EdgeWave iPrism Web Security Administration Manual

Administration Guide

V7.0

800-782-3762

www.edgewave.com

iPrism Web Security

© 2001 – 2012 EdgeWave. All rights reserved. The EdgeWave logo, iPrism and iGuard are
trademarks of EdgeWave Inc. All other trademarks and registered trademarks are hereby
acknowledged.

Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corporation in
the United States and/or other countries.

Other product and company names mentioned herein may be the trademarks of their respective
owners.

The iPrism software and its documentation are copyrighted materials. Law prohibits making
unauthorized copies. No part of this software or documentation may be reproduced, transmitted,
transcribed, stored in a retrieval system, or translated into another language without prior permission
of EdgeWave, Inc.

iPrismAdmin07.000.01

Contents

Chapter 1 Introduction 1

About iPrism 1
About this Guide 1
Who Should Use this Guide? 1
Knowledgebase, Tutorials and Technical Support 2
Installation Notes 2

Chapter 2 Overview 4

How iPrism Works 4

The Filtering Database 4

Deciding What Gets Blocked 4
Assigning Profiles 7

Getting Past Blocked Sites 7

How iPrism Filters Internet Activity 8

Introduction to Profiles 9
Proxy Mode 10
Bridge (Transparent) Mode 11

Using the Management Interface 12
Logging In and Out of iPrism 13
Restarting and Shutting Down iPrism 14
The iPrism Home Page 14

Chapter 3 Profiles & Filters 15

Custom Filters 15

Adding a Custom Filter 16

Editing a Custom Filter 18

Deleting a Custom Filter 18

Importing and Exporting Custom Filters 19
Profiles 19

How iPrism Uses Profiles 20

iPrism’s Default Profiles 21

Web Profiles 21

Adding a Web Profile 22
Copying a Profile 23
Deleting a Profile 24

Application Profiles 24

Adding an Application Profile 25

iii

Copying an Application Profile 27

Deleting an Application Profile 28
Authentication and Assigning Profiles to Users 28
Assigning Profiles to a Set of IP Addresses (Workstations) 28

Quotas and Warnings 28

Email Alerts 30

Adding an Email Alert 31

Editing an Email Alert 32

Deleting an Email Alert 33
Quotas 33

Adding a Quota 35

Editing a Quota 36

Deleting a Quota 37
Warnings 37

Adding a Warning 38

Editing a Warning 40

Deleting a Warning 40

Access Control Lists (ACLs) 40

Creating a New Web ACL 40
Creating a New Application ACL 42
Editing an ACL 43
Deleting an ACL 43

Lock ACL 43
Current Overrides 45
Pending Requests 46

Granting Requests 47
Denying Requests 47

Recent Blocks 48
Remote Filtering 48

Using Remote Filtering 49
Enabling Remote Filtering 49

Chapter 4 Users & Networks 53

Local Users 53

Adding Users 54
Editing a Local User 55
Deleting a Local User 56
Importing Users 56
Exporting Users 57

iv

Groups 57

Adding a Group 58
Editing a Group 59
Deleting a Group 59
Mapping Groups to Profiles 59
Nested Groups 60

Privileges 61
Networks 63

Adding a Network Profile 64
Editing a Network Profile 67
Deleting a Network Profile 67

VLAN Management 67

Adding a VLAN Description 68
Editing a VLAN Description 69
Deleting a VLAN Description 69

Admin Roles 70

Adding an Admin Role 71
Editing an Admin Role 74
Deleting an Admin Role 75

Exceptions 75

Adding an Exception 75
Editing an Exception 77
Deleting an Exception 77

Remote Users 77

Adding a Remote User 79
Editing Remote Users 79
Deleting a Remote User 80
Importing Remote Users 80
Exporting Remote Users 81

Remote Upgrades 82

Chapter 5 Reporting 85

Chapter 6 Maintenance 86

Appliance Updates 86

Installing a New Hotfix 87
Rebooting after Installing Hotfixes 87
Uninstalling a Hotfix 87

Backup and Restore 88

Backing Up 88

v

Restoring 89

Restoring Your System from a Local Backup 89

Restoring iPrism to its Default (Factory) Configuration 89

Event Log 89

Deleting Access Event Records 90

Policy Test 90
Self Check 91
Send Test Email 92
Site Rating & Test 92
Support Tunnel 93
Test Directory Services 93

Chapter 7 System Settings 95

Central Management 95
Customizable Pages 95

Customizing Pages 96

Authentication, Access Denied, Quota Notification, and Warning Notification

Pages 96

Customized HTML 96

Specified URL 97
All Other Pages 98
Reporting Logo 99

Customizable Page Tags 100

Directory Services 101

Choosing an Authentication Mechanism 102
Local Authentication 103
LDAP Authentication 103

Setting up the iPrism LDAP Client 103

Authentication from the User’s Perspective 105
Microsoft Windows Active Directory Authentication (Active Directory 2000/2003) 106

Assigning iPrism Profiles to Windows AD Global Groups 107

Microsoft Windows Active Directory Authentication (Active Directory 2008) 107

Prerequisites 107
Setting up iPrism to authenticate against a Windows 2008 server 108

Migrating from AD 2003 to AD 2008 111
Enterprise Reporting 111
Event Logging 111

Syslog Export 111

Email Settings 112

vi

FTP Settings 113
High Availability 113

Setup 114

Recovery 116
License Key 117

iPrism Certificates 117

Uploading Your License Key 119
Local Categories 119
Network ID 120
Network Services 125

Network Hardening (Protecting Against DoS Attacks) 126

Enabling SNMP 126

The SNMP Community String 126

WCCP 127

Configuring WCCP Settings in iPrism 127
Configuring SMTP Relay Settings 128
Enabling the Co-Management Network 129

Pending Request Options 130
Ports 131

Proxy and Configuration Ports 132
Redirect and HTTPS Ports 133

Proxy 134

Slaving iPrism to a Parent Proxy (Proxy Mode) 135
Enabling an Upstream Proxy in Bridge (transparent) Mode 136
HTMLHeader Handling 136
Configuring the Filter List/System Update Proxy Server 137

System Preferences 137

Backup Settings 138
Bypass Authentication 139
Current Date and Time 139
Filter Failover Mode 140
Setting or Changing the Supervisor Password 140
Filter List (iGuard) Updates 141

Scheduling Filter List (iGuard) Updates 141

Checking iPrism’s Filter List Status 141
System Failover Mode 141
System Updates 142
Proxying for External Users 142
Scheduled Reboot 143

vii

Unrated Pages (iARP) 144
User Settings 145

Chapter 8 System Status 146

About 146
Administration Log 146
Configuration Summary 147
Connectivity 147

Pinging a Host 148
Tracing Network Activity 148
Perform a DNS Lookup 148
Refreshing the System Updates Server 148

Routing Table 148
Security Log 149
Status 149

Chapter 9 Central Management 151

Before You Begin 151
Setting Up a Master/Slave Configuration 152

Designating Slave Systems 152
Designating the Master System 153

Changing the Master System 155
Removing a Slave System 156
Using Standalone Mode 156
Upgrading iPrisms in a Central Management Configuration 156

Chapter 10 Override Management 158

Access Denied Page Options 158
Using Override Privileges 159

Overriding a Blocked Web Site 159

Using Access Requests 161

Requesting Access to a Site 161

Managing Override Access 162

Appendix A Filtering Categories 163

Site Rating Categories 163
Sex Category 163

Adult 163
Lingerie/Bikini 164
Nudity 164

viii

Pornography 165
Sexuality 165

Questionable Activities Category 166

Copyright Infringement 166
Computer Hacking 166
Intolerance/Extremism 167
Miscellaneous Questionable 167
Profanity 167
Tasteless 168
Weapons/Bombs 168
Violence 169

Security Exploits Category 169

Phishing 169
Spyware/Adware 169
Malware 170

Society Category 170

Alt/New Age 170
Art/Culture 171
Family Issues 171
Government 172
Politics 172
Social Issues 173

Keywords 173
News 173
Classifieds 173
Religion 174
Cult 174
Alternative Lifestyle 175

Internet (Web) Category 175

Anonymizer 175
Discussion Forums 175
Online Chat 176
Translators 176
Image Host 176
File Host 176
Peer to Peer 177
Email Host 177
Safe Search Engine 177
Sharewares Download 177

ix

Web Banners 178
Web Host 178
Web Search 178
Portals 179
High Bandwidth 179
Dynamically Detected Proxies 179

Business Category 180

Specialized Shopping 180
Dining/Restaurant 180
Real Estate 180
Automotive 180
Internet Services 180
Corporate Marketing 180
Finance 181
Job/Employment Search 181
Professional Services 182
Online Auctions 182

Education Category 182

Continuing Education/Colleges 182
History 183
K-12 183
Reference Sites 184
Sci/Tech 184
Sex Education 184

Health Category 185

Alcohol/Tobacco 185
Drugs 185
Health 186
Adult Sex Education 186

Recreation Category 187

Entertainment 187
Gambling 187
Games 188
Hobbies/Leisure 188
Mature Humor 189
Televison/Movies 189
Music 189
Digital Media 189
Radio Stations 189

x

Social Networking/Dating 190
Special Interests 190
Sports 191
Travel 191
Web Log (Blog) 192

Appendix B Configuring Browsers for Proxy Mode 193

Configuring Firefox for Proxy Mode 193
Configuring Safari (Mac OS X only) for Proxy Mode 193
Configuring Internet Explorer for Proxy Mode 194

Appendix C iPrism Error Messages 195

iPrism Rating Error 195
iPrism List Update 195
iPrism List Error 196
iPrism Filter Service Expired 196
Access Denied 196
Authentication is Required 197
Connection Failed 197
Unable to Determine IP Address 197
Invalid Request 198
Invalid URL 198
iPrism is in the Process of Reconfiguring Itself 198
Zero Sized Reply 198
Write Error / Broken Pipe 199

xi

CHAPTER 1 Introduction

About iPrism

The iPrism Web Filter combines simplicity, performance and value to deliver unrivalled protection
from Internet-based threats such as malware, viruses, spyware, anonymizers, IM, P2P, and
inappropriate content. As a self-contained appliance-based solution, iPrism offers universal
interoperability on any platform and in any network environment, delivering Internet security at the
perimeter, to help enforce your Internet acceptable use and security policies. In addition, iPrism
seamlessly integrates with your directory services to automate authentication for fast and easy
deployment throughout your organization.

About this Guide

This guide is designed to provide you with both an overview of iPrism and the step-by-step
processes for implementing it in your organization. It is important to have a thorough understanding
of the iPrism appliance itself, as well as the bigger picture of how it functions within your network
environment, to get the best performance possible from your appliance.

This section introduces you to how information is arranged and presented. It also provides
information about how to access the iPrism tutorials and Knowledgebase, and contact information
for Technical Support.

This guidedoes not include installation instructions. Refer to the

iPrism Installation and Configuration

Guide

if you have not yet connected the iPrism to your network.

Who Should Use this Guide?

This guide was written for network administrators or those who are fulfilling that duty for their
organizations. The requirements for understanding this manual include:

• An understanding of TCP/IP networking

Chapter 1 Introduction 1

iPrism Administration Guide

• Knowledge of your network’s topology

• The ability to configure networking settings on Windows workstations

Knowledgebase, Tutorials and Technical Support

If you are unable to resolve your issue using the manual, please check our Knowledgebase at:

www.edgewave.com/support/web_security/knowledgebases.asp

Embedded iLearn videos are a series of short task-oriented videos to help guide you through specific
iPrism configuration scenarios. These tutorials are available at:

www.edgewave.com/support/web_security/recorded_webinars_ilearn.asp

You may also contact the iPrism support team at:

www.edgewave.com/forms/support/web_security.asp

When contacting tech support, include all relevant information about how the iPrism is configured on
your network (e.g., topology, other hardware, networking software, etc.). Have your iPrism serial
number and registration key information handy. Also, to help our support staff solve your problem, it
is helpful if you can send us a network diagram showing the basic hardware that is in use on your
network.

Installation Notes

Important: This guide assumes that you have already connected the iPrism
appliance to your network using the instructions in the

iPrism Installation Guide.

There are a few situations that can complicate an iPrism installation that are not addressed in the
iPrism Installation Guide, such as:

• If other proxy servers are configured on your network.

• If you have a WAN serviced by a router that is also the Internet router.

• If you have a unique network setup, and you are unsure of its ability to interact with iPrism.

Chapter 1 Introduction 2

iPrism Administration Guide

If one or more of these conditions exist on your network and you are not able to get iPrism to function
properly, check the EdgeWave website. This site contains the most current support information for
iPrism.

www.edgewave.com/support/web_security/default.asp

If you are still unable to find a solution, you may request assistance with your installation from the
iPrism technical support team. See Knowledgebase, Tutorials and Technical Support.

If your network uses a firewall or other device that masks IP addresses, it is important to install
iPrism inside the firewall/device. Otherwise, it may prevent iPrism from tracking individual users on
the network, in which case it will not be possible to perform user tracking. If you are unable to
configure iPrism inside the firewall, some iPrism features will not be available to you.

Chapter 1 Introduction 3

iPrism Administration Guide

CHAPTER 2 Overview

This section describes how iPrism works and provides an overview of its features and capabilities.

How iPrism Works

In the simplest terms, iPrism is a filtering device that examines your Internet traffic stream for HTTP,
HTTPS, IM, and P2P traffic. In the case of HTTP and HTTPS requests, each URL request is
checked against a database in which URLs are classified into fixed categories, based on their
content. The client’s web request may be blocked or monitored by iPrism, depending on which
categories the iPrism administrator has elected to place limits according to the rules in the user’s
Web Profile.

The Filtering Database

The process by which URLs are evaluated and categorized is a URL database. As part of the
process, each website in question is submitted to an Internet analyst who reviews the site and
makes the appropriate category designations (e.g., adult, nudity, profanity, government, religion,
drugs, games, etc.). To ensure that each iPrism unit is always operating with the very latest filtering
database, the iPrism appliance automatically connects to the EdgeWave server daily and
downloads the most recent filtering database files. The URL database now contains more than 80
categories with millions of websites. See Filtering Categories for detailed information about
categories.

Deciding What Gets Blocked

The first step in setting up your filter is to create an Access Control List (ACL). This is a list that tells
iPrism what to do for each category of website. For example, you may want to block access to
websites of an “adult” nature (and monitor any attempt to access them), monitor any accesses to
sites categorized as “nudity” (and allow the user to access them), and let all other requests through
unmonitored and unblocked.

Chapter 2 Overview 4

iPrism Administration Guide

To do this you need to create an ACL with the following settings:

Category Monitor Blocked

adult Yes Yes

nudity Yes No

everything else No No

The ACL controls what is blocked and monitored. iPrism needs to know when to apply the ACL and
who to apply it to.

The schedule controls when an ACL is applied. Suppose the company policy is “No Shopping during
working hours, but during lunch and after work, anything goes.” To implement this policy, you may
create an ACL called NoShopping which blocks all shopping and online auction sites. You can also
create an ACL called “WideOpen” which does not block any sites. You may want to apply the
WideOpen ACL during a standard lunch hour timeframe such as 12 – 1 p.m., and after working
hours.

Next, define a schedule that tells iPrism when to apply each of the two ACLs, as shown below.

Chapter 2 Overview 5

iPrism Administration Guide

Figure 1. Profiles and Scheduling

In this example, the schedule applies to the entire company (Profile name = MyCompany). But
sometimes you need to give different users different access rights. For example, the Purchasing
department may legitimately need access to online shopping, and Finance may need access to
online gambling. In addition, upper management and iPrism administrators may have access to
everything.

iPrism uses two different types of profiles:

• Web Profiles are used to filter web surfing or HTTP/HTTPS traffic.

• Application Profiles filter IM and P2P usage.

Each profile is associated with a group of users. One way of identifying users is by the IP address of
the machine they are using. For example, you can define a profile called “Sales”, which is mapped to
the IP addresses in the range 192.168.77.0 to 192.168.77.255.

Users can also be identified by a username and password through an authentication process. There
are a number of authentications available including NTLM (for Microsoft Windows users), Kerberos
(for Microsoft Windows and Macintosh users) and LDAP (for Macintosh, UNIX, Linux, and Novell
users).

Chapter 2 Overview 6

iPrism Administration Guide

Finally, you can manually add users to your iPrism. In practice, manual creation is usually only done
for iPrism administrators and sub-administrators.

Assigning Profiles

Now that you have set up profiles, you need to learn how to associate a profile with the people to
which it applies. The simplest way of doing this is to assign a profile to a set of IP addresses. Anyone
using a machine which has one of these addresses will be assigned the same profile. This is useful
when you have a lot of public or lab machines and wish to apply the same profile to everyone in the
room. For example, if you’re running a school, you can assign a profile called “KidSafe” to all the
machines in the student lab, and assign a profile called “NoBlocking” to the teacher’s offices.

You can also assign profiles to a set of authentication users. (Authentication means that you have a
username to work with which has been validated by a password.) Although each web access
message contains the IP address of the computer making the request, there is no user identification
included in the message.

Note: This is not always true. If you configure your iPrism and user computers
just right, you can create a system where each web access message will
contain user identification. This complex form of configuration is discussed in
Users & Networks.

iPrism interfaces with Windows NTLM authentication as well as LDAP, which is used by UNIX,
Linux, and Novell. If you want to use “user level” authentication, see Users & Networks for
instructions on getting your iPrism working with your existing authentication system.

Getting Past Blocked Sites

Users have options when they encounter a blocked site. The Access Denied page provides two
options for getting to a page that is being blocked by iPrism.

Override allows an administrator to log in. The administrator can then specify whether they want to
override just the blocked page, the entire domain, or the whole blocked category. They can then
select how long they want the override access to last before iPrism resumes normal blocking.

In addition, a user that has been granted override privileges (see Managing Override Access), can
override the blocked page. Whether or not users can override blocked pages is configured and
managed by the iPrism administrator.

Chapter 2 Overview 7

iPrism Administration Guide

If the user’s request to unblock a site is granted, that site will be unblocked for all users if you are
using a custom filter to grant access. See Override Management for detailed instructions on
managing overrides and requests.

Request Access allows the user to “plead their case” to the iPrism administrator (or other
authorized user with override privileges), who can subsequently grant or deny access to the page.
The request is emailed to the iPrism administrator, who will then grant or deny the request (see

Granting Requests).

Note: If Request Access is not available, then access is being denied by the
active ACL in the current profile. You cannot request access to the site.

How iPrism Filters Internet Activity

iPrism filters both web traffic as well as IM and P2P services. Web traffic is filtered by checking each
client’s web request against an extensive database containing both URLs and IP addresses. This
database also classifies sub-domains or specific URL paths, in addition to the top-level domain.

If the requested path belongs to a “blocked” category, then the user may see an “access denied”
page instead (what the user sees is determined by how the iPrism administrator has chosen to
handle requests to blocked categories; for specifics, see Access Control Lists (ACLs). An Access
Denied page notifies the client that the web page they tried to access belongs to a category which is
currently being blocked.

Note: If the administrator has set General Options in the user’s ACL to Deny all
access to the web, the user will not see an Access Denied page.

The rules for IM and P2P filtering are based on protocols used by applications, but not by
applications themselves. In other words, the iPrism will check the protocols used by applications to
see if the traffic is permitted.

Note: Application filtering does not result in an Access Denied notification; the
traffic is silently dropped. The administrator may want to communicate this
behavior to end users, so they do not think the application is malfunctioning.
IM/P2P activity can be viewed in the Application Detailed Report, available
through the iPrism Report Manager (refer to the

iPrism Reporting Guide

at

http://edgewave.com/support/web_security/documentation.asp).

Chapter 2 Overview 8

iPrism Administration Guide

Besides blocking web, IM, and P2P activity, the administrator also has the ability to simply monitor
the traffic. For websites, you can select which categories are monitored and when this monitoring is
to be done. For IM and P2P traffic, you can monitor based on the protocol used.

Monitoring allows you to see how your network in being used; for example, who visits which sites
and how often. All the power to block or monitor access lies in the hands of the administrator. iPrism
just gives them the means by which to do it.

Since a “one size fits all” approach to filtering is not suitable for most organizations, iPrism resolves
the issue by using filtering profiles. The iPrism uses two different types of profiles – one for web traffic
and another for non-web traffic. A profile tells iPrism which categories of traffic to block or monitor at
a particular moment. You can create as many different profiles as you need and assign them to
different users, or different networks and subnets.

How to create profiles and how to assign them to subnets or an entire network is covered in the
following sections. Details on how to assign these profiles to users is covered in Profiles & Filters.

Introduction to Profiles

Profiles are the elements within iPrism that determine what information is blocked, monitored, or
passed through. There are two types of profiles:

• Web Profiles determine which websites are filtered.

• Application Profiles determine which instant message (IM) and peer to peer (P2P) traffic is

allowed.

Profiles are at the very core of iPrism’s functionality. In addition to determining what gets blocked
where, profiles also determine when traffic is blocked. Thus, you don’t have to manually change
profiles to accommodate a situation where one group has access to the network for some part of the
day and another group has access to it for another. The active profile can automatically switch the
filtering criteria at a designated time of day, so you can be assured of having the protection you need,
when you need it.

Profiles are flexible and accommodating, as each profile is actually made up of one or more
individual filtering criteria, called an Access Control List (ACL). It is actually the ACL that specifies
which traffic gets blocked or monitored. A profile can consist of a single ACL, which would provide
the same degree of filtering all the time, or it can utilize several ACLs, allowing different degrees of
filtering at specific times. This is how a single profile is able to provide a different level of filtering at
various times of the day.

Chapter 2 Overview 9

iPrism Administration Guide

Proxy Mode

Proxy mode is the simplest, and is the preferred mode in which to operate an iPrism when testing, as
well as when iPrism is installed “inside” a busy network with many different kinds of traffic. In proxy
mode, the iPrism is installed right off the switch. End users and workstations are pointed to the
iPrism via a proxy statement.

In proxy mode, iPrism uses a single internal interface to connect to the Internet. Only one (1) network
(NIC) connection is used, as only the internal interface is connected to the local network. The iPrism
acts as a filtering web proxy; web traffic that is explicitly directed to the iPrism is filtered.

In this configuration, HTTP and HTTPS requests are sent to the iPrism as proxy requests. The
iPrism determines if the request should be allowed or blocked and, if it is allowed, forwards the
request to the Internet. The reply goes back through the iPrism proxy to the user.

In this mode, the iPrism is not able to detect or regulate P2P traffic.

Proxy mode is best for testing, as since the iPrism is not placed in a network-critical location, any
problems that occur will not jeopardize your company’s entire access to the Internet. You can fine­tune the profile and network settings and test the results before moving the system into a network­critical environment.

It also provides a way to demonstrate the capabilities of the iPrism before it is deployed for all users.

If you choose to deploy the system in proxy mode, all you have to do is to make the iPrism a proxy
server for all your users. (This can be done through group policy settings, or through a system
administrator edict.) You must also change your firewall rules to allow only the iPrism to access the
Internet, preventing anyone who didn’t change their proxy settings from directly accessing the
Internet.

Chapter 2 Overview 10

iPrism Administration Guide

Figure 2. Deploying iPrism in Proxy Mode

Refer to the

iPrism Installation Guide

for detailed information.

Bridge (Transparent) Mode

In bridge (transparent) mode, the iPrism is an “in-line installation” which has 2 network (NIC)
connections. This mode is recommended for full network production deployment.

In this mode, iPrism is installed between the firewall and the switch. All network traffic destined for
the Internet (e.g., email and web) flows through the iPrism, and a single IP address is used by both
interfaces. This is the preferred mode in which to deploy and operate an iPrism in production.

Chapter 2 Overview 11

iPrism Administration Guide

Figure 3. Deploying iPrism in Bridge (Transparent) Mode

Notes:
The iPrism can also act as a filtering web proxy when in bridge (transparent)

mode. Users can configure their browsers to point at the iPrism, just as they do
in proxy mode, although the iPrism is configured in bridge (transparent) mode.
Web and Application traffic will be filtered for these users.

For instructions on how to configure a browser to point at the iPrism, refer to
the

iPrism Installation Guide.

Older versions of iPrism (Versions 3.6 and earlier) had an additional mode
called Router mode. This mode had been discontinued. Bridge (transparent)
mode is now used in all situations where the iPrism is used in an in-line network
environment.

Using the Management Interface

The iPrism has a third network interface called the Management Interface. Normally you can
administer your iPrism from any system connected to the internal network. You can configure the
system to only accept configuration from the management interface. This allows you to create a
secure subnet from which to control your iPrism.

Chapter 2 Overview 12

iPrism Administration Guide

Other uses of the management interface include:

• A secure way of transferring logging data from the iPrism to a management workstation. When

you configure the iPrism to send you periodic reports or logging information, the information is
transmitted in plain text. This means that anyone with a sniffer attached to your network could
see that data. If you want to make your network extremely secure you can use the management
interface to transfer this data on a secure network.

• High Availability. Paired iPrisms use the management interface to keep track of each other's

current running status. Interrupting this link results in a situation where both iPrisms believe the
other is not working, which results in both becoming active at the same time.

For more information on configuring and using the management interface, refer to the
Knowledgebase article “How do I enable the Management Interface?” at

www.edgewave.com/support/web_security/knowledgebases.asp.

Logging In and Out of iPrism

Logging into iPrism is done via the login page. It is recommended that you bookmark this page.

Within an iPrism session, you can log out via the Logout menu in the top right corner of the page.
Select Logout from the dropdown menu.

Users on shared computers should log out when finished. If they do not, the next person who uses
the machine will be able to access the Internet using the previous user’s profile.

Figure 4. Logging in

Chapter 2 Overview 13

iPrism Administration Guide

Restarting and Shutting Down iPrism

• To restart iPrism, select Restart from the Logout menu in the top right corner of the page.

• To shut down iPrism, select Shut Down from the Logout menu in the top right corner of the page.

The iPrism Home Page

The primary method of administering the iPrism is via the configuration options available from the
iPrism home page. This is available online through your iPrism after you have gone through the
Installation Wizard (refer to the

iPrism Installation Guide

for steps on how to set up your iPrism

through the Installation Wizard).

For the end users, the iPrism will remain invisible depending on how the administrator configures it in
their network. The system may require them to authenticate themselves, and if they encounter a
blocked site, it allows them to request that it be unblocked. But for the most part, it operates in the
background, and users only become aware of it when they try to access a blocked site.

A variety of options are available from the iPrism home page which allow you to manage and
administer the iPrism.

The following tools are available from the iPrism home page. Each tool has its own section in this
guide:

• Profiles & Filters

• Users & Networks

• Reporting

• Maintenance

• System Settings

• System Status

For detailed information about and instructions how to use each tool, see the associated section.

Chapter 2 Overview 14

iPrism Administration Guide

CHAPTER 3 Profiles & Filters

This section describes how iPrism’s profiles and filters work, and provides detailed procedures for
creating and implementing your own filtering profiles. Instructions for controlling access to specific
websites and other Internet services is also provided.

To access iPrism Profiles & Filters, click Profiles & Filters from the home page. A context menu lists
the Filtering features.

Custom Filters

Custom Filters provide a way of overriding or changing a specific site’s rating on a long-term basis,
and/or adding filters based on file extensions. A custom filter consists of one or more file extension
types, and/or a site location (URL) and new rating, and will remain on the iPrism until deleted. Upon
deletion, the URL will revert back to its original iGuard database rating. Custom filters allow you to
restrict or allow access to any file type or website, not just those included in iPrism’s URL database.

When you make a custom URL assignment, iPrism treats the URL as a member of that category
and either allows or denies access to the site based on the active filtering profile.

In the Custom Filters section, you can import, add, edit, and delete custom filters. You can obtain the
data for making a custom filter from several sources, including recent overrides or blocks, and
personal requests made from users on the network. You can also create custom filters manually,
entering the URL and ratings yourself.

1. From the iPrism home page, select Profiles & Filters, then Custom Filters.

Chapter 3 Profiles & Filters 15

iPrism Administration Guide

Figure 5. Custom Filters

2. If you want to search for a custom filter, type all or part of the filter name and click Search.

Adding a Custom Filter

1. In the Custom Filters window click Add.

Chapter 3 Profiles & Filters 16

iPrism Administration Guide

Figure 6. Filter Details

2. Make sure Enabled is selected, and type the URL to which this filter applies.

3. Select the file types to which this filter applies. If this filter applies to all file types, leave the default

(All Files (*)) selected.

4. If all sub-URLs of this address are to be included in the filter, check Apply to all sub-URLs of

this address.

5. If you want to have this URL submitted to the EdgeWave iGuard team for rating, check Submit

this URL to EdgeWave for rating.

6. Select the appropriate action (Allow Access, Deny Access, or Categorize). If you select

Categorize, click Select to assign this URL to an iGuard category.

7. If you want to specify properties for this filter, click Manage Properties. Select the applicable

options and click OK.

Chapter 3 Profiles & Filters 17

iPrism Administration Guide

Figure 7. Manage Filter Properties

• No Antivirus - Turns off virus checking for this URL or file extension.

• No Authentication - Turns off authentication for this URL or file extension.

• Safe Parameter - Checks for the specified parameter and, if it matches this definition, allows

the content. The safe parameter takes the form <parameter> = <definition> or just
<definition>. Valid characters are: A-Z a-z 0-9 .',/;_+=()[]{}@!#$%*|-^\

8. When you are finished, click OK.

Editing a Custom Filter

• Select a filter in the Custom Filters window and click Edit.

Deleting a Custom Filter

To delete a custom filter:

• In the Custom Filters window, select a filter and click Delete.

Chapter 3 Profiles & Filters 18

iPrism Administration Guide

Importing and Exporting Custom Filters

To import a custom filter:

1. In the Custom Filters window, click Import.

2. Click Yes to confirm.

3. Locate the file and click Open.

To export a custom filter:

1. In the Custom Filters window, select a filter and click Export.

2. Enter a name for the file and click Save.

Profiles

Profiles allow or block requests or protocols. Profiles tell iPrism which categories of web or IM/P2P
traffic to block and/or monitor at a particular moment, and allow different users to have different
access rights. You can create as many different profiles as you need and assign them to groups of
users, networks and users (local or remote).

Profiles assigned to a user are always applied to that user, regardless of which workstation they log
into.

iPrism uses two types of profiles:

• Web profiles (for filtering web or HTTP traffic)

• Application profiles (for filtering IM/P2P traffic)

Profiles are the core of iPrism’s functionality. In addition to determining what gets blocked where,
profiles also determine when traffic is blocked. Thus, you don’t have to manually change profiles to
accommodate a situation where one group has access to the network for some part of the day and
another group has access to it for another. The active profile can automatically switch the filtering
criteria at a designated time of day, so you can be assured of having the protection you need, when
you need it.

Chapter 3 Profiles & Filters 19

iPrism Administration Guide