Black Box FE408005AA, FE408100XA, FE408020XA, FE408200XA, FE408020AA User Manual

...

March 2009

FE408005AA FE408045XA FE408020AA FE408100XA FE408020XA FE408200XA

Optinet™ User’s Guide

Optinet—the bandwidth shaping, content filtering appliance.

Customer

Support

Information

Order toll-free in the U.S.: Call 877-877-BBOX (outside U.S. call 724-746-5500) FREE technical support 24 hours a day, 7 days a week: Call 724-746-5500 or fax 724-746-0746 Mailing address: Black Box Corporation, 1000 Park Drive, Lawrence, PA 15055-1018

Web site: w ww.blackbox.com • E-mail : info@blackbox.com

Optinet User’s Guide

We‘re here to help! If you have any questions about your application

or our products, contact Black Box Tech Support at 724-746-5500

You’ll be live with one of our technical experts in less than 20 seconds.

or go to blackbox.com and click on “Talk to Black Box.”

TRADEMARKS USED IN THIS MANUAL

Black Box and the Double Diamond logo are registered trademarks, and Optinet is a trademark, of BB Technologies, Inc.

Any other trademarks mentioned in this manual are acknowledged to be the property of the trademark owners.

724-746-5500 | blackbox.com

Table of Contents

Table of Contents ........................................................................................................................ ii

Chapter 1: Introducing Optinet .................................................................................................. 1

Chapter 2: Installing Optinet ...................................................................................................... 3

Gathering Initial Information ......................................................................................................................................... 4

Connecting to Optinet .................................................................................................................................................... 5

Running the Setup Wizard ............................................................................................................................................. 7

Cutting-Over .................................................................................................................................................................. 8

Accessing Optinet .......................................................................................................................................................... 9

Manual Configuration ............................................................................................................................................. 10

Management/Auxiliary Interface ............................................................................................................................ 10

Text Menu Interface ................................................................................................................................................ 11

Proxy Mode ............................................................................................................................................................ 14

Configuring Port Settings ............................................................................................................................................ 16

Configuring Cabling .................................................................................................................................................... 17

Testing Fail to Wire or No Failover............................................................................................................................. 17

Fail to Wire ............................................................................................................................................................. 17

Bypass Mode .......................................................................................................................................................... 18

No Failover ............................................................................................................................................................. 18

Chapter 3: Navigating Optinet ................................................................................................. 20

General Navigation ...................................................................................................................................................... 20

Tasks Pane ................................................................................................................................................................... 22

Help Pane..................................................................................................................................................................... 23

Chapter 4: Generating Reports ................................................................................................ 25

Home Page ................................................................................................................................................................... 25

The Message Center ................................................................................................................................................ 25

System Notifications ............................................................................................................................................... 26

Getting Started ........................................................................................................................................................ 26

Hardware Settings ................................................................................................................................................... 26

System .................................................................................................................................................................... 26

General Reporting Options .......................................................................................................................................... 26

Selected Date .......................................................................................................................................................... 27

Search ..................................................................................................................................................................... 27

Correlated by .......................................................................................................................................................... 27

Result Type ............................................................................................................................................................. 27

Group ...................................................................................................................................................................... 27

Network Node ......................................................................................................................................................... 28

Directory User ........................................................................................................................................................ 28

Encryption Type ..................................................................................................................................................... 28

Application Set ....................................................................................................................................................... 28

Right-Click Options ................................................................................................................................................ 28

Drop-Down Arrows ................................................................................................................................................ 29

Bar-Pie Graph Drop-Down ..................................................................................................................................... 29

Snapshot-Real Time Drop-Down ........................................................................................................................... 29

Report Recommendations ....................................................................................................................................... 29

Users tab ...................................................................................................................................................................... 30

Dashboard Reports .................................................................................................................................................. 31

Applications tab ........................................................................................................................................................... 31

Threats tab ................................................................................................................................................................... 33

Internet Usage tab ........................................................................................................................................................ 34

System Reports tab ...................................................................................................................................................... 35

Dashboards tab ............................................................................................................................................................ 35



Chapter 5: Managing Optinet ................................................................................................... 38

General Manage Options ............................................................................................................................................. 38

Policies & Rules tab .................................................................................................................................................... 39

Groups .................................................................................................................................................................... 39

Time-of-Day Rules ................................................................................................................................................. 42

Traffic Flow Rule Sets ............................................................................................................................................ 43

Content Filtering ..................................................................................................................................................... 44

Advanced Filtering ................................................................................................................................................. 46

Internet Usage Rules ............................................................................................................................................... 48

Shaping Rules ......................................................................................................................................................... 51

Policy Manager ....................................................................................................................................................... 54

Directory Users & Nodes ............................................................................................................................................ 54

Network Nodes ....................................................................................................................................................... 55

Directory Users ....................................................................................................................................................... 58

Directory Agent ...................................................................................................................................................... 58

Broadcasts tab .............................................................................................................................................................. 59

System Access tab ....................................................................................................................................................... 60

Applications tab ........................................................................................................................................................... 60

Traffic Flow Rule Sets ............................................................................................................................................ 60

Application Sets ...................................................................................................................................................... 61

Applications ............................................................................................................................................................ 63

Chapter 6: Administrating Optinet .......................................................................................... 67

Setup Wizard ............................................................................................................................................................... 67

Configuration tab ......................................................................................................................................................... 68

Setup ....................................................................................................................................................................... 68

Advanced Setup ...................................................................................................................................................... 68

Ethernet Settings ..................................................................................................................................................... 70

Company Settings ................................................................................................................................................... 70

iii

Registration Settings ............................................................................................................................................... 70

Miscellaneous (Misc.) Settings ............................................................................................................................... 70

Update Settings ....................................................................................................................................................... 72

Custom Category Rules .......................................................................................................................................... 72

Custom Category Options ....................................................................................................................................... 73

Remote Subnets ...................................................................................................................................................... 74

User Preferences ..................................................................................................................................................... 75

Static Routes ........................................................................................................................................................... 76

SSL Certificate Settings .......................................................................................................................................... 78

License Settings ...................................................................................................................................................... 78

Special Domains ..................................................................................................................................................... 78

LDAP Settings ........................................................................................................................................................ 79

Backup .................................................................................................................................................................... 79

Proxy Settings ......................................................................................................................................................... 80

Diagnostic Tools tab .................................................................................................................................................... 80

Device Status ................................................................................................................. ......................................... 81

Directory Agent Diagnostics ................................................................................................................................... 81

Directory Agent Users ............................................................................................................................................ 81

Display ARP Table ................................................................................................................................................. 81

Ethernet Status ........................................................................................................................................................ 81

Group IP List .......................................................................................................................................................... 81

IP Address Map ...................................................................................................................................................... 81

No LDAP Network Nodes ...................................................................................................................................... 82

PING ....................................................................................................................................................................... 82

Test DNS Settings ................................................................................................................................................... 82

Traceroute ............................................................................................................................................................... 82

IP Traffic Monitor ................................................................................................................................................... 82

Downloads tab ............................................................................................................................................................. 83

Logs tab ....................................................................................................................................................................... 83

Activity Log ............................................................................................................................................................ 83

Kernel Log .............................................................................................................................................................. 84

Redirection Pages ........................................................................................................................................................ 84

Blocked URL .......................................................................................................................................................... 84

Directory Agent Login Page ................................................................................................................................... 85

Utilities ........................................................................................................................................................................ 85

System Resets ......................................................................................................................................................... 86

Support Link ........................................................................................................................................................... 88

Spyware Removal Tool .......................................................................................................................................... 89



Chapter 7: Integrating Directory Users with Optinet ............................................................. 90

Directory Overview ..................................................................................................................................................... 90

Directory Options ........................................................................................................................................................ 92

Directory Option 1: Directory Agent with Directory Client (cymdir.exe) .............................................................. 92

Directory Option 2: Directory Agent with IP Lookup ............................................................................................ 93

Directory Option 3: Directory Agent with NTLM .................................................................................................. 93

Directory Option 4: Directory Agent with Login Page ........................................................................................... 94

Directory Configurations ............................................................................................................................................. 95

Install Directory Agents .......................................................................................................................................... 95

Create Directory Agents ......................................................................................................................................... 97

Create Optinet Groups ............................................................................................................................................ 97

Create Directory Agent Group ................................................................................................................................ 98

Deploy Directory Client Client ............................................................................................................................. 101

Create Directory Internet Usage Rules ................................................................................................................. 109

Directory Troubleshooting......................................................................................................................................... 111

Using Diagnostic Tools ........................................................................................................................................ 111

Troubleshooting GPO Issues ................................................................................................................................ 113

Troubleshooting Directory Client ......................................................................................................................... 114

Chapter 8: Implementing HTTPS/SSL Filtering with Optinet .............................................. 117

Certificate Authorities ............................................................................................................................................... 118

SSL Anonymous Proxies ........................................................................................................................................... 118

SSL CGI Proxy ..................................................................................................................................................... 119

SSL Full Proxy ..................................................................................................................................................... 119

SOCKS4/5 Proxy .................................................................................................................................................. 119

TorPark Network .................................................................................................................................................. 119

HTTPS/SSL Filtering ................................................................................................................................................ 119

Disable SSL Inspection and Filtering ................................................................................................................... 119

Enable SSL Certificate-Based Content Filtering .................................................................................................. 119

Enable Denied Access Page for SSL Certificate-Based Content Filteri ng ........................................................... 120

Enable Full SSL Content Filtering ........................................................................................................................ 120

Only Allow Trusted Certificate Authorities and Non-Expired Certificates .......................................................... 120

HTTPS/SSL Filter Exemption List ....................................................................................................................... 120

Content Filtering Rules ......................................................................................................................................... 120

HTTPS/SSL Blocking ............................................................................................................................................... 121

HTTPS/SSL Filtering Requirements ......................................................................................................................... 121

Enabling SSL Certificate-Based Filtering ................................................................................................................. 122

Web Filter + Deny IM + Anonymous Proxy Guard + SSL Filter ......................................................................... 122

Web Filter + Anonymous Proxy Guard + SSL Filter ........................................................................................... 123

Web Filter + SSL Filter ........................................................................................................................................ 123

The Optinet Digital Certificate .................................................................................................................................. 123

Installing The Optinet Digital Certificate .................................................................................................................. 124

Deploying The Optinet Certificate via Web Browsers ......................................................................................... 124

Deploying The Optinet Certificate via Active Directory ...................................................................................... 127

Enabling Full SSL Content Filtering ......................................................................................................................... 130

Confirming The Optinet Digital Certificate ............................................................................................................... 131

Viewing Sensitive Content on HTTPS/SSL Web Sites ............................................................................................. 131



Customer Support and Feedback ......................................................................................... 133

Getting Help .............................................................................................................................................................. 133

Appendix A: Web Filtering Categories ................................................................................. 134

Appendix B: MIME Types ....................................................................................................... 141

Appendix C: File Types .......................................................................................................... 144

Appendix D: CIDR Cheat Sheet ............................................................................................. 146

Appendix E: End User License Agreement (EULA) & Warranty ......................................... 148

Optinet User’s Guide

Federal Communications Commission and Industry Canada Radio Frequency Interference Statements

This equipment generates, uses, and can radiate radio-frequency energy, and if not installed and used properly, that is, in strict accordance with the manufacturer’s instructions, may cause inter ference to radio communication. It has been tested and found to comply with the limits for a Class A computing device in accordance with the specications in Subpart B of Part 15 of FCC rules, which are designed to provide reasonable protection against such interference when the equipment is operated in a commercial environment. Operation of this equipment in a residential area is likely to cause interference, in which case the user at his own expense will be required to take whatever measures may be necessary to correct the interference.

Changes or modications not expressly approved by the party responsible for compliance could void the user’s authority to oper ate the equipment.

This digital apparatus does not exceed the Class A limits for radio noise emis sion from digital apparatus set out in the Radio Interference Regulation of Industry Canada.

Le présent appareil numérique n’émet pas de bruits radioélectriques dépassant les limite la classe A prescrites dans le Règlement sur le brouillage radioélectrique publié par Industrie Canada.

s applicables aux appareils numériques de

724-746-5500 | blackbox.com

NOM Statement

Instrucciones de Seguridad (Normas Ociales Mexicanas Electrical Safety Statement)

1. Todas las instrucciones de seguridad y operación deberán ser leídas antes de que el aparato eléctrico sea operado.

2. Las instrucciones de seguridad y operación deberán ser guardadas para referencia futura.

3. Todas las advertencias en el aparato eléctrico y en sus instrucciones de operación deben ser respetadas.

4. Todas las i

5. El aparato eléctrico no deberá ser usado cerca del agua—por ejemplo, cerca de la tina de baño, lavabo, sótano mojado o cerca de una alberca, etc..

6. El aparato eléctrico debe ser usado únicamente con carritos o pedestales que sean recomendados por el fabricante.

7. El aparato eléctrico debe ser montado a la pared o al techo sólo como sea recomendado por el f

8. Servicio—El usuario no debe intentar dar servicio al equipo eléctrico más allá a lo descrito en las instrucciones de operación. Todo otro servicio deberá ser referido a personal de servicio calicado.

9. El aparato eléctrico debe ser situado de tal manera que su posición no interera su uso. La colocación del aparato eléctrico sobre una cama, sofá, alfombra o supercie similar puede bloquea la ventilac que impidan el ujo de aire por los oricios de ventilación.

10. El equipo eléctrico deber ser situado fuera del alcance de fuentes de calor como radiadores, registros de calor, estufas u otros

aparatos (incluyendo amplicadores) que producen calor.

11. El aparato eléctrico deberá ser connectado a una fuente de poder sólo del tipo descrito en el instructivo de operación, o como

se indique en el aparato.

12. Precaución debe ser tomada de tal manera que la tierra sica y la polarización del equipo no sea eliminada.

13. Los cables de la fuente de poder deben ser guiados de tal manera que no sean pisados ni pellizcados por objetos colocados

sobre o contra ellos, poniendo particular atención a los contactos y receptáculos donde salen del aparato.

14. El equipo eléctrico debe ser li

nstrucciones de operación y uso deben ser seguidas.

abricante.

ión, no se debe colocar en libreros o gabinetes

mpiado únicamente de acuerdo a las recomendaciones del fabricante.

15. En caso de existir, una antena externa deberá ser localizada lejos de las lineas de energia.

16. El cable de corriente deberá ser desconectado del cuando el equipo no sea usado por un largo periodo de tiempo.

17. Cuidado debe ser tomado de tal manera que objectos liquidos no sean derramados sobre la cubierta u oricios de ventilación.

18. Servicio por personal calicado deberá ser provisto cuando:

A: El cable de poder o el contacto ha sido dañado; u B: Objectos han caído o líquido ha sido derramado dentro del aparato; o C: El aparato ha sido expuesto a la lluvia; o D: El aparato parece no operar normalmente o muestra un cambio en su desempeño; o E: El aparato ha sido tirado o su cubierta ha sido dañada.

724-746-5500 | blackbox.com

Chapter 1: Introducing Optinet

Welcome to Optinet. Optinet is a smart gateway appliance from Black Box Network Services that offers network administrators an in-depth view on network traffic and resources. With Optinet, you can monitor and manage traffic generated by specific applications within the network as well as traffic generated by specific users or computers. Not only can you manage traffic from users and devices, you can also control which web sites or categories can be visited. In addition to this, Optinet offers protection against spyware and virus web applications so that your network is running optimally.

Optinet helps manage network traffic by reporting which types of traffic are being used on the network. The device also provides tools to help control the traffic and identify potentially dangerous users or applications. By monitoring all Internet traffic, Optinet will report on how much bandwidth is being used for browsing the Web, downloading files via File Transfer Protocol (FTP) or Peer-to-Peer (P2P) applications. This information is valuable as you will begin to see how your network resources are being used. With this informat ion, you can then use Optinet to optimize traffic, identify high-priority traffic, and restrict unwanted types of traffic or web sites. In essence, Optinet will allow you to receive the most benefit from your network and users.

Optinet provides three essential facets for traffic reporting and control:

• Filter content—Opt in et will monitor and report on web sites visited. Optinet will allow you to block unauthorized web sites or web categories.

• Shape traffic—Optinet can prioritize applications or users within the network, allowing you to limit or restrict bandwidth and specific types of tr affic. For example, P2P file sharing can consume large amounts of bandwidth. Optinet can restrict this traffic allocating more bandwidth to higher priority traffic.

• Block spyware and web viruses—Optinet will also identify and block spyware or viral web sites and applications that can potentially harm your network and consume bandwidth.

Optinet can quickly increase bandwidth for high priority traffic, ensure employee productivity, provide appropriate web content, add an additional layer of security, and prevent users from compromising your network. This user guide will instruct you on how to use and deploy the various functions of Optinet.

Chapter 2: Installing Optinet

In this chapter, you learn how to perform an initial installation of Optinet. The following topics will be covered:

• Gathering Initial Information

• Connecting to Optinet

• Running the Setup Wizard

• Cutting-Over

• Accessing Optinet

• Using Alternative Configuration Methods

• Configuring Port Settings

• Configuring Cabling

• Testing Fail to Wire or No Failover

Optinet is a powerful network device that is relatively easy to set up in any network environment using the instructions in th is document and the Setup Wizard. Please read and understand all configuration and installation considerations before proceeding.

If you have questions or are unsure about the installation of Optinet, please contact your Black Box Technical Support at 724-746-5500, your Authorized Black Box Network Services Reseller, and/or the person responsible for the service of your network.

Gathering Initial Information

Under this section are listed the information and basic definitions of terms you will need to know before installing Optinet. Begin by reviewin g the information and filling out the following table for documentation. You will need the subsequent information:

License Key

Licenses that have been purchased with your system will ship as a license key on a card in the Documentation & Accessories box or be delivered via email at the time of purchase. Locate this card to enable the licenses on your system during the setup process.

License Key:

Model Number:

Serial Number:

Licensed Network Nodes:

Licensing—licensing with Optinet is based on network connections. One hundred connections on your network will constitute 100 Network Node license. Please make sure that the amount of licenses purchased is sufficient for the active connections present on your network.

Model Number and Serial Number—these numbers are associated with your Optinet for device identification and are used in conjunction with the License Key for verification of the amount of licenses purchased.

IP Configuration

If you are unsure of the following fields, the Setup Wizard will detect available addresses and settings within your network via DHCP. You may copy over these settings during the Setup Wizard.

Optinet (Bridge) IP address:

Subnet Mask:

Default Gateway (WAN Side) IP address:

DNS Server IP address:

Management/Auxiliary Port IP address:

The Management/Auxiliary Port IP address cannot be in any active subnet in your network.

Management/Auxiliary Port Subnet Mask:

Total Download Bandwidth (in Kbps):

Total Upload Bandwidth (in Kbps):

Time Zone:

Amounts used in the Total Download Bandwidth and Total Upload Bandwidth will restrict total throughput through Optinet. Please make sure the amounts you enter in

these fields are correct.

If you would like to receive email alerts when users attempt to access viral web sites, you must fill out the Email Settings. If you are not interested in th is option, you may leave the following fields blank.

Email Settings

In order for Optinet to send email alerts, the email server listed below must be configured to relay messages from Optinet.

System Alerts & Broadcasts email address (System Administrator):

Email Server Hostname or IP address (optional):

Remote Subnets

Optinet will identify and monitor all network traffic native to its local subnet. If you have a routed network (VLANs, different network addresses, etc.), please note the network addresses outside The Optinet local subnet with the appropriate CIDR notation. See Appendix E for CIDR Cheat Sheet.

Subnet Address (CIDR notation):

Once you have this information, you’re ready to make your init ial connections to Optinet.

Connecting to Optinet

The next step is to power on and establish a connection to Optinet from a local management workstation/laptop. You will also need to connect Optinet to your network.

Running the Setup Wizard requires an active Internet connection from the network where Optinet will be installed. If you do not have an active Internet

connection available, or you do not wish to use the Setup Wizard, please consult the section Using Alternative Configuration Methods.

1. Connect a cross-over cable (included in your Accessories Kit) from the Optinet LAN port to the network port on your workstation/laptop.

2. Connect a straight-through cable from the Optinet WAN port to an empty port on your local network switch.

Figure 2.1 Optinet Configuration Connectivity

3. Write down the existing IP settings of your local workstation/laptop so that you can easily change them back when configuration is complete.

4. Change your local workstation/laptop IP settings. You will need to change the IP settings on your local workstation/laptop to communicate with the default settings of Optinet:

• Default IP Address—192.168.1.80

• Default Subnet Mask—255.255.255.0

The suggested settings for the local workstation/laptop are the following:

• IP Address—192.168.1.81

• Subnet Mask—255.255.255.0

Running the Setup Wizard

1. To access the Setup Wizard, open Microsoft’s Internet Explorer (IE) 6 or 7 and enter http://192.168.1.80 in the address bar.

2. Login to the system using:

a. Default User Name: admin (all lowercase) b. Default Password: blackbox (all lowercase)

3. Please read and accept the EULA agreement.

4. The Welcome Screen is then displayed automatically on new systems, as well as on systems that have been reset to factory defaults. Read the following information displayed in the Welcome Screen and select Next>>.

Figure 2.2 The Setup Wizard Welcome Screen

5. Using the information you collected in the section Gathering Initial Information, complete the steps within the Setup Wizard. Select Next>> when the page fields are complete. Optinet will test the settings of each step and if successful, will allow you to proceed.

6. The final step in the Setup Wizard allows you to confirm and, if necessary, edit your configuration. This step will also check for updates and will au tomatically retrieve and install them. Major firmware upgrades will require a reboot of your system when complete.

Please note that advanced configuration options such as Directory Integration or Ethernet Settings require additional steps that are not covered in the Setup Wizard. For additional information, please review their corresponding chapters.

Cutting Over

Only perform these next steps when network traffic can be momentarily interrupted.

Now that you have finished the Setup Wizard, you are ready to place Optinet inline with Internet traffic. Optinet requires all Internet traffic to pass through its bridge interface, unless the device is configured in Proxy Mode. If you are planning to configure Optinet in Proxy Mode, you can skip the current section and proceed to the section Using Alternative Configuration Methods.

For typical installations you will need to follow the next steps and physically place Optinet inline with your network’s traffic. In general t his location is between the Firewall/WAN Router and the Core Network Switch.

1. Remove the cables connected to The Optinet WAN and LAN ports.

2. If you modified your local workstation/laptop IP settings, you will need to change your local workstation/laptop settings back to their original IP settings.

3. Locate the connection between the Core Network Switch and the Firewall/WAN Router. Unplug the cable from the Firewall/WAN Router and connect it to the LAN port on Optinet.

4. Using the cross-over cable, connect the WAN port of Optinet to the now open port on the Firewall/WAN Router that was previously used by the Core Network Switch.

5. Verify that the cross-over cable is plugged into The Optinet WAN port and the Firewall/WAN Router.

6. Verify that the straight-through cable is plugged into The Optinet LAN port and the Core Network Switch. Optinet should now be sitting inline with your Internet traffic.

7. Confirm the Light Emitting Diodes (LEDs) for both the WAN and LAN ports are posting solid green (link) lights and blinking amber (speed) light s.

8. Verify that local workstations can access the Internet by opening a web browser and navigating to several web sites.

Figure 2.3 Optinet Installation Connectivity

If you are able to browse to the Internet, you have completed the installation of Optinet. The device should now be sitting inline with your Internet traffic and monitoring web requests.

Accessing Optinet

After completing the configuration and installation processes, you can access Optinet by using the IP address you assigned to the device during the Setup Wizard.

1. Open Microsoft’s IE 6 or higher and navigate to http://IP address assigned.

2. Login using the default credentials (listed under the section Running Setup Wizard) or with the newly created administrative login.

3. When you login to Optinet the Home Page will display. This page provides a snapshot of system health, filtering effectiveness, current firmware versions, subscription settings, as well as links to administration of your new system.

We strongly recommend that you create a new administrative login, and change the

default login password to limit access to Optinet. Select the Manage -> System Access -> Logins link to make these changes.

Using Alternative Configuration Methods

The previous sections discuss the most common steps for installing Optinet. However, there are alternative methods that can be used for initial con figuration of the device as well as different modes that Optinet can accommodate. In this section, the topics of installing Optinet without the assistance of the Setup Wizard as well as Proxy Mode will be discussed.

Manual Configuration

Physical connectivity for manual conf iguration of Optinet can be accomplished using a crossover cable from a local machine (such as a laptop) to either the LAN, WAN, or Management/Auxiliary (AUX) ports on Optinet. See the instructions in Connecting to Optinet on modifying your local machine IP settings to connect to Optinet.

If you wish to configure Optinet without the assistance of the Setup Wizard, or if you are pre-configuring the system for installation, the Manual Configuration settings can be accessed through Admin -> Configuration settings screens. Simply cancel the Setup Wizard and access the settings listed in the table below.

The following table shows where the network conf iguration information collected in Gathering Initial Information can be manually entered into The Optinet configuration pages.

Quick Start Guide Table Name Admin -> Configuration -> Page Name

License Key License IP Settings Setup Total Upload/Download Bandwidth Misc. Settings Email Settings Company Settings Remote Subnets Remote Subnets

Management/Auxiliary Interface

Optinet can be accessed via the Management/Auxiliary port for th e initial configuration. However, the IP settings for the port will need to be different than those for the bridge interfaces (WAN and LAN ports) and cannot be an IP address found under the Remote Subnets listings.

1. Connect a cross-over cable (included in your Accessories Kit) from The Optinet Management/Auxiliary port to the network port on your workst ation/laptop.

2. Write down the existing IP settings of your local workstation/laptop so that you can easily change them back when configuration is complete.

3. Change you local workstation/laptop IP settings. You will need to change the IP settings on your local workstation/laptop to communicate with the default settings of Optinet:

• Default Management/Auxiliary IP address—10.1.1.1

• Default Subnet Mask—255.255.255.0

The suggested settings on the local workstation/laptop are t he following:

• IP address—10.1.1.2

• Subnet Mask—255.255.255.0

4. From the Management/Auxiliary port, you can access Optinet via the GUI or Text Menu (covered in the following section). If you choose to configure Optinet via the GUI, please follow the steps listed under the section Setup Wizard. If you choose to configure Optinet via the Text Menu, please follow the steps listed under the next section.

Text Menu Interface

The Optinet Text Menu allows installers, system administrators, and other trained technical personnel to access the device via a text interface, similar to a Command Line Interface (CLI). While some of the basic features and options available within the Optinet web interface are also available here, most advanced technical options are only available through the GUI menus. The one exception is IP Traffic Monitor (Option 2—Utilities, Option 3—IP Traffic Monitor), which is discussed under Chapter 6: Administrating Optinet, section Diagnostic Tools tab. Below are the supported options for accessing The Optinet Text Menu:

• Secure Shell (SSH)

• HyperTerminal (via serial connection)

The default login for all these menus is the following:

• Default User Name: menu (all lowercase)

• Default Password: blackbox (all lowercase)

Secure Shell Access Secure Shell (SSH) access allows administrators to access The Optinet Text Menu through a

secure connection. SSH applications such as PuTTY (a freeware application available from the installation CD) make it easy to use this secure method of accessing systems remotely.

1. Download PuTTY.exe from the CD.

2. Double click on the program.

3. Enter in the IP address of Optinet.

4. Leave all other settings at default.

5. Click the Open button.

Figure 2.4 PuTTY Configuration

6. Login with the default credentials.

7. Type 1 to access Configure IP addresses submenu.

Figure 2.5 Text Menu Interface

8. Enter in the information collected in the IP Settings table under Gathering Initial Information.

Serial Access The following section lists steps on how to connect to the Optinet Text Menu using

HyperTerminal. Although there are other terminal simulators that can work with the Optinet serial connection, the steps listed below are for a workstation/laptop with Windows XP and HyperTerminal.

Ensure that you have the null modem (2U systems) or USB (1U systems) cable (included with shipping materials) connected to a communication port of your local workstation/laptop and to the Optinet serial port (38.4 8N1).

1. Set up a connection using HyperTerminal (Start -> All Programs -> Accessories -> Communications -> HyperTerminal).

2. In the New Connection Description dialog, enter a name for the connection in the Name field and select an icon if you want.

3. Click the OK button.

4. In the Connect To dialog, select the COM port for the connection.

5. Click the OK button.

6. In the COM Port Properties window, select the settings that correspond to:

• Bits per second: 38,400

• Data bits: 8

• Parity: None

• Stop bits: 1

• Flow control: None

7. Click the OK button.

8. When the main HyperTerminal screen appears, press the Enter key to confirm a connection.

9. Login with the default credentials:

a. Default User Name: menu (all lowercase) b. Default Password: blackbox (all lowercase)

10. Type 1 to access the Configure IP addresses submenu.

11. Type the information collected in the IP Settings table under Gathering Initial Information.

Once Optinet has been configured using an alternative method described above, you can perform the steps listed under Cutting Over of this chapter.

We strongly recommend that you change the default password for the menu account to limit access to the Text Menu. Select Option 3—Change Menu Password under the main menu to make this change.

Proxy Mode

For full functionality of Optinet, we recommend placing the device inline with traffic. However, if you do not want to place the device inline with network traffic, or if you have users on the WAN side of Optinet that you want to filter, you can configure Optinet as a web proxy. A web proxy is normally a server that carries out web requests for users. Typically, web traffic is routed to the server which requests the web sites for the intended users. Optinet does likewise with a configuration called Proxy Mode. This configuration does not require Optinet to be inline with network traffic.

To use Optinet as a proxy, the device must have a network connection to the users and the Internet via the WAN or LAN port (only one has to be active). With this connection, you can then use either the Setup Wizard or an alternative method to assign the device the required IP settings. Afterwards, you must alter the connection settings of the users’ web browsers to use the IP address of Optinet as a proxy and port 8888 for browsing. (Port 8888 is the assigned port used by the Optinet filtering engine). If Optinet has a private IP address and you want external users to use Optinet as a proxy, you may need to create a Network Address Translation (NAT) rule for Optinet.

Below are the steps on how to alter the LAN connections using IE 7 and Firefox 2. You can also alter LAN connections via Group Policy Objects (GPOs), VPN connections, or other network devices; however, these steps are not covered in the User Guide and will need to be researched independently.

Internet Explorer (IE) 7

1. Open up IE 7 web browser.

2. Click on Tools -> Internet Options.

3. Click on the Connections tab.

4. Click the LAN Settings button.

5. Under Proxy Server section, select the checkbox for Use a proxy server for your LAN.

6. Under the Address field, enter in The Optinet IP address.

7. Under the Port filed, enter in the number 8888.

8. Click OK until the settings are applied.

Firefox 2

1. Open up Firefox 2 web browser.

2. Click on Tools -> Options.

3. Click on the Advanced menu.

4. Select the Network tab.

5. Under the Connection section, click the Settings button.

6. Select the radio button next to Manual proxy connection.

7. Enter in the IP address of Optinet in the HTTP Proxy field.

8. Enter in the number 8888 in the Port field.

9. You may also select the checkbox. Use this proxy server for all protocols as well if you like.

10. Click OK until the settings are applied.

Once users’ web browsers have been configured to use Optinet as a proxy, you will then need to configure Optinet to accept web requests. This setting is found under Admin -> Configuration -> Advanced Setup. Select the check box next to Allow HTTP Connections on port 8888. Don’t forget to apply the changes.

Optinet will then begin to create profiles for users as they begin t o send web requests to Optinet. You can confirm this under Manage -> Directory Users & Nodes -> Network Nodes. If you have enabled Directory settings, Optinet will also create Directory Profiles as well (Manage -> Directory Users & Nodes -> Directory Users). You can then create groups based on the profiles for content filtering and reporting. Please see Chapter 5: Managing Optinet for steps on how to create groups.

Please note that Proxy Mode does not offer all functions over network traffic normally associated when in the default inline mode, in particular band width control and full reporting. Because network traffic is not physically passing through the Optinet bridge interface, the device can no longer confirm which applications are passing nor control bandwidth. In addition to this, you cannot use all of the Advanced Filtering options and HTTPS/SSL Filtering settings to en sure content filtering.

With Proxy Mode you will only be able to filter web content and report on web sites visited. As such, you will not be able to apply all Shaping Rules nor will there be data posted for under the applications reports (Report -> Applications) or users reports (Report –> Users). There will, however, be data under Internet Usage and Threats.

Below is a table of all supported reports and menus with Proxy Mode (Report and Manage Tabs). If a specific feature is not listed in this table, then it is not supported in Proxy Mode.

Proxy Mode Support

Report Manage

Threats

Spyware Overview Spyware Infected Users Spyware Threat Names Virus Overview Virus Infected Users Virus Threat Names

Policies & Rules

Groups Time of Day Rules Internet Usage Rules

o TFRS (HTTP Traffic Only) Deny Access,

No Filters, Web Filter Only, Web Logging, SSL Block, and SSL Filter, Content Filtering, Advanced Filtering, HTTPS/SSL Filtering (SSL Certificate Based Content Filtering), Web Authentication

Shaping Rules

o Web Content

Policy Manager

Internet Usage

Web Hits Overview Web Bandwidth Overview Web Hits by Network Node Web Bandwidth by Network Node Web Time Online

System Reports

Active Users CPU Utilization IP Connections Latency Packets per Second RAM Usage

Dashboard

Real Time URL Monitor

One final note: you can configure Optinet inline with traffic and use the device as a proxy for a combination of functionality. For example, you can install Optinet inline with network traffic for internal users, and then alter web browser settings for VPN or external users to use Optinet as a proxy. This way, you gain full functionality for internal users and web filtering functionality for external users.

Directory Users & Nodes

Directory Users Directory Agent Network Nodes

Broadcast Manager

Applications

Traffic Flow Rule Sets (HTTP Traffic Only) Deny Access, No Filters, Web Filter Only, Web Logging, SSL Block, and SSL Filter

Configuring Port Settings

The Optinet bridge ports (WAN and LAN) by default are set to auto-negotiate for both speed and duplex settings. This means that Optinet will negotiate with the devices that are plugged into these ports to verify their speeds and duplex mode. Normally auto negotiate will allow Optinet to operate at least 100 Mbps or above and Full-Duplex.

However, you should confirm that Optinet is operating at least 100Mbps or above, FullDuplex, and is not generating any interface errors. You can do this under Admin -> Diagnostic Tools -> Ethernet Status.

Review both WAN Port and LAN Port tabs to confirm that Optinet is operating at the correct speed and duplex. Also verify that no errors are listed under the Errors field.

If the auto-negotiating settings list a speed under 100 Mbps, a duplex mode that is not Full or are generating errors, you may need to hard set these settings on the interfaces. You can do this under Admin -> Configuration -> Ethernet Settings.

Hard setting the Ethernet settings can cause network interruptions. Only perform these

next steps when network traffic can be momentarily interrupted.

Select the speed and duplex settings you would like to hard set for the desired port(s) and press the Apply button. In addition to this, you may need to hard set the interface settings on the devices connected to Optinet. This will allow Fail to Wire and No Failover to work correctly. The next section will explain these options.

Configuring Cabling

In addition to confirming the port and duplex settings, you should also confirm cables connected to Optinet. Typically, layer 3 devices connected to Optinet require a cross-over cable while layer 2 devices connected to Optinet require straight-through cables.

In a standard installation, the Optinet WAN port will connect to the firewall via a cross-over cable while the Optinet LAN port will connect to the core network switch via a straightthrough cable.

However, if you are installing Optinet in between a firewall and the core network router, you may need cross-over cables for each port. Also, if the devices connecting to Optinet offer Medium Dependent Interface Crossover (MDIX), which can compensate for switching transmit and receiving signals, you may be able to use straight-through cables for each port.

In any case, you will want to confirm the cabling for proper negotiation for Fail to Wire or No Failover. You can confirm negotiation by reviewing the section Ethernet Status. If after hard setting the ports, Optinet is still generating errors, you may need to change the cabling. After confirming negotiation, you should confirm Fail to Wire or No Failover by following the steps listed in the next section.

Testing Fail to Wire or No Failover

Optinet offers two options for network connectivity in case of a device failure or power loss: Fail to Wire and No Failover. Unless specified before purchase, the model of Optinet you receive will be designed for Fail to Wire. Fail to Wire allows netw ork traffic to pass in case Optinet fails or is powered down, while No Failover stops all network traffic in case of failure or power loss. Your preference must be specified before purchasing the device as the implementation is done via hardware. After confirming your preference and the installation of Optinet, you should perform some tests to confirm the functionality.

Only perform this test when network traffic can be momentarily interrupted and you are physically next to Optinet.

Fail to Wire

Fail to Wire allows network traffic to pass in case of failure by closing a circuit in between the WAN and LAN ports. However, for this to work properly, the devices connected to Optinet must be able to negotiate correctly.

1. Power off Optinet under Admin -> Utilities -> System Resets -> Hardware Shutdown.

Do not power down Optinet by pulling the power cord or pressing the power button on the front bezel. These procedures should only be used when there is no other alternative for powering down the device.

2. Depending upon the devices that are connected to Optinet, the duplex settings and cabling, it may take up to 5 minutes for Fail to Wire to complete. As such, please wait up to 5 minutes after powering down Optinet completely before performing the next step.

3. Confirm by the interface LEDs that the firewall/WAN router and the core network switch are still communicating.

• Confirm that all ne twork options are available, i.e., browse the Web, log into a remote site, etc.

• If the test is not successful, check the compatibility of port speed/duplex and cabling used on Optinet and the other devices.

4. Power on Optinet using the power button on the front bezel.

5. After waiting 5 minutes for the device to power up, log into Optinet and verify that the unit is functional.

Bypass Mode

Besides powering down Optinet, there are other scenarios that can cause Optinet to fail, i.e., running the device out of specs, hardware failure, etc. Once a failure is detected, Optinet will initiate the supported Bypass Mode (Fail t o Wire or No Failover). This is indicated by the LEDs on all ports, which will blink and scroll in unison.

If this happens, please contact Black Box Network Services Technical Support at 724-7465500 or your Authorized Black Box Network Services Reseller. Diagnosing and troubleshooting the problem may require that you phys ically remove Optinet from the network.

No Failover

No Failover works by simply grounding the circuit in between the WAN and LAN ports of Optinet. As such, when a failure is detected, all traff ic will not be passed from the LAN port to the WAN port; thereby denying Internet access.

1. Power off Network under Admin -> Utilities -> System Resets -> Hardware Shutdown.

Do not power down Optinet by pulling the power cord or pressing the power button on the front bezel. These procedures should only be used when there is no other

alternative for powering down the device.

2. Depending upon the devices that ar e connected to Optinet, duplex settings, and cabling, it may take up to 5 minutes for No Failover to complete. As such, please wait up to 5 minutes after powering down Optinet completely before performing the next step.

3. Confirm by the interface lights that the firewall/WAN router and the core network switch are not communicating.

• Confirm that all network options are not available, i.e., attempt to browse the Web, log into a remote site, etc.

• If the test is not successful, check the compatibility of port speed/duplex and cabling used on Optinet and the other devices.

4. Power on Optinet using the power button on the front bezel.

5. After waiting 5 minutes for the device to power up, log into Optinet and verify that the unit is functional.

As with Fail to Wire, there are other scenarios that can cause Optinet to fail besides powering down the device. If Optinet is entering No Failover unintentionally, please contact Black Box Network Services Technical support at 724-746-5500 and/or your Authorized Black Box Network Services Reseller for diagnosis and troubleshooting.

Now that you have confirmed Fail to Wire or No Failover, let’s discuss how to navigate through the Optinet GUI.

Chapter 3: Navigating Optinet

This section contains guides and tips on how best to navigate through The Optinet Graphical User Interface (GUI). The chapter is divided into three sections:

• General Navigation

• Task Pane

• Help Pane

To access Optinet, open up Microsoft’s Internet Explorer (IE) 6 or higher and enter in the IP address assigned to Optinet in the address bar (Optinet only supports IE 6 and above). You should receive the login menu.

General Navigation

Once you login to Optinet, you will be presented with the Home Page. The Home Page provides a snapshot of system health, filtering effectiveness, current firmware versions, subscription settings, as well as links to guide the administration of your system.

The Optinet navigation is divided into three tabs: Report, Manage, and Admin. Each tab presents you with different functions for Optinet. When you click on one of the tabs, the expanded menus for those tabs will appear. You can then select a sub-menu under the corresponding tabs for more options which will appear as expandable selections.

In general, the Report tab will be used for generating reports and viewing network t r affic. The Manage tab will be used to create groups, content filtering rules, and shaping rules. The Admin tab is used for basic and advanced configuration of the device, as well as troubleshooting and disaster recovery.

You can navigate back between tabs and reports by using the back arrow button located next to the Admin tab

. Do not use the back arrow button available on your web browser since this will take you back to the Optinet login page. You can have multiple tabs open for ease of use by right-clicking a selection and choosing Open in new tab. Each tab color will correspond to the main menu tab color.

Figure 3.1 Optinet Navigations tabs

For large reports, group membership, or application menus, Optinet has a pagination menu that can be used to navigate to specific pages or towards the end or beginning of a series. The open box in the pagination menu allows you to view a certain page after entering the page number and clicking the Go button (the available pages are listed above the open box).

You can also navigate to the next (Next) or previous (Prev) page by clicking the single arrow or to the very end or beginning of the series by clicking the double arrows. Where available, the pagination menu will post towards the bottom of the report, membership box, or application menu.

Figure 3.2 Optinet Pagination arrows

Finally, depending upon which tasks are being performed, you may receive a communication error from Optinet. This is usually a result of services being restarted. If you are presented with the below dialog box, select the OK button, wait 30 seconds, and attempt to access a menu. If the problem persists, you may need to re-login to Optinet.

Figure 3.3 Communication Error Dialog Box

Now that you have become familiar with general navigation, let’s explain the Tasks Pane, Help pane, and the different navigation options available.

Tasks Pane

The Tasks Pane is located in the upper–right corner of any of the Optinet screens. The Tasks Pane lists actions or options that can be selected for the active page. Because of this, the contents displayed in the Tasks Pane will change depending on the screen currently displayed. The Tasks Pane is a great help that will post common accessible actions.

For example, if you select a report, the Tasks Pane will list options on how to present the report, i.e., Email, Print, Export, etc. These actions are available by clicking on the Tasks Pane icons located in the Tasks Pane.

Below are listed all options presented in the Tasks Pane with the corresponding action. Please review Chapter 4: Generating Reports for more information on some of the options.

Actions

Re-scan Port: This will re-scan profiles under Netw ork Node Manager (Manage -> Directory Users & Nodes -> Network Nodes). Use this action when a device needs to be re-scanned due to configuration changes, i.e., new NetBIOS name, new IP address, etc.

Re-scan Directory User Name: This will re-scan profiles under Directory Users (Manage -> Directory Users & Nodes -> Directory Users). Use this action when Directory Users need to be re-scanned due to configuration changes, i.e., new domain, new groups, changed name, etc.

Actions

Correlate by

—Directory User Dashboard: Displays Directory User Overview

—Directory User Detail: Displays Directory User Detail for selected Directory User profiles

—Network Node Overview: Display the Network Nodes Overview report

—Network Node Detail: Display all details for the Network Node selected

—Download Certificate: Download the SSL Certificate

—Category: Correlate report by Web categories visited

—Directory User: Correlate report by Directory User profiles

—File Type: Correlate report by File Types downloaded

—Group: Correlate report by Group profiles

—Host: Correlate report by Web sites (hosts) visited

—MIME Type: Correlate report by MIME Types downloaded

+ 129 hidden pages

Black Box FE408005AA, FE408100XA, FE408020XA, FE408200XA, FE408020AA User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual