SnapGear URL Filtering FAQ

Enterprise-class networking techology in small business platforms

Secure Computing® offers and add-on URL filtering module for SnapGear® appliances that enables organizations to control how employees use their Web access. The FAQ below provides answers to frequently asked questions on this URL filtering module.

Basic features
1. What filtering application does SnapGear use?
2. How does the SnapGear URL filtering module work?
3. What filtering categories are available with SnapGear?
4. Can I get reports on my Internet traffic, including reports by user?

Additional configuration requirements and options
5. How do I enable URL filtering?
6. How many filtering policies can I create on a single SnapGear appliance?
7. Can I override the Webwasher block/allow policy?
8. If a site is not rated by Webwasher, can it still be blocked?
9. What if access to the Webwasher Rating Server is unavailable - will the appliance continue to filter Web access?


Basic features


1. What filtering application does SnapGear use?
SnapGear offers a version of Secure Computing's leading Webwasher® URL filtering solution. SnapGear Webwasher filtering uses the same URL database/filtering engine found in the Webwasher enterprise SCM solution. The SnapGear filtering module provides basic filtering functionality that is targeted for smaller businesses. Not all of the Webwasher advanced/enterprise filtering features are included.
<< Top >>


2. How does the SnapGear URL filtering module work?
SnapGear administrators create a filtering policy for their organization that resides locally on each SnapGear appliance. SnapGear administrators determine the types of URLs they want to allow or block and create their policy from a set of predetermined categories. The URL filtering engine runs as an Internet service on Webwasher Rating Servers around the world. The SnapGear appliance intercepts HTTP URL requests submitted by internal users and relays them to the Webwasher Rating Server. The Server quickly returns URL category data to the SnapGear appliance which then either blocks or allows user access to the requested Web site according to the local policy.
<< Top >>


3. What filtering categories are available with SnapGear?
Categories
Pornography Erotic/Sex Swimwear / Lingerie / Nudity Shopping
Auctions / Classified Ads Governmental Organizations Non-Governmental Organizations Cities / Regions / Countries
Education Politics Religion Sects
Illegal Activities Computer Crime Hate / Discrimination Warez (Illegal Software)
Extreme Gambling / Lotter Computer Games Toys
Entertainment / Motion Picture Recreation Art / Photography Music / Web Radio
Literature Humor / Comic News / Magazines Web Mail
Chat / Instant Messaging Newsgroups / Blogs SMS/Ring Tones/Logos Digital Postcards
Search Engines / Web Catalogs / Portals Software / Hardware Web Hosting / IT Services Information Security
Translation Proxies Anonymous Proxies Illegal Drugs Alcohol
Tobacco Self-Help / Addiction / Dependency Dating / Relationships Restaurants / Nutrition
Travel Fasion / Beauty Sports Real Estate / Architecture / Residence
Nature / Environment Private Homepages Human Resources Shares / Stocks
Investment / Insurances Banking / Finances Transportation / Logistics Weapons
Health Abortion / Cloning Pharmacy / Drugs Business / Services
Promotion / Advertising Spyware Phishing Malicious Web Sites

<< Top >>


4. Can I get reports on my Internet traffic, including reports by user?
All of the SnapGear appliances can be purchased with URL Filtering and each one also includes a license to the security event monitoring system called SecurityReporter. SecurityReporter contains a pre-defined set of reports provide organizations a better understanding of their Internet traffic.

Some reports can be viewed by user IP address or by user name. To report by user name, user authentication is required. This feature is enabled on the firewall Access Control Main Tab. On this tab, Require User Authentication determines if users are asked for a username and password when attempting to access the Internet. Additionally, SnapGear administrators must select the Identify user by account option in the Content Filtering area of the Webwasher tab. Note: Internet Explorer users must configure the SnapGear unit as their default Web proxy for password-based access to operate correctly.
<< Top >>


Additional configuration requirements and options


5. How do I enable URL filtering?
The URL filtering functionality is an add-on module to SnapGear that must be purchased separately (see below for a free 3 month trial offer). Once you have activated the free 3 month trial or once you have purchased the URL filtering option, a few simple steps need to be followed to enable filtering. First, navigate to the Webwasher tab of the firewall Access Control configuration area. The Enable Content Filtering checkbox specifies whether Webwasher content filtering will be used or not.

3 Month Free URL Filtering Trial - The following SnapGear models can now participate in a 3 month free Web filtering evaluation:
  • SG300, SG550, SG560, SG565
  • SG630, SG635, SG579, SG575
  • SG580, SG710, SG710+
    << Top >>



    6. How many filtering policies can I create on a single SnapGear appliance?
    Only one global Webwasher filtering policy can be assigned per SnapGear appliance. There are many options for customizing this policy to best meet an organizations’ unique need. Additional details are included on this topic in the next section of the FAQ. Business models that require multiple policies and HTTPS or FTP filtering should upgrade to a local Webwasher Server with a complete set of robust Secure Content Management engines including URL Filtering, Anti-Spam, Anti-Virus, SSL Scanning and more.
    << Top >>



    7. Can I override the Webwasher block/allow policy?
    Custom URL and IP Whitelist (allow) and Blacklist (block) entries can be implemented on the SnapGear appliances that override the Webwasher block/allow policy. A number of options are listed below:
    • The ACL and Web Lists tabs of the firewall Access Control configuration area allow the SnapGear appliance administrator to override the Webwasher block/allow policy on a site-by-site basis. The ACL section can also be used to exempt specific workstation IPs from the Webwasher Block/Allow policy or to block specific workstation IPs regardless of the Webwasher block/allow policy.
      • The Web Lists tab uses URLs or URL fragments to allow (Whitelist) or block (Blacklist) Web sites regardless of the Webwasher block/allow policy. A performance impact is associated with this strategy.
      • The ACL tab can use lists of specific IP addresses to allow or block Web sites regardless of the Webwasher block/allow policy. The performance impact associated with this strategy is much lower than when Web Lists are used. This approach requires that each Web site use a stable IP address. Since DNS is not used, when a Web sites changes its IP address, it is no longer effectively controlled by the ACL entry. The most common use of this control would be a Whitelist of business partner Extranet sites.
      • The ACL tab can also be used to exempt or block specific user workstation IPs from the Webwasher block/allow policy.
        • A user workstation IP address that is exempted from the Webwasher block/allow policy is still restricted by block entries in the Web Lists. A user workstation IP address that is blocked from the Webwasher block/allow policy is still permitted to browse any allow entries in the Web Lists.
      • Web List block and allow entries are absolute by default. If a requested URL contains any of the URL fragments defined, a block or allow action will be triggered.Defining overly short URL fragments can result in many sites matching and being allowed or denied erroneously. Secure Computing recommends that URLs be restricted to the shortest length that achieves the desired result.
    • Every SnapGear appliance can accommodate several hundred override/exempt entries in a combined total for the ACL and Web Lists. The performance impact and the number of entries vary significantly with the length of the Web List URLs and the general load upon the appliance. The ACL IP format supports longer lists but Secure Computing recommends that the number of entries should not exceed 200 if slow Web page delivery is to be avoided. If override/exempt requirements are in excess of 200 entries, the customer should consider implementing a stand-alone Webwasher URL filter application.
    << Top >>




    8. If a site is not rated by Webwasher, can it still be blocked?
    SnapGear administrators can determine if they want all sites not yet rated by Webwasher to be allowed or blocked.
    << Top >>



    9. What if access to the Webwasher Rating Server is unavailable - will the appliance continue to filter Web access?
    The Cache option in the SnapGear appliance enables the caching of content rating results. It allows continued Web filtering operation with the cached rating results in the event that access to the Webwasher Rating Servers is unavailable. The Cache option on the SnapGear appliance will also improve performance and will require approximately 2 megabytes of memory.
    << Top >>


    		•   

    Additional Information
    Features & Benefits
    FAQs
    Literature
    Request Information



    Friday, December 05, 2008    NwTech, Inc. © 2008 All rights reserved.