Comsifter Cs-8d pro User manual

ComSifter®

protect web users now!

User Guide

Model CS-8D Pro

Version March 26, 2012 0326121500

The products described in this User's Guide are licensed products of Comsift, Inc. This User's Guide contains proprietary information

protected by copyright, and this User's Guide is copyrighted.

Comsift, Inc., hereafter referred to as Comsift, does not warrant that the product will work properly in all environments and applications,

and makes no warranty and representation, either implied or expressed, with respect to the quality, performance, merchantability, or

fitness for a particular purpose.

Comsift has made every effort to ensure that this manual is accurate. However, information in this User's Guide is subject to change

without notice and does not represent a commitment on the part of Comsift. Comsift makes no commitment to update or keep current

the information in this User's Guide, and reserves the right to make changes to this User's Guide and/or product without notice. Comsift

assumes no responsibility for any inaccuracies and omissions that may be contained in this User's Guide. If you find information in this

User's Guide that is incorrect, misleading, or incomplete, we would appreciate your comments.

No part of this User's Guide may be reproduced or transmitted in any form or by any means, electronic or mechanical, including

photocopying, recording, or information storage and retrieval systems, for any purpose other than the purchaser's personal use, without

the express written permission of Comsift.

Comsift, ComSifter, CSphrase and the Comsift logo are trademarks of Comsift, Inc.

All other trademarks or registered trademarks listed belong to their respective owners.

FCC STATEMENT

This product has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules.

These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment

generates, uses, and can radiate radio frequency energy and, if not installed and used according to the instructions, may cause harmful

interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this

equipment does cause harmful interference to radio or television reception, which is found by turning the equipment off and on, the user

is encouraged to try to correct the interference by one or more of the following measures:

Reorient or relocate the receiving antenna

Increase the separation between the equipment or device

Connect the equipment to an outlet other than the receivers

Consult a dealer or an experienced radio/TV technician for assistance

TABLE OF CONTENTS

Table of Contents

Table of Contents ................................................................................................................................................i

Introduction and Getting Started ..................................................................................................................1–1

Features..........................................................................................................................................................................1–1

How ComSifter Works...................................................................................................................................................1–2

Overview.......................................................................................................................................................................1–3

Internet Gateway ..........................................................................................................................................................1–3

Non-Stop Operation......................................................................................................................................................1–3

Firewall .........................................................................................................................................................................1–3

Filtering System............................................................................................................................................................1–3

Navigating Through This User Guide...........................................................................................................................1–4

Conventions in This User’s Guide................................................................................................................................1–4

Installing ComSifter........................................................................................................................................2–1

Installation......................................................................................................................................................................2–3

Security Considerations................................................................................................................................................2–3

Location/Placement......................................................................................................................................................2–3

AC Power......................................................................................................................................................................2–3

Network Connections....................................................................................................................................................2–3

Power On and Indicator Lights.....................................................................................................................................2–3

Windows 2000/XP/Vista/7 ............................................................................................................................................2–5

Making a secure connection.........................................................................................................................................2–7

Quick Start Guide...........................................................................................................................................................2–9

How will the ComSifter Connect to the Network?.........................................................................................................2–9

Do I need only one filter or multiple filters? ..................................................................................................................2–9

Do I need Proxy or Transparent Mode?.......................................................................................................................2–9

How will I identify and authenticate a user?.................................................................................................................2–9

How will the ComSifter get a list of my users?...........................................................................................................2–10

How many filters will I need?......................................................................................................................................2–10

What filter will each user be assigned to?..................................................................................................................2–10

Network Worksheet .....................................................................................................................................................2–11

Pre-Install Preparation................................................................................................................................................2–11

Installation, Phase 1, Initial Connectivity....................................................................................................................2–12

Installation, Phase 2, Determining the Authentication Method...................................................................................2–12

Installation, Phase 3, Tuning the Filters .....................................................................................................................2–12

Installation, Phase 3, Finishing Up.............................................................................................................................2–12

Authentication Methods (Quick Setup).......................................................................................................................2–13

BASIC Only.................................................................................................................................................................2–13

Prerequisites............................................................................................................................................................2–13

TABLE OF CONTENTS

Quick Setup.............................................................................................................................................................2–13

NTLM..........................................................................................................................................................................2–14

Prerequisites............................................................................................................................................................2–14

Quick Setup.............................................................................................................................................................2–14

IDENTD Only..............................................................................................................................................................2–15

Prerequisites............................................................................................................................................................2–15

Quick Setup.............................................................................................................................................................2–15

IP Only........................................................................................................................................................................2–16

Prerequisites............................................................................................................................................................2–16

Quick Setup.............................................................................................................................................................2–16

Configuring ComSifter ...................................................................................................................................3–1

Configuration Overview ................................................................................................................................................3–1

Admin..............................................................................................................................................................................3–1

Understanding Modules and Categories...................................................................................................................3–1

Security Configuration ..................................................................................................................................................3–2

Login..........................................................................................................................................................................3–2

ComSifter Admins.........................................................................................................................................................3–3

Overview....................................................................................................................................................................3–3

Setting the Username and Password........................................................................................................................3–4

Assigning Module Rights...........................................................................................................................................3–4

Remote Administration .................................................................................................................................................3–8

IP Access Control......................................................................................................................................................3–8

Deny from all IP’s...................................................................................................................................................3–9

Allow from all IP’s...................................................................................................................................................3–9

Allow from only listed IP’s ......................................................................................................................................3–9

Follow My IP..............................................................................................................................................................3–9

Disable ...................................................................................................................................................................3–9

Follow the listed IP...............................................................................................................................................3–10

System Logs...............................................................................................................................................................3–11

Access Log..............................................................................................................................................................3–12

Status Messages..................................................................................................................................................3–12

Firewall....................................................................................................................................................................3–14

DHCP Non-Stop......................................................................................................................................................3–16

Duplicate IP Notification.......................................................................................................................................3–17

Security Log.............................................................................................................................................................3–18

Top Sites Log ..........................................................................................................................................................3–19

Network.........................................................................................................................................................................3–20

ADSL Client................................................................................................................................................................3–21

Dynamic DNS Provider...............................................................................................................................................3–22

Add an entry............................................................................................................................................................3–22

TABLE OF CONTENTS

iii

Create runtime program..........................................................................................................................................3–22

Update All................................................................................................................................................................3–23

Firewall Advanced ......................................................................................................................................................3–24

Overview..................................................................................................................................................................3–24

Masquerading (SNAT).............................................................................................................................................3–25

Firewall Rules..........................................................................................................................................................3–26

Create Firewall Rules..............................................................................................................................................3–27

Action ...................................................................................................................................................................3–27

Logging.................................................................................................................................................................3–27

Source Zone.........................................................................................................................................................3–28

Destination Zone..................................................................................................................................................3–28

Protocol................................................................................................................................................................3–28

Source Ports ........................................................................................................................................................3–28

Destination Ports..................................................................................................................................................3–28

Common Rules........................................................................................................................................................3–29

DNS......................................................................................................................................................................3–29

Client Email (POP3, IMAP, SMTP)......................................................................................................................3–30

FTP.......................................................................................................................................................................3–31

ICQ/IM..................................................................................................................................................................3–32

Laplink™ ..............................................................................................................................................................3–33

MSN™ Messenger...............................................................................................................................................3–34

PCAnywhere™.....................................................................................................................................................3–36

Ping and Traceroute.............................................................................................................................................3–37

PPTP....................................................................................................................................................................3–38

Telnet ...................................................................................................................................................................3–40

VNC......................................................................................................................................................................3–41

Yahoo™ Chat.......................................................................................................................................................3–42

Web Access (browsing) .......................................................................................................................................3–43

Apply Configuration.................................................................................................................................................3–45

Stop Firewall............................................................................................................................................................3–45

Check Firewall.........................................................................................................................................................3–45

Backup.....................................................................................................................................................................3–45

Restore....................................................................................................................................................................3–45

Firewall Basic (Templates).........................................................................................................................................3–46

Template 1, High Security.......................................................................................................................................3–46

Template 2, High – Medium Security......................................................................................................................3–46

Template 3, Medium Security..................................................................................................................................3–46

Template 4, Medium – Low Security.......................................................................................................................3–47

Template 5, Low Security........................................................................................................................................3–47

Network Configuration................................................................................................................................................3–48

TABLE OF CONTENTS

Network Interfaces (IP Address Configuration).......................................................................................................3–48

Interfaces Active Now ..........................................................................................................................................3–49

Interfaces Active at Boot Time.............................................................................................................................3–49

WAN Interface Settings (eth0) .............................................................................................................................3–49

LAN Interface Settings (eth1)...............................................................................................................................3–50

Virtual Interfaces......................................................................................................................................................3–51

Routing and Gateways............................................................................................................................................3–52

DNS.........................................................................................................................................................................3–53

Completing the DNS/Gateway Configuration..........................................................................................................3–54

Recovering a lost IP address ..................................................................................................................................3–54

Network Utilities..........................................................................................................................................................3–55

Network Wizards.........................................................................................................................................................3–56

Static IP...................................................................................................................................................................3–57

External IP............................................................................................................................................................3–57

External Subnet Mask..........................................................................................................................................3–57

External Gateway.................................................................................................................................................3–57

Internal IP.............................................................................................................................................................3–57

Internal Subnet Mask...........................................................................................................................................3–58

Primary DNS........................................................................................................................................................3–58

Secondary DNS ...................................................................................................................................................3–58

DHCP Server for Local LAN.................................................................................................................................3–59

Firewall Template.................................................................................................................................................3–59

Non-Stop Relationship.........................................................................................................................................3–59

Non-Stop Peer IP.................................................................................................................................................3–59

Dynamic IP..............................................................................................................................................................3–60

Bridge......................................................................................................................................................................3–61

PPPoE.....................................................................................................................................................................3–62

User Name...........................................................................................................................................................3–62

Password..............................................................................................................................................................3–62

Current Network Settings........................................................................................................................................3–63

Non-Stop/DHCP Configuration...................................................................................................................................3–64

Using the ComSifter DHCP Server .........................................................................................................................3–64

Information...............................................................................................................................................................3–65

List Leases...........................................................................................................................................................3–65

Non-Stop Status...................................................................................................................................................3–67

Non-Stop Configuration (Primary)...........................................................................................................................3–69

Non-Stop Configuration (Secondary)......................................................................................................................3–71

Subnets and Shared Networks................................................................................................................................3–73

Edit Client Options ...............................................................................................................................................3–75

Address Pool in Subnet........................................................................................................................................3–76

TABLE OF CONTENTS

Host and Host Groups.............................................................................................................................................3–77

Starting and Stopping the Non-Stop/DHCP Server.................................................................................................3–78

Quality of Service (QOS)............................................................................................................................................3–79

Overview..................................................................................................................................................................3–79

Determining the True Connection Speed................................................................................................................3–80

Configure QOS........................................................................................................................................................3–81

Connection Speed................................................................................................................................................3–81

Queue Rate and Ceiling.......................................................................................................................................3–81

Destination Ports..................................................................................................................................................3–82

Destination IP’s....................................................................................................................................................3–82

Viewing Queue Status.............................................................................................................................................3–82

Maintenance .................................................................................................................................................................3–83

Backup/Restore..........................................................................................................................................................3–84

Creating a Backup...................................................................................................................................................3–84

Restoring the Backup..............................................................................................................................................3–85

ComSifter Status.........................................................................................................................................................3–86

Active Directory Last Resync ..................................................................................................................................3–86

CPU Load Average .................................................................................................................................................3–86

Content Filter Service..............................................................................................................................................3–86

DHCP Available Leases..........................................................................................................................................3–86

DHCP Server...........................................................................................................................................................3–86

DNS Resolving........................................................................................................................................................3–87

Hardware Health .....................................................................................................................................................3–87

Internet Connected..................................................................................................................................................3–87

Non-Stop Operation ................................................................................................................................................3–87

Proxy Server Service...............................................................................................................................................3–87

Hours of Operation..................................................................................................................................................3–87

Denied Access Page ..................................................................................................................................................3–88

Overview..................................................................................................................................................................3–88

Local Message ........................................................................................................................................................3–88

Download/Install IDENTD...........................................................................................................................................3–89

File Manager...............................................................................................................................................................3–90

Information..................................................................................................................................................................3–91

ComSifter Information .............................................................................................................................................3–91

ComSifter Release Notes........................................................................................................................................3–92

Internet Connection Test............................................................................................................................................3–93

System Name.............................................................................................................................................................3–94

System Time...............................................................................................................................................................3–95

Utilities........................................................................................................................................................................3–96

Advanced Network diagnostics...............................................................................................................................3–96

TABLE OF CONTENTS

Email Notification Parameters.................................................................................................................................3–96

Restart Services......................................................................................................................................................3–98

Rebuild ComSifter Proxy Cache..............................................................................................................................3–98

Restart ComSifter....................................................................................................................................................3–98

Clear all log files......................................................................................................................................................3–98

Clear DHCP Lease Database .................................................................................................................................3–98

Filter Setup......................................................................................................................................................4–1

Filter Overview ...............................................................................................................................................................4–1

Before you start ............................................................................................................................................................4–1

Master Filter....................................................................................................................................................................4–2

Full Exception Domain List...........................................................................................................................................4–3

Add............................................................................................................................................................................4–3

Delete........................................................................................................................................................................4–4

Full Exception URL List ................................................................................................................................................4–4

Add............................................................................................................................................................................4–4

Delete........................................................................................................................................................................4–4

Partial Exception Domain List.......................................................................................................................................4–5

Add............................................................................................................................................................................4–5

Delete........................................................................................................................................................................4–5

Partial Exception URL Filter List...................................................................................................................................4–5

Add............................................................................................................................................................................4–5

Delete........................................................................................................................................................................4–5

Banned Domain List .....................................................................................................................................................4–6

Delete........................................................................................................................................................................4–6

Banned URL List...........................................................................................................................................................4–6

Add............................................................................................................................................................................4–6

Delete........................................................................................................................................................................4–6

Banned CSphrase Filter Groups ..................................................................................................................................4–7

Activating Filters........................................................................................................................................................4–7

Deactivating Filters....................................................................................................................................................4–8

Weighted CSphrase Filter Groups................................................................................................................................4–9

Blacklist Domain Filter Groups ...................................................................................................................................4–10

Blacklist URL Filter Groups ........................................................................................................................................4–10

Filter Logging Options ................................................................................................................................................4–11

Enable Full Logging.................................................................................................................................................4–11

Enable Exception Logging.......................................................................................................................................4–11

Length of URL Logged in Access Log.....................................................................................................................4–12

Inactivity Timeout.....................................................................................................................................................4–12

Change Filter Names..................................................................................................................................................4–13

Clear Filter..................................................................................................................................................................4–14

TABLE OF CONTENTS

vii

Search ........................................................................................................................................................................4–15

Exact Match.............................................................................................................................................................4–15

Begins With .............................................................................................................................................................4–17

Any match................................................................................................................................................................4–18

Restart ComSifter Filter..............................................................................................................................................4–19

Display Summary........................................................................................................................................................4–20

Individual Filters ..........................................................................................................................................................4–21

Regular Expression (RegEx)......................................................................................................................................4–22

Explanation of RegEx Modifiers..............................................................................................................................4–22

Examples of RegEx Modifiers.................................................................................................................................4–24

Hours of Operation .....................................................................................................................................................4–25

Normal Operation....................................................................................................................................................4–25

Permanently Off.......................................................................................................................................................4–25

Permanently On.......................................................................................................................................................4–26

Warn-and-Go..............................................................................................................................................................4–27

Enable .....................................................................................................................................................................4–27

Disable.....................................................................................................................................................................4–27

Change Sensitivity......................................................................................................................................................4–28

Sensitivity Level Guidelines.....................................................................................................................................4–28

Copy Filter ..................................................................................................................................................................4–29

Whitelist......................................................................................................................................................................4–30

Setup a whitelist filter: .............................................................................................................................................4–30

Add specific site exception to be whitelisted:..........................................................................................................4–30

Blocking External IP Addresses .................................................................................................................................4–30

Words/Phrases................................................................................................................................................5–1

Overview.........................................................................................................................................................................5–1

Configuring Words/Phrases..........................................................................................................................................5–3

Restart ComSifter Filter................................................................................................................................................5–3

Editing Banned Words/Phrases....................................................................................................................................5–4

Add............................................................................................................................................................................5–4

Delete........................................................................................................................................................................5–4

Editing Weighted Words/Phrases.................................................................................................................................5–5

Add............................................................................................................................................................................5–5

Delete........................................................................................................................................................................5–5

Search ..........................................................................................................................................................................5–6

Users................................................................................................................................................................6–1

Overview.........................................................................................................................................................................6–1

Block User or Computer ...............................................................................................................................................6–2

Block User.................................................................................................................................................................6–2

Enable Block..........................................................................................................................................................6–2

TABLE OF CONTENTS

viii

Disable Block .........................................................................................................................................................6–3

Block Computer.........................................................................................................................................................6–4

Enable Block..........................................................................................................................................................6–4

Disable Block .........................................................................................................................................................6–4

Bypass User or Computer ............................................................................................................................................6–6

Bypass User..............................................................................................................................................................6–6

Enable Bypass.......................................................................................................................................................6–6

Remove Bypass.....................................................................................................................................................6–6

Bypass Computer......................................................................................................................................................6–8

Enable Bypass.......................................................................................................................................................6–8

Remove Bypass.....................................................................................................................................................6–8

User List........................................................................................................................................................................6–10

Display user list by filter...........................................................................................................................................6–11

Display user list alphabetically ................................................................................................................................6–11

User Management Utilities..........................................................................................................................................6–12

Understanding and Determining Transparent and Proxy Modes...............................................................................6–15

Background information ..........................................................................................................................................6–15

Transparent Mode...................................................................................................................................................6–15

Proxy Mode .............................................................................................................................................................6–15

Authenticating Proxy Mode .....................................................................................................................................6–16

Which is the right solution for our network?.........................................................................................................6–16

Proxy Configuration (Group Policy rule)..................................................................................................................6–17

Disabling Local Client Computer Access to Browser Proxy Settings ..................................................................6–18

Authentication Method (Step 1)..................................................................................................................................6–20

Authentication Methods (Pros and Cons)...................................................................................................................6–22

Authentication Methods Explained.............................................................................................................................6–23

BASIC ONLY...........................................................................................................................................................6–23

NTLM with FALLBACK TO BASIC..........................................................................................................................6–24

IDENTD ONLY ........................................................................................................................................................6–25

Download/Install IDENTD ....................................................................................................................................6–26

Port 113 Exception...............................................................................................................................................6–27

Windows Firewall (local rule for XP) ....................................................................................................................6–27

Windows Firewall (Group Policy rule)..................................................................................................................6–31

Install IDENTD .....................................................................................................................................................6–33

IDENTD location ..................................................................................................................................................6–34

Comsift Service Local Install................................................................................................................................6–36

Comsift Service Domain Automated Install (preferred) .......................................................................................6–37

IP ONLY ..................................................................................................................................................................6–39

NO AUTHENTICATION ..........................................................................................................................................6–40

Join ComSifter to AD Domain (Step 2).......................................................................................................................6–41