Web Filter - Forcepointkb.websense.com › pf › 12 › webfiles › WBSN Documentation... · 1 - 3 SurfControl Web Filter - Installation Guide 1.2.1 Single-segment Network The figure

Web Filter

www.surfcontrol.com The World’s #1 Web & E-mail Filtering Company

SurfControl Web FilterInstallation Guide

SurfControl Web Filter - Administrator’s Guide i

NoticesUpdates to the SurfControl documentation and software as well as Support information are available at www.SurfControl.com/support.

Copyright ©1998-2003 SurfControl plc. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior permission of the copyright owner.

SurfControl is a registered trademark and SurfControl and the SurfControl logo are trademarks of SurfControl plc. All other trademarks are property of their respective owners.Version 4.5 printed October 2003.

Contents

Notices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . i - i

Installation Requirements

System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 - 1

Where to install SurfControl Web Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 - 2

Single-segment Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 - 3Multi-segment Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 - 4Microsoft ISA Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 - 6Auto detecting your network configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 - 8

Database Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 - 9

SQL Server Database. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 - 9MSDE Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 - 9

Network Cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 - 10

Identifying your NICs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 - 10

Installation

Flow chart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 - 2

Installation Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 - 3

Upgrading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 - 11

Access to SQL Server Database Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 - 11Upgrading Archived Databases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 - 12Upgrading SQL Archived Databases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 - 12

Post Installation Configuration

Database creation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 - 1

Creating a SQL Server Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 - 1Creating a MSDE Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 - 4

The Virtual Control Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 - 5

ii SurfControl Web Filter - Installation Guide

Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 - 5Post Installation Activation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 - 5Configuring the VCA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 - 6Upgrading the VCA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 - 7

Enterprise User Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 - 8

EUM on Windows NT domain controllers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 - 8EUM on Windows 2000/2003 domain controllers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 - 8Installation Instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 - 9User Logoff Recommendations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 - 9To install Enterprise User Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 - 10

EUM for Netware. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 - 11

Installing the Netware Loadable Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 - 11

Performance Tuning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 - 12

System Workload Issues. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 - 12Monitoring Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 - 13Other Performance Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 - 13Performance Factors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 - 14Catch-Up Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 - 14Distributing Services and Multiple Collectors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 - 15

Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 - 16

Proxy Server running on a non-standard port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 - 16To configure non-standard ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 - 16If no data is being collected. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 - 17

Troubleshooting EUM Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 - 18

SurfControl Web Filter - Installation Guide iii

1 Installation Requirements

1.1 System RequirementsYou should check that the machines you will be using meet the minimumsystem requirements outlined in the table below.

If you need to monitor a high volume of network traffic, you may require a morepowerful PC. Monitoring Internet access over a large, busy enterprise cancause your database to grow very quickly, so you should ensure that themachine you will be using has adequate disk space. For further information seesupport pages on the SurfControl website: www.surfcontrol.com/support

Operating SystemMicrosoft Windows 2000 Server with Service Pack 1ORMicrosoft Windows 2000 Advanced Server withService Pack 1

Processor Pentium III or above

Memory 512 MB minimum

Disk space 1 GB disk space

Network Promiscuous mode Ethernet Card

If you wish to useNetware User NameSupport

Novell NetWare 5.x and IP.

Note: the Web Filter machine should have Novell Client for Windows 2000 installed

Web ReportingMicrosoft Internet Explorer 5.0 or higherORNetscape Communicator 4.75 or higher

SurfControl Web Filter - Installation Guide 1 - 1

http://www.surfcontrol.com/support


1.2 Where to install SurfControl Web FilterSurfControl Web Filter has a modular design which allows maximum flexibilityin a network configuration scheme. Where you install the application willdepend on the configuration of your network and the locations from which youwish to administer Web Filter. SurfControl recommends that you study thescenarios in this chapter to determine which installation type is most suitablefor your company and network.SurfControl Web Filter uses a sniffer engine to monitor and/or control Internetaccess activity. The location of this service on your network is critical as WebFilter can only monitor and block what it can see. Routers, switches andgateways may prevent the Web Filter Engine from seeing certain parts of yournetwork, so it is vital that you know if any of these devices are installed andwhere they are configured before installing SurfControl Web Filter.You can install SurfControl Web Filter in any of these environments: Single-segment network Multi-segment network Microsoft ISA Server Proxy Server

For Single or Multi segement networks, SurfControl Web Filter must not beinstalled on any system that runs other server based products, such as WebServer, Mail Server or similar. For Microsoft ISA and Proxy Server installations, SurfControl Web Filter mustbe installed on the same machine as that running these servers.For Microsoft Proxy Server. SurfControl Web Filter should be loaded onto adedicated system and should be positioned on the 'inside' segment of anyProxy Server.



1.2.1 Single-segment Network

The figure below shows SurfControl Web Filter installed on what is known as asingle segment network. All of the machines on the network are connected to asimple hub. In this scenario, you may install SurfControl Web Filter on anysuitable machine and you will be able to monitor and control Internet accessacross the network.

1 - 3 SurfControl Web Filter - Installation Guide


1.2.2 Multi-segment Network

Use this configuration for switched hubs or networks using router segments. Toensure monitoring of all traffic on a segmented network, you will need to installmore than one copy of SurfControl Web Filter. If SurfControl Web Filter isinstalled on a machine in Segment 2, it will not be able to see any traffic inSegments 1 or 3. Clearly, if you wish to monitor only one segment, this will notpresent a problem. If, however, you wish to monitor activity on all of thesegments you will need to install SurfControl Web Filter in a different location.

In the figure below, SurfControl Web Filter has been moved to Segment 1. Inthis location, it will be able to see all of the traffic to and from the Internetbecause all Internet traffic will pass though the segment where SurfControlWeb Filter is installed.



Although this installation will monitor Internet traffic for the whole network,some local traffic will not be seen. If, for instance, you have an Intranet Serverinstalled on a machine in Segment 2 being accessed by a machine in Segment3, SurfControl Web Filter will not see the communication. Again, this may ormay not be important, depending on your Internet Access Policy.To ensure monitoring of all of the traffic of a segmented network you will needto install more than one copy of SurfControl Web Filter. In the figure below, twocopies have been installed, one in Segment 2 and one in Segment 3. Segment1 has been left unmonitored because it just has the File/Print/Proxy Serverinstalled.



1.2.3 Microsoft ISA Server

You may use Microsoft Internet Security and Acceleration (ISA) Server on yoursystem but at the same time want to use SurfControl Web Filter's rule creationability and category lists. SurfControl Web Filter can be fully integrated with ISAServer to give you the advantages of both ISA's multi-layer, enterprize firewallalong with SurfControl Web Filter's superior rule creation and categorizationfacility.SurfControl Web Filter must be installed on every machine running ISA Serverregardless of whether the machine is a single standalone machine or amember of a group of ISA servers.

NoteFor existing ISA customers (pre release 4.2.0.21) there is no upgrade pathavailable for the ISA version of the Web Filter. To link to your old database toextract reports etc, you should backup your existing database beforeinstallation. This also affects the translation of your existing rules.

Before you start to install SurfControl Web Filter for ISA Server there arecertain environment configuration issues that must be met. Ensure that youhave carried out the following steps before starting to install SurfControl WebFilter:1 Find out about the configuration of your ISA Servers.

If your ISA Servers are configured into an array and managed as a single, logical entity then this will affect how you set up access rules for SurfControl Web Filter. It is important to be aware of this fact before you start to install SurfControl Web Filter.

Single ISA Server installation



Multiple ISA Server Installations

2 Check the configuration of the SurfControl Web Filter machine(s).

Each of the ISA servers that you are intending to install SurfControl Web Filter on must be configured in the following way: Each machine must be assigned a static IP address. The security logs of all domain controllers are set to overwrite

events as needed.



1.2.4 Auto detecting your network configuration

If you are installing on a Microsoft ISA Server or Microsoft Proxy Serverenvironment then SurfControl Web Filter will automatically detect this andinstall the relevant version of the product. If Microsoft ISA or Microsoft Proxycannot be detected then the SurfControl Web Filter sniffer engine will beinstalled.

NoteIf you wish to install the sniffer product on an ISA or Proxy Server environment,you can do this by making the following call from a command line:

setup /p standard



1.3 Database Requirements

1.3.1 SQL Server Database

If you have SQL Server on the machine you plan to install SurfControl WebFilter on, this will be detected during the installation process. If you are planningto use a SQL Server database, but have not installed it, complete the followingtask before installing SurfControl Web Filter: Install SQL Server on the appropriate machine. This can be on the same

machine or on a different machine from where you will install SurfControlWeb Filter.

NoteYou should install SQL Server with the default setting of case insensitivity,including case insensitivity for Dictionary Order. Choosing case sensitivity maycause problems when installing SurfControl Web Filter.

Reasons for using SQL Server

You anticipate storing large volumes of data. This could be due to a high number of users, high Internet activity or the need to retain data for an extended period of time.

You require SurfControl Web Filter to write data to a database that is not resident on the same server.

You require more than one SurfControl Web Filter installation (referred to as data collectors) to consolidate data to a single database.

SurfControl Web Filter works with both Microsoft SQL Server 7 and SQL Server2000.

1.3.2 MSDE Database

If you are not using a SQL Server database then Microsoft SQL ServerDesktop Engine (MSDE) will be used. This will create the database forSurfControl Web Filter to use and also enables a seamless upgrade to a SQLServer database should you wish to do so in the future. MSDE will be installedfrom either the product CD or the Internet via the downloaded setup.exe file.



1.4 Network CardsIn some instances, when SurfControl Web Filter is used in conjunction with anetwork switch, it is often connected to a mirrored port on the switch, so thattraffic from all ports can be monitored. A mirrored port can only receive data,not send it. In this situation Web Filter will monitor activity (because it canreceive traffic) and you will see Internet traffic in the Monitor but it will be unableto send any data. In effect it will not be able to send any blocking packets, norwill it be able to send a message to the user indicating that they have beenblocked.The result of this is that any rules you have created will not work. In thisscenario, at least two network interface cards (NICs) are needed in the WebFilter server. One NIC will be used to monitor data only, and will be connectedto the mirrored port, the other can be connected to any port on the switch andwill be used to block and can perform other tasks such as DNS lookup,connecting to a database, user name resolution etc. You may wish to installanother NIC to perform these tasks separately.They are set up in the following way: In the ‘Select Network Card’ dialog during installation choose which card

you want to use to monitor data. After installation set another card to block and send data out.

1.4.1 Identifying your NICs

Before installation identify the NIC that you will use for monitoring data andwhich will be used to block or send data to the network.

NoteEnsure that the NICs are connected to the appropriate corresponding switchedport.



Select a NIC to receive data

Start to install SurfControl Web Filter. If you are installing on a machine withmore than one NIC you will see the following dialog during set up:

Select the check box that corresponds to the card that you intend to use tomonitor data then click Next to proceed through the installation.

Configuring the Monitoring NIC

1 Open Network and Dial-up Connections from the Windows Control Panel. All your NICs will be displayed:



2 Select the NIC that you set up for monitoring and right-click it. Select Properties from the drop-down menu.

3 In the dialog that follows you will see a list of components for the connection:

Locate the SurfControl Network Protocol Device Driver.

WarningDO NOT clear this check box or the SurfControl driver will be deactivated forthis network card and all monitoring/blocking will stop.

If for some reason this box IS cleared and you do not want the driverdeactivated, then re-check it and click OK to restart.



4 Select this driver and click the Properties button. A Properties dialog will appear:

5 Ensure that both the Monitor this adapter and Redirect blocking packets to: check box are selected. Select the NIC you wish to use to send blocking data to from the drop down list.

Configuring the blocking NIC

1 Navigate to the SurfControl Network Protocol Device Driver dialog for the blocking NIC, using the same method as for configuring the monitoring NIC, described above

2 Ensure that both the Monitor this adapter and Redirect blocking packets to: check boxes are cleared.

Using a third NIC

If you want to set up a third NIC for network communication, the followingbinding settings are recommended.

Web Filter Monitoring and Blocking NICs

SurfControl Network Protocol Device Driver - Selected Internet Protocol (TCP/IP) - Not Selected

Network Communication NIC

SurfControl Network Protocol Device Driver - Not Selected Internet Protocol (TCP/IP) - Selected

If using a third NIC, the protocol device driver properties for the Monitoring NICneeds to be configured in the following way (as in step 5 above for the blockingNIC). Monitor this adapter - selected. Redirect blocking packets to: - cleared.



Ensure the correct NIC is selected from the drop down list.


2 InstallationThis section contains instructions for a successful installation of SurfControlWeb Filter. The flowchart and descriptions explain what you should do at eachstage of the installation process.


Installation

2.1 Flow chartThe following flowchart shows the processes involved when installingSurfControl Web Filter.

Welcome

Information screen(where applicable)

LicenseAgreement

Display Readme?Readme file displays and

installation continuesInstallationcontinues

No Yes

Select SQL Database Installation Option

Complete Installwith MSDE 2000

Complete Install using anexisting copy of SQL Server

Remote Administration(needs SQL Server)

Enter Customerinformation

Choose destinationlocation

Complete product Choose setup type

Install Summary

Transfer of files

MSDE Downloadand installation -follow on screen

instructions

Select serverinstallation options

Select Network Card(if applicable)

WindowsAuthentication

SQLAuthentication

Enter name ofdatabase

Enter name ofdatabase

Select MSDE / SQL Server Database andauthentication type

Select account for WebFilter Service

Log on as localsystem account

Log on as otheraccount

SystemsAdministratornotifications

Register forcategory updates

Remote Administration(you must install complete

product first)

Select client installationoptions

Select server type

1

2

3

4

5

6

7

8

5A5B

6A

6B


Installation

2.2 Installation DescriptionThe numbers in the following description relate to the steps in the flowchart.Throughout the install process you can: Click Next to move on to the next part of the installation process. Click Back to go back to the previous screen. Click Cancel to abort the installation of Web Filter.

From the Welcome screen, click Next to continue.

1 License

The SurfControl License Agreement. You must agree to the terms andconditions contained within this agreement before you can install SurfControlWeb Filter. The Next button is greyed out until you select the ‘I accept the termsof the License agreement’ radio button.

2 Display the Readme file

The Readme file contains information about new features, customer reportedissues fixed and known issues with the product. It is strongly recommendedyou read this file before continuing with the installation process. Click Next and the Readme will display in a web browser.

3 SQL Database Installation Options

NoteThis dialog only appears if there is no SQL Server database detected on yourmachine. If one is present, you will go straight to step 4, Customer Information.

On this dialog you have three options: Complete Web Filter product with MSDE2000. This includes the

installation of MSDE on your machine from either the product CD or viathe Internet from the downloaded setup.exe file. During the MSDEinstallation process you will need to provide a Systems AdministratorUser Name and Password. At the end of the MSDE2000 installationprocess you are asked whether or not you want to restart your machinefor the changes to take place. You MUST click Yes on this dialog, asproblems with the rest of the Web Filter installation may occur if you don’trestart your machine. You will need to begin the Web Filter installationagain after restarting.

Complete Web Filter product using an existing SQL Server. Duringthis installation you will be asked to connect to a SQL Server databaselocated on your network. No data will be written to the local machine.

Web Filter Remote Administration. You need to have installed one ofthe Complete Product options as described above before installing aRemote Administration.


Installation

4 Customer Information

This dialog allows you to specify a User Name, Company Name and SerialNumbers for both Web Filter and the Virtual Control Agent™. If you areevaluating Web Filter you can leave the Serial Numbers blank and you willinstall a 30 day trial version. If you then purchase the product you can enter theSerial Number supplied via the Help > About menu options from any of theWeb Filter components. Click Next and you will be asked to choose adestination location. the default is:C:\Program Files\SurfControl\Web Filter

You can Browse to select a different location if you choose. Click Next havingeither selected the default or chosen an alternative location.

5 Setup Type

There are two Setup Type options: Complete Product - this installs all of the SurfControl Web Filter

components, linking to the SQL Database chosen in Step 3. Remote Administration - if you wish this machine to act as a Remote

Administration Client, highlight this option. This option is highlighted if youchose Remote Administration in Step 3.

NoteRemember that a Complete product installation must have been performed onyour network before chosing Remote Administration, as it will search for theSQL Server database setup as part of this procedure. If you chose theComplete Product Installation option here after chosing Remote Administrationoption in Step 3, a warning dialog will appear. This will remind you that youneed an instance of MSDE or SQL Server database on your network.

5A Complete Product Installation Options

Having chosen the Complete Product Installation, the next screen is the SelectServer Installation Options dialog. The options are: Automatically Monitor New Users. This enables all new users added to

your network to have their Internet activity monitored. Enable User Name (EUM) Support. This uses Windows 2000 security

auditing to resolve usernames when a router is between the SurfControlWeb Filter machine and a user's workstation. This enables SurfControlWeb Filter to monitor across networks. See the EUM section for moredetails.

NoteThis option is not available for ISA or Proxy Server installations.


Installation

Install Virtual Control AgentTM. The Virtual Control Agent (VCA) evaluates"unknown" web sites then classifies each Web page into one of the SurfControlWeb Filter categories. If you have not purchased a license, the VCA willoperate as a 30 day trial version. See the VCA chapter in the Post InstallationConfiguration section for more details.By default, these options are checked, so if you do not wish to install any ofthese options, un-check the relevant box. You can also configure these threeoptions following installation. For EUM see the Programs > SurfControl Web Filter > Enterprise

User Monitoring menu to either install or uninstall.

Note: this option is not available for ISA or Proxy Server installations. For the VCA to either install or uninstall, click the Change/Remove button

in the Add/Remove Programs options in the Control Panel. Choose theModify option from the first dialog box and select the VCA.

To change the Monitor New Users option, see the Configure >Monitored Users menu option from the Web Filter Monitor.

Click Next to continueIf your machine has more than one network card installed, the Select NetworkCard dialog box will appear. Select the card that you wish to monitor Internettraffic via by checking the relevant box. For more information on network cards,see the pre-installation section. NoteThis option is not available for ISA or Proxy Server installations.Click Next to continue.The Select MSDE/SQL Server Database dialog will appear. See Step 6


Installation

5B Remote Administration Installation Options

Setting up a machine as a Remote Administration Client gives you the followingfunctionality: The ability to see monitored traffic that is recorded in the database using

the SurfControl Web Filter Monitor. To create and edit rules then commit them to the database so that they

work across your system. Setup scheduled events for Command Line, Database Management,

Network Groups Updates and Reporting tasks. Start and stop the SurfControl services. Use standard reports with any database and Web reports with a SQL

Server database.A Remote Administration machine does not have the following functionality: The ability to collect any network traffic data. Use of the Real-Time Monitor. Update the Category List updates. The ability to update the SurfControl Web Filter database.

Having chosen the Remote Administration Installation, the next screen is theSelect Client Installation Options dialog. You can choose whether or not toinstall the Virtual Control AgentTM (VCA) from this dialog. As you should onlyinstall the VCA on one collector per monitor database, the default is not toinstall. Click Next to continue.The next dialog box asks you to specify the server platform type. The optionselected and highlighted will depend on the environment automaticallydetected during the initial installation process.

NoteIf you manually installed the sniffer product on an ISA Server, you should selectthe ISA Server option here to ensure you have the Bandwidth Rule tab includedin your Rules Administrator object options.

Click Next to continue.You will now see a summary of your installation settings. Click Next to start theinstallation.Once the installation has finished, the Select MSDE/SQL Server Databasedialog will appear.


Installation

6 Select MSDE/SQL Server Database

After the installation of the Complete Product or Remote Administration hasfinished, this dialog asks you to select the Server and Authentication type. Server - from the Server drop-down list box, select the server you wish to

connect to. Authentication - you have a choice of two authentication types:

Windows Authentication SQL Authentication

6A Windows Authentication

The default choice. This uses the Windows User Name and Password.Click Next to continue.The dialog box then asks you to select a database for Web Filter to use, fromthe server selected in the previous screen. All SQL Server databases presenton the selected server are visible from the drop-down list box. The defaultdatabase is:surfcontrol_webfilter

If you wish to use a new database, not present on the server, you can enter thename in the Database field to create it.Click Next to continue.


Installation

Having chosen Windows Authentication, the next dialog asks you to select anaccount for the Web Filter Service. This needs to have administrator rights.There are two Log On As options: Local System Account. If the database is on the local machine, you can

choose this option. This Account. If the database is on a different machine, you will need to

use this option. You will need to supply the following information: Domain\User Name Password Password Confirmation

Having entered the Log On As information, click Next to continue. TheSystems Administrator Notifications dialog will appear. See Step 7.

6B SQL Authentication

This requires the use of a pre-existing SQL User Name and Password. TheUser Name must have rights to create databases.Click Next to continue.The dialog box then asks you to select a database for Web Filter to use, fromthe server selected in the previous screen. All SQL databases present on theselected server are visible from the drop-down list box. The default database is:surfcontrol_webfilter

If you wish to use a new database, not present on the server, you can enter thename in the Database field to create it.Click Next to continue.The Systems Administrator Notifications dialog appears.


Installation

7 Systems Administrator Notifications

SurfControl Web Filter can send message notifications to a specified e-mailaddress if any of the following events occur: Service running status change - if one of the SurfControl services stops

running. Catch up mode notifications - if Web Filter enters catch up mode due to

the volume of Internet traffic being generated. Scheduled task failures - if a scheduled task fails to run in the

Scheduler. Category List License reminders - if a Category List License is close to

expiring.By default, all these notifications are selected. Clear the appropriate box if youdo not wish to receive a certain message type.You need to enter your company’s SMTP Server name and a RecipientAddress.The From Address is the default e-mail address from the Rules Administrator.You may replace this with an address of your choice.

NoteYou can also configure these notification settings following installation by right-clicking the Web Filter icon in the status area and selecting the Configure WebFilter Service menu option. Click on the Email Notifications tab to bring up thesettings.

Click Next to continue.the InstallShield Wizard Complete dialog appears. Before you can use Web Filter, you need to restart your computer. You havethe choice to do this immediately, or later.Click Finish.


Installation

8 Register for Category Updates

On restarting your machine, Web Filter will ask you to register your product inorder to receive Live Updates of the Category Lists. Complete the form, makingsure you complete the required fields (marked with an *). You can also set adifferent location for the downloaded temporary files than the default bybrowsing to the folder you wish to use.The default location is: C:\Program Files\SurfControl\Web Filter\

NoteYou can register at a later date by adding a Category Database Update event inthe Scheduler.

Click Register. A Scheduler dialog will appear confirming the setup of thescheduled update. This can be changed via the Scheduler if needed.Click OK. The install is now complete.


Installation

2.3 Upgrading

2.3.1 Access to SQL Server Database Upgrade

If you are upgrading from a previous version of SurfControl Web Filter to 4.5and your database was Microsoft Access, this will be upgraded to a MSDE2000or SQL Server database as part of the process.

NoteYou cannot upgrade an earlier evaluation copy to version 4.5 of SurfControlWeb Filter.

1 Start the installation as described earlier in Section 22 If you have already got a SQL Server Database on your machine, this will

be detected automatically. You then go straight to Step 4.3 If you have no SQL Server Database present, you will need to choose the

Complete Install with MSDE2000 option (see Step 3 in the Installation Description section). Once MSDE2000 has been installed and your machine re-booted, you need to restart the installation.

4 You will be asked to select your upgrade option on re starting the installation. The default is to ‘Keep Existing settings’. Click Next.

5 The Database Updater dialog will appear. This will show the current DSN. You can use this or browse to select another if you want. Click Update Database.

6 A dialog will inform you when the database has been updated succesfully.7 The upgrade then follows the same path from Step 6 in the Installation

Description section.


Installation

2.3.2 Upgrading Archived Databases

If you have a number of archived Access or databases you wish to upgrade toSQL Server, you will firstly have to upgrade your current database as describedin 3.1 above. Following a successful upgrade you can then run the dbmodifytool.This tool is found in the following folder following a default installation:C:\Program Files\SurfControl\Web Filter\Tools.1 Double click the dbmodify application and the SurfControl Database

Updater dialog will appear. This will show your current DSN. If you need to select a different DSN click the Browse button and navigate to its location.

2 Then click Update Database.3 A dialog will inform you when the database has been updated succesfully.You can now run the ‘Upgrade Access to MSDE SQL Server’ wizard from thePrograms > SurfControl Web Filter > Database Tools menu. This wizard willguide you through the upgrade process.

2.3.3 Upgrading SQL Archived Databases

To use archived SQL Databases all you need to do is run the dbmodify tool asdescribed above.


3 Post Installation Configuration

3.1 Database creationThis section explains how to set up a new SurfControl Web Filter Database.

3.1.1 Creating a SQL Server Database

In order to create a SQL Server database to be used by SurfControl you need avalid SQL account on the SQL Server. You can create the database using thebuilt in sa account, using the password that you specified during installation (ifyou opted to change it) and in this instance you would create a database in thesame way as you would if creating a MSDE database (see section 1.2 Creatinga MSDE Database for more details). If, however, you are unable or unwilling touse the ‘sa’ account for whatever reason, then you must create a new useraccount before creating the SQL database:

Creating the Account

1 First stop the SurfControl Web Filter service and make sure that you have all of the SurfControl components (Monitor, Rules Administrator etc) closed.

2 Open the SQL Enterprise Manager from the Microsoft SQL Server Start menu.

3 Click on the ‘+’ sign in front of the SQL server name to expand the tree.4 Click on the ‘+’ sign in front of Security and choose Logins from the

expanded tree. Right-click on ‘Logins’ and select ‘New Login’.5 In the dialog that follows:

Select the General tab and enter a name for your new account. Select the ‘SQL Server authentication’ radio button and enter a

password in the ‘Password’ edit field. Select the ‘Server Roles’ tab. Check the Database Creators key.

6 Click OK.



Creating the Database

1 Choose Database Tools/Create MSDE SQL Server Database from the SurfControl Start menu.

2 This will launch the Create SurfControl WebFilter Database Wizard that will guide you through the steps involved in creating a SQL Server database for use with SurfControl Web Filter.

Setting up Access to the Database

1 Open the SQL Enterprise Manager from the Microsoft SQL Server Start menu.

2 Click on the ‘+’ sign in front of the SQL Server name to expand the tree.3 Click on the ‘+’ sign in front of Security and choose Logins from the

expanded tree.4 Right-click on your newly created login from the list of available logins and

select Properties.5 Select the Database Access tab in the dialog that follows then select your

newly created SurfControl database.6 In the ‘Database Roles’ section ensure that both ‘Public’ and ‘db_owner’

are checked.7 Click OK.

Accessing your new database

On the machine that you wish to access the database:1 Select Database Tools/Select Database on the SurfControl Start menu.

You will now see the Select SurfControl Database dialog: If you wish to set this as the default database to be used by the

SurfControl Monitor select the Monitor tab. If you wish to set this as the default database to be used by the Surf

Control Rules Administrator, select the Rules Administrator tab.2 Click the Browse button. 3 This will launch the SQL Server Login where you can navigate to your new

database. Click Connect to SQL Database to expand the dialog. The expanded dialog will enable you to enter details of the machine where your database is located.

4 In the ‘Server’ edit field enter the name of the server where the database is installed. This name will be saved in the list for ease of access next time. Up to ten names can be stored in this way.

5 Select your new database from the ‘Database’ list. Click OK.



Creating the SQL Server Account

After you install both SQL Server and SurfControl Web Filter, you must providea SQL Server login for SurfControl to use when connecting to the database.

NoteYou must use this SQL Server login to create the SQL database. Furthermore ifusers are to use the Select Database utility then they must again use thisaccount rather than the sa account. This is the only account that should beused with the Rules Administrator.

Creating a SurfControl Web Filter User Account:1 On the server that is running Microsoft SQL Server, choose Microsoft SQL

Server Enterprise Manager on the Start menu.2 In the Management console, open the tree properties until you can select

the icon for the server you are working from. Under there should be a list of folders including two called Databases and Security.

3 Open the Security folder and select the Logins property. You should see in the right pane a list of the current logins available for SQL Server.

4 Right-click in the space below and select New Login from the dialog box. From here you can create a new user account for SurfControl to use when connecting to the database.

5 At the top of the first page add the new name for the login (e.g.: surfadmin). You will need to choose a form of authentication. Select the SQL Server authentication and then you can either choose to add a password or leave it blank. If you add a password you will be requested to confirm this later on. From the third option on this page, 'Defaults', select from the database menu the SurfControl Web Filter database. Leave the language option set to default. The second tab on this dialog, titled 'Server Roles', should be left with no properties highlighted.

6 In the Database Access tab, select the SurfControl database and then in the menu below 'Permit in Database Role' select the top two options: 'public' and 'db-owner'. No other properties need to be selected. Click OK to create the new user account.

Next you will need to modify the SurfControl database. Right-click on thepreviously created database in the databases folder and select properties. Goto the 'Options’ tab and select the ‘Restrict Access' check box. Click OK.You will now be able to open the SurfControl monitor using the new user login.



3.1.2 Creating a MSDE Database

1 Select Database Tools/Create MSDE SQL Server Database from the SurfControl Start menu.

2 This starts the Database Creation Wizard that will guide you through the steps involved in creating a MSDE database for use with SurfControl.

3 The first information that you will be asked for is the server where you wish to create the database and the type of authentication that this machine requires: Use Trusted Authentication- selecting this check box will mean

that your Window’s user name and password will be used. SQL authentication - if you don’t select the ‘Use Trusted

Authentication’ check box’ you will need to enter a valid SQL account name and password.

4 Enter a name for the new database then check the remaining options as required: Use default file locations - this will store the database file and the

transaction log file on the server. If you wish to store these files elsewhere then you need to uncheck this option and specify a location for these files in the dialog that follows.

Set as the Web Filter Service default database - the Web Filter Service will set this database as the default for the Monitor and Rules Administrator applications.

Restart the Web Filter Service with this database - the Web Filter Service will automatically start to write to this database once you have created it.

Populate with sample monitored data - shows a full database of sample data that can be used to try out reports and Monitor settings. This is useful when you are getting to know the product and either do not have or do not wish to use an existing full database.

5 The Finish dialog will indicate that you have created a new database.



3.2 The Virtual Control Agent

3.2.1 Installation

NoteYou should stop the SurfControl Web Filter service and all other applicationsbefore installing or uninstalling the VCA.If you did not install the Virtual Control Agent when installing Web Filter, or wishto uninstall it, highlight the SurfControl WebFilter entry in the Add/RemovePrograms menu from the Windows Control Panel and clicking the Change/Remove button. Choose the Modify option from the first screen. Click Next andthe VCA should be selected (to install). Clear the check box to uninstall. ClickNext and follow the prompts.

Note: you should only have one VCA installation per Monitor database. The default option during a Remote Administrator installation is to not install the VCA.

3.2.2 Post Installation Activation

If you need to enter the VCA Serial Number, you can do so while the VCAwindow is open.1 Select VCA from the SurfControl Web Filter group on the Start menu.2 Right-click on the VCA icon in the upper-left corner of the VCA window,

then select About SurfControl Web Filter Virtual Control Agent from the pop-up menu.

3 Click Serialize in the About box.4 Enter the serial number in the dialog, then click OK.

NoteSurfControl Web Filter VCA running in evaluation mode will not update theSurfControl Web Filter database. However, it will give feedback on totals ofsites that would be categorized when activated.



3.2.3 Configuring the VCA

Configuration of the VCA is carried out within the Settings tab of theSurfControl VCA dialog:Within this dialog you can configure the following: Spider Settings Proxy Settings

The Spider SettingsThe Settings tab enables you to control how the VCA will handle connectionsand pages during classification runs.Observe Robot Exclusion Policy - some sites contain a text file thatdescribes exactly what each spider (or robot) can access on the site. If youchoose to ignore this policy then the spider will try to access unauthorizedareas on the site. This may result in your IP address being banned by the site.Impersonate Internet Explorer - if you select this item the VCA will identifyitself as Internet Explorer when making requests to servers. If you uncheck thisitem then the VCA will identify itself as SurfControl Web Filter. Some sites areinaccessible unless you impersonate Internet Explorer. Alternatively, sites canalso ignore requests that originate from SurfControl Web Filter.Cache retrieved web pages - adds any pages directly retrieved during theVCA run to the local web page cache, if available.Retrieve pages from cache - enables VCA to use locally cached versions ofpages on a site, rather than having to go out and retrieve current versionsdirectly from the site to be classified.

The Proxy SettingsThe Proxy Settings are available on the Settings tab of the VCA.If the VCA will be accessing the Internet through a Microsoft Proxy Server, youshould select the ‘Use Proxy’ setting check box.

NoteIf you want the VCA to use NT Authentication when going through the ProxyServer, check the Use NT Authentication box setting. If you do not want to useNT Authentication then supply a User Name and Password.



The General Settings sectionThe General Settings section contains a check box entitled 'Submit details ofVCA categorized sites to SurfControl'. If you check this box then as VCAcategorizes 'None' sites it will send these sites with their new categorization toSurfControl. Research staff examine these sites to check that the categorization applied byVCA is correct. Once these categorizations are verified the URLs are added tothe Category Database to ensure that it always contains the mostcomprehensive and up-to-date information.

3.2.4 Upgrading the VCA

If you did not have VCA installed on a previous version of SurfControl WebFilter and you now wish to upgrade this version then VCA will not be installedduring the normal upgrade process. VCA will need to be installed manually. To install the VCA manually, navigate to the SurfControl Web Filter

installation directory where you will find a folder containing the VCA components.

Double-click the VCA setup.exe file. Follow the on-screen prompts to install the VCA.

If you did install VCA on a version of SurfControl Web Filter that you now wishto upgrade then VCA will be upgraded along with the rest of the Web Filterproduct. However this will only happen if the version of VCA that you have isthe following: SurfControl Virtual Control Agent 4.0.2.2



3.3 Enterprise User MonitoringBy default, SurfControl Web Filter resolves user names in a Windows NT or2000 environment by issuing a NetBIOS query based on the MAC address.SurfControl Web Filter also provides an Enterprise User Monitoring (EUM)utility for resolving user names in a routed network. SurfControl recommendyou use EUM for all user name resolution with Web Filter. As an alternative youmay also choose to monitor on Novell User Names. See section 3.4 for moredetails on Novell Netware.SurfControl recommends user name resolution because: Workstation name resolution only identifies the machine requesting the

data, not the user who originated the request. Monitoring user names is more convenient in a workplace where

employees share or swap machines frequently. Allows you to utilize existing NT Users and Groups for creating rules.

NoteEUM is not available on Proxy or ISA Server installations.

3.3.1 EUM on Windows NT domain controllers

SurfControl Web Filter installs the EUM agent onto Windows NT domaincontrollers as a service (ScUserAgent.exe). During installation, SurfControlWeb Filter configures the domain controllers to record Successful Logons tothe security log (event 528). If you make changes to this audit policy anddisable event 528 logs (Successful Logon), EUM will no longer operateproperly. See the EUM section in the Administrators Guide for more details.Before installation onto a NT domain controller, ensure the trust relationshipsare set up for multiple domain environments. In this case SurfControl isTrusted, all other domains are Trusting.

3.3.2 EUM on Windows 2000/2003 domain controllers

The EUM is installed onto Windows 2000/2003 domain controllers as a dll(ScSubAuth.dll). When EUM is installed on Windows 2000 environment, ituses Microsoft’s Sub-Authentication to resolve user names. See the EUMsection in the Administrators Guide for more details on Sub-Authentication.After installation on Windows 2000, you must reboot the domain controller.



3.3.3 Installation Instructions

Before installing the EUM software, make sure your environment meets thefollowing requirements: A static IP address has been assigned to the SurfControl Web Filter

machine(s). You have administrator rights to all domain controllers where you will

install the EUM agents. The SurfControl Web Filter machine is located in the correct domain. In a two-way trusted environment, it can be located in any domain. If a one-way model is in use, then it should be located in the master

domain so it can see all other domains. No restriction on the firewall or router for the TCP/IP port used. The

default port is 61695 (61696 on Netware). Ensure that the security logs of all domain controllers are set to overwrite

events as needed.

3.3.4 User Logoff Recommendations

Before beginning the installation procedure, try to make sure there are few orno users on the network or when a forced logoff can be scheduled. Thisensures the fastest, most accurate detection of users. If this condition cannot be achieved, it may take a few days for SurfControl WebFilter to detect all users, as they log off and back on to the system in the courseof normal work patterns.



3.3.5 To install Enterprise User Monitoring

1 Select Install Enterprise User Monitoring from the Programs > SurfControl Web Filter > Enterprise User Monitoring menu.

2 Click Next on the Welcome Screen.3 Enter the hostname of the Server running the SurfControl Web Filter

software. By default, this is the name of the Server running the EUM installation. SurfControl recommends that you check the hostname resolves via DNS.

4 Specify which port the User Agent and SurfControl service should use to communicate and click Next to continue. SurfControl recommend you choose the default port 61695 (61696 on Netware).

5 Select or deselect the domains to monitor. The list includes the local domain and all trusted domains on the network. Click Next to continue.

6 Select the domain controllers where you want to install the EUM agents, and click Next to continue. You now see a window indicating the progress of the EUM installation. For each domain controller selected, the installation process will now perform the following tasks:

7 Enable auditing for Logon and Logoff (for each domain).8 Create the directory:

C:\SurfControl User Agent.

9 Copy the User agent service, ScUserAgent.exe and scua.ini to the User Agent directory.

10 Start the User Agent Service. Progress details will be displayed in the dialog.

11 When the Agents have been installed on all the domain controllers, select Finish to complete the installation.

12 You now need to reboot your Windows 2000/2003 server.



3.4 EUM for Netware

3.4.1 Installing the Netware Loadable Module

nweum.nlm is the Netware based User Agent. It provides the samefunctionality as the NT EUM but on a Netware platform. With this product userlogon events are seen only on the Netware Server and for this reason the NLMmust be loaded on to every Netware Server. To install the NLM:1 Install Novell Client 32 on to a workstation. The network must be using

Novell 5 or 6 over IP.2 From this workstation log on to the Novell Server with administrative rights.3 Go to the SYS volume and create a directory for example, nweum. 4 Under this directory, copy the files nweum.nlm and scua.ini.5 On the Netware Server console, load the NLM by typing:

Load sys:\nweum\nweum.nlm

6 Click Enter.

NoteThe system will not allow you to load the NLM if a copy is already running.

Automatically loading the NLMTo automatically load the NLM every time the Server is rebooted edit the filesys:\system\autoexec.ncf Add the line:load sys:\nweum\nweum.nlm at the very end of the file.

You can edit this file using any text editor from the workstation or from theNetware Server by typing:Load edit sys :\system\autoexec.ncf

Unloading the NLMTo unload the NLM type:unload nweum.nlm

For information on editing the Novell version of scua.ini see the EUM section inthe Administrator’s Guide.



3.5 Performance TuningThere are a number of factors to take into account when deploying SurfControlWeb Filter on your network, which relate to the choice of server, number andlocations of servers, and configuration options. The first thing to understand isthe components within a server that affect performance: CPU: A faster CPU or multiple CPUs will improve processing throughput. RAM: A Larger amount of memory will improve performance through

better buffering. Disk Subsystem: Probably the most important factor, a faster disk system

(SCSI, SCSI II etc) will improve throughput. Virus checkers and services: Disable any that are not needed.

3.5.1 System Workload Issues

What size and strength of system your monitoring requires depends on theamount of traffic (packets per second) that you need to monitor since thebiggest impact on performance is the recording of monitored packets to theSurfControl database. Understanding the volume of network traffic, the mix ofprotocols, and the level of detail you want to monitor will help in sizing thecorrect system.As a hypothetical example, a network might have on average 600 packets asecond passing by the SurfControl Monitor. These could break down into thefollowing percentages: HTTP (web access) - 70% FTP - 15% Telnet - 10% SMTP - 5%



3.5.2 Monitoring Options

If you are not interested in monitoring FTP or telnet, you can disable theseprotocols in the SurfControl Web Filter Monitor. Doing this reduces theworkload for SurfControl Web Filter. You can further reduce the workload by deciding not to monitor certainworkstations (this does not stop your ability to control those workstationsaccess from the Rules Administrator). This can be done through the MonitorUser interface. For instance if you have a web server inside your firewall youmay not wish to see all the traffic associated with that system.You can also reduce the amount of monitoring for each connection by recordingonly the top-level domain and not individual graphics that typically getaccessed.

3.5.3 Other Performance Options

You can also control other performance factors, such as: Disable the monitor all HTTP traffic setting (will only monitor top level

domain information). Disable auto-categorization, or only using SmartScan. Disable username support (if you have not implemented NT or NDS

usernames across your network you may only require a hostname). Lengthen the time between checking if a new user has logged in on a

workstation.If you have workstations on your network that don't have an entry in your DNSServer, you will suffer a performance penalty. SurfControl Web Filter willattempt to resolve the workstation name, which ultimately results in a timeoutfrom the DNS Server that will slow the service. This applies not only to internalworkstations, but also to external workstations that enter your network. Youmay see a lot of external workstations registering in the Monitor if you have aWeb Server, FTP Server or E-mail Server on the monitored network.You can disable the workstation name resolution to speed up performance bydeselecting the Enable Workstation name resolution option.



3.5.4 Performance Factors

There are other factors that come into play, and other options you can deploy intuning the system. The size of the monitored database can also impactperformance. Another factor is the demand for reporting as well as recording;high reporting requirements can impact system performance.

3.5.5 Catch-Up Mode

When SurfControl Web Filter is unable to keep up with the volume of data it istrying to record to the Monitor database, it will move into "catch-up mode",where it starts to set monitoring priorities. First, SurfControl Web Filter will stoprecording non-HTTP data, and then it will stop recording HTTP data. A warningwill be written to the event log when catch-up mode is started and when normalservice is resumed. This does not affect the rules and blocking. Catch-up mode is based on classic high and low water principles to preventconstant stopping and starting of monitoring. However, if this happensfrequently, there are various solutions: Use a more powerful PC for monitoring. Archive the database frequently. This speeds up the committing of

information to the database. Monitor less information. For example, only capture details for specific

users. Monitor to flat file, and then update the database during non-peak hours. Disable DNS resolution for either workstations and/or sites.



3.5.6 Distributing Services and Multiple Collectors

Your network may have such a large volume of traffic that no one system canhandle it. In these instances you can deploy multiple Servers. These Serverscan be physically deployed on different segments if you have a switchednetwork, or they can be configured to only monitor certain subnets (using theSurfControl Web Filter Service). You are then able to balance the load acrossServers.This will result in separate monitor databases on each Server. This may be agood solution if you want to delegate control to departments or groups, as theywill be able to monitor and control their own Internet Access Policy.However, if you wish to use a single database to view and produce reports, youwill need to consolidate the information. This can be done in one of two ways: Use flat files at each of the SurfControl Servers (in this case known as

collectors). Then use the SurfControl 'Database Updater' process to writethe flat files from each of the 'collectors' to a single database.

Configure both collectors to simultaneously write directly to the singledatabase.



3.6 TroubleshootingThis section covers some problems that may occur during or after installation ofSurfControl.

3.6.1 Proxy Server running on a non-standard port

SurfControl Web Filter by default only monitors the following protocols andports. HTTPS: 443 HTTP: 80,8080,8000 FTP: 21 Telnet: 23 NNTP: 119

NoteOn an ISA installation, you will only see HTTP, HTTPS and FTP protocols asdefault.

If your clients are configured to access an HTTP Proxy Server that does notuse these default ports, you will need to configure SurfControl Web Filter tomonitor the non-standard ports.

3.6.2 To configure non-standard ports

1 Stop the Web Filter service by right-clicking on the SurfControl Web Filter icon in the Windows taskbar status area and selecting Stop Web Filter Service on the popup menu.

2 Open the SurfControl Monitor.3 Select Monitored Protocols from the Configure menu.4 Highlight the protocol you wish to re-configure from the protocols list to

display the currently configured ports. Click Configure Protocols.

5 Highlight the protocol again and click the button.

6 In the Ports dialog, click the button. Enter the port number in the box. Click Close, then Click OK on the rest of the dialogs.

7 Restart the Web Filter Service. SurfControl Web Filter will now monitor requests on the new ports.



3.6.3 If no data is being collected

1 Check that the Web Filter service is running. The SurfControl Web Filter icon in the System Tray should appear in color. If it is grayed out, the service is not running.

2 To start the service, right-click on the SurfControl icon in the Windows taskbar status area and select Start Web Filter Service on the popup menu.

3 If the service will still not start or you experience further problems, please contact SurfControl Support.



3.7 Troubleshooting EUM IssuesIf you are having difficulties making EUM work correctly, please check theseitems before contacting SurfControl Support:

After installing the EUM agent, make sure that all domain users log out and then back into the domain because the agent will not pick up previously logged-in users.

Check the security logs on the domain controllers to ensure that the user has indeed logged on.

If an entry is present for the user, ensure that the workstation name can be resolved from the domain controller running the user agent. If it can't be resolved, NetBIOS is not installed on the client and no DNS entry is present. You should add a DNS entry or install NetBIOS on the client.

Ensure that the agent is installed on all domain controllers that authenticate users.


Documents

Web Filter - Forcepointkb.websense.com › pf › 12 › webfiles › WBSN Documentation... · 1 - 3 SurfControl Web Filter - Installation Guide 1.2.1 Single-segment Network The figure