Surf Control v5.5 manual Firewall Policy Rules, Allow Internet Threat Database Updates

Page 70

FURTHER CONFIGURATION

Firewall Policy Rules

4

FIREWALL POLICY RULES

When installing Web Filter on ISA Server 2004 or 2006 and Windows Server 2003, the following firewall policy rules should be set up to enable Web Filter to function correctly:

•A firewall policy rule must be set up that allows Internet Threat Database updates.

•A firewall policy rule must be set up that allows the VCA spider functionality to function properly.

•A firewall policy rule must be set up that allows the Remote Administration client to access the Web Filter Server.

•A firewall policy rule must be set up that allows remote access to SurfControl Report Central (to be created after installing Report Central).

The following procedures detail how to set up firewall policy rules on Microsoft ISA Server 2004.

ALLOW INTERNET THREAT DATABASE UPDATES

1Select Firewall Policy from ISA Server Management.

2From the System Policy Tasks select Show System Policy Rules.

3Right-clickAllow HTTP/HTTPS requests from ISA Server to specified sites and select Properties.

4From the To tab, select System Policy Allowed Sites and click Edit.

5Click Add.

6Enter *.surfcontrol.com.

7Click Apply, then OK to close the dialog box.

8Click Apply in the Firewall Policy window.

ALLOW VCA SPIDER FUNCTIONALITY

This procedure is in 2 parts. You must firstly configure the Web Filter server browser (Internet Explorer) and the VCA. You then need to create a firewall policy rule in ISA Server.

Configure IE and the VCA

1Check that Internet Explorer on the ISA Server is able to access the internet.

2From the Web Filter Manager, select Custom Categorization from Content Protection.

3Select the VCA Settings tab.

4Select the Impersonate Internet Explorer check box.

5Select the Use Proxy check box.

6If your proxy allows for integrated authentication, select Use NT Authentication, otherwise you must enter a User Name and Password for VCA to access the proxy.

7Click Apply, then OK to close the dialog box.

8Open Internet Explorer.

9Select Internet Options from the Tools menu.

SurfControl Web Filter for ISA v5.5

Starter Guide 65

Image 70

Contents SurfControl Web Filter Trademarks SurfControl Web Filter Table of Contents Appendix Chapter ISA Server Microsoft ISA Server EditionHOW WEB Filter and ISA Server Interact System Requirements Hardware RequirementsGeneral System Requirements SQL Server Licensing System Requirements Installation Decisions Network Considerations User Name ResolutionIntroduction Database OptionsDeployment Recommendations Network ConsiderationsDMZ Recommendations Network Considerations Firewall Port Configuration Web Filter communication portsISA Server ISA Server AuthenticationISA Server 2004/2006 User Name Resolution EUMEUM on Windows 2000 and 2003 domain controllers Methods of Installing EUMEUM Agent on Domain Controllers EUM on Windows NT domain controllersBefore installation Ignoring Users in NetWare EUM NetwareeumLogging Levels Installing the Login Agent on Windows 2000 EUM Login AgentInstalling the Login Agent on NT Domains Login Agent LocationEumLogin.ini file Below is a copy of the supplied .ini fileHow to configure the file EumLogin.ini file sectionsConfiguring a logon and logoff script Add an Exception to the Windows FirewallDatabase Platforms Database ConsiderationsSQL Server Express SQL Server SQL Server minimum requirements on Web Filter serverWindows Authentication Database AuthenticationReasons to Install SQL Server on a Dedicated Server SQL AuthenticationCategorization Options Other ConsiderationsInternet Threat Database Internet Threat Database Improvement ProgramRemote Administration Client Mail NotificationsRemote Administration Client minimum requirements Privacy Edition ConsiderationsInstalling Web Filter Installation Process NetWare client on to the Web Filter serverInstalling SQL Server Express Optional Installing Surfcontrol WEB Filter Select I accept the terms of the license agreementInstalling SurfControl Web Filter Select SurfControl Web Filter Installing SurfControl Web Filter Installing SurfControl Web Filter Changes to the Server Configuring WEB Filter Configuring Web Filter Configuring Web Filter Configuring Web Filter Configuring Web Filter Configuring Web Filter Automatic Database Management screen is displayed Internet Threat Database Update screen is displayedThreat Database Configuring Web Filter Click Add to list Enterprise User Monitoring recommended NetBIOS Configuring Web Filter Configuring Web Filter Installing Service Pack Installing Service Pack Installing Service Pack Further Configuration Firewall Policy Rules for ISA Server 2004 Post Installation TasksALL Installations Network DependentInstalling the EUM Agent on Your Domain Controllers User Name Resolution Making changes to the EUM Agent configuration Select Domain Controllers screen is displayedUser Name Resolution Installing the EUM Login Agent on Your Network Installing NetwareeumAdd Web Filter Servers to NetWare EUM Automatically loading the NetWare EUMUnloading the NetWare EUM Ignored users in NetWare EUMInstall Surfcontrol Report Central Installing the Remote Administration Client Select I accept the terms of the license agreement Select Remote Administration Installing the Remote Administration Client Remote Administration Client and Windows Vista InstallShield Wizard Complete screen is displayedFirewall Policy Rules Allow Internet Threat Database UpdatesConfigure IE and the VCA Allow VCA Spider FunctionalityFrom Access Rule Destinations, click Add Allow the Remote Administration Client AccessConfigure a Firewall Policy Rule for the VCA From the Primary Connection Information screen, click NewSRC Allow Remote Access to Surfcontrol Report CentralEnter 8888 in the Port Range From field Click Apply in the Firewall Policy window Appendix Contact Technical Support Location Contact information Sales and Feedback