Comsifter Cs-8d pro User manual

ComSifter®

protect web users now!

User Guide

Model CS-8D Pro

Version March 26, 2012 0326121500

The products described in this User's Guide are licensed products of Comsift, Inc. This User's Guide contains proprietary information

protected by copyright, and this User's Guide is copyrighted.

Comsift, Inc., hereafter referred to as Comsift, does not warrant that the product will work properly in all environments and applications,

and makes no warranty and representation, either implied or expressed, with respect to the quality, performance, merchantability, or

fitness for a particular purpose.

Comsift has made every effort to ensure that this manual is accurate. However, information in this User's Guide is subject to change

without notice and does not represent a commitment on the part of Comsift. Comsift makes no commitment to update or keep current

the information in this User's Guide, and reserves the right to make changes to this User's Guide and/or product without notice. Comsift

assumes no responsibility for any inaccuracies and omissions that may be contained in this User's Guide. If you find information in this

User's Guide that is incorrect, misleading, or incomplete, we would appreciate your comments.

No part of this User's Guide may be reproduced or transmitted in any form or by any means, electronic or mechanical, including

photocopying, recording, or information storage and retrieval systems, for any purpose other than the purchaser's personal use, without

the express written permission of Comsift.

Comsift, ComSifter, CSphrase and the Comsift logo are trademarks of Comsift, Inc.

All other trademarks or registered trademarks listed belong to their respective owners.

FCC STATEMENT

This product has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules.

These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment

generates, uses, and can radiate radio frequency energy and, if not installed and used according to the instructions, may cause harmful

interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this

equipment does cause harmful interference to radio or television reception, which is found by turning the equipment off and on, the user

is encouraged to try to correct the interference by one or more of the following measures:

Reorient or relocate the receiving antenna

Increase the separation between the equipment or device

Connect the equipment to an outlet other than the receivers

Consult a dealer or an experienced radio/TV technician for assistance

TABLE OF CONTENTS

Table of Contents

Table of Contents ................................................................................................................................................i

Introduction and Getting Started ..................................................................................................................1–1

Features..........................................................................................................................................................................1–1

How ComSifter Works...................................................................................................................................................1–2

Overview.......................................................................................................................................................................1–3

Internet Gateway ..........................................................................................................................................................1–3

Non-Stop Operation......................................................................................................................................................1–3

Firewall .........................................................................................................................................................................1–3

Filtering System............................................................................................................................................................1–3

Navigating Through This User Guide...........................................................................................................................1–4

Conventions in This User’s Guide................................................................................................................................1–4

Installing ComSifter........................................................................................................................................2–1

Installation......................................................................................................................................................................2–3

Security Considerations................................................................................................................................................2–3

Location/Placement......................................................................................................................................................2–3

AC Power......................................................................................................................................................................2–3

Network Connections....................................................................................................................................................2–3

Power On and Indicator Lights.....................................................................................................................................2–3

Windows 2000/XP/Vista/7 ............................................................................................................................................2–5

Making a secure connection.........................................................................................................................................2–7

Quick Start Guide...........................................................................................................................................................2–9

How will the ComSifter Connect to the Network?.........................................................................................................2–9

Do I need only one filter or multiple filters? ..................................................................................................................2–9

Do I need Proxy or Transparent Mode?.......................................................................................................................2–9

How will I identify and authenticate a user?.................................................................................................................2–9

How will the ComSifter get a list of my users?...........................................................................................................2–10

How many filters will I need?......................................................................................................................................2–10

What filter will each user be assigned to?..................................................................................................................2–10

Network Worksheet .....................................................................................................................................................2–11

Pre-Install Preparation................................................................................................................................................2–11

Installation, Phase 1, Initial Connectivity....................................................................................................................2–12

Installation, Phase 2, Determining the Authentication Method...................................................................................2–12

Installation, Phase 3, Tuning the Filters .....................................................................................................................2–12

Installation, Phase 3, Finishing Up.............................................................................................................................2–12

Authentication Methods (Quick Setup).......................................................................................................................2–13

BASIC Only.................................................................................................................................................................2–13

Prerequisites............................................................................................................................................................2–13

TABLE OF CONTENTS

Quick Setup.............................................................................................................................................................2–13

NTLM..........................................................................................................................................................................2–14

Prerequisites............................................................................................................................................................2–14

Quick Setup.............................................................................................................................................................2–14

IDENTD Only..............................................................................................................................................................2–15

Prerequisites............................................................................................................................................................2–15

Quick Setup.............................................................................................................................................................2–15

IP Only........................................................................................................................................................................2–16

Prerequisites............................................................................................................................................................2–16

Quick Setup.............................................................................................................................................................2–16

Configuring ComSifter ...................................................................................................................................3–1

Configuration Overview ................................................................................................................................................3–1

Admin..............................................................................................................................................................................3–1

Understanding Modules and Categories...................................................................................................................3–1

Security Configuration ..................................................................................................................................................3–2

Login..........................................................................................................................................................................3–2

ComSifter Admins.........................................................................................................................................................3–3

Overview....................................................................................................................................................................3–3

Setting the Username and Password........................................................................................................................3–4

Assigning Module Rights...........................................................................................................................................3–4

Remote Administration .................................................................................................................................................3–8

IP Access Control......................................................................................................................................................3–8

Deny from all IP’s...................................................................................................................................................3–9

Allow from all IP’s...................................................................................................................................................3–9

Allow from only listed IP’s ......................................................................................................................................3–9

Follow My IP..............................................................................................................................................................3–9

Disable ...................................................................................................................................................................3–9

Follow the listed IP...............................................................................................................................................3–10

System Logs...............................................................................................................................................................3–11

Access Log..............................................................................................................................................................3–12

Status Messages..................................................................................................................................................3–12

Firewall....................................................................................................................................................................3–14

DHCP Non-Stop......................................................................................................................................................3–16

Duplicate IP Notification.......................................................................................................................................3–17

Security Log.............................................................................................................................................................3–18

Top Sites Log ..........................................................................................................................................................3–19

Network.........................................................................................................................................................................3–20

ADSL Client................................................................................................................................................................3–21

Dynamic DNS Provider...............................................................................................................................................3–22

Add an entry............................................................................................................................................................3–22

TABLE OF CONTENTS

iii

Create runtime program..........................................................................................................................................3–22

Update All................................................................................................................................................................3–23

Firewall Advanced ......................................................................................................................................................3–24

Overview..................................................................................................................................................................3–24

Masquerading (SNAT).............................................................................................................................................3–25

Firewall Rules..........................................................................................................................................................3–26

Create Firewall Rules..............................................................................................................................................3–27

Action ...................................................................................................................................................................3–27

Logging.................................................................................................................................................................3–27

Source Zone.........................................................................................................................................................3–28

Destination Zone..................................................................................................................................................3–28

Protocol................................................................................................................................................................3–28

Source Ports ........................................................................................................................................................3–28

Destination Ports..................................................................................................................................................3–28

Common Rules........................................................................................................................................................3–29

DNS......................................................................................................................................................................3–29

Client Email (POP3, IMAP, SMTP)......................................................................................................................3–30

FTP.......................................................................................................................................................................3–31

ICQ/IM..................................................................................................................................................................3–32

Laplink™ ..............................................................................................................................................................3–33

MSN™ Messenger...............................................................................................................................................3–34

PCAnywhere™.....................................................................................................................................................3–36

Ping and Traceroute.............................................................................................................................................3–37

PPTP....................................................................................................................................................................3–38

Telnet ...................................................................................................................................................................3–40

VNC......................................................................................................................................................................3–41

Yahoo™ Chat.......................................................................................................................................................3–42

Web Access (browsing) .......................................................................................................................................3–43

Apply Configuration.................................................................................................................................................3–45

Stop Firewall............................................................................................................................................................3–45

Check Firewall.........................................................................................................................................................3–45

Backup.....................................................................................................................................................................3–45

Restore....................................................................................................................................................................3–45

Firewall Basic (Templates).........................................................................................................................................3–46

Template 1, High Security.......................................................................................................................................3–46

Template 2, High – Medium Security......................................................................................................................3–46

Template 3, Medium Security..................................................................................................................................3–46

Template 4, Medium – Low Security.......................................................................................................................3–47

Template 5, Low Security........................................................................................................................................3–47

Network Configuration................................................................................................................................................3–48

TABLE OF CONTENTS

Network Interfaces (IP Address Configuration).......................................................................................................3–48

Interfaces Active Now ..........................................................................................................................................3–49

Interfaces Active at Boot Time.............................................................................................................................3–49

WAN Interface Settings (eth0) .............................................................................................................................3–49

LAN Interface Settings (eth1)...............................................................................................................................3–50

Virtual Interfaces......................................................................................................................................................3–51

Routing and Gateways............................................................................................................................................3–52

DNS.........................................................................................................................................................................3–53

Completing the DNS/Gateway Configuration..........................................................................................................3–54

Recovering a lost IP address ..................................................................................................................................3–54

Network Utilities..........................................................................................................................................................3–55

Network Wizards.........................................................................................................................................................3–56

Static IP...................................................................................................................................................................3–57

External IP............................................................................................................................................................3–57

External Subnet Mask..........................................................................................................................................3–57

External Gateway.................................................................................................................................................3–57

Internal IP.............................................................................................................................................................3–57

Internal Subnet Mask...........................................................................................................................................3–58

Primary DNS........................................................................................................................................................3–58

Secondary DNS ...................................................................................................................................................3–58

DHCP Server for Local LAN.................................................................................................................................3–59

Firewall Template.................................................................................................................................................3–59

Non-Stop Relationship.........................................................................................................................................3–59

Non-Stop Peer IP.................................................................................................................................................3–59

Dynamic IP..............................................................................................................................................................3–60

Bridge......................................................................................................................................................................3–61

PPPoE.....................................................................................................................................................................3–62

User Name...........................................................................................................................................................3–62

Password..............................................................................................................................................................3–62

Current Network Settings........................................................................................................................................3–63

Non-Stop/DHCP Configuration...................................................................................................................................3–64

Using the ComSifter DHCP Server .........................................................................................................................3–64

Information...............................................................................................................................................................3–65

List Leases...........................................................................................................................................................3–65

Non-Stop Status...................................................................................................................................................3–67

Non-Stop Configuration (Primary)...........................................................................................................................3–69

Non-Stop Configuration (Secondary)......................................................................................................................3–71

Subnets and Shared Networks................................................................................................................................3–73

Edit Client Options ...............................................................................................................................................3–75

Address Pool in Subnet........................................................................................................................................3–76

TABLE OF CONTENTS

Host and Host Groups.............................................................................................................................................3–77

Starting and Stopping the Non-Stop/DHCP Server.................................................................................................3–78

Quality of Service (QOS)............................................................................................................................................3–79

Overview..................................................................................................................................................................3–79

Determining the True Connection Speed................................................................................................................3–80

Configure QOS........................................................................................................................................................3–81

Connection Speed................................................................................................................................................3–81

Queue Rate and Ceiling.......................................................................................................................................3–81

Destination Ports..................................................................................................................................................3–82

Destination IP’s....................................................................................................................................................3–82

Viewing Queue Status.............................................................................................................................................3–82

Maintenance .................................................................................................................................................................3–83

Backup/Restore..........................................................................................................................................................3–84

Creating a Backup...................................................................................................................................................3–84

Restoring the Backup..............................................................................................................................................3–85

ComSifter Status.........................................................................................................................................................3–86

Active Directory Last Resync ..................................................................................................................................3–86

CPU Load Average .................................................................................................................................................3–86

Content Filter Service..............................................................................................................................................3–86

DHCP Available Leases..........................................................................................................................................3–86

DHCP Server...........................................................................................................................................................3–86

DNS Resolving........................................................................................................................................................3–87

Hardware Health .....................................................................................................................................................3–87

Internet Connected..................................................................................................................................................3–87

Non-Stop Operation ................................................................................................................................................3–87

Proxy Server Service...............................................................................................................................................3–87

Hours of Operation..................................................................................................................................................3–87

Denied Access Page ..................................................................................................................................................3–88

Overview..................................................................................................................................................................3–88

Local Message ........................................................................................................................................................3–88

Download/Install IDENTD...........................................................................................................................................3–89

File Manager...............................................................................................................................................................3–90

Information..................................................................................................................................................................3–91

ComSifter Information .............................................................................................................................................3–91

ComSifter Release Notes........................................................................................................................................3–92

Internet Connection Test............................................................................................................................................3–93

System Name.............................................................................................................................................................3–94

System Time...............................................................................................................................................................3–95

Utilities........................................................................................................................................................................3–96

Advanced Network diagnostics...............................................................................................................................3–96

TABLE OF CONTENTS

Email Notification Parameters.................................................................................................................................3–96

Restart Services......................................................................................................................................................3–98

Rebuild ComSifter Proxy Cache..............................................................................................................................3–98

Restart ComSifter....................................................................................................................................................3–98

Clear all log files......................................................................................................................................................3–98

Clear DHCP Lease Database .................................................................................................................................3–98

Filter Setup......................................................................................................................................................4–1

Filter Overview ...............................................................................................................................................................4–1

Before you start ............................................................................................................................................................4–1

Master Filter....................................................................................................................................................................4–2

Full Exception Domain List...........................................................................................................................................4–3

Add............................................................................................................................................................................4–3

Delete........................................................................................................................................................................4–4

Full Exception URL List ................................................................................................................................................4–4

Add............................................................................................................................................................................4–4

Delete........................................................................................................................................................................4–4

Partial Exception Domain List.......................................................................................................................................4–5

Add............................................................................................................................................................................4–5

Delete........................................................................................................................................................................4–5

Partial Exception URL Filter List...................................................................................................................................4–5

Add............................................................................................................................................................................4–5

Delete........................................................................................................................................................................4–5

Banned Domain List .....................................................................................................................................................4–6

Delete........................................................................................................................................................................4–6

Banned URL List...........................................................................................................................................................4–6

Add............................................................................................................................................................................4–6

Delete........................................................................................................................................................................4–6

Banned CSphrase Filter Groups ..................................................................................................................................4–7

Activating Filters........................................................................................................................................................4–7

Deactivating Filters....................................................................................................................................................4–8

Weighted CSphrase Filter Groups................................................................................................................................4–9

Blacklist Domain Filter Groups ...................................................................................................................................4–10

Blacklist URL Filter Groups ........................................................................................................................................4–10

Filter Logging Options ................................................................................................................................................4–11

Enable Full Logging.................................................................................................................................................4–11

Enable Exception Logging.......................................................................................................................................4–11

Length of URL Logged in Access Log.....................................................................................................................4–12

Inactivity Timeout.....................................................................................................................................................4–12

Change Filter Names..................................................................................................................................................4–13

Clear Filter..................................................................................................................................................................4–14

TABLE OF CONTENTS

vii

Search ........................................................................................................................................................................4–15

Exact Match.............................................................................................................................................................4–15

Begins With .............................................................................................................................................................4–17

Any match................................................................................................................................................................4–18

Restart ComSifter Filter..............................................................................................................................................4–19

Display Summary........................................................................................................................................................4–20

Individual Filters ..........................................................................................................................................................4–21

Regular Expression (RegEx)......................................................................................................................................4–22

Explanation of RegEx Modifiers..............................................................................................................................4–22

Examples of RegEx Modifiers.................................................................................................................................4–24

Hours of Operation .....................................................................................................................................................4–25

Normal Operation....................................................................................................................................................4–25

Permanently Off.......................................................................................................................................................4–25

Permanently On.......................................................................................................................................................4–26

Warn-and-Go..............................................................................................................................................................4–27

Enable .....................................................................................................................................................................4–27

Disable.....................................................................................................................................................................4–27

Change Sensitivity......................................................................................................................................................4–28

Sensitivity Level Guidelines.....................................................................................................................................4–28

Copy Filter ..................................................................................................................................................................4–29

Whitelist......................................................................................................................................................................4–30

Setup a whitelist filter: .............................................................................................................................................4–30

Add specific site exception to be whitelisted:..........................................................................................................4–30

Blocking External IP Addresses .................................................................................................................................4–30

Words/Phrases................................................................................................................................................5–1

Overview.........................................................................................................................................................................5–1

Configuring Words/Phrases..........................................................................................................................................5–3

Restart ComSifter Filter................................................................................................................................................5–3

Editing Banned Words/Phrases....................................................................................................................................5–4

Add............................................................................................................................................................................5–4

Delete........................................................................................................................................................................5–4

Editing Weighted Words/Phrases.................................................................................................................................5–5

Add............................................................................................................................................................................5–5

Delete........................................................................................................................................................................5–5

Search ..........................................................................................................................................................................5–6

Users................................................................................................................................................................6–1

Overview.........................................................................................................................................................................6–1

Block User or Computer ...............................................................................................................................................6–2

Block User.................................................................................................................................................................6–2

Enable Block..........................................................................................................................................................6–2

TABLE OF CONTENTS

viii

Disable Block .........................................................................................................................................................6–3

Block Computer.........................................................................................................................................................6–4

Enable Block..........................................................................................................................................................6–4

Disable Block .........................................................................................................................................................6–4

Bypass User or Computer ............................................................................................................................................6–6

Bypass User..............................................................................................................................................................6–6

Enable Bypass.......................................................................................................................................................6–6

Remove Bypass.....................................................................................................................................................6–6

Bypass Computer......................................................................................................................................................6–8

Enable Bypass.......................................................................................................................................................6–8

Remove Bypass.....................................................................................................................................................6–8

User List........................................................................................................................................................................6–10

Display user list by filter...........................................................................................................................................6–11

Display user list alphabetically ................................................................................................................................6–11

User Management Utilities..........................................................................................................................................6–12

Understanding and Determining Transparent and Proxy Modes...............................................................................6–15

Background information ..........................................................................................................................................6–15

Transparent Mode...................................................................................................................................................6–15

Proxy Mode .............................................................................................................................................................6–15

Authenticating Proxy Mode .....................................................................................................................................6–16

Which is the right solution for our network?.........................................................................................................6–16

Proxy Configuration (Group Policy rule)..................................................................................................................6–17

Disabling Local Client Computer Access to Browser Proxy Settings ..................................................................6–18

Authentication Method (Step 1)..................................................................................................................................6–20

Authentication Methods (Pros and Cons)...................................................................................................................6–22

Authentication Methods Explained.............................................................................................................................6–23

BASIC ONLY...........................................................................................................................................................6–23

NTLM with FALLBACK TO BASIC..........................................................................................................................6–24

IDENTD ONLY ........................................................................................................................................................6–25

Download/Install IDENTD ....................................................................................................................................6–26

Port 113 Exception...............................................................................................................................................6–27

Windows Firewall (local rule for XP) ....................................................................................................................6–27

Windows Firewall (Group Policy rule)..................................................................................................................6–31

Install IDENTD .....................................................................................................................................................6–33

IDENTD location ..................................................................................................................................................6–34

Comsift Service Local Install................................................................................................................................6–36

Comsift Service Domain Automated Install (preferred) .......................................................................................6–37

IP ONLY ..................................................................................................................................................................6–39

NO AUTHENTICATION ..........................................................................................................................................6–40

Join ComSifter to AD Domain (Step 2).......................................................................................................................6–41

TABLE OF CONTENTS

Join ComSifter to the AD Domain........................................................................................................................6–41

Full Name of the AD Domain ...............................................................................................................................6–41

Workgroup Name.................................................................................................................................................6–42

Password Server..................................................................................................................................................6–42

Enter Username Authorized to Join the Domain..................................................................................................6–42

Enter Password....................................................................................................................................................6–42

Administer/Retrieve Usernames from Active Directory (Step 3a) ..............................................................................6–43

Preparing Active Directory for Synchronization.......................................................................................................6–43

Administer/Retrieve Usernames from Active Directory...........................................................................................6–46

Populate the user list by a LDAP query to the AD Domain Controller Users and Computers.............................6–46

Host/Domain Name..............................................................................................................................................6–47

Distinguished Name.............................................................................................................................................6–47

AD User Name.....................................................................................................................................................6–47

AD User Password...............................................................................................................................................6–47

Administer/Retrieve Usernames from ComSifter Username Database (Step 3b).....................................................6–48

Adding a new User...............................................................................................................................................6–48

Modifying a User..................................................................................................................................................6–50

Deleting a User ....................................................................................................................................................6–51

Administer/Retrieve User IP’s from ComSifter IP Database (Step 3c).......................................................................6–52

Adding a new IP...................................................................................................................................................6–52

Modifying an IP ....................................................................................................................................................6–54

Deleting an IP.......................................................................................................................................................6–55

Administer/Retrieve Usernames by merging Usernames from an external file (Step 3d)..........................................6–56

Enable/Disable Automatic Proxy Configuration (Step 4a)..........................................................................................6–57

Enable/Disable Automatic Proxy Configuration.......................................................................................................6–57

Overwrite pac/WPAD File........................................................................................................................................6–57

Edit Proxy File proxy.pac/wpad.dat (Step 4b)............................................................................................................6–58

Client Program/Application Bypass (Step 4c) ............................................................................................................6–59

Adding a new Domain/URL..................................................................................................................................6–60

Deleting a Domain/URL .......................................................................................................................................6–60

Merging with Comsift-Maintained Bypass List .....................................................................................................6–62

Turning Off Merge with Comsift-Maintained Bypass List.....................................................................................6–62

Merging with Exception Domain List....................................................................................................................6–64

Turning off Merge with Exception Domain List.....................................................................................................6–64

Client Program/Application Debug Mode (Step 4d) ...................................................................................................6–66

Enable Debug Mode................................................................................................................................................6–66

Raw Data for DENIEDs...........................................................................................................................................6–67

Delete All Usernames from ComSifter........................................................................................................................6–68

Display Summary........................................................................................................................................................6–69

ComSifter Operation.......................................................................................................................................7–1

TABLE OF CONTENTS

Network Flow..................................................................................................................................................................7–2

How ComSifter Filters ...................................................................................................................................................7–2

Order of Precedence ....................................................................................................................................................7–2

Categories.................................................................................................................................................................7–3

Blacklist Update.........................................................................................................................................................7–3

CSphrase Filter Technology.........................................................................................................................................7–3

Contact Information............................................................................................................................................1

Location............................................................................................................................................................................1

Phone ...............................................................................................................................................................................1

Sales.................................................................................................................................................................................1

Technical Support.............................................................................................................................................................1

Specifications .....................................................................................................................................................2

Configuration ....................................................................................................................................................................2

Network.............................................................................................................................................................................2

Number of Computers ......................................................................................................................................................2

Throughput .......................................................................................................................................................................2

Typical Access Time.........................................................................................................................................................2

Caching Proxy ..................................................................................................................................................................2

Blacklist Update and Bypass List Update.........................................................................................................................2

Mechanical & Environmental............................................................................................................................................3

Filter Defaults......................................................................................................................................................4

License & Warranty............................................................................................................................................6

INSTALLING COMSIFTER

User Guide | ComSifter CS-8D Pro 1–1

Chapter 1

Introduction and Getting Started

ComSifter™ stops the pornography, on-line gambling, and the hate sites at the Internet gateway—before the

offensive material reaches web users. You do not have to worry about web users surfing the Internet. With

ComSifter, if they accidentally misspell a word or use a search word that takes them to the “dark side,” they will

see a friendly message telling them the site has inappropriate content.

Features

ComSifter offers the following features:

Two physically separated, but logically connected, ComSifters offer Non-Stop operation in the event of either

unit failing or either Internet connection failing.

Automatic IP-based load sharing splits Internet load across each ComSifter.

Highly integrated configuration and logging engine allows control over both ComSifters from either unit.

High performance destination-based firewall and content filter.

Stops unauthorized programs from accessing the Internet.

Stops access to pornography, hate, and gambling sites.

Blocks downloading of harmful and illegal files, including MP3 music files.

Filters networks with hundreds of computers.

Intelligent filtering with CSphrase™ Filtering Technology is able to filter based on good words and bad words

found on a web page.

Eight individually configurable filters. Users may be set to the filter that best fits their filtering needs.

Active Directory integration.

Gigabit Ethernet speeds.

High-performance SSD hard drive.

Advanced authentication methods, including Basic, NTLM, IdentD, and IP.

Automatic Browser Configuration.

Bridge Mode.

Support for YouTube for Schools.

Advanced re-write capabilities.

800,000+ sites Blacklist updated daily or weekly.

Built-in DHCP server, DNS forwarding, and caching proxy.

Easy to install—no required maintenance.

Unlimited licensing is standard.

INSTALLING COMSIFTER

User Guide | ComSifter CS-8D Pro 1–2

How ComSifter Works

Figure 1-1: ComSifter Architecture

ComSifter Architecture

Firewall

(loc)

Firewall

(net)

DHCP/DNS

Services

Proxy

Service

Content

Filtering

Comsift

Engine

Connection

Manager

Outbound

Rules

Look at the

outbound packs

to see if any

rules are

matched. If not,

reject the

packets.

DHCP Server

If enabled, gives

out IP addresses

to client

computers

DNS Forward-

ing

Always enabled.

If a DNS request

is received, it is

forwarded to the

DNS Servers

listed in the

Network

Wizards.

Inbound Rules

Examine

inbound packets

for rules match.

Drop packet if no

match.

Remote

Administration

Keep list of

allowed IP

addresses. If

packet IP

matches, let it in.

Follow My IP

Keep list of

FQDNs. Every

15 minutes,

check if IP of

FQDN has

changed.

Dynamic DNS

Every 15

minutes, monitor

IP of ComSifter.

If it changes,

update new IP

info to Dynamic

DNS site.

DHCP Client

Get WAN IP

from upstream

device

PPPoE Client

Get WAN IP

from upstream

device

Static

Use internal

WAN setting to

communicate

with upstream

device.

Heartbeat

Monitor the

connection by

downloading a

heartbeat file

every five (5)

minutes. If

heartbeat fails,

go into Non-Stop

mode.

Configuration

Allows the

ComSifter to be

configured by

way of a browser

Logging

Logs user

activity, firewall

(packet) activity,

system

messages, and

Top Sites.

User Database

Maintains

usernames and

filter mappings.

Active

Directory Sync

If part of a

domain, maintain

binding with

domain. Update

domain user list

every 15

minutes.

Blacklist

Updates

Daily or weekly

blacklist updates

Software Check

Daily check for

software

updates.

Authorization

The user is

authenticated,

what are they

authorized to do

(filter mapping)?

Bypass/Block

User/Computer

See if the

user/computer is

in a block or a

bypass rule

Time of Day

Is the filter the

user is mapped

to active?

Exception List

Is the requested

site on an

exception list?

Blacklist

Is the requested

site on a

Blacklist?

Words/Phrases

Run the

requested page

through

Words/Phrases

Matched

If any of the

above is

matched, give

the user a

Denied Access

page; otherwise,

give the user the

page.

Identify and

Authenticate

User or

Computer

(Authentication

Method)

We need to

identify and

authenticate who

is asking to

come through

ComSifter.

NTLM, IdentD,

Basic, and IP

methods are

supported.

Not Authenti-

cated

If the user is not

authenticated, is

the URL on the

Proxy Bypass

List?

Fetching

Once authenti-

cated, the

ComSifter gets

the requested

page from the

Internet and

presents it to the

Content Filter.

Caching

Check the

headers for

caching status. If

allowed, save to

local storage for

subsequent use.

Client Computers Internet

INSTALLING COMSIFTER

User Guide | ComSifter CS-8D Pro 1–3

Overview

ComSifter is a standalone appliance that connects your internal LAN to the Internet while seamlessly offering

firewall and content filtering.

Internet Gateway

ComSifter is the gateway device from a private LAN to the public Internet. It is able to operate as a standard

router or in a Network Address Translation (NAT) mode. In the NAT mode, ComSifter converts internal IP

addresses to a public IP, effectively isolating your private network from the Internet.

Non-Stop Operation

Two ComSifter Non-Stop units, in conjunction with two Internet connections, offer a reliable Internet connection

for organizations that cannot afford any down time. A state-of-the-art failover-enabled DHCP server performs

IP/gateway-based load balancing while instructing client computers that there are two gateways to the Internet.

Each ComSifter performs a series of steps every five minutes to determine if a valid Internet connection is

available. If not, the ComSifter will shut down its LAN interface. This shutdown will trigger Dead Gateway

Detection on client computers using this gateway. Client computers will then switch to the other ComSifter.

This same process will occur if either ComSifter is lost due to a hardware failure.

Firewall

An industrial strength, rules-based stealth firewall is included in ComSifter. The firewall allows complete control

of all ports from the Internet to the LAN and from the LAN to the Internet. The resolution of the firewall is such

that a single port on a single computer on the LAN can be allowed to a single port on a single IP on the

Internet. The firewall can block internal port hopping programs, has log rate limiting, and does not over react to

Denial of Service attacks. Full logging of every transaction is available.

Filtering System

ComSifter CS-8D Pro incorporates eight individual filters. Each filter may be individually configured for the user

computers that access the filter. Additionally, a global filter allows configuration system wide.

When the user computer accesses a filter, two types of filtering are performed:

First, ComSifter compares the requested site with its blacklist to determine if the address has already

been deemed inappropriate. If the site is blacklisted, the user will receive a Denied Access Page, and

will not be able to view the site.

Second, if the site is not blacklisted, ComSifter will scan every word on the Internet page, using its

CSphrase Filtering Technology, looking for words that indicate inappropriate content. The context of

these words is analyzed to determine if the page should be blocked. This greatly reduces the number of

false positives while blocking those pages that are offensive. This feature accounts for ComSifter’s

remarkable accuracy.

If the content passes through both types of filtering, ComSifter allows the page to be loaded on the user’s

computer. If either of the filters disallow, a “Denied Access Denied” page is sent to the user’s computer. All this

is done in a fraction of a second, with no delay seen by the user.

INSTALLING COMSIFTER

User Guide | ComSifter CS-8D Pro 1–4

Using This Guide

This User Guide is designed for the technical person that will be installing, configuring and operating the

ComSifter network content filtering device.

The following list summarizes the chapters and appendixes that follow this chapter.

Chapter 2, Installing ComSifter — describes how to install and physically connect ComSifter to your network.

Chapter 3, Configuring ComSifter — describes how to configure ComSifter. This includes setting up

administrators, configuring network and firewall settings, and describing maintenance items.

Chapter 4, Filter Setup — describes how to configure the Master Filter and each individual filter.

Chapter 5, Words/Phrases — describes the configuration of ComSifter’s CSphrase filter.

Chapter 6, Users — describes how to Add/Modify/Delete users to the database.

Chapter 7, ComSifter Operation — describes the operation of ComSifter.

Appendix A, Contact Information —provides contact information including telephone numbers, address, email and

hours of operation.

Appendix B, Specifications — provides technical information about the ComSifter.

Appendix C, Filter Defaults — provides default information for the eight filters.

Appendix D, License and Warranty — provides information about ComSifter’s licensing and warranty.

Navigating Through This User Guide

This User’s Guide contains all the information you need to install, use, and troubleshoot ComSifter. To assist

you in navigating through this document, we have added blue-colored hot links to the Table of Contents, index,

chapters, and appendixes in this User’s Guide. Clicking one of these hot links automatically moves you to that

location in this User’s Guide. For example, if you click one of the blue-colored chapter or appendix titles in the

previous section, you automatically move to the first page in that chapter or appendix.

Conventions in This User’s Guide

This User’s Guide uses the following conventions:

NOTES are information requiring extra attention.

TIPS are helpful procedures or shortcuts for simplifying a task.

IMPORTANT is information that, if not followed, may affect the proper operation of the product.

WARNING is information that if not followed or understood, may affect the operation of the product, the

operating system, or the system configuration.

Bold is used to denote an item that is to be clicked or selected.

Note: If you wish to print a hard copy of this guide, it has been formatted to fit on

standard letter-sized 8.5x11” paper.

INSTALLING COMSIFTER

User Guide | ComSifter CS-8D Pro 2–1

Chapter 2

Installing ComSifter

This section of the guide is designed to be used as a Quick Start Guide. The guide will assist you in configuring

your ComSifter and will give time estimates for each procedure.

In this chapter, we will discuss the physical installation of ComSifter and how to connect a browser to

ComSifter in preparation for configuration. ComSifter installs between your connection to the Internet and

Internal LAN as shown in the diagramsbelow.

Figure 2-1: ComSifter(s) in the Network

Internet

CONNECTION TO

INTERNET SERVICE

PROVIDER(S)

Client/User

INTERNAL IP

192.168.1.20

GATEWAYS

192.168.1.1

192.168.1.2

INTERNAL IP

192.168.1.2

ComSifter

Secondary

Optional

ComSifter

Primary

or Single

Cable/DSL/T1

Modem

Cable/DSL/T1

Modem

EXTERNAL IP

INTERNAL IP

192.168.1.1

EXTERNAL IP

Client/User

INTERNAL IP

192.168.1.21

GATEWAYS

192.168.1.2

192.168.1.1

Client/User

INTERNAL IP

192.168.1.23

GATEWAYS

192.168.1.1

192.168.1.2

Wireless Access

Point

INTERNAL IP

192.168.1.24

GATEWAYS

192.168.1.2

192.168.1.1

10/100/1000

BASE-T Switch

Server/Domain

Controller

INTERNAL IP

192.168.1.25

GATEWAYS

192.168.1.1

192.168.1.2

INSTALLING COMSIFTER

User Guide | ComSifter CS-8D Pro 2–2

Figure 2-2: ComSifter in Bridge mode

Internet

CONNECTION TO

INTERNET SERVICE

PROVIDER

Client/User

INTERNAL IP

192.168.100.20

GATEWAY

192.168.100.1

ComSifter

in Bridge Mode

Cable/DSL/T1

Modem

Router

INTERNAL IP

192.168.100.9

ith the

ifte

INTERNAL IP

192.168.100.1

Client/User

INTERNAL IP

192.168.100.21

GATEWAY

192.168.100.1

Client/User

INTERNAL IP

192.168.100.23

GATEWAY

192.168.100.1

Wireless Access

Point

INTERNAL IP

192.168.100.24

GATEWAY

192.168.100.1

10/100/1000

BASE-T Switch

Server/Domain

Controller

INTERNAL IP

192.168.100.25

GATEWAY

192.168.100.1

INSTALLING COMSIFTER

User Guide | ComSifter CS-8D Pro 2–3

Installation

Security Considerations

ComSifter should be placed in a location that meets the security considerations of your organization. A

possible consideration for a pair of Non-Stop ComSifters is to place them in two different physical locations.

This will reduce the risk of a local environmental condition affecting both ComSifters.

Location/Placement

ComSifter should be installed in a clean, dry location located near your DSL, cable, or T1 modem connection.

The location must be within the operating temperature range of ComSifter (50–95°F or 10–35°C).

Note: If the unit becomes overheated, the unit will sound an audible tone—a constant

beep—until the condition is cleared.

The preferred placement of a ComSifter unit is in the horizontal position. If vertical placement is required, then

attach the included rubber feet to the left side surface of the ComSifter (the side closest to the power button).

One (1) inch clearance is required on the sides and top, regardless of the placement orientation.

AC Power

Connect the supplied AC power cord to the ComSifter power adapter and a properly grounded 115VAC

outlet. Connect the power supply output cable to the ComSifter. Although not required, best practices would

suggest that ComSifter be placed on a UPS system. This will protect ComSifter from most external power

fluctuations and allow continued operation in the event of a momentary power outage.

Network Connections

ComSifter requires two network connections. Connect the Ethernet connector, marked “WAN,” to your DSL,

cable, or T1 modem (or, if in Bridge Mode, connect it to your router). Connect the Ethernet connector, marked

“LAN,” to your internal LAN switch. Either Ethernet connector may use 10BASE-T, 100BASE-T, or 1000BASE-

Power On and Indicator Lights

After all connections are made, ComSifter may be powered on by pressing the power switch on the front of the

unit. The blue indicator light indicates that ComSifter is powered on and functioning normally.

Note: After powering on, ComSifter will take approximately one (1) minute before it is

ready for operation.

To power off ComSifter, press the power button. All indicator lights will extinguish.

INSTALLING COMSIFTER

User Guide | ComSifter CS-8D Pro 2–4

Audible Tones

Audible Tone Frequency Issue Resolution

Slow Beep One (1) beep every

three (3) seconds for

30 seconds—then no

beeps for 4½

minutes. Repeats

every five (5)

minutes.

Duplicate IP on the

WAN side of the

ComSifter

Internet Service Provide (ISP) has

duplicated the IP assigned to the account.

Condition may clear after a few minutes. If

it does not clear, it will be necessary to

contact the ISP.

Fast Beep One (1) beep every

second for 30

seconds—then no

beeps for 4½

minutes. Repeats

every five (5)

minutes.

Duplicate IP on the

LAN side of the

ComSifter

More than one device is serving DHCP

information, or another device on the

network has been manually assigned the

same IP address as the ComSifter.

Constant Beep Continuous Overheating condition The ComSifter is not receiving proper air

circulation or the internal fan has stopped

working.

Short Beep Twice/short During the boot

sequence, or if a

network cable has

been removed and

reinserted

None

Table of contents

Popular Network Hardware manuals by other brands

Johnson Controls

Johnson Controls Facility Explorer Technical bulletin

ADTRAN

ADTRAN Dual T1/PRI quick start guide

ADC

ADC TrueNet Intelligent Patching Specifications

CommScope

CommScope WCS-2 installation guide

Hawking

Hawking HBB1 user guide

IBASE Technology

IBASE Technology iOPS-76 Series user manual

LEGRAND

LEGRAND DA2401 owner's manual

FieldServer

FieldServer Weigh-Tronix FS-8700-36 Driver manual

HP 5500-24G-SFP EI TAA Product End-of-Life Disassembly Instructions

Juniper

Juniper MX10016 Hardware guide

NXP Semiconductors

NXP Semiconductors AN13887 Application note

Belkin

Belkin OmniView F1DP116S Specifications

Fusion

Fusion nanoBonder Getting started guide

Westermo

Westermo Viper-002-PL Series manual

Adeunis RF

Adeunis RF IOT TOOLBOX BUNDLE ETHERNET quick start guide

Campbell

Campbell NL200 user manual

DPT

DPT SmartRAID V user manual

H3C

H3C SecPath L1000-A installation guide

ComSifter CS-8D Pro User manual

Popular Network Hardware manuals by other brands