AUTHENTICATION USER GUIDE
CONTENTS
C
HAPTER
About this User Guide ................................................................1
How to Use this User Guide ....................................................... 2
Filtering Elements ....................................................................... 8
1: I
Conventions ...................................................................................... 2
Terminology ...................................................................................... 3
Group Types ..................................................................................... 8
Global Group .............................................................................. 8
IP Groups . .................................................................................. 9
NT Domain Groups ................................................................... 10
LDAP Domain Groups . ............................................................. 11
Filtering Profile Types ..................................................................... 12
Static Filtering Profiles . ............................................................. 14
Master IP Group Filtering Profile......................................... 14
IP Sub-Group Filtering Profile ............................................. 14
Individual IP Member Filtering Profile ................................. 14
Active Filtering Profiles . ............................................................ 15
Global Filtering Profile......................................................... 15
NT/LDAP Group Filtering Profile ......................................... 15
NT/LDAP Member Filtering Profile...................................... 15
LDAP Container Filtering Profile ......................................... 16
Override Account Profile ..................................................... 16
Time Profile ......................................................................... 16
Lock Profile ......................................................................... 16
Filtering Profile Components ........................................................... 17
Library Categories . ................................................................... 18
8e6 Supplied Categories..................................................... 18
Custom Categories ............................................................. 18
Service Ports . ........................................................................... 19
Rules ........................................................................................ 19
Minimum Filtering Level ............................................................ 19
Filter Settings ............................................................................ 20
Filtering Rules ................................................................................. 21
NTRODUCTION
.............................................. 1
Authentication Solutions ..........................................................24
8E6 TECHNOLOGIES, R3000 INTERNET FILTER AUTHENTICATION USER GUIDE V
CONTENTS
R3000 Authentication Protocols ...................................................... 24
R3000 Authentication Tiers and Options ........................................ 24
R3000 authentication tiers ........................................................ 24
R3000 authentication options . .................................................. 25
Authentication Solution Compatibility .............................................. 26
Authentication System Deployment Options ................................... 27
Ports for Authentication System Access ......................................... 28
Configuring the R3000 for Authentication ....................................... 29
Configuration procedures ......................................................... 29
System section.................................................................... 29
Group section...................................................................... 32
C
HAPTER
2: N
ETWORK SETUP
........................................ 33
Environment Requirements .....................................................33
Workstation Requirements .............................................................. 33
Administrator ............................................................................ 33
End User ................................................................................... 34
Network Requirements .................................................................... 34
Set up the Network for Authentication ....................................35
Specify the operation mode ............................................................ 36
Specify the subnet mask, IP address(es) ........................................ 38
Invisible mode ........................................................................... 38
Router or firewall mode . ........................................................... 39
Enable authentication, specify criteria ............................................. 40
Net use based authentication ................................................... 42
Web-based authentication . ....................................................... 43
Enter network settings for authentication ........................................ 46
Create an SSL certificate ................................................................ 48
Create, Download a Self-Signed Certificate ............................. 49
Create, Upload a Third Party Certificate ................................... 50
Create a Third Party Certificate........................................... 50
Upload a Third Party Certificate ......................................... 52
Download a Third Party Certificate .................................... 53
View log results ............................................................................... 54
Specify block page settings ............................................................. 57
Block Page Authentication ........................................................ 58
Block page ......................................................................... 59
User/Machine frame ..................................................... 60
Standard Links.............................................................. 60
vi 8E6 TECHNOLOGIES, R3000 INTERNET FILTER AUTHENTICATION USER GUIDE
Optional Links............................................................... 61
Options page ...................................................................... 62
Option 1 ........................................................................ 63
Option 2 ........................................................................ 64
Option 3 ........................................................................ 65
Common Customization ........................................................... 66
Enable, disable features ..................................................... 67
Authentication Form Customization .......................................... 69
Preview sample Authentication Request Form ..................71
Block Page Customization ........................................................ 73
Preview sample block page ............................................... 75
Set up Group Administrator Accounts ...................................77
Add Sub Admins to manage groups, users ..................................... 77
Add a group administrator account ........................................... 78
Update the group administrator’s password ............................. 78
Delete a group administrator account ....................................... 79
C
HAPTER
3: NT A
UTHENTICATION SETUP
........................ 80
Join the NT Domain ..................................................................80
CONTENTS
Create an NT Domain ................................................................82
Add an NT domain .......................................................................... 82
Refresh the NT branch .................................................................... 83
View or modify NT domain details ................................................... 84
Domain Settings ....................................................................... 84
Default Rule .............................................................................. 86
Delete an NT domain ...................................................................... 87
Set up NT Domain Groups, Members ......................................88
Add NT groups, members to the tree .............................................. 88
Specify a group’s filtering profile priority ......................................... 90
Manually add a user’s name to the tree .......................................... 92
Manually add a group’s name to the tree ........................................ 93
Upload a file of filtering profiles to the tree ...................................... 94
C
HAPTER
4: LDAP A
UTHENTICATION SETUP
................... 97
Create an LDAP Domain ...........................................................97
Add the LDAP domain ..................................................................... 97
8E6 TECHNOLOGIES, R3000 INTERNET FILTER AUTHENTICATION USER GUIDE vii
CONTENTS
Refresh the LDAP branch ............................................................... 98
View, modify, enter LDAP domain details ....................................... 99
LDAP Server Type .................................................................. 100
Group Objects ........................................................................ 101
User Objects ........................................................................... 103
Address Info ........................................................................... 104
Account Info ............................................................................ 107
SSL Settings ........................................................................... 109
Alias List ................................................................................. 111
Default Rule ............................................................................ 113
LDAP Backup Server Configuration ................................. 115
Configure a backup server.......................................... 115
Modify a backup server’s configuration ...................... 120
Delete a backup server’s configuration....................... 120
Delete a domain ............................................................................ 121
Set up LDAP Domain Groups, Members ...............................122
Add LDAP groups, users to the tree ............................................. 122
Perform a basic search ........................................................... 123
Options for search results ....................................................... 124
Apply a filtering rule to a profile .............................................. 124
Delete a rule ........................................................................... 125
Specify a group’s filtering profile priority ....................................... 126
Manually add a user’s name to the tree ........................................ 127
Manually add a group’s name to the tree ...................................... 128
Upload a file of filtering profiles to the tree .................................... 129
C
HAPTER
5: A
SSIGN/SET UP GROUPS
, M
EMBERS
.......... 132
Assign Sub Admin to NT/LDAP Entity ..................................132
Create and Maintain Filtering Profiles ...................................135
Add a group member to the tree list .............................................. 136
Add or maintain an entity’s profile ................................................. 137
Category Profile ...................................................................... 138
Redirect URL . ......................................................................... 141
Filter Options . ......................................................................... 142
Add an Exception URL to the profile ............................................. 143
URL entries ............................................................................. 144
Block URL frame . ................................................................... 145
ByPass URL frame ................................................................. 145
viii 8E6 TECHNOLOGIES, R3000 INTERNET FILTER AUTHENTICATION USER GUIDE
Apply settings ......................................................................... 145
Create a Time Profile for the entity ............................................... 146
Add a Time Profile .................................................................. 146
Remove an entity’s profile from the tree ....................................... 151
C
HAPTER
6: A
UTHENTICATION DEPLOYMENT
................. 152
Test Authentication Settings .................................................152
Test Web-based authentication settings ....................................... 154
Step 1: Create an IP Group, “test” .......................................... 154
Step 2: Create a Sub-Group, “workstation” . ........................... 155
Step 3: Set up “test” with a 32-bit net mask ............................ 156
Step 4: Give “workstation” a 32-bit net mask .......................... 157
Step 5: Block everything for the Sub-Group . .......................... 158
Step 6: Use Authentication Request Page for redirect URL ... 159
Step 7: Disable filter options . .................................................. 160
Step 8: Attempt to access Web content . ................................ 161
Test net use based authentication settings ................................... 163
Activate Authentication on the Network ............................... 164
Activate Web-based authentication for an IP Group .....................165
Step 1: Create a new IP Group, “webauth” ............................ 165
Step 2: Set “webauth” to cover users in range . ...................... 166
Step 3: Create an IP Sub-Group . ........................................... 167
Step 4: Block everything for the Sub-Group . .......................... 169
Step 5: Use Authentication Request Page for redirect URL ... 170
Step 6: Disable filter options ................................................... 171
Step 7: Set Global Group to filter unknown traffic . ................. 172
Activate Web-based authentication for the Global Group .............177
Step 1: Exclude filtering critical equipment ............................. 177
Step 1A: Block Web access, logging via Range to Detect . .... 178
Range to Detect Settings .................................................. 178
Range to Detect Setup Wizard ......................................... 180
Step 1B: Block Web access via IP Sub-Group profile . ...........186
Step 2: Modify the Global Group Profile . ................................ 189
Activate NT authentication ............................................................ 193
Step 1: Modify the 3-try login script ........................................ 193
Step 2: Modify the Global Group Profile ................................. 194
CONTENTS
C
HAPTER
8E6 TECHNOLOGIES, R3000 INTERNET FILTER AUTHENTICATION USER GUIDE ix
7: T
ECHNICAL SUPPORT
................................ 196
CONTENTS
Hours ........................................................................................196
Contact Information ................................................................ 196
Domestic (United States) .............................................................. 196
International .................................................................................. 196
E-Mail ............................................................................................ 196
Office Locations and Phone Numbers .......................................... 197
8e6 Corporate Headquarters (USA) ....................................... 197
8e6 Taiwan ............................................................................. 197
Support Procedures ................................................................198
A
PPENDIX
A: A
UTHENTICATION OPERATIONS
................ 199
Authentication Tier Selections ..............................................199
Tier 1: Net use based authentication ............................................ 199
Tier 2, Tier 3: Web-based authentication ...................................... 200
Tier 1: Single Sign-On Authentication ..................................201
Net use based authentication process .......................................... 201
Re-authentication process . ..................................................... 203
Tier 1 authentication methods ....................................................... 203
SMB protocol .......................................................................... 203
SMB Signing ..................................................................... 203
LDAP protocol ........................................................................ 204
Name resolution methods ............................................................. 205
Configuring the authentication server ........................................... 206
Login scripts ........................................................................... 206
Enter net use syntax in the login script ............................. 206
View login script on the server console .................................. 207
Block page authentication login scripts ............................. 207
LDAP server setup rules ............................................................... 208
Tier 2: Time-based, Web Authentication ...............................209
Tier 2 implementation in an environment ...................................... 210
Tier 2 Script . ........................................................................... 211
Tier 1 and Tier 2 Script . .......................................................... 212
Tier 3: Session-based, Web Authentication .........................214
8e6 Authenticator ....................................................................215
x 8E6 TECHNOLOGIES, R3000 INTERNET FILTER AUTHENTICATION USER GUIDE
Environment requirements ............................................................ 215
Minimum system requirements ............................................... 215
Recommended system requirements ..................................... 216
Workstation requirements ............................................................. 216
Work flow in a Windows environment ........................................... 217
8e6 Authenticator configuration priority . ................................. 218
8e6 Authenticator configuration syntax . ................................. 219
Sample command line parameters ................................... 219
Sample configuration file ............................................ 219
Sample R3000 configuration update packet ‘PCFG’ ..219
Table of parameters ............................................................... 220
Novell eDirectory Agent .........................................................223
Environment requirements ............................................................ 223
Novell eDirectory servers ........................................................ 223
Client workstations . ................................................................ 224
Novell clients .......................................................................... 224
Novell eDirectory setup ................................................................. 224
R3000 setup and event logs ......................................................... 225
Active Directory Agent ...........................................................226
Product feature overview .............................................................. 226
Windows server requirements . ............................................... 227
Work flow in a Windows environment ..................................... 227
Set up AD Agent ........................................................................... 228
Step 1: AD Agent settings on the R3000 ................................ 228
Step 2: Configure the domain, service account ...................... 230
Step 3: AD Agent installation on Windows server .................. 231
Step 3A: Download DCAgent.msi ..................................... 231
Step 3B: Run AD Agent installation setup......................... 231
Step 3C: Run AD Agent configuration wizard ...................234
Use the Active Directory Agent console ........................................ 239
Activity tab .............................................................................. 239
Sessions tab . .......................................................................... 242
Session table spreadsheet................................................ 244
Session Properties window .............................................. 245
Workstation Interactive Probe window .............................. 246
Active Directory Agent Configuration window ......................... 248
Service page .................................................................... 250
Appliance page ................................................................. 251
Agent hosts page ............................................................. 252
CONTENTS
8E6 TECHNOLOGIES, R3000 INTERNET FILTER AUTHENTICATION USER GUIDE xi
CONTENTS
Add a satellite ............................................................. 253
Remove a satellite ...................................................... 253
Configure a satellite .................................................... 254
Check the status of a satellite..................................... 256
Options page .................................................................... 258
Notifications page ............................................................. 260
A
PPENDIX
SMB Signing Compatibility ....................................................262
Disable SMB Signing in Windows 2003 ................................263
A
PPENDIX
Export an Active Directory SSL Certificate ..........................268
Export a Novell SSL Certficate ..............................................276
B: D
C: O
Verify certificate authority has been installed ................................ 268
Locate Certificates folder .............................................................. 269
Export the master certificate for the domain ................................. 272
ISABLE
BTAIN
SMB S
, E
XPORT AN
IGNING REQUIREMENTS
SSL C
ERTIFICATE
.... 268
... 262
Obtain a Sun ONE SSL Certificate .........................................278
A
PPENDIX
OpenLDAP Server Scenario ...................................................279
A
PPENDIX
Username Formats ..................................................................281
Rule Criteria .............................................................................281
File Format: Rules and Examples ..........................................284
xii 8E6 TECHNOLOGIES, R3000 INTERNET FILTER AUTHENTICATION USER GUIDE
D: LDAP S
Not all users returned in User/Group Browser ..............................279
E: U
NT User List Format and Rules ..................................................... 285
NT Group List Format and Rules .................................................. 286
NT Quota Format and Rules ......................................................... 287
LDAP User List Format and Rules ................................................ 288
SER/GROUP FILE FORMAT AND RULES
ERVER CUSTOMIZATIONS
............. 279
... 280
LDAP Group List Format and Rules .............................................. 289
LDAP Quota Format and Rules .................................................... 290
A
PPENDIX
Yahoo! Toolbar Pop-up Blocker ............................................292
Google Toolbar Pop-up Blocker ............................................ 294
AdwareSafe Pop-up Blocker .................................................. 295
Mozilla Firefox Pop-up Blocker ..............................................296
Windows XP SP2 Pop-up Blocker .........................................297
F: O
If pop-up blocking is enabled ........................................................ 292
Add override account to the white list ........................................... 292
If pop-up blocking is enabled ........................................................ 294
Add override account to the white list ........................................... 294
If pop-up blocking is enabled ........................................................ 295
Temporarily disable pop-up blocking ............................................ 295
Add override account to the white list ........................................... 296
Set up pop-up blocking ................................................................. 297
Use the Internet Options dialog box ....................................... 297
Use the IE toolbar . .................................................................. 298
Temporarily disable pop-up blocking ............................................ 298
Add override account to the white list ........................................... 299
Use the IE toolbar ................................................................... 299
Use the Information Bar .......................................................... 300
VERRIDE POP-UP BLOCKERS
Set up the Information Bar ................................................ 300
Access your override account ........................................... 300
.................. 291
CONTENTS
A
PPENDIX
Definitions ................................................................................302
I
NDEX
8E6 TECHNOLOGIES, R3000 INTERNET FILTER AUTHENTICATION USER GUIDE xiii
G: G
LOSSARY
.............................................. 302
........................................................................... 309
CONTENTS
xiv 8E6 TECHNOLOGIES, R3000 INTERNET FILTER AUTHENTICATION USER GUIDE
CHAPTER 1: INTRODUCTION ABOUT THIS USER GUIDE
CHAPTER 1: INTRODUCTION
The R3000 Authentication User Guide contains information
about setting up authentication on the network.
About this User Guide
This user guide addresses the network administrator desig-
nated to configure and manage the R3000 server on the
network.
Chapter 1 provides information on how to use this user
guide, and also includes an overview of filtering compo-
nents and authentication solutions.
Chapters 2, 3, and 4 describe the R3000 Administrator
console entries that must be made in order to prepare the
network for using authentication for NT and/or LDAP
domains.
NOTE: Refer to the R3000 Quick Start Guide for information on
installing the unit on the network. This document also provides
information on how to access the R3000 console to perform the
initial installation setup defined in Chapter 2: Network Setup.
After all settings have been made, authentication is ready to
be used on the network. Chapter 5 explains how to assign
groups and members for management by Sub Admin group
administrators, and how group administrators create and
maintain filtering profiles for entities in their assignment.
Chapter 6 outlines the step you need to take to test and to
activate your settings before deploying authentication on
the network.
Chapter 7 provides support information. Appendices at the
end of this user guide feature instructions on authentication
operations; steps to modify the SMB protocol to disable
SMB Signing requirements; information on how to obtain or
export an SSL certificate and upload it to the R3000; notes
8E6 TECHNOLOGIES, R3000 INTERNET FILTER AUTHENTICATION USER GUIDE 1
CHAPTER 1: INTRODUCTION HOW TO USE THIS USER GUIDE
on customizations to make on specified LDAP servers;
filtering profile file components and setup; tips on how to
override pop-up windows with pop-up blocker software
installed; a glossary on authentication terms, and an index.
How to Use this User Guide
Conventions
The following icons are used throughout this user guide:
NOTE: The “note” icon is followed by italicized text providing
additional information about the current subject.
TIP: The “tip” icon is followed by italicized text giving you hints on
how to execute a task more efficiently.
WARNING: The “warning” icon is followed by italicized text
cautioning you about making entries in the application, executing
certain processes or procedures, or the outcome of specified
actions.
2 8E6 TECHNOLOGIES, R3000 INTERNET FILTER AUTHENTICATION USER GUIDE
Terminology
The following terms are used throughout this user guide.
Sample images (not to scale) are included for each item.
• alert box - a message box
that opens in response to
an entry you made in a
dialog box, window, or
screen. This box often
contains a button (usually
labeled “OK”) for you to click in order to confirm or
execute a command.
• button - an object in a dialog box,
window, or screen that can be clicked
with your mouse to execute a command.
• checkbox - a small square in a dialog
box, window, or screen used for indicating whether or not you wish to select an option. This
object allows you to toggle between two choices. By
clicking in this box, a check mark or an “X” is placed, indicating that you selected the option. When this box is not
checked, the option is not selected.
CHAPTER 1: INTRODUCTION HOW TO USE THIS USER GUIDE
• dialog box - a box that
opens in response to a
command made in a
window or screen, and
requires your input. You
must choose an option by
clicking a button (such as “Yes” or “No”, or “Next” or
“Cancel”) to execute your command. As dictated by this
box, you also might need to make one or more entries or
selections prior to clicking a button.
• field - an area in a dialog box,
window, or screen that either
accommodates your data
8E6 TECHNOLOGIES, R3000 INTERNET FILTER AUTHENTICATION USER GUIDE 3
CHAPTER 1: INTRODUCTION HOW TO USE THIS USER GUIDE
entry, or displays pertinent information. A text box is a
type of field.
• frame - a boxed-in area in a dialog
box, window, or screen that
includes a group of objects such as
fields, text boxes, list boxes,
buttons, radio buttons, checkboxes, and/or tables. Objects within a frame belong to a
specific function or group. A frame often is labeled to indicate its function or purpose.
• grid - an area in
a frame that
displays rows
and columns of
data, as a result of various processes. This data can be
reorganized in the R3000 console, by changing the order
of the columns.
• list box - an area in a dialog box,
window, or screen that accommodates and/or displays entries of
items that can be added or removed.
• navigation panel - the panel that
displays at the left of a screen. This
panel can contain links that can be
clicked to open windows or dialog boxes
at the right of the screen. One or more
tree lists also can display in this panel.
When an item in the tree list is doubleclicked, the tree list opens to reveal
items that can be selected.
4 8E6 TECHNOLOGIES, R3000 INTERNET FILTER AUTHENTICATION USER GUIDE
CHAPTER 1: INTRODUCTION HOW TO USE THIS USER GUIDE
• pop-up box or pop-up
window - a box or window
that opens after you click a
button in a dialog box,
window, or screen. This box
or window may display information, or may require you to make one or more entries.
Unlike a dialog box, you do not need to choose between
options.
• pull-down menu - a field in a
dialog box, window, or screen
that contains a down-arrow to the right. When you click
the arrow, a menu of items displays from which you make
a selection.
• radio button - a small, circular object
in a dialog box, window, or screen
used for selecting an option. This object allows you to
toggle between two choices. By clicking a radio button, a
dot is placed in the circle, indicating that you selected the
option. When the circle is empty, the option is not
selected.
• screen - a main
object of an application that displays
across your
monitor. A screen
can contain panels,
windows, frames,
fields, tables, text
boxes, list boxes,
icons, buttons, and
radio buttons.
8E6 TECHNOLOGIES, R3000 INTERNET FILTER AUTHENTICATION USER GUIDE 5
CHAPTER 1: INTRODUCTION HOW TO USE THIS USER GUIDE
• sub-topic - a subset
of a main topic that
displays as a menu
item for the topic. The
menu of subtopics
opens when a pertinent topic link in the left panel—the navigation panel—of
a screen is clicked. If a sub-topic is selected, the window
for that sub-topic displays in the right panel of the screen,
or a pop-up window or an alert box opens, as appropriate.
• text box - an area in a dialog box, window, or screen that
accommodates your data entry. A text box is a type of
field. (See “field”.)
• topic - a topic
displays as a
link in the left
panel—the
navigation
panel—of a
screen. By
clicking the link
for a topic, the
window for that
topic displays in
the right panel
of the screen, or a menu of sub-topics opens.
6 8E6 TECHNOLOGIES, R3000 INTERNET FILTER AUTHENTICATION USER GUIDE
CHAPTER 1: INTRODUCTION HOW TO USE THIS USER GUIDE
• tree - a tree displays in the navigation panel of a screen, and is
comprised of a hierarchical list of
items. An entity associated with a
branch of the tree is preceded by a
plus (+) sign when the branch is
collapsed. By double-clicking the
item, a minus (-) sign replaces the
plus sign, and any entity within that
branch of the tree displays. An item
in the tree is selected by clicking it.
• window - a window
displays on a screen,
and can contain
frames, fields, text
boxes, list boxes,
buttons, checkboxes,
and radio buttons. A
window for a topic or
sub-topic displays in
the right panel of the
screen. Other types
of windows include pop-up windows, login windows, or
ones from the system such as the Save As or Choose file
windows.
8E6 TECHNOLOGIES, R3000 INTERNET FILTER AUTHENTICATION USER GUIDE 7
CHAPTER 1: INTRODUCTION FILTERING ELEMENTS
Filtering Elements
Filtering operations include the following elements: groups,
filtering profiles and their components, and rules for filtering.
Group Types
In the Group section of the Administrator console, group
types are structured in a tree format in the navigation panel.
There are four group types in the tree list:
• Global Group
• IP groups
• NT domain groups
• LDAP domain groups
NOTES: If authentication is enabled, the global administrator—
who has all rights and permissions on the R3000 server—will see
all branches of the tree: Global Group, IP, NT, and LDAP. If
authentication is disabled, only the Global Group and IP
branches will be seen.
A group administrator will only see entities assigned to him/her by
the global administrator.
Global Group
The first group that must be set up is the global group,
represented in the tree structure by the global icon .
The filtering profile created for the global group represents
the default profile to be used by all groups that do not have
a filtering profile, and all users who do not belong to a group.
8 8E6 TECHNOLOGIES, R3000 INTERNET FILTER AUTHENTICATION USER GUIDE
CHAPTER 1: INTRODUCTION FILTERING ELEMENTS
IP Groups
The IP group type is represented in the tree by the IP icon
. A master IP group is comprised of sub-group members
and/or individual IP members .
The global administrator adds master IP groups, adds and
maintains override accounts at the global level, and establishes and maintains the minimum filtering level.
The group administrator of a master IP group adds subgroup and individual IP members, override account and
time profiles, and maintains filtering profiles of all members
in the master IP group.
Fig. 1-1 IP diagram with a sample master IP group and its members
8E6 TECHNOLOGIES, R3000 INTERNET FILTER AUTHENTICATION USER GUIDE 9
CHAPTER 1: INTRODUCTION FILTERING ELEMENTS
NT Domain Groups
An NT domain on a network server is comprised of
Windows NT groups and their associated members (users),
derived from profiles on the network’s domain controller.
The NT group type is represented in the tree by the NT icon
. This branch will only display if authentication is
enabled. Using the tree menu, the global administrator adds
and maintains NT domains , and assigns designated
group administrators (Sub Admins) access to entities
(nodes) within that domain.
The group administrator creates and maintains filtering
profiles for groups and/or users assigned to him/
her.
If users belong to more than one group, the global administrator sets the priority for group filtering.
Fig. 1-2 NT domain diagram, with sample groups and members
10 8E6 TECHNOLOGIES, R3000 INTERNET FILTER AUTHENTICATION USER GUIDE
CHAPTER 1: INTRODUCTION FILTERING ELEMENTS
LDAP Domain Groups
An LDAP (Lightweight Directory Access Protocol) domain
on a network server is comprised of LDAP groups and their
associated members (users), derived from profiles on the
network’s authentication server.
The LDAP group type is represented in the tree by the
LDAP icon . This branch will only display if authentication is enabled. Using the tree menu, the global adminis-
trator adds and maintains LDAP domains , and assigns
designated group administrators (Sub Admins) access to
specific entities (nodes) within that domain. The group
administrator creates and maintains filtering profiles for entities assigned to him/her. For Active Directory or “Other”
server types, these entities include primary or static
groups , users , or containers . For Novell eDirectory, SunOne, Sun IPlanet, or Netscape Directory server
types, these entities also include dynamic groups . If
users belong to more than one group, the global administrator sets the priority for group filtering.
Fig. 1-3 LDAP domain diagram, with sample groups and members
8E6 TECHNOLOGIES, R3000 INTERNET FILTER AUTHENTICATION USER GUIDE 11
CHAPTER 1: INTRODUCTION FILTERING ELEMENTS
Filtering Profile Types
A filtering profile is used by all users who are set up to be
filtered on the network. This profile consists of rules that
dictate whether a user has access to a specified Web site or
service on the Internet.
The following types of filtering profiles can be created,
based on the set up in the tree menu of the Group section of
the console:
Global Group
• global filtering profile - the default filtering profile positioned at the base of the hierarchical tree structure, used
by end users who do not belong to a group.
IP group (Master Group)
• master group filtering profile - used by end users who
belong to the master group.
• master time profile - used by master group users at a
specified time.
IP group member
• sub-group filtering profile - used by a sub-group
member.
• individual filtering profile - used by an individual IP
group member.
• time profile - used by a sub-group/individual IP group
member at a specified time.
Authentication filtering profiles
• NT/LDAP group filtering profile - used by an NT or
LDAP group.
• NT/LDAP member filtering profile - used by an NT or
LDAP group member.
12 8E6 TECHNOLOGIES, R3000 INTERNET FILTER AUTHENTICATION USER GUIDE
CHAPTER 1: INTRODUCTION FILTERING ELEMENTS
• LDAP container filtering profile - used by an LDAP
container in an LDAP domain.
• NT/LDAP time profile - used by an NT or LDAP domain/
group/member at a specified time.
Other filtering profiles
• override account profile - set up in either the global
group section or the master group section of the console.
NOTE: An override account set up in the master IP group section
of the R3000 console takes precedence over an override account
set up in the global group section of the console.
• lock profile - set up under X Strikes Blocking in the Filter
Options section of the profile.
• Radius profile - used by end users on a Radius
accounting server if the Radius server is connected to
the R3000 and the Radius authentication feature
enabled.
• TAR profile - used if a Threat Analysis Reporter (TAR)
server is connected to the R3000 and an end user is
locked out by TAR when attempting to access blocked
content in a library category.
8E6 TECHNOLOGIES, R3000 INTERNET FILTER AUTHENTICATION USER GUIDE 13
CHAPTER 1: INTRODUCTION FILTERING ELEMENTS
Static Filtering Profiles
Static filtering profiles are based on fixed IP addresses and
include profiles for master IP groups and their members.
Master IP Group Filtering Profile
The master IP group filtering profile is created by the global
administrator and is maintained by the group administrator.
This filtering profile is used by members of the group—
including sub-group and individual IP group members—and
is customized to allow/deny users access to URLs, or warn
users about accessing specified URLs, to redirect users to
another URL instead of having a block page display, and to
specify usage of appropriate filter options.
IP Sub-Group Filtering Profile
An IP sub-group filtering profile is created by the group
administrator. This filtering profile applies to end users in an
IP sub-group and is customized for sub-group members.
Individual IP Member Filtering Profile
An individual IP member filtering profile is created by the
group administrator.This filtering profile applies to a specified end user in a master IP group.
14 8E6 TECHNOLOGIES, R3000 INTERNET FILTER AUTHENTICATION USER GUIDE
CHAPTER 1: INTRODUCTION FILTERING ELEMENTS
Active Filtering Profiles
Active filtering profiles include the global group profile, NT/
LDAP authentication profile, override account profile, time
profile, and lock profile.
Global Filtering Profile
The global filtering profile is created by the global administrator. This profile is used as the default filtering profile. The
global filtering profile consists of a customized profile that
contains a list of library categories to block, open, add to a
white list, or assign a warn setting, and service ports that are
configured to be blocked. A URL can be specified for use
instead of the standard block page when users attempt to
access material set up to be blocked. Various filter options
can be enabled.
NT/LDAP Group Filtering Profile
An NT or LDAP group filtering profile is created by the group
administrator assigned to the NT or LDAP group. This
profile can be customized to allow/deny group users access
to URLs, or warn users about accessing specified URLs, to
redirect users to another URL instead of having the standard block page display, and to specify usage of appropriate
filter options.
If users belong to more than one group, all groups to which
they belong must be ranked to determine the priority each
filtering profile takes over another.
NT/LDAP Member Filtering Profile
An NT or LDAP member filtering profile is created by the
group administrator assigned to that member. This profile
can be customized to allow/deny a user access to URLs, or
warn a user about accessing specified URLs, to redirect the
user to another URL instead of the standard block page, and
to specify usage of appropriate filter options.
8E6 TECHNOLOGIES, R3000 INTERNET FILTER AUTHENTICATION USER GUIDE 15
CHAPTER 1: INTRODUCTION FILTERING ELEMENTS
LDAP Container Filtering Profile
An LDAP container filtering profile is created by the group
administrator assigned to that container. This profile can be
customized to allow/deny users access to URLs, or warn
users about accessing specified URLs, to redirect users to
another URL instead of the standard block page, and to
specify usage of appropriate filter options.
Override Account Profile
If any user needs access to a specified URL that is set up to
be blocked, the global administrator or group administrator
can create an override account for that user. This account
grants the user access to areas set up to be blocked on the
Internet.
Time Profile
A time profile is a customized filtering profile set up to be
effective at a specified time period for designated users.
Lock Profile
This filtering profile blocks the end user from Internet access
for a set period of time, if the end user’s profile has the X
Strikes Blocking filter option enabled and he/she has
received the maximum number of strikes for inappropriate
Internet usage.
NOTE: Refer to the R3000 User Guide for additional information
on the Override Account Profile, Time Profile, and Lock Profile.
16 8E6 TECHNOLOGIES, R3000 INTERNET FILTER AUTHENTICATION USER GUIDE
Loading...