Internet Filtering: Installation Overview The R3000 filtering engine allows filtering of network traffic at an IP packet level. This eliminates any need for proxy settings, and allows the R3000 to operate totally invisible to the connections it filters. It "monitors" the packets flowing through the network, and can "intercept" the TCP session once inappropriate activity is detected. The R3000 will either not appear in the path of the connection, or will appear as an IP router, depending on the configuration. Invisible mode This is the simplest mode of the R3000. The unit can invisibly filter all network traffic that it "sees" on the Ethernet without being involved in the path between the client and the Internet. It has the ability to "intercept" a session when necessary if it determines something inappropriate is done, and return a message to the client and server. Although the original request packets are transmitted in all cases, the R3000 will return a "block page" to the client if the request was inappropriate. This allows the R3000 to be totally uninvolved in the routing of packets from client to Internet, allowing for automatic redundancy, and automatic fail-safe. If the R3000 should fail and filtering stops, the network traffic is unaffected.  Above diagram illustrates how the R3000 is connected to the managed switching hub. The R3000 port is configured with the "port monitoring" function enabled. This allows the port to mirror the port that is connected to the router. Router Mode This mode allows the R3000 to act as an Ethernet router, passing packets from one card to the other. As the packets pass through the R3000, they are filtered. Only outgoing packets need to be routed, not the return packets, allowing the R3000 to appear only in the outgoing path of the network.  In this mode, the original packets from the client are allowed to pass in all cases, but if the request is inappropriate, a block page is returned to the client to replace the actual requested page. All packets are allowed to pass just as if the R3000 was only an Ethernet router. Firewall Mode This mode is a modification of Router Mode. It provides for 100% assurance that filtering will take place regardless of the loading of the R3000. To accomplish this, all original packets are "blocked" from routing through if they are a filtered service. The filtering takes place, and if the request is appropriate, the original packet is allowed to pass unchanged. The overall affect is that the outgoing request is delayed slightly to allow filtering to take place before it leaves the gateway router of the network, but return traffic is still unaffected.  In this set-up, a local caching proxy will not affect the R3000, even if it is unfiltered and contains cached "bad" pages, since no request can pass until after it is filtered.  In this set-up, a local caching proxy will affect the R3000, if the caching proxy contains cached "bad" pages. It is always recommended to clear or expire the cached content after the installation of the R3000. |
   |
Home | Exinda | Checkpoint Software | Iprism | M86 Security | McAfee Saas | DeviceLock | Palo Alto Networks | Secure Web Gateway | Two Factor Authentication | MailMarshal | Contact Us