1

COPYRIGHT NOTICE Copyright © 2004-2008 Cymphonix All rights reserved. Licensed software and documentation. Use, copy, and disclosure restricted by license agreement. DISCLAIMER Every effort has been made to ensure the accuracy of the features and techniques presented in this publication. However, Cymphonix, accepts no responsibility, and offers no warranty whether expressed or implied, for the accuracy of this publication. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, recording, or otherwise, without the express written permission of Cymphonix. The information in this document is subject to change without notice. Cymphonix makes no warranty of any kind in regard to the contents of this document, including, but not limited to, any implied warranties of merchantability quality or fitness for any particular purpose. Cymphonix shall not be liable for errors contained in it or for incidental or consequential damages concerning the furnishing, performance or use of this document. FCC TESTING DECLARATION This equipment has been tested and verified to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interferences in a residential installation. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one of more of the following measures: • • • • Reorient or relocate the receiving antenna. Increase the separation between the equipment and receiver. Connect the equipment into an outlet on a circuit different from that to which the receiver is connected. Consult the dealer or an experienced radio/TV technician for help.

Cymphonix 8871 S. Sandy Parkway, Suite 150 Sandy, Utah 84070 866-511-1155 www.cymphonix.com DOC-USR-0819-4

Network Composer User Guide

Table of Contents
Table of Contents ........................................................................................................................ ii  Chapter 1: Introducing Network Composer ............................................................................. 1  Chapter 2: Installing Network Composer ................................................................................. 3  Gathering Initial Information ......................................................................................................................................... 4  Connecting to Network Composer ................................................................................................................................ 5  Running the Setup Wizard ............................................................................................................................................. 7  Cutting-Over .................................................................................................................................................................. 8  Accessing Network Composer ...................................................................................................................................... 9  Manual Configuration ............................................................................................................................................. 10  Management/Auxiliary Interface ............................................................................................................................ 10  Text Menu Interface................................................................................................................................................ 11  Proxy Mode ............................................................................................................................................................ 14  Configuring Port Settings ............................................................................................................................................ 16  Configuring Cabling .................................................................................................................................................... 17  Testing Fail to Wire or No Failover............................................................................................................................. 17  Fail to Wire ............................................................................................................................................................. 17  Bypass Mode .......................................................................................................................................................... 18  No Failover ............................................................................................................................................................. 18  Chapter 3: Navigating Network Composer ............................................................................. 20 
General Navigation ...................................................................................................................................................... 20  Tasks Pane ................................................................................................................................................................... 22  Help Pane..................................................................................................................................................................... 23 

Chapter 4: Generating Reports ................................................................................................ 25  Home Page................................................................................................................................................................... 25  The Message Center................................................................................................................................................ 25  System Notifications ............................................................................................................................................... 26 

ii

............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 36  Chapter 5: Managing Network Composer ..................... 68  Setup Wizard .................................................................................................................................................................................................................................................. 69  Setup ..... 60  System Access tab ...................................................................... 60  Broadcasts tab ....................................................................................................................................................................................... 31  Dashboard Reports......................................................................................... 56  Directory Users .................................................................................................................. 71  Company Settings ................................................................................................................................................................................... 55  Directory Users & Nodes ................................................................................................................................................... 47  Internet Usage Rules .............................. 28  Right-Click Options ...... 34  System Reports tab ................................................................................................................................................................................................................................................................................................................................................ 26  Hardware Settings ..................................................... 28  Application Set ............................................................................................................................................................................................................... 55  Network Nodes ..................Network Composer User Guide Getting Started .......................................... 71  iii ........................ 45  Advanced Filtering .............. 27  Result Type ..................................................................................................................................................................................................................................... 69  Advanced Setup .......................................................... 49  Shaping Rules ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 65  Chapter 6: Administrating Network Composer ........................................................................................................................................................................................................... 62  Application Sets ............................................................................... 27  Correlated by ...................................................... 29  Bar-Pie Graph Drop-Down ...................................................................................................................................................................................................... 44  Content Filtering ..................................................... 33  Internet Usage tab ................ 32  Threats tab ..................................................................................................................................................................... 69  Ethernet Settings ................................................................... 59  Directory Agent ........................................................................................................................................................................................................................................................................................................................................................................................... 61  Traffic Flow Rule Sets ............................................................................................................................................................................................... 40  Groups ....................................................................... 29  Users tab .......................................... 40  Time-of-Day Rules ..................................................................................................................................................................................................................................................................................................................................................................................................................................... 27  Group ........ 28  Encryption Type ..................................... 68  Configuration tab ..................................................................................................................................................................................................................................................................................................................................................................................................................................... 27  Search ................................................................................................................................................... 43  Traffic Flow Rule Sets ........................................... 28  Directory User ....................................................................................................................................................................................................................... 28  Drop-Down Arrows ................................................................................................................................................................................................... 26  System ..................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 63  Applications ..................................................................................................................................................................... 26  Selected Date .......................................... 39  Policies & Rules tab .......................................................................................................................................................................... 52  Policy Manager ..................... 39  General Manage Options .................................................................................................... 27  Network Node ....................................................................................................................................................................... 35  Dashboards tab ............................. 26  General Reporting Options ...... 29  Snapshot-Real Time Drop-Down ......................................... 61  Applications tab ..................................................................................................................................................................................................................................................... 29  Report Recommendations ......................... 31  Applications tab .........................................................................................................

..................................................................... 79  Special Domains ...........................................................................................................................) Settings ................................................................................ 83  Group IP List ...................................................... 95  Directory Option 4: Directory Agent with Login Page . 81  Diagnostic Tools tab .................... 101  Create Network Composer Groups .................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 77  Static Routes ....... 82  Device Status .......................... 79  License Settings ........................................ 102  Deploy Directory Client/LDAP Client ............................................................................................................................................................................................................................................................................................................................... 92  Directory Overview .................................................................................... 75  Remote Subnets ................................................................................................................... 82  Directory Agent Diagnostics... 86  Directory Agent Login Page ...................... 96  Directory Option 5: LDAP Settings with LDAP Client (cymldap............................................................................................................................... 80  Proxy Settings ............................................................................................................... 94  Directory Option 1: Directory Agent with Directory Client (cymdir.................................... 84  Activity Log ................................................................................................................................................. 90  Spyware Removal Tool ...........................................................Network Composer User Guide Registration Settings ........................................................................................ 99  Create Directory Agents ............................................................................................................................................................ 84  IP Traffic Monitor .................................... 72  Update Settings ..............................................................................................................................................................................................................................exe) ........................ 82  Directory Agent Users ......................... 82  Display ARP Table ....... 98  Install Directory Agents ........................................................................... 116  Enable LDAP Settings ....................................................................................................... 84  Kernel Log ....................................................................................................................... 87  System Resets .................................................................................... 87  Utilities ...................................................................................................... 82  Ethernet Status ............................................................................................................................exe) ...................... 85  Redirection Pages .............. 83  Test DNS Settings...................... 92  Directory Options ....................................................................................................................... 75  User Preferences ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 105  Create Directory Internet Usage Rules ..................................................................................................................................................................................................................... 84  Logs tab ................................................................................. 87  Support Link .............................. 83  No LDAP Network Nodes ............................................................................................................................................................................................................... 117  iv .......................................................................................................................................................................... 83  IP Address Map .............................................................................................................. 83  PING ................................................ 78  SSL Certificate Settings ............................................................................................ 74  Custom Category Options ........................................................................................................................... 80  LDAP Settings ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 94  Directory Option 2: Directory Agent with IP Lookup .................................................................................................................................................................................................... 80  Backup ............................................................................ 101  Create Directory Agent Group .......................................................................................................................................................................................................................................................... 73  Custom Category Rules ............. 85  Blocked URL ............................................................................ 90  Chapter 7: Integrating Directory Users with Network Composer ................................................................................................................................................................................................. 84  Downloads tab ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 97  Directory Configurations ......................................................... 72  Miscellaneous (Misc.................................................................................................................................... 84  Traceroute .................................................. 95  Directory Option 3: Directory Agent with NTLM ........................................................................................................................................................................................................................................................................................................

........................................................................ 125  Certificate Authorities ................... 121  Troubleshooting Directory/LDAP Client............................................................................. 131  Network Composer’s Digital Certificate ........................................................................................... 136  Enabling Full SSL Content Filtering ................................................................................................................... 128  Content Filtering Rules .............................................. 130  Web Filter + Deny IM + Anonymous Proxy Guard + SSL Filter ............................... 127  Disable SSL Inspection and Filtering .............................................................................................................................................................................................................. 157  v ................................................... 128  Enable Full SSL Content Filtering ........ 128  HTTPS/SSL Blocking ............................................................ 140  Customer Support and Feedback .................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 132  Deploying Network Composer’s Certificate via Web Browsers ............ 131  Installing Network Composer’s Digital Certificate .......................................... 128  HTTPS/SSL Filter Exemption List ............................................................................... 119  Using Diagnostic Tools .................................................................................................................................................................................................. 128  Only Allow Trusted Certificate Authorities and Non-Expired Certificates .......................................................................................................................................................................................................................................................................................................................................... 126  SSL Anonymous Proxies ...................................................... 129  HTTPS/SSL Filtering Requirements ..................................................................................................... 142  Appendix B: MIME Types ........ 127  HTTPS/SSL Filtering ............... 127  SOCKS4/5 Proxy ...................................... 124  Chapter 8: Implementing HTTPS/SSL Filtering with Network Composer ................................................................................................................................................................... 127  SSL Full Proxy ................................................................ 153  Appendix D: Cymphonix CIDR Cheat Sheet ................................................. 131  Web Filter + Anonymous Proxy Guard + SSL Filter ........................................................................................................................................................................................ 122  Troubleshooting LDAP Settings ......................................... 141  Getting Help ...............................................................................................................Network Composer User Guide Create LDAP Groups .............................................................. 133  Deploying Network Composer’s Certificate via Active Directory ........................................... 119  Directory Troubleshooting..................................................................... 127  Enable Denied Access Page for SSL Certificate-Based Content Filtering ......................................................................... 119  Troubleshooting GPO Issues ........................ 141  Appendix A: Web Filtering Categories ... 129  Enabling SSL Certificate-Based Filtering ........................................................................................................................................................................................................................................................................................................................ 139  Viewing Sensitive Content on HTTPS/SSL Web Sites .......... 127  Enable SSL Certificate-Based Content Filtering ........................... 139  Confirming Network Composer’s Digital Certificate ................................................................................................................................................................................................................................................................................................................................................................................................................................ 155  Appendix E: Cymphonix License Agreement and Warranty ............................................................................................................................................................................................................................................................................................................................................................................................... 126  SSL CGI Proxy ...................... 131  Web Filter + SSL Filter .................................................................................................... 149  Appendix C: File Types ............................................................................................................ 127  TorPark Network ..................................................................

Network Composer User Guide vi .

Shape traffic—Network Composer can prioritize applications or users within the network. Network Composer will allow you to receive the most benefit from your network and users. you can then use Network Composer to optimize traffic.Chapter 1: Introducing Network Composer Welcome to Network Composer. With this information. you can also control which web sites or categories can be visited. and restrict unwanted types of traffic or web sites. Network Composer will allow you to block unauthorized web sites or web categories. P2P file sharing can consume large amounts of bandwidth. identify highpriority traffic. downloading files via File Transfer Protocol (FTP) or Peer-to-Peer (P2P) applications. Network Composer offers protection against spyware and virus web applications so that your network is running optimally. The device also provides tools to help control the traffic and identify potentially dangerous users or applications. allowing you to limit or restrict bandwidth and specific types of traffic. Network Composer provides three essential facets for traffic reporting and control: • • Filter content—Network Composer will monitor and report on web sites visited. you can monitor and manage traffic generated by specific applications within the network as well as traffic generated by specific users or computers. In addition to this. This information is valuable as you will begin to see how your network resources are being used. Block spyware and web viruses—Network Composer will also identify and block spyware or viral web sites and applications that can potentially harm your network and consume bandwidth. By monitoring all Internet traffic. Network Composer helps manage network traffic by reporting which types of traffic are being utilized on the network. • 1 . Network Composer is a smart gateway appliance from Cymphonix that offers network administrators an in-depth view on network traffic and resources. Network Composer can restrict this traffic allocating more bandwidth to higher priority traffic. With Network Composer. In essence. Not only can you manage traffic from users and devices. For example. Network Composer will report on how much bandwidth is being used for browsing the Web.

Network Composer User Guide Network Composer can quickly increase bandwidth for high priority traffic. ensure employee productivity. This user guide will instruct you on how to utilize and deploy the various functions of Network Composer. 2 . and prevent users from compromising your network. provide appropriate web content. add an additional layer of security.

Network Composer User Guide Chapter 2: Installing Network Composer In this chapter. please contact your Authorized Cymphonix Reseller and/or the person responsible for the service of your network. The following topics will be covered: • • • • • • • • • Gathering Initial Information Connecting to Network Composer Running the Setup Wizard Cutting-Over Accessing Network Composer Using Alternative Configuration Methods Configuring Port Settings Configuring Cabling Testing Fail to Wire or No Failover Network Composer is a powerful network device that is relatively easy to set up in any network environment using the instructions in this document and the Setup Wizard. you learn how to perform an initial installation of Network Composer. If you have questions or are unsure about the installation of Network Composer. 3 . Please read and understand all configuration and installation considerations before proceeding.

You may copy over these settings during the Setup Wizard. Locate this card to enable the licenses on your system during the setup process. the Setup Wizard will detect available addresses and settings within your network via DHCP. Network Composer (Bridge) IP address: Subnet Mask: Default Gateway (WAN Side) IP address: DNS Server IP address: Management/Auxiliary Port IP address: The Management/Auxiliary Port IP address cannot be in any active subnet in your network. Management/Auxiliary Port Subnet Mask: Total Download Bandwidth (in Kbps): Total Upload Bandwidth (in Kbps): 4 .Network Composer User Guide Gathering Initial Information Under this section are listed the information and basic definitions of terms you will need to know before installing Network Composer. One hundred connections on your network will constitute 100 Network Node license. Begin by reviewing the information and filling out the following table for documentation. IP Configuration If you are unsure of the following fields. Please make sure that the amount of licenses purchased is sufficient for the active connections present on your network. License Key: Model Number: Serial Number: Licensed Network Nodes: Licensing—licensing with Network Composer is based on network connections. You will need the subsequent information: License Key Licenses that have been purchased with your system will ship as a license key on a card in the Documentation & Accessories box. Model Number and Serial Number—these numbers are associated with your Network Composer for device identification and are used in conjunction with the License Key for verification of the amount of licenses purchased.

Please make sure the amounts you enter in these fields are correct.Network Composer User Guide Time Zone: Amounts used in the Total Download Bandwidth and Total Upload Bandwidth will restrict total throughput through Network Composer. System Alerts & Broadcasts email address (System Administrator): Email Server Hostname or IP address (optional): Remote Subnets Network Composer will identify and monitor all network traffic native to its local subnet. 5 . you may leave the following fields blank. etc. you’re ready to make your initial connections to Network Composer. different network addresses. Subnet Address (CIDR notation): Subnet Address (CIDR notation): Subnet Address (CIDR notation): Once you have this information. You will also need to connect Network Composer to your network. If you have a routed network (VLANs. the email server listed below must be configured to relay messages from Network Composer. Email Settings In order for Network Composer to send email alerts.). please note the network addresses outside Network Composer’s local subnet with the appropriate CIDR notation. See Appendix E for CIDR Cheat Sheet. If you are not interested in this option. Connecting to Network Composer The next step is to power on and establish a connection to Network Composer from a local management workstation/laptop. you must fill out the Email Settings. If you would like to receive email alerts when users attempt to access viral web sites.

Default IP Address—192.255.168. 4. Figure 2. IP Address—192. Connect a straight-through cable from Network Composer’s WAN port to an empty port on your local network switch. 2. or you do not wish to use the Setup Wizard. Subnet Mask—255. Write down the existing IP settings of your local workstation/laptop so that you can easily change them back when configuration is complete.255. 1. Change your local workstation/laptop IP settings.81 d.80 b. Default Subnet Mask—255. Connect a cross-over cable (included in your Accessories Kit) from Network Composer’s LAN port to the network port on your workstation/laptop. If you do not have an active Internet connection available.0 The suggested settings for the local workstation/laptop are the following: c.1 Network Composer Configuration Connectivity 3.255.Network Composer User Guide Running the Setup Wizard requires an active Internet connection from the network where Network Composer will be installed.168.1. You will need to change the IP settings on your local workstation/laptop to communicate with the default settings of Network Composer: a. please consult the section Using Alternative Configuration Methods.255.1.0 6 .

Major firmware upgrades will result in a reboot of your system when complete. To access the Setup Wizard. Network Composer will test the settings of each step and if successful. Default Password: cymphonix (all lowercase) 3. 7 .2 The Setup Wizard Welcome Screen 5.80 in the address bar. as well as on systems that have been reset to factory defaults. will allow you to proceed. Figure 2. open Microsoft’s Internet Explorer (IE) 6 or higher and enter http://192. 2. Read the following information displayed in the Welcome Screen and select Next>>. 4.1. if necessary. Default User Name: admin (all lowercase) b. Using the information you collected in the section Gathering Initial Information.168.Network Composer User Guide Running the Setup Wizard 1. complete the steps within the Setup Wizard. 6. This step will also check for updates and will automatically retrieve and install them. The final step in the Setup Wizard allows you to confirm and. Please read and accept the EULA agreement. Login to the system using: a. edit your configuration. The Welcome Screen is then displayed automatically on new systems. Select Next>> when the page fields are complete.

Network Composer User Guide Please note that advanced configuration options such as Directory Integration or Ethernet Settings require additional steps that are not covered in the Setup Wizard. Verify that the straight-through cable is plugged into Network Composer’s LAN port and the Core Network Switch. Remove the cables connected to Network Composer’s WAN and LAN ports. 2. Now that you have finished the Setup Wizard. Verify that the cross-over cable is plugged into Network Composer’s WAN port and the Firewall/WAN Router. 3. 8 . you can skip the current section and proceed to the section Using Alternative Configuration Methods. Network Composer should now be sitting inline with your Internet traffic. Using the cross-over cable. 4. Cutting-Over Only perform these next steps when network traffic can be momentarily interrupted. For typical installations you will need to follow the next steps and physically place Network Composer inline with your network’s traffic. connect the WAN port of Network Composer to the now open port on the Firewall/WAN Router that was previously used by the Core Network Switch. Unplug the cable from the Firewall/WAN Router and connect it to the LAN port on Network Composer. In general this location is between the Firewall/WAN Router and the Core Network Switch. For additional information. 8. 6. Network Composer requires all Internet traffic to pass through its bridge interface. 7. Verify that local workstations can access the Internet by opening a web browser and navigating to several web sites. Confirm the Light Emitting Diodes (LEDs) for both the WAN and LAN ports are posting solid green (link) lights and blinking amber (speed) lights. you will need to change your local workstation/laptop settings back to their original IP settings. If you are planning to configure Network Composer in Proxy Mode. Locate the connection between the Core Network Switch and the Firewall/WAN Router. 1. If you modified your local workstation/laptop IP settings. 5. please review their corresponding chapters. you are ready to place Network Composer inline with Internet traffic. unless the device is configured in Proxy Mode.

there are alternative methods that can be used for initial configuration of the device as well as different modes that Network Composer can accommodate. current firmware versions.3 Network Composer Installation Connectivity If you are able to browse to the Internet. you have completed the installation of Network Composer. However. Accessing Network Composer After completing the configuration and installation processes. 2. you can access Network Composer by using the IP address you assigned to the device during the Setup Wizard. Using Alternative Configuration Methods The previous sections discuss the most common steps for installing Network Composer. This page provides a snapshot of system health. Open Microsoft’s IE 6 or higher and navigate to http://IP address assigned. subscription settings. Login using the default credentials (listed under the section Running Setup Wizard) or with the newly created administrative login. Select the Manage -> System Access -> Logins link to make these changes. When you login to Network Composer the Home Page will display. 1. 3. We strongly recommend that you create a new administrative login. filtering effectiveness.Network Composer User Guide Figure 2. In this section 9 . as well as links to administration of your new system. and change the default login password to limit access to Network Composer. The device should now be sitting inline with your Internet traffic and monitoring web requests.

The following table shows where the network configuration information collected in Gathering Initial Information can be manually entered into Network Composer’s configuration pages. Default Subnet Mask—255. Manual Configuration Physical connectivity for manual configuration of Network Composer can be accomplished using a cross-over cable from a local machine (such as a laptop) to either the LAN.255.255. 1.1.1. See the instructions in Connecting to Network Composer on modifying your local machine IP settings to connect to Network Composer. 2. WAN. Default Management/Auxiliary IP address—10. Change you local workstation/laptop IP settings. Settings Company Settings Remote Subnets Management/Auxiliary Interface Network Composer can be accessed via the Management/Auxiliary port for the initial configuration. Quick Start Guide Table Name License Key IP Settings Total Upload/Download Bandwidth Email Settings Remote Subnets Admin -> Configuration -> Page Name License Setup Misc. or Management/Auxiliary (AUX) ports on Network Composer. Connect a cross-over cable (included in your Accessories Kit) from Network Composer’s Management/Auxiliary port to the network port on your workstation/laptop. the IP settings for the port will need to be different than those for the bridge interfaces (WAN and LAN ports) and cannot be an IP address found under the Remote Subnets listings. If you wish to configure Network Composer without the assistance of the Setup Wizard. the Manual Configuration settings can be accessed through Admin -> Configuration settings screens. 3.0 The suggested settings on the local workstation/laptop are the following: 10 . Simply cancel the Setup Wizard and access the settings listed in the table below.1 f. However.Network Composer User Guide the topics of installing Network Composer without the assistance of the Setup Wizard as well as Proxy Mode will be discussed. You will need to change the IP settings on your local workstation/laptop to communicate with the default settings of Network Composer: e. Write down the existing IP settings of your local workstation/laptop so that you can easily change them back when configuration is complete. or if you are pre-configuring the system for installation.

please follow the steps listed under the next section. 3. Subnet Mask—255. The one exception is IP Traffic Monitor (Option 2— Utilities. most advanced technical options are only available through the GUI menus. 2. Double click on the program. Enter in the IP address of Network Composer.exe from the CD. system administrators. please follow the steps listed under the section Setup Wizard. and other trained technical personnel to access the device via a text interface. IP address—10. Below are the supported options for accessing Network Composer’s Text Menu: • • Secure Shell (SSH) HyperTerminal (via serial connection) The default login for all these menus is the following: • • Default User Name: menu (all lowercase) Default Password: cymphonix (all lowercase) Secure Shell Access Secure Shell (SSH) access allows administrators to access Network Composer’s Text Menu through a secure connection. section Diagnostic Tools tab. 11 . Leave all other settings at default. similar to a Command Line Interface (CLI). While some of the basic features and options available within Network Composer’s web interface are also available here.1. From the Management/Auxiliary port. Click the Open button. which is discussed under Chapter 6: Administrating Network Composer.Network Composer User Guide g. you can access Network Composer via the GUI or Text Menu (covered in the following section). If you choose to configure Network Composer via the Text Menu. SSH applications such as PuTTY (a freeware application available from the installation CD) make it easy to use this secure method of accessing systems remotely. 1.2 h.255. Text Menu Interface Network Composer’s Text Menu allows installers. Option 3—IP Traffic Monitor).1. Download PuTTY. If you choose to configure Network Composer via the GUI.255.0 4. 4. 5.

7. Figure 2. Login with the default credentials.4 PuTTY Configuration 6.Network Composer User Guide Figure 2.5 Text Menu Interface 12 . Type 1 to access Configure IP addresses submenu.

Enter in the information collected in the IP Settings table under Gathering Initial Information.400 Data bits: 8 Parity: None Stop bits: 1 Flow control: None 6. 10. Set up a connection using HyperTerminal (Start -> All Programs -> Accessories -> Communications -> HyperTerminal). Default User Name: menu (all lowercase) b. Although there are other terminal simulators that can work with the Network Composer’s serial connection. Login with the default credentials: a. Click the OK button. select the COM port for the connection. you can perform the steps listed under Cutting-Over of this chapter. 13 . press the Enter key to confirm a connection. 3. In the New Connection Description dialog.Network Composer User Guide 8. enter a name for the connection in the Name field and select an icon if you want. Once Network Composer has been configured using an alternative method described above. Default Password: cymphonix (all lowercase) 9. 5. 2. Serial Access The following section lists steps on how to connect to Network Composer’s Text Menu using HyperTerminal.4 8N1). In the Connect To dialog. Click the OK button. When the main HyperTerminal screen appears. select the settings that correspond to: • • • • • Bits per second: 38. 1. Type the information collected in the IP Settings table under Gathering Initial Information. Click the OK button. 4. Type 1 to access the Configure IP addresses submenu. Ensure that you have a null modem cable (included with shipping materials) connected to a communication port of your local workstation/laptop and to Network Composer’s serial port (38. 1. 7. the steps listed below are for a workstation/laptop with Windows XP and HyperTerminal. 8. In the COM Port Properties window.

the recommend placement of the device is inline with traffic. web traffic is routed to the server which requests the web sites for the intended users. If Network Composer has a private IP address and you want external users to use Network Composer as a proxy. Under the Address field. A web proxy is normally a server that carries out web requests for users. or if you have users on the WAN side of Network Composer that you want to filter. these steps are not covered in the User Guide and will need to be researched independently. 8. Click the LAN Settings button. Typically. enter in the number 8888. Open up IE 7 web browser. Firefox 2 1. Under Proxy Server section. 3. Open up Firefox 2 web browser. Click on Tools -> Options. Click on the Connections tab. Proxy Mode For full functionality of Network Composer. 2. Click on Tools -> Internet Options. This configuration does not require Network Composer to be inline with network traffic. Under the Port filed.Network Composer User Guide We strongly recommend that you change the default password for the menu account to limit access to the Text Menu. select the checkbox for Use a proxy server for your LAN. you must alter the connection settings of the users’ web browsers to use the IP address of Network Composer as a proxy and port 8888 for browsing. (Port 8888 is the assigned port utilized by Network Composer’s filtering engine). you may need to create a Network Address Translation (NAT) rule for Network Composer. Select Option 3—Change Menu Password under the main menu to make this change. however. Network Composer does likewise with a configuration called Proxy Mode. Afterwards. 14 . or other network devices. you can configure Network Composer as a web proxy. the device must have a network connection to the users and the Internet via the WAN or LAN port (only one has to be active). 6. To use Network Composer as a proxy. 5. 2. 4. Click on the Advanced menu. Below are the steps on how to alter the LAN connections using IE 7 and Firefox 2. However. enter in Network Composer’s IP address. you can then use either the Setup Wizard or an alternative method to assign the device the required IP settings. VPN connections. With this connection. 3. You can also alter LAN connections via Group Policy Objects (GPOs). Click OK until the settings are applied. if you do not want to place the device inline with network traffic. 7. Internet Explorer (IE) 7 1.

There will. Once users’ web browsers have been configured to use Network Composer as a proxy. You can confirm this under Manage -> Directory Users & Nodes -> Network Nodes. If you have enabled Directory settings. Select the radio button next to Manual proxy connection. As such. You can then create groups based on the profiles for content filtering and reporting.Network Composer User Guide 4. Advanced Filtering. click the Settings button. This setting is found under Admin -> Configuration -> Advanced Setup. No Filters. Under the Connection section. Web Authentication 15 . Please see Chapter 5: Managing Network Composer for steps on how to create groups. If a specific feature in not listed in this table. 5. Web Filter Only. In addition to this. 10. Click OK until the settings are applied. You may also select the checkbox Use this proxy server for all protocols as well if you like. Select the Network tab. Network Composer will then begin to create profiles for users as they begin to send web requests to Network Composer. you will then need to configure Network Composer to accept web requests. 6. Because network traffic is not physically passing through Network Composer’s bridge interface. in particular bandwidth control and full reporting. you cannot use all of the Advanced Filtering options and HTTPS/SSL Filtering settings to ensure content filtering. the device can no longer confirm which applications are passing nor control bandwidth. and SSL Filter. Content Filtering. HTTPS/SSL Filtering (SSL Certificate Based Content Filtering). Enter in the number 8888 in the Port field. SSL Block. 9. however. Proxy Mode Support Report Threats Spyware Overview Spyware Infected Users Spyware Threat Names Virus Overview Virus Infected Users Virus Threat Names Manage Policies & Rules Groups Time of Day Rules Internet Usage Rules o TFRS (HTTP Traffic Only) Deny Access. Select the check box next to Allow HTTP Connections on port 8888. you will not be able to apply all Shaping Rules nor will there be data posted for under the applications reports (Report -> Applications) or users reports (Report –> Users). Don’t forget to apply the changes. Below is a table of all supported reports and menus with Proxy Mode (Report and Manage Tabs). then it is not supported in Proxy Mode. Web Logging. 8. Please note that Proxy Mode does not offer all functions over network traffic normally associated when the default inline mode. Enter in the IP address of Network Composer in the HTTP Proxy field. Network Composer will also create Directory Profiles as well (Manage -> Directory Users & Nodes -> Directory Users). With Proxy Mode you will only be able to filter web content and report on web sites visited. be data under Internet Usage and Threats. 7.

Configuring Port Settings Network Composer’s bridge ports (WAN and LAN) by default are set to auto-negotiate for both speed and duplex settings. Web Filter Only. you can install Network Composer inline with network traffic for internal users. Review both WAN Port and LAN Port tabs to confirm that Network Composer is operating at the correct speed and duplex. No Filters. SSL Block. For example. You can do this under Admin -> Configuration -> Ethernet Settings. you may need to hard set the interface settings 16 . Hard setting the Ethernet settings can cause network interruptions. you gain full functionality for internal users and web filtering functionality for external users. and then alter web browser settings for VPN or external users to use Network Composer as a proxy. Only perform these next steps when network traffic can be momentarily interrupted. a duplex mode that is not Full or are generating errors. you should confirm that Network Composer is operating at least 100Mbps or above. However. you may need to hard set these settings on the interfaces. This way. In addition to this. and is not generating any interface errors. Select the speed and duplex settings you would like to hard set for the desired port(s) and press the Apply button. Web Logging. If the auto-negotiating settings list a speed under 100 Mbps.Network Composer User Guide Shaping Rules o Web Content Policy Manager Directory Users & Nodes Directory Users Directory Agent Network Nodes Internet Usage Web Hits Overview Web Bandwidth Overview Web Hits by Network Node Web Bandwidth by Network Node Web Time Online System Reports Active Users CPU Utilization IP Connections Latency Packets per Second RAM Usage Dashboard Real Time URL Monitor Broadcast Manager Applications Traffic Flow Rule Sets (HTTP Traffic Only) Deny Access. Also verify that no errors are listed under the Errors field. Normally auto negotiate will allow Network Composer to operate at least 100 Mbps or above and FullDuplex. You can do this under Admin -> Diagnostic Tools -> Ethernet Status. and SSL Filter One final note is you can configure Network Composer inline with traffic and use the device as a proxy for a combination of functionality. Full-Duplex. This means that Network Composer will negotiate with the devices that are plugged into these ports to verify their speeds and duplex mode.

the model of Network Composer you receive will be designed for Fail to Wire. 1. In any case. if you are installing Network Composer in between a firewall and the core network router. The next section will explain these options. Testing Fail to Wire or No Failover Network Composer offers two options for network connectivity in case of a device failure or power loss: Fail to Wire and No Failover. Only perform this test when network traffic can be momentarily interrupted and you are physically next to Network Composer. After confirming your preference and the installation of Network Composer. Fail to Wire allows network traffic to pass in case Network Composer fails or is powered down. you should confirm Fail to Wire or No Failover by following the steps listed in the next section. Typically. you should perform some tests to confirm the functionality. Fail to Wire Fail to Wire allows network traffic to pass in case of failure by closing a circuit in between the WAN and LAN ports. for this to work properly. if the devices connecting to Network Composer offer Medium Dependent Interface Crossover (MDIX). Also. which can compensate for switching transmit and receiving signals. If after hard setting the ports. you may be able to use straightthrough cables for each port. Unless specified before purchase. Network Composer’s WAN port will connect to the firewall via a cross-over cable while Network Composer’s LAN port will connect to the core network switch via a straight-through cable. Configuring Cabling In addition to confirming the port and duplex settings. Power off Network Composer under Admin -> Utilities -> System Resets -> Hardware Shutdown. This will allow Fail to Wire and No Failover to work correctly. Your preference must be specified before purchasing the device as the implementation is done via hardware. In a standard installation. you should also confirm cables connected to Network Composer.Network Composer User Guide on the devices connected to Network Composer. you may need cross-over cables for each port. After confirming negotiation. 17 . layer 3 devices connected to Network Composer require a cross-over cable while layer 2 devices connected to Network Composer require straight-through cables. However. the devices connected to Network Composer must be able to negotiate correctly. Network Composer is still generating errors. you may need to change the cabling. You can confirm negotiation by reviewing the section Ethernet Status. you will want to confirm the cabling for proper negotiation for Fail to Wire or No Failover. However. while No Failover stops all network traffic in the event of failure or power less.

These procedures should only be used when there is no other alternative for powering down the device. hardware failure.Network Composer User Guide Do not power down Network Composer by pulling the power cord or pressing the power button on the front bezel. 5. Bypass Mode Besides powering down Network Composer. the duplex settings and cabling. please wait up to 5 minutes after powering down Network Composer completely before performing the next step. Do not power down Network Composer by pulling the power cord or pressing the power button on the front bezel. Confirm that the firewall/WAN router and the core network switch are still communicating by the interface LEDs. This is indicated by the LEDs on all ports. Depending upon the devices that are connected to Network Composer.e. when a failure is detected. i. log into Network Composer and verify that the unit in functional. • • Confirm that all network options are available. As such. As such. etc. browse the Web. Depending upon the devices that are connected to Network Composer. it may take up to 5 minutes for Fail to Wire to complete. 4. running the device out of specs.. etc. i. Power off Network under Admin -> Utilities -> System Resets -> Hardware Shutdown. As such. it may take up to 5 minutes for No Failover to complete. If the test is not successful.e. check the compatibility of port speed/duplex and cabling used on Network Composer and the other devices. thereby denying Internet access. 1. If this happens. there are other scenarios that can cause Network Composer to fail.. Power on Network Composer using the power button on the front bezel. 3. 18 . No Failover No Failover works by simply grounding the circuit in between the WAN and LAN ports of Network Composer. duplex settings. please wait up to 5 minutes after powering down Network Composer completely before performing the next step. Diagnosing and troubleshooting the problem may require that you physically remove Network Composer from the network. These procedures should only be used when there is no other alternative for powering down the device. please contact your Authorized Cymphonix Reseller and/or Cymphonix Technical support. 2. and cabling. all traffic will not be passed from the LAN port to the WAN port. Once a failure is detected. log into a remote site. which will blink and scroll in unison. After waiting 5 minutes for the device to power up. Network Composer will initiate the supported Bypass Mode (Fail to Wire or No Failover). 2.

If Network Composer is entering No Failover unintentionally. If the test is not successful. please contact your Authorized Cymphonix Reseller and/or Cymphonix Technical support for diagnosis and troubleshooting. Confirm that the firewall/WAN router and the core network switch are not communicating by the interface lights. 4. 5. let’s discuss how to navigate through Network Composer’s GUI. Now that you have confirmed Fail to Wire or No Failover. log into a remote site.Network Composer User Guide 3. etc. • • Confirm that all network options are not available. i. 19 . attempt to browse the Web.. there are other scenarios that can cause Network Composer to fail besides powering down the device. After waiting 5 minutes for the device to power up. check the compatibility of port speed/duplex and cabling used on Network Composer and the other devices.e. log into Network Composer and verify that the unit in functional. As with Fail to Wire. Power on Network Composer using the power button on the front bezel.

the Report tab will be used for generating reports and viewing network traffic. the expanded menus for those tabs will appear. The Home Page provides a snapshot of system health. current firmware versions. and Admin. Network Composer’s navigation is divided into three tabs: Report. You should receive the login menu. subscription settings. you will be presented with the Home Page. The Admin tab is used for basic and advanced configuration of the device. When you click on one of the tabs. as well as troubleshooting and disaster recovery. content filtering rules. The Manage tab will be used to create groups. filtering effectiveness. You can then select a submenu under the corresponding tabs for more options which will appear as expandable selections. 20 . In general. and shaping rules. Each tab presents you with different functions for Network Composer. The chapter is divided into three sections: • • • General Navigation Task Pane Help Pane To access Network Composer.Network Composer User Guide Chapter 3: Navigating Network Composer This section contains guides and tips on how best to navigate through Network Composer’s Graphical User Interface (GUI). as well as links to guide the administration of your system. Manage. open up Microsoft’s Internet Explorer (IE) 6 or higher and enter in the IP address assigned to Network Composer in the address bar (Network Composer only supports IE 6 and above). General Navigation Once you login to Network Composer.

and attempt to access a menu. If you are presented with the below dialog box. you may need to re-login to Network Composer. Network Composer has a pagination menu that can be used to navigate to specific pages or towards the end or beginning of a series. and the different navigation options available. If the problem persists. depending upon which tasks are being preformed. Figure 3. You can also navigate to the next (Next) or previous (Prev) page by clicking the single arrow or to the very end or beginning of the series by clicking the double arrows. let’s explain the Tasks Pane. membership box. 21 . Help pane. This is usually a result of services being restarted. you may receive a communication error from Network Composer. Do not use the back arrow button available on your web browser next to the Admin tab as this will take you back to Network Composer’s login page. select the OK button.3 Communication Error Dialog Box Now that you have become familiar with general navigation.2 Network Composer Pagination arrows Finally.Network Composer User Guide You can navigate back between tabs and reports by using the back arrow button located . the pagination menu will post towards the bottom of the report. or application menus. Figure 3. The open box in the pagination menu allows you to view a certain page after entering the page number and clicking the Go button (the available pages are listed above the open box). wait 30 seconds. Figure 3. Where available. or application menu.1 Network Composer Navigations tabs For large reports. group membership. You can have multiple tabs open for ease of use by right-clicking a selection and choosing Open in new tab. Each tab color will correspond to the main menu tab color.

new domain. i. the Tasks Pane will list options on how to present the report.e. changed name. For example.. i.e. etc.e. new NetBIOS name. Export. the contents displayed in the Tasks Pane will change depending on the screen currently displayed. Re-scan Directory User Name: This will re-scan profiles under Directory Users (Manage -> Directory Users & Nodes -> Directory Users). Below are listed all options presented in the Tasks Pane with the corresponding action. new groups.. etc.Network Composer User Guide Tasks Pane The Tasks Pane is located in the upper–right corner of any of Network Composer’s screens.. These actions are available by clicking on the Tasks Pane icons located in the Tasks Pane. Email. Print. Please review Chapter 4: Generating Reports for more information on some of the options. i. Use this action when a device needs to be re-scanned due to configuration changes. new IP address. Because of this. The Tasks Pane lists actions or options that can be selected for the active page. Actions —Download Certificate: Download the SSL Certificate Correlate by —Category: Correlate report by Web categories visited —Directory User: Correlate report by Directory User profiles —File Type: Correlate report by File Types downloaded —Group: Correlate report by Group profiles —Host: Correlate report by Web sites (hosts) visited —MIME Type: Correlate report by MIME Types downloaded 22 . Actions —Directory User Dashboard: Displays Directory User Overview —Directory User Detail: Displays Directory User Detail for selected Directory User profiles —Network Node Overview: Display the Network Nodes Overview report —Network Node Detail: Display all details for the Network Node selected Re-scan Port: This will re-scan profiles under Network Node Manager (Manage -> Directory Users & Nodes -> Network Nodes). The Tasks Pane is a great help that will post common accessible actions. if you select a report. Use this action when Directory Users need to be re-scanned due to configuration changes. etc.

For example. the Help Pane will list Related Topics for the Application Overview. Help Pane The Help Pane lists topics from the User Guide that are related to the page currently posted. Web site. If your device does not post the correct time. or profile —View Hits Report: View amount of URL hits for selected Web category. or profile System Information System Information will post current system time. Please review the sections Setup and Advanced Setup in Chapter 6: Administrating Network Composer. if you select the Application Overview report. You can then select the link which will display the first 23 . you may need to adjust the Time Zone settings or the Network Time Protocol (NTP) server. Web site.Network Composer User Guide —Network Node: Correlate report by Network Node profiles —None: No correlation —Service: Correlate IM reports by IM Client service Export —Email: Send the report in an email —Excel Document: Export the report or polices into a Comma Separated Value (CSV) format —Print: Print the report or polices currently displayed on screen —XML Document: Export the report or policies into an Extensible Markup Language (XML) document Getting Started —Getting Started Videos: Watch tutorial videos on the corresponding topic Related Dashboards —Directory User Dashboard: Display all traffic reported for the Directory User selected —Group Dashboard: Display all traffic reported for the group selected —Network Nodes Dashboard: Display all traffic reported for the Network Node selected Related Tasks —View Bandwidth Report: View amount of bandwidth consumed for selected Web category.

you can select the link for Cymphonix Network Composer Privacy Policy under the Help pan. The product details collected as part of the Product Enhancement Program may change from time to time as new features and capabilities are added to or changed in the product. You must have Adobe Reader installed to use the Help Pane. 24 . and will not impact system performance.Network Composer User Guide page within the User Guide dealing with the Application Overview. the Tasks Pane and Help Pane are collapsible by selecting the collapse icon located to the right of the Tasks Pane. Lastly. will not be used for direct marketing. This file will not contain personal identifiable information. The privacy policy covers how Cymphonix will handle personal information collected and received with Network Composer. The Product Enhancement Program allows Cymphonix to upload a small file containing anonymous configuration and system usage details as part of the scheduled update routine. For full details on this information. One last item under the Help Pane is Cymphonix Network Composer Privacy Policy. You can stop participating at any time by disabling the checkbox located in the Product Enhancement Program. but they will never include personal identifiable information. The Help Pane also posts information regarding the Product Enhancement Program.

System Notifications. The Home Page is divided into 5 sections: Message Center. web sites visited. The Message Center will also post important suggestions such as changing default passwords and 25 . The Message Center The Message Center posts message about firmware and software releases. This chapter is divided into each report available and also general reporting rules that will apply to each different report. • • • • • • • • Home Page General Reporting Options Users Tab Applications Tab Threats Tab Internet Usage Tab System Reports Dashboards Tab Home Page The first page presented under the Report tab is the Home Page. Hardware Settings.Network Composer User Guide Chapter 4: Generating Reports The Report tab will present information concerning network traffic. The top display will be the Message Center. Getting Started. and System. and system health.

the message may return if the problem is not resolved. System Notifications System Notifications will post messages from Network Composer. Correlated by. and expiration date of Annual Software Maintenance (ASM). System Time. Serial number. Last Known Updates. Afterwards. or network scenarios such as asymmetrical routing that require advanced configuration will be posted here. i.. 26 . or application. Network Composer will not be able to update firmware. Software Version. and Policy Management. blocked web requests. ASM is used for support on your device and provides Network Composer with continued updates on firmware. Network Node. Directory User. Group. Messages such as incorrect installation. Totals for each parameter are displayed for the last 24 hours. blocked viruses. These messages are intended to alert the administrator of Network Composer of critical configuration or incompatibility issues that may impede proper Network Composer functionality. These messages are posted by date and can be read by selecting the individual messages. spyware or anti-virus nor will Cymphonix Technical support be available. anti-virus. Getting Started The Getting Started area provides you with access to tutorial vides that give you a hands-on demonstration on some of the main components of Network Composer. Hardware Settings The Hardware Settings area provides you with a summary of your Network Composer’s hardware settings. you may delete the messages by either selecting the trash icon next to the message or by clicking the delete button inside the messages.Network Composer User Guide company communications. Select the appropriate link to view a tutorial that will walk you through the selected topic. user. These messages will be posted in their entirety on the System Notifications area. however. exceeded license count. Result Type. If your ASM is not current. General Reporting Options There are several options available that are universal under the Report Tab. The videos cover topics such as Group Management. and content filtering. spyware. ASM also grants you access to Cymphonix Technical support if needed.e. To renew your ASM please contact your Authorized Cymphonix Reseller or Cymphonix Sales at (801) 938-1500 option 1. and Encryption Type. content filtering. This area also posts the device’s Licensed Nodes. Search. These options are Selected Date. Model. You may delete the messages by selecting the trash icon next to the message. and average CPU load. System The System area provides you with a summary of Network Composer monitoring statistics and system information such as blocked spyware. software. These options allow you to customize reports on any device. and Device ID. Time-of-Day Rules.

Last Week. select the profile and click the Add button. you will be presented with a calendar that will allow you to adjust the time and days accordingly. Directory User. Search This field will allow you to search for different sections in reports. Last Year. Correlated by This field allows you to link traffic reports to the most bandwidth consuming users (Group. Then click the OK button to run the report. Search the Available Groups list for the desired Group profile. Last Month. Clicking this field will populate the Select Filter Group box. i.e. The report will then modify to display the last 30 days for the specific device. This option allows you to customize web reports based on the four general areas of web sites: No Filter (All web sites requested). Selected Date Selected Date allows you to adjust the time frame for the generated report. 27 . categories. Enter in the search criteria and click the Search button (or press the Enter key) for results. if you would like to search for traffic from a specific device within the last 30 days. and Custom. This will post the top applications passing traffic through the network within the last 24 hours. If you select Custom. Blocked (web sites that have been blocked). click on the Application Overview report (Report -> Applications -> Application Overview). These same options can be used for a wide variety of reports. and Bypassed (web sites that were bypassed using the Bypass Password). However. You can also use the field to link Internet Usage reports by the most browsed web Categories. File types. You may also click on the different settings contained within the specific reports for a list of available options. and Network Nodes) for specific applications. Last 30 Days. Allowed (web sites that have been accessed). Result Type This field is available under Web Content reporting. and MIME Types. The options available are Last Hour. Hosts. applications.1 Reporting Options For example. specific web sites. Last 7 Days.Network Composer User Guide Figure 4. you may adjust the Selected Date and search for device under Network Node. etc. Below are listed all available adjustments with reporting.. Group This field will allow you to search for specific Groups. Last 24 Hours.

users. etc. and right-click on the title.Network Composer User Guide Network Node This field will allow you to search for specific Network Nodes (devices on the network). typical web requests that use Hypertext Transfer Protocol-HTTP (No Encryption). Clicking this field will populate the Select Filter Directory box. to view specific applications under Application Set reports you can use right-click options to post the report. Network Node. This option will allow you to filter reports by Application Sets. Application Set This field is available under Application Overview and some detail reports. Directory User This field will allow you to search for specific Directory Users. right-clicking will present you with the most common options for the report. 28 . or web requests that use Secure Hypertext Transfer Protocol—HTTPS (Secure Socket Layer-SSL). Clicking this field will populate the Select Filter Network Node box. For example. Figure 4. Encryption Type This field is available under Web Content reporting. Go to Report -> Application -> Application Set Overview. select the profile and click the Add button. You will be presented with several options that will allow you to correlate the report. If you are not sure how to retrieve detailed information within a specific report.2 Right-click Options Selecting this option will post the specific applications being used under the application set. Select Correlate by Application to view the exact applications within the Application set. Then click the OK button to run the report. This option allows you to customize web reports to display all web requests (No Filter). Chapter 8: Implementing HTTPS/SSL Filtering with Network Composer discusses this topic in more detail. This report will display all application sets passing through the network within the last 24 hours. Other rightclick options available are correlations by Groups. Directory User. select the profile and click the Add button. For more information on Application Sets please see the section Applications Tab in this chapter. Search the Available Network Node list for the desired Network Node Profile. Search the Available Directory Users list for the desired profile. Right-Click Options Right-click options allow you to customize reports using specific time. or devices. Select an application set. Using right-click options will allow you to quickly access different correlations under all reports. Then click the OK button to run the report.

Please keep in mind that while Network Composer is recording information for reporting. This requires that Network Composer share resources between the different operations being performed. Because of this. Figure 4. you can verify the web sites he or she is visiting right now by correlating these reports by Network Node or Directory User. Active users. and other criteria. You can also expand an area in the Report tab using the Down arrow icon . web sites visited. This option is found under Internet Usage reports (Report -> Internet Usage) and is a great tool for troubleshooting and identifying problematic users or web sites as they occur.4 Snapshot-Real Time Drop-Down Real Time options also allow you to correlate reports by Network Node.Network Composer User Guide Drop-Down Arrows Another option that allows you to customize reports is the Drop-Down Arrows. Any of the reports available can be collapsed by using the Up arrow icon on the right side of the corresponding menu bar. the device is also filtering web traffic and shaping network applications. the report will change and display actual web hits as they pass through the device at the moment. Figure 4.3 Bar-Pie Graph Drop-Down Snapshot-Real Time Drop-Down The Snapshot-Real Time Drop-Down Menu allows you to view selected information historically or in real time. This is done to ensure reporting will not 29 . if a user is attempting to visit a prohibited site. Where this is available. For example. Directory User. you will be presented with a Drop-Down Box located in the Graph title that will make available a bar graph or pie graph for the report. Network Composer has a default timeout limit of five minutes for reports to complete. if you are reviewing the report of Web Hits by Category (Report -> Internet Usage -> Allowed) the default settings will post the results by Snapshot within the last 24 hours (historically). Report Recommendations Network Composer is capable of reporting on a tremendous amount of information. If you select the option of Real Time. Groups. Bar-Pie Graph Drop-Down Some reports allow you to choose the graph types of either Bar Graphs or Pie Graphs. and general overviews of applications are examples of the most readily reports available. priority is given to filtering and shaping so that reporting does not consume resources that may impact network performance. This is useful for confirming problems immediately and preventing them with less response time. For example.

The Conversion Utility is located under Admin -> Configuration -> Advanced Setup -> Run Conversion Utility Now.e. File Type. Level 2 Summary Table will summarize the second correlation for those reports. i. and Network Node. and they must be done in order. In addition to running detailed reports during non-peak traffic times. Also note that you can only run one conversion at a time. 30 . you will need to run the Conversion Utility. This will allow the database to dedicate more time to complete the report and post the results. Group. MIME Type. Summary Tables allow Network Composer to summarize or condense large web reports. Because of this. Nonetheless. second correlation by Category.e. This concludes the section on general reporting options. The Conversion Utility places additional load on Network Composer and may consume a large amount of processes. thus allowing more resources for Network Composer to complete the report without running the risk of effecting network traffic or filtering and shaping rules. If you receive a timeout message. Directory User. In the next sections we will discuss the different reports for application and web traffic. Host. and Network Node. This will begin indexing web requests to allow for faster Internet Usage reporting. Level 1 Summary. i. allowing for a faster response time with Internet Usage reports. MIME Type. You can then select the Start Conversion Now button next to each level to activate the conversion. we strongly recommend that you run the Conversion Utility during non-peak hours to avoid unnecessary interruptions in network traffic. Level 1 Summary Table. Directory User. and Level 2 Summary. If you would like to summarize previous data gathered before Enabling Summary Tables. Host. Please note that the Enable Summary Tables option will only begin summarizing from that point forward. Web Request Summary Table will summarize all Web requests data. File Type.Network Composer User Guide consume needed resources for other operations. Once selected. first correlation by Category. Don’t forget to Apply the changes. This utility will index web reports and correlations for all reports once the option is selected.. you may alter the time limit under the Advanced Setup menu (Admin -> Configuration -> Advanced Setup -> Database Timeout). you can also use Summary Tables to expedite reporting results. You can allocate up to 15 minutes for reports to complete. and Level 2 Summary Table. There are three options for converting previous data: Web Request Summary Table. If a report cannot complete within the five minutes. Level 1 Summary Table will summarize the first correlation for those reports. you will be presented with the three different levels of conversion: Web Request Summary Table. Summary Tables also decrease dependency on shared resources.. The Conversion Utility will take previous data that has not been summarized and create a summary table for that information. detailed reports that span large amounts of time and cover multiple users or applications may better be executed during non-peak traffic times. Group. you will receive a timeout message. To enable Summary Tables go to Admin -> Configuration -> Advanced Setup and select the checkbox next to Enable Summary Tables.

To display dashboards for different users. Group Detail. The reports available are Directory User Overview. This report will display total network traffic as well as total download and upload for the corresponding criteria. Web Requests by Host—these are the host name of Web sites visited by the user. They present all information available about the selected device. devices. device. device. Dashboard Reports Dashboard Reports are detailed reports about individual users. select any profile and click on the name. or group that are possibly infected with Web viruses. device. Group Overview. or group. Application Traffic—this traffic is the amount of bandwidth consumed for all applications. or groups. Network Node Information—this report will post the Operating System (OS) as well as the assigned group for the device. Dashboard Reports display all recorded information for the profile selected. this time frame is customizable as well as sorting features. Also available under this report are Directory User Detail. This report will display the top 25 users. go to Report -> Users -> Network Node Overview. The reports available are listed below: • • • • • • • • • Total Traffic—this traffic is the combined amount of upload and download traffic. or groups on your network within the last 24 hours. Possibly Infected Spyware—these are Web sites visited or applications used by the user. device. or groups. For example. user. devices. or group and their corresponding service. or group that are possibly infected with spyware. devices. If you need more detail on the individual reporting aspect. Under the Network Node Details legend. 31 . or group. simply select the title of the report for a more comprehensive representation.Network Composer User Guide Users tab The Users tab gives you an overview of the Internet traffic generated on your network by users. device. Web Request by Category—these are categories of Web sites visited by the user. and Network Node Overview. Uncategorized Traffic—this is traffic that Network Composer does not recognize. These reports are often referred to as Dashboard reports. However. Open ports—these are all ports active by the user. and Network Node Detail reports. This will populate the Network Node Detail report for the particular device. select the profile name located in the upper right-hand corner of the original dashboard. Possibly Infected Virus—these are Web sites visited by the user. or group.

the signature set of Remote Desktop/Remote Control/X Traffic comprises the applications of PC Anywhere. Citrix. Chat and IM—this is the amount of bandwidth consumed by Chat and IM applications. the most recent data is presented at the right end of the graph with the green column representing download traffic and the blue column representing upload traffic.cymphonix. Application Set Overview—this is a summary of bandwidth consumed by application sets. Total Traffic—this is the amount of total bandwidth consumed. and many more. Directory User.Network Composer User Guide Applications tab The Applications tab displays the amount of bandwidth used by applications and application sets. FTP/File Transfer—this is the amount of bandwidth consumed by File Transfer Protocol applications. Group or application will be posted next to a colored bar. the corresponding Network Node. Email/Collaboration—this is the amount of bandwidth consumed by Email and services used to send email. Also available in this tab are Custom Application Sets and Uncategorized Reports. the device will record the protocol used. ICMP Traffic—this is the amount of bandwidth consumed by Internet Control Message Protocol applications. These reports are presented in total downloads and uploads according to colors and amounts. the destination port and the percent of bandwidth used. Custom Application Sets report on traffic for which Network Composer administrators have defined a custom signature. GoToMyPC. When data is presented as a bar graph. For example. Microsoft’s Remote Desktop. DNS/Naming/Locators—this is the amount of bandwidth consumed by DNS and other network naming applications. When data is presented as a column graph. 32 . please see Chapter 5: Managing Network Composer. Applications can then be grouped into application sets (signature sets) of programs that perform a comparable purpose. The application sets are listed below as bulleted items. These topics are covered in more detail as a tutorial document entitled How to Create a Custom Signature. For a complete list of application sets. Databases—this is amount of bandwidth consumed by Database applications.com). This document can be found on Cymphonix’ Knowledge Base (http://kb. Network Composer identifies traffic based on application signatures. Although Network Composer may not have a signature for this traffic. Uncategorized Reports presents specific stats of applications for which Network Composer does not have an explicit signature. • • • • • • • • • Application Overview—this is a summary of bandwidth consumed by individual applications.

).Network Composer User Guide • • • • • • • • • • • • • • • • • Games—this is the amount of bandwidth consumed by online gaming applications. Uncategorized Traffic—this is the amount of bandwidth consumed by traffic that has no explicit signature set. etc. Peer 2 Peer—this is the amount of bandwidth consumed by Peer 2 Peer applications. RPC/Remote Execution—this is the amount of bandwidth consumed by remote execution applications. Streaming Media—this is the amount of bandwidth consumed by streaming media (music and video) applications. NMS. VIOP and Voice Chat—this is the amount of bandwidth consumed by Voice over Internet Protocol (VoIP) and Voice Chat applications. Threats tab The Threats tab will report and provide a detailed view of all activity in your network relating to Spyware and web viruses. These reports will present information on Spyware 33 . etc). Network Routing—this is the amount of bandwidth consumed by network routing applications (RIP. Printing and Reporting—this is the amount of bandwidth consumed by printing and reporting applications. Remote Desktop/Remote Control/X Traffic—this is the amount of bandwidth consumed by remote desktop and control applications. Security/Authentication—this is the amount of bandwidth consumed by security applications. Telnet/SSH—this is the amount of bandwidth consumed by Telnet and SSH applications. HTTP—this is the amount of bandwidth consumed by Hypertext Transfer Protocol (Web) applications. Network Mgt/Monitoring—this is the amount of bandwidth consumed by network management applications (SNMP. etc.). NetBIOS/MS File Service—this is the amount of bandwidth consumed by Network Basic Input/Output and other Microsoft File Service applications. NSW. VPN and Tunnel—this is the amount of bandwidth consumed by VPN and Tunneling applications. NCP. Proxy and Cache—this is the amount of bandwidth consumed by Proxy and cached applications. Network Utility—this is the amount of bandwidth consumed by network utility applications (DHCP.

Virus Overview—this is a summary of web viruses that have been blocked. Clicking on each category will present all information pertinent to category. • • 34 . stock ticker. Virus Infected Users—these are devices that may be infected with web viruses. correlations. Web Time Online. As such. weather report. i. or Internet radio. Settings). Allowed refers to web hits on sites that users have been allowed to visit. • • • • • • Spyware Overview—this is a summary of spyware threats that have been blocked. there is not a definite method for determining if a user is actively surfing the Web or merely has a program in the background generating hits. You can then use Network Composer to identify possible threats before they become problematic. Virus Threat Names—these are names of web virus threats present on the network. The report is presented in a similar format of web Hits Overview (Allowed. Directory User. and percentage of the users’ Web hits compared to total web hits. File Type. Blocked refers to blocked web hits on sites that users have not been allowed to visit. Bypassed refers to web hits originally blocked on sites but were later allowed as users entered in the Bypass Password (for more information on this setting see Chapter 5: Managing Network Composer). This will also post the percentage in comparison to the total number of hits for the Allowed category. number of hits. result types. This report can be modified for specific dates. Web Hits by Network Node—this report shows the top users of web traffic in terms of hits. these are estimates and not exact values. You can correlate this report by Host. For example.Network Composer User Guide and Web viruses and possibly infected devices in your network. Spyware Infected Users—these are devices that may be infected with spyware. Web Bandwidth Overview—this report displays how much bandwidth is being consumed by web requests. and Network Node. This reports display a bar graph which shows the top users followed by a detail view of the corresponding profiles. • Web Hits Overview—this report is presented in three categories: Allowed. Spyware Threat Names—these are the names of spyware threats present on the network. and Bypassed. clicking on Allowed will show you all hits for Web categories that users were allowed to visit. Internet Usage tab Internet Usage tab reports on all web sites requested by users. MIME Type.e. Group. Blocked. is a report based on estimated values and generated by counting the number of hits per page multiplied by the value entered in Miscellaneous Settings (Admin -> Configuration -> Misc.. and Bypassed) with a column graph showing the amount of bandwidth for Web requests. Blocked. This is a great report to give a general indication of which web sites and categories users are visiting or attempting to visit. As with most online timers. One of the reports. and other features.

please see Chapter 8: Implementing HTTPS/SSL Filtering with Network Composer.Network Composer User Guide • Web Bandwidth by Network Node—this report shows the top users of Web traffic in terms of bandwidth. Web Time Online—this report displays the amount of time users have spent browsing the Internet. and prevent problems on the network or with Network Composer. plan for upgrades. CPU Utilization—this report refers to how much of the Central Processing Unit (CPU) Network Composer is utilizing. Directory Agent Requests—this report lists how many requests Network Composer has sent to the Directory Agent installed on your directory server. HTTP Connections—this report shows the number of connections per second to Web sites being filtered by Network Composer. Understanding this report will allow you to schedule maintenance. • • • Active Users—this report refers to active devices present on the network. Directory Users must be integrated with Network Composer. The report will also post the active connections in the network as well as requests for Directory Users. For more information on this feature. • • • • • • • 35 . This report posts the CPU and RAM utilization of the device. Please remember that this report is an estimation of time spent browsing the Internet and is not an exact value. Network Composer must be configured for HTTPS/SSL Filtering. Latency—this report shows in milliseconds the response time for PING requests sent from Network Composer to the network’s default gateway. SSL Connections—this report shows the number of HTTP Connections that have been established with SSL. IP Connections—this report refers to live IP flows traversing through Network Composer. upload total. For this report to function. Packets per Second—this report displays the number of Internet packets per second passing through Network Composer. For this report to post information. This report shows you the Hardware Profile (Network Node) and its corresponding download total. total bytes. RAM Usage—this report shows the amount of Random Access Memory (RAM) Network Composer is using. • System Reports tab System Reports tab reports on the actual system health of Network Composer. HTTP Requests—this report shows the number of Web requests per second Network Composer has filtered. and percentage of bandwidth consumed for web traffic. Please see Chapter 7: Integrating Directory Users with Network Composer for more information.

5 Real Time Monitor 36 . These tools are Real Time Monitor (RTM) and Real Time URL Monitor (RTUM). both upload and download. RTM will post total application traffic. RTM parses traffic in three second intervals and display the amounts accordingly. with a legend representing distinct applications.Network Composer User Guide Dashboards tab The Dashboards tab presents two tools that demonstrate traffic and Web request in real time. This can be helpful in troubleshooting network problems or resolving bandwidth issues in real time. RTM displays traffic amounts as they happen. Figure 4.

You can also use the different options to display the web requests for 37 . thus allowing you to resolve the issue as soon as possible. Figure 4. If you right-click on this traffic.6 Real Time Monitor Legend Another capability of RTM is the ability to correlate within the last hour to display the most bandwidth consuming users. Group. or bypassed. For example. in the above diagram RTM has HTTP as the highest amount of traffic. RTM can be used to diagnose a problem in actual time. or Network Node. can be used to confirm instantaneously the web sites that are being accessed. This tool.7 Real Time Monitor Right-Click Options You can then select Correlate by Network Node to confirm what devices within the last hour have consumed the highest amount of HTTP traffic. you will be presented with the options to correlate by Directory User. in addition to RTM. blocked.Network Composer User Guide Figure 4. RTUM displays web requests as they pass through Network Composer.

Figure 4. 38 . The next chapter will guide you on how to manage Network Composer in regards to creating groups. and Group as well as the Date. and managing devices and traffic.8 Real Time URL Monitor This concludes the chapter on generating reports. Web category and Encryption Type of the request.Network Composer User Guide a specific Network Node. Directory User. implementing policies.

The basic principles behind the Manage tab are “Who. “What” will define the allowed content and applications. all day.Network Composer User Guide Chapter 5: Managing Network Composer Network Composer allows you to control and identify network traffic based on applications and users. When. Network Composer also allows you to separate problematic users from general traffic or problematic applications based on different criteria.. thus customizing the device to your specific needs. This tab also allows you to customize traffic identification and select which devices or users will or will not be monitored. time of day. and “How” will deal with correlating specific policies to the 39 . 9am to 5pm. What. and priority. content filtering rules. etc. you will create groups. Under this tab. i. Most of these options are available under the Manage tab and are covered in this chapter: • • • • • General Manage Options Policies & Rules tab Directory Users & Nodes System Access tab Application tab General Manage Options The Manage tab is where policies and organization of users will be enforced. time of day rules.” “Who” will define which users will be assigned to which groups. “When” will define what time during the day the rules take affect. Network Composer can also allocate resources to identify proprietary traffic within you network. The device can also block web sites or categories protecting users and your network from improper content.e. and shaping rules. and How.

you can review the information collected and make a more precise decision on which web sites should be blocked. none of the default Network Composer Groups has any shaping rules. First let’s discuss the default Network Composer Groups and their accompanying policies. This is the main management tab used for almost all user organization and policy implementation with Network Composer. These policies are called Internet Usage Rules (IURs) and are covered in more detail under that section. All users and devices are placed in the Default Group until assigned to another group. Groups Network Composer has by default 8 groups for your ease. Then we we’ll discuss how to add members to Network Composer groups and how to create new Network Composer Groups. Time of Day Rules (TDRs). please note that the more information you have about network traffic. and Shaping Rules. These Groups are called Network Composer Groups. First let’s define Groups. once you create a group. In addition to these steps. Each group is assigned a default policy for Internet use. and what threats are present on the network. Policies & Rules tab You will want to become very familiar with the Polices & Rules tab. As such you will not be able to add users or devices to this group but rather you will be able to remove them from this group. you will create a shaping rule and tie all pieces together with the Policy Manager. This is done by creating new groups and adding users or devices to the group or adding them to one of the other groups. Each menu under the Policies & Rules tab addresses these principles: • • • • • Groups—who will be in the group? Time of Day Rules—when will the rules take affect? Internet Usage Rules—what web sites can group members visit? Shaping Rules—what applications can group members access? Policy Manager—how to correlate rules to groups? As a general rule. Because of this. For example. it is highly recommended that you first install and run Network Composer in the network for at least 24 hours before implementing any policies. The Default Group by default uses the Default Usage Rules. Also. 40 . • Default Group—all users and devices are in this group by default. Afterwards. The more information you have.Network Composer User Guide corresponding groups. which applications should be shaped. these principles must be inline with these steps. This tab is used for creating Groups. the better prepared you will be to implement policies. After those steps. Internet Usage Rules (IURs). you will then want to define a Time of Day Rule (TDR) and an Internet Usage Rules (IUR). the better adapt you’ll be at deciding on policies and controlling the network and users. You can assign users to Network Composer Groups based on several different identifiers.

41 . you will be presented with the Add/Edit Group Detail field. Tasteless. Moderate Group—members in this group will have their web pages monitored and filtered with typical restrictions on web categories such as Adult. network addresses. simply click the open check box next to the profiles under the Member Name column and select Add>. In this field. Network Node represents devices on the network that Network Composer has already discovered. you can change the name of the group as well as add devices. This group uses the Strict Policy Rules. Users will not be able to visit proxy web sites. or specific MAC addresses to the group. while users can be identified by Directory or user names. Permissive Group—members in this group will have their web pages monitored and filtered based on light restrictions and a limited amount of blocked categories. When you first access the Add/Edit Group Detail field. This group uses the Moderate Policy Rules. Users will be prohibited from passing web traffic through proxies and visiting proxy web sites. This group uses the Monitor Only Policy Rules. This group uses the Monitor Only with Threat Protect Policy Rules.Network Composer User Guide • Deny Access Group—members of this group will not be able to access any Internet traffic. the default Member Type of Network Node will be selected. In addition to this. • • • • • • Now that we have described the pre-defined Network Composer Groups. if you would like to add users to the group by different criteria.e. and Obscene. Monitor Only—members of this group will have their web pages monitored but not filtered or blocked. Devices can be identified by several different criteria. Before adding members to Network Composer Groups. i. A broad range of categories will be blocked as well as proxy web sites. let’s discuss how to add members to these groups. Select one of the Network Composer Groups to which you want to add members. by VLAN. Users in this group will be assigned the Deny Access Usage Rules. by MAC address. you need to understand how Network Composer identifies devices on the network. Lastly users will not be able to view blocked content via search engines or search engine cached pages. These devices will be listed by their NetBIOS name (if available) or by their IP address. Once you select a group. Filter Bypass Group—members in this group will not be monitored or filtered by Network Composer. If you would like to add devices to Network Composer Groups by Network Node. Strict Group—members in this group will have their web (HTTP) traffic monitored and filtered and secure web pages (HTTPS) blocked. This will present you with fourteen different member types listed below that allow you to identify users based on distinctive criteria. click the Select a Member Type Drop-Down Box. This group uses the Filter Bypass Usage Rules.. However. This option is called Member Type. Because of this. users will not be able to pass web traffic through Open or Secure Proxies. This group uses the Permissive Policy Rules. Shopping. All web sites and application traffic will be denied for this group. Go to Manage -> Policies & Rules -> Groups. Monitor Only with Threat Protect Group—members in this group will have their web pages monitored but not filtered or blocked except in the case of Spyware and web viruses. Only bandwidth and application reporting will be recorded for members in this group. Network Composer allows you to configure how users will be identified depending on your network. by IP address.

If you have intergraded LDAP with Network Composer. This member type is normally used in the Filter Bypass Group to ensure specific IP addresses or ranges of addresses are not filtered. DSCP is an integer value encoded in the DS field of an IP header. TOS is a singlebyte field in an IP packet header that specifies the service level required for the packet. etc. All other fields will present you an Enter New field that will allow you to manually add a user. TTL values exist in each IP packet headers and determine how long the packet can traverse the network before being dropped. you can confirm the assignments by pressing the Save button. CIDR Block Destination—this member type represents profiles using an IP destination address or IP destination address listed in CIDR notation. CIDR Block Source—this member type represents profiles using an IP source address or IP source address range listed in Classless Inter-Domain Routing (CIDR) notation. DSCP—this member type represents Differentiated Services Code Point (DSCP) profiles. • • • • • • • Once you have added members to the pre-defined Network Composer Groups. CIDR Block Override—this member type represents IP addresses that you want to take precedence over any other group assignment. Length—this member type represents the Ethernet Length profiles. • • • • • • • Network Node—this member type represents devices discovered by Network Composer. LDAP User—this member type represents LDAP profiles discovered by Network Composer. MAC Source—this member type represents profiles using the Media Access Control (MAC) source address of devices. MAC Destination—this member type represents profiles using the MAC destination address of devices. i. Protocol—this member type represents profiles using different protocols. TCP. CIDR Block Source and Destination—this member type represents profiles using an IP source and destination address or IP source and destination address range listed in CIDR notation. The pre-defined groups and any new 42 . Ethernet length actually specifies the size of the frame used within the network interface.Network Composer User Guide Please note that the member type Network Node will post devices already discovered by Network Composer. TTL—this member type represents Time to Live (TTL) profiles. TOS—this member type represents Type of Service (TOS) profiles. VLAN—this member type represents profiles using Virtual Local Area Network (VLAN) tags. LDAP User will post LDAP Profiles already discovered by Network Composer.e. UDP..

Once you select or create a TDR. If you would like to alter these blocks you may select them individually or create your own by selecting the Create button. This will post the Chose a Group Type dialog box. If you would like to create groups based on Directory Users. If you want to create groups based on the different member types. All Day (the default TDR) enforces policies 24 hours a day. TDRs allow you to create different rules for different times or the day or different days of the week. Once you have selected the blocks of time for the individual days of the week. The second step with creating TDRs. seven days a week. Also. Select the Start Time and End Time for each day and click the Add> button. but VPN traffic to have priority during the night. we will discus Internet Usage Rules (IURs) and how to manage them. 9am to 5pm. You can use the previous steps to create a Network Composer Group. Now that we have defined Network Composer Groups. If you need to delete groups you may do so with the Delete Selected button also located under the Group Manager. For example. you can click the Create button under the Group Manager. a TDR can allow you to distinguish accordingly. Afterwards. we’ll discuss Time of Day Rules. Internet Usage Rules (IURs) are the main content filtering 43 . Another scenario is if you want E-mail traffic to have priority during the day. Now that you have created groups and TDRs. Time-of-Day Rules Network Composer provides the ability to configure policies based on specific times of the day. you can then add members to the newly created Network Composer Group following the same steps listed beforehand. you can copy the blocks of time from one day to another by using the Copy From Drop-Down Box. Network Composer will automatically separate the blocks from the rest of the day (24 hours) and post the time after saving the changes. Select Manage -> Policies & Rules -> Time of Day Rules. The first step in creating TDRs is to define the blocks of time that will separate the different policies. if you want to block access to certain web sites during business hours but allow access to those web sites during non-business hours. The blocks of time (presented in military time) can be separated by 15 minutes. all members from the deleted groups will fall into the Default Group again. Here you will give the TDR a name. you will assign an IUR to each block of time. This is covered under the section Policy Manager. click the Save button. and define the blocks of time for the different polices. This later step will be covered in the section Policy Manager. you can create a Time of Day Rule (TDR). Network Composer ships with two default TDRs: All Day and Business Work Week. a description. is to assign different policies to the time blocks. you can edit and delete any TDR by selecting them under Time of Day Rule Manager. To create groups. you will be presented with the Add/Edit Time of Day Detail field. Unless otherwise specified all rules created will be in effect 24 hours a day. please see Chapter 7: Integrating Directory Users with Network Composer.Network Composer User Guide groups you create based on the different member types are called Network Composer Groups. If you delete groups. seven days a week. Business Work Week enforces policies Monday through Friday. Also.

Towards the top will be posted the Rule Set Name and Rule Set Description followed by the Traffic Flow Rule Set Drop-Down Box. spyware scanning. including Traffic Flow Rule Sets (TFRS). and denies all IM Client conversations (Deny IM). web logging. • • • • 44 . This is the default TFRS for users and newly created IURs. and prohibits HTTPS traffic on any port other than port 443 or a designated Proxy port (Anonymous Proxy Guard). Second. For you to correctly control and filter web traffic. prohibits HTTP traffic on any port other than port 80 or a designated Proxy port. and even common tactics used to bypass content filtering. MIME Types. No Filters—this TFRS performs no content filtering. web logging. no Spyware scanning and no virus scanning. Select the Traffic Flow Rule Sets Drop-Down Box to view the default TFRS. This screen will present the options available under Add/Edit Internet Usage Rule Sets. web logging. denies all IM Client conversations (Deny IM). There are also listed below with their corresponding targets. virus scanning for HTTP traffic (Web Filter). web logging.Network Composer User Guide components of Network Composer. TFRS are the controlling mechanisms that decide what types of traffic are allowed and what types are not. • • • Deny Access—this TFRS restricts all traffic that passes through Network Composer. virus scanning for HTTP traffic (Web Filter). Third. TFRS define the content rules and implement restrictions on identified traffic for users on the network. spyware scanning. we’ll define general options available in all IURs. In essence. Web Filter + Deny IM + Anonymous Proxy Guard + SSL Filter—this TFRS performs content filtering. TFRS allow you to dictate how traffic will be identified. Spyware scanning. controlled. Web Filter + Deny IM + Anonymous Proxy Guard—this TFRS performs content filtering. web categories. Traffic Flow Rule Sets Click on Manage -> Policies & Rules -> Internet Usage Rules -> Default Usage Rules. Web Filter—this TFRS performs content filtering. First. TFRS will be your tool in managing network traffic and reporting on such. no Web logging. filtered. IURs are used to block web sites. Traffic Flow Rule Sets (TFRS) are the basic traffic identification and control engine within Network Composer. virus scanning (Web Filter). web logging. virus scanning for HTTP traffic (Web Filter). we’ll give an example on how to customize IURs and other advanced policies. denies all IM Client conversations (Deny IM). reported. File Types. Web Filter + Deny IM—this TFRS performs content filtering. and prohibits HTTP traffic on any port other than port 80 or a designated proxy port (Anonymous Proxy Guard). and prohibits HTTP traffic on any port other than port 80 or a designated proxy port (Anonymous Proxy Guard). no IM client logging. Spyware scanning. you will need to understand Traffic Flow Rule Sets. Web Filter + Anonymous Proxy Guard—this TFRS performs content filtering. we’ll list the default IURs and the associated policies. Spyware scanning. virus scanning for both HTTP traffic (Web Filter) and HTTPS traffic (SSL Filter). and shaped.

select the category. Appendix A through Appendix C lists all options for web categories. In this section we will discuss the Content Filtering and Advanced Filtering tabs. spyware scanning. Web Logging—this TFRS only logs web requested URLs. To add categories to the Blocked Category list select the Blocked Category sub-tab and click Edit Blocked Categories button. and virus scanning. Web Authentication is covered in Chapter 7: Integrating Directory Users with Network Composer. Below the TFRS Drop-Down Box. virus scanning for both HTTP traffic (Web Filter) and HTTPS traffic (SSL Filter). this category will be blocked for that particular Internet Usage Rule. Below are listed the general explanations of the Content Filtering tab. Porn. and. web logging. and prohibits HTTPS traffic on any port other than port 443 or a designated proxy port (Anonymous Proxy Guard). • Blocked Categories—this sub-tab lists all selected web categories for preventing access. web logging. virus scanning for both HTTP traffic (Web Filter) and HTTPS traffic (SSL Filter). you will see four tabs: Content Filtering. and MIME types. HTTPS/SSL Filtering will be covered in Chapter 8: Implementing HTTPS/SSL Filtering with Network Composer. the TFRS of Deny IM must be selected. the TFRS of Web Filter needs to be selected. For example. this tab displays Blocked Categories. search for the Porn category under Allowed Categories.Network Composer User Guide • Web Filter + Anonymous Proxy Guard—this TFRS performs content filtering. Do you want to deny IM Client conversations? If so. • • • • The most important factor in configuring TFRS is deciding on what needs to happen to traffic. do you want to block certain web sites or categories? If so. and click Ok. They range from Adult and Porn to Online Communities and Shopping. prohibits HTTP traffic on any port other than port 80 or a designated proxy port. and prohibits all HTTPS traffic from passing through Network Composer (SSL Block). Once found. click the Add> button to move it to the Blocked Category List. and Web Authentication. let’s discuss the other components of the Add/Edit Internet Usage Rule set. click Edit Blocked Categories. spyware scanning. For example. spyware scanning. File. Web Filter + Anonymous Proxy Guard + SSL Block—this TFRS performs content filtering. virus scanning for HTTP traffic (Web Filter). virus scanning for HTTP traffic (Web Filter). you can select the sub-tab of Blocked Categories. web logging. Content Filtering provides general choices for filtering web traffic. Web Filter + Anonymous Proxy Guard + SSL Filter—this TFRS performs content filtering. HTTPS/SSL Filtering. White List URLs. Advanced Filtering. Web Filter + SSL Filter—this TFRS performs content filtering. Blocked File Types. Once you save your changes. Blocked MIME Types.g. web logging. and prohibits HTTP traffic on any port other than port 80 or a designated proxy port (Anonymous Proxy Guard). and Web Authentication White List. e. Blocked URLs. No other actions will be taken as far as content filtering. If you would like to block a web category. Content Filtering Now that we have defined TFRS. prohibits HTTP traffic on any port other than port 80 or a designated proxy port (Anonymous Proxy Guard). spyware scanning. 45 . These factors will help determine the active TFRS. spyware scanning.

but not necessarily other MySpace web pages.myspace. you would add Google into the White List. Legacy Keyword Mode—this keyword string was used as a general match string under firmware releases 8. select the Blocked URLs sub-tab. and choose the Domain setting from the Compare String drop-down box. click on the Edit the Blocked URLs button. click the Update button and then the Ok button. This compare string should only be used to accommodate upgrades from earlier releases until they can be reclassified using the above compare strings. click the Update button and then the Ok button. White List URLs will override blocks from all policies except for web sites under the Blocked URLs and Non-HTTP traffic. A full explanation of the syntax for a Regular Expresssion Rule is beyond the scope of this document. You can also use an asterisk symbol (*) as a wildcard with the compare string of Domain.com* will block any web page that begins with http://www. To use URL-Regular Expression. Use this compare string to block web sites where the domain name is constant in the URL. https.com. There are three compare strings that can be used to enter Blocked URLs: URL–Regular Expression. To add a Domain to the Blocked URL list. select the Blocked URLs sub-tab. For example. an entry of myspace. For instance.myspace. if you choose to block the web category of Search Engines and Portals but want to allow Google searches. Regular expression (regex) is a method used to describe a string of text using metacharacters or wildcard symbols. Additional information is available on the Cymphonix Knowledgebase at kb. click the Update button and then the Ok button. and choose the URL-Regular Expression setting from the Compare String drop-down box. o URL-Regular Expression—this compare string utilizes regular expressions to block web sites. you will need to understand the functions of regular expression metacharacters.3. URL-Regular Expression supports regular expressions for POSIX Basic and Extended Regular Expression.com. To add a URL-Regular Expression to the Blocked URL list. Enter the Domain name. Enter the URL-Regular Expression. URL—this compare string looks for an exact URL match.com/forums will block MySpace’s forum web page. It has now been replaced by the stronger compare strings above. erFor instance. o o o • White List URLs—this sub-tab allows you to “whitelist” or allow users to access specific web sites. URL. which will override the blocked category. 46 .com in the domain name regardless of http. click on the Edit the Blocked URLs button. and Domain. or www. These fields are mostly used when there is a conflict with another rule. White List URLs follow the same compare strings as Blocked URLs.com will block any web page that has myspace. and choose the URL setting from the Compare String drop-down box. you can use an asterisk symbol (*) as a wildcard with the compare string of URL.4 and earlier. an entry of myspace. For example. For example.Network Composer User Guide • Blocked URLs—this sub-tab allows you to enter in a specific Universal Resource Locator (URL) address to be blocked. an entry of *myspace. Use this compare string to block specific web pages where an exact match is necessary. Domain—this compare string looks for any web page that begins with the domain name of the web site. However. To add a URL to the Blocked URL list. Enter the URL.cymphonix. select the Blocked URLs sub-tab. click on the Edit the Blocked URLs button.com will block all of MySpace’s web pages. an entry of http://www.

Remove All Rows. click the Advanced Filtering tab. For this setting to work. • • • Advanced Filtering Click on Manage -> Policies & Rules -> Internet Usage Rules -> Default Usage Rules. Once this populates the Add/Edit Internet Usage Rule Set. Settings). Blocked MIME Types—this sub-tab lists all Multipurpose Internet Mail Extensions (MIME) types available that can be blocked for download. you can enable or disable any of these options depending upon your requirements. you will be presented with Browse utility. the Technical Admin Name and Technical Admin Email fields under the Miscellaneous tab must be completed (Admin -> Configuration > Misc. and Edit Selected Rows under Blocked URLs and White List URLs. Enable Spyware MD5 Blocking—this setting scans web traffic for known MessageDigest algorithm 5 matches utilized for spyware downloads. Anti-Virus • • Enable Anti-Virus Blocking—this settings scans web traffic for web pages that are infected with viruses. Remove Selected Rows. Some options are selected by default for security reasons. Edit Selected Rows permit manual entries of selected entries. To add File Types to the Blocked File Type list. Import. select the Blocked MIME Type sub-tab and click the Edit MIME Types button.txt) version of your Blocked URLs and White List URLs. Spyware • • • Enable Spyware URL Blocking—this setting scans web requests for URLs known to host spyware. select the Blocked File Type sub-tab and click Edit File Types button. By selecting either option. allowing you to back up your lists or share lists with multiple IURs. Enable Spyware ClassID Blocking—this settings scans HTML pages for Class IDs (identification tags associated with Active X or OLE objects) known to host spyware. Export options. Export options allow you to import or export a plain text (. Web Authentication White List—this sub-tab is defined in Chapter 7: Integrating Directory Users with Network Composer. however. Enable Filter Avoidance IP Lookup—this setting associates proxy web sites with their IP addresses and prevents users from entering them into web browsers. The Advanced Filtering tab presents complex selections that offer more stringent policy control for content filtering. • 47 . Enable Anti-Virus Email Alert Email Address—this setting allows the administrator of Network Composer to receive an email alert if a user attempts to download a web virus. where you can direct Network Composer to import or export the plain text file. Removes Selected Rows and Remove All Rows allows you to remove selected entries in the Blocked URLs and White List URLs. Blocked File Types—this sub-tab lists all File types that can be blocked for download.Network Composer User Guide • Other settings available in the Content Filtering tab are Import. To add MIME Types to the Blocked MIME Types list.

binoculars. browsing history for these users will be reported. • • • • • • 48 . Enable Filter Bypass on a Per-IP Address Basis will use the same password and timeout as the Enable Bypass setting. AlltheWeb. etc. Bypass Timeout (in minutes)—this setting specifies an exact time how long a user can access a blocked web site using the Enable Bypass setting. that are referred within the web site regardless of the original hosting site. See Chapter 6: Administrating Network Composer for more information.. Enable Filter Avoidance Deep HTTP Inspection—this setting scans content for the retrieved web pages from a proxy web site. Enable Bypass—this setting allows users to bypass a blocked web site if he/she knows the Bypass Password.Network Composer User Guide Filter Avoidance • • • Enable Filter Avoidance Real-Time Filter—this setting performs a real-time scan on web sites to validate if the web page is hosting proxy services. AOL. Enable Reverse DNS Lookups—this setting prohibits users from browsing blocked web sites via IP addresses instead of domain names. MSN. Ask.. Lycos. Web Policy • • Enable Anonymous Browse Mode—this setting continues to block users from prohibited web sites. which disallows search engines to post inappropriate results. i. Apply White List to Referring URLs—this setting allows white listed web sites to post all page objects.e.. Block Search Engine Cached Pages—this setting allows you to blocked cached pages from search engines. and Netscape. Hotbot. Google Image search. Add X-Forwarded-For to HTTP header—this setting instructs Network Composer to forwarded original host information when Enhanced Bridging Mode (EBM) is disabled. Real-Time Filter—this setting instructs Network Composer to analyze content on web pages in real time for better categorization and identification.e. Enable Filter Bypass on a Per-IP Address Basis—this setting allows users to bypass all web sites that are normally blocked instead of just a single blocked web site. Allow ONLY White List URLs—this setting prohibits users from visiting web sites that are not specifically listed in the White List. i. banners. Filter Bypass • • • • Enable Bypass—this setting allows users to access a blocked web site that is normally blocked by entering the correct password listed in the Bypass Password. AltaVista. images. however. Enable Safe Search Protection for Search Engines—this setting forces search engines to use “safe search”. Yahoo!. The supported search engines for this setting are Google. Bypass Password—this setting is for the password that will be used with the Enable Bypass setting. etc.

Default Usage Rules are the default settings for all users unless configured otherwise. Anti-Virus Enable Anti-Virus Blocking 49 . Again. • Again you can disable or enable any of these options by selecting the sub-tab of each selection. especially by proxy servers. and then checking the check box next to the settings. The following are the pre-defined IURs and their settings. Allow Non-HTTP Traffic Through the Web Filter—this setting allows Non-HTTP traffic to pass through port 80 or the designated parent proxy port for web traffic. Enable Spyware MD5 Blocking.0 is the first protocol revision for HTTP traffic and is still in wide use. Enable Spyware ClassID Blocking Web Policy Real-Time Filter. Force HTTP v1. If you create a new IUR.0—this setting allows you to force web browsers to use HTTP version 1.Network Composer User Guide • • • Block IP Address URLs—this setting prohibits users from browsing any web sites via IP addresses instead of domain names. their IURs are also available. Internet Usage Rules Network Composer has 8 default Internet Usage Rules (IURs). File Types. Remember that the method is to create a group and then assign that group an IUR. By default this IUR will log and filter only HTTP traffic. Non-HTTP Traffic Socket Timeout (in minutes)—this setting allows you to set a time limit in minutes for how long Non-HTTP traffic can pass through port 80 or the designated parent proxy port for web traffic. This IUR will not block any Web sites. Allow Non-HTTP Traffic Through the Web Filter. or MIME Types except spyware and viral web sites. Because Network Composer has 8 default groups. The following table lists all filtering options for the Default Usage Rules. These IURs correspond to the default groups available with Network Composer. Enable Filter Avoidance Deep HTTP Inspection Now that you are familiar with both the Content Filtering and Advanced Filtering tabs. New IUR Default Settings TFRS Web Filter Spyware Enable Spyware URL Blocking. HTTP v1. don’t forget to Save your changes. Enable Filter Avoidance Real-Time Filter. the following table lists the default settings. Default Usage Rules TFRS Web Filter Spyware Enable Spyware URL Blocking. Non-HTTP Traffic Socket Timeout (60 minutes) Anti-Virus Enable Anti-Virus Blocking Filter Avoidance Enable Filter Avoidance IP Lookup. All other options will be disabled. let’s discuss the default Internet Usage Rules and how to create a new one.

In addition to this. Hacking. Online Communities. Shopping. Illegal Drugs. Enable Spyware MD5 Blocking. Dating. Vice. Hate Speech. Lingerie. exe. wmf Spyware Enable Spyware URL Blocking. Filter Avoidance. Apply White List to Referring URLs. The following table lists all filtering options for this IUR. ini. Enable Filter Avoidance Deep HTTP Inspection Web Policy Real-Time Filter. com. Enable Filter Avoidance Real-Time Filter. This IUR cannot be altered. Gambling. RealTime Filter. Cults. Tasteless or Obscene.Network Composer User Guide Enable Spyware MD5 Blocking. Enable Spyware ClassID Blocking Filter Avoidance Enable Filter Avoidance IP Lookup. Non-HTTP Traffic Socket Timeout (60 minutes) Deny Access Policy Rules denies all Web traffic and cannot be altered. Allow NonHTTP Traffic Through the Web Filter. emo. and Weapons Anti-Virus Enable Anti-Virus Blocking Blocked File Types bat. Enable Spyware ClassID Blocking Web Policy Enable Safe Search Protection for Search Engines. Enable Filter Avoidance Deep HTTP Inspection Monitor Only Policy Rules are intended for users that will only be monitored and not filtered for web traffic. cab. Cheating and Plagiarism. this IUR has some advanced filter avoidance options selected as well as a TFRS that blocks anonymous web surfing for HTTP traffic. 50 . The following table lists all filtering options for this IUR. Filter Bypass Policy Rules allows all network traffic to pass and only reports on bandwidth and applications used. dll. Enable Filter Avoidance Real-Time Filter. ed2k. Non-sexual nudity. Job Search. Porn. Crime. cmd. Allow Non-HTTP Traffic Through the Web Filter.torrent. Peer File Transfer. Violence. Non-HTTP Socket Timeout (60 minutes) Filter Avoidance Enable Filter Avoidance IP Lookup. Moderate Policy Rules provides typical restrictions on common web categories and also blocks several file types. Criminal Related. Moderate Policy Rules TFRS Web Filter + Anonymous Proxy Guard Blocked Categories Adult. lnk. iso.

Non-HTTP Socket Timeout (60 Minutes) Monitor Only with Threat Protection Policy Rules are intended for users that will only be monitored and not blocked except for in the case of spyware and web viruses. Violence. Hacking. Enable Filter Avoidance Deep HTTP Inspection Web Policy Apply White List to Referring URLs. Vice.Network Composer User Guide Monitor Only Policy Rules TFRS Web Filter Filter Avoidance Enable Filter Avoidance IP Lookup. Allow Non-HTTP Traffic Through the Web Filter. Non-HTTP Socket Timeout (60 Minutes) Anti-Virus Enable Anti-Virus Blocking Permissive Policy Rules are designed for users that will have more leniencies in regards to the web sites they can visit and what file extensions can be downloaded. Enable Filter Avoidance Real-Time Filter. Illegal Drugs. Non-HTTP Traffic Socket Timeout (60 minutes) Strict Policy Rules are intended for users who will have stringent rules applied to Web browsing as well as file downloads. Real-Time Filter. Enable Filter Avoidance Real-Time Filter. Real-Time Filter. Enable Filter Avoidance Deep HTTP Inspection Spyware Enable Spyware MD5 Blocking. Enable Filter Avoidance Deep HTTP Inspection Spyware Enable Spyware MD5 Blocking. Allow Non-HTTP Traffic Through the Web Filter. Web traffic will be monitored and filtered. 51 . Real-Time Filter. The following table lists all filtering options for this IUR. Lingerie. Enable Spyware Class ID Blocking Anti-Virus Enable Anti-Virus Blocking Web Policy Apply White List to Referring URLs. and Weapons Filter Avoidance Enable Filter Avoidance IP Lookup. Tasteless or Obscene. Enable Spyware ClassID Blocking Web Policy Apply White List to Referring URLs. The following table lists all filtering options for this IUR. Hate Speech. Allow Non-HTTP Traffic Through the Web Filter. Permissive Policy Rules TFRS Web Filter Blocked Categories Adult. Filter Avoidance. Porn. Enable Filter Avoidance Real-Time Filter. Below is the table with all filtering options. Users in this group will have HTTP monitored and filtered and HTTPS traffic blocked. Monitor Only with Threat Protection Policy Rules TFRS Web Filter Filter Avoidance Enable Filter Avoidance IP Lookup.

adp. mp4. kmz. you can control and manage network traffic to ensure that critical users and applications have complete access to the Internet and network resources. mid. wma. ini. Weapons. Alcohol and Tobacco. torrent. ogm. Dating. fpt. Streaming Media. Lottery and Sweepstakes. Enable Spyware MD5 Blocking. Porn. Sports and Recreation. You can also alter all default IURs except for Deny Access Usage Rules and Filter Bypass Usage Rules by selecting the individual IURs under Internet Usage Rule Manager. wmf. Hate Speech. midi. Lingerie. Non-sexual Nudity. Vice. Crime. these are the default IURs available for ease of use. Cheating and Plagiarism. dmg. Block IP Address URLs Filter Avoidance Enable Filter Avoidance IP Lookup. select the Create button under Internet Usage Rule Manager. Shopping. Web-based Chat. pls. ogg. ra. flac. ram. Criminal Related. lnk. In essence. Gambling. FYI. Enable Reverse DNS Lookups. Online Communities. Shaping Rules allow you to cap or restrict bandwidth for specific users or applications on the network. msi. ed2k. aiff. Non-mainstream. Hacking. Tasteless or Obscene. Enable Filter Avoidance Real-Time Filter. lit. Games. Web Messaging. mpg. mst. dll. Block Search Engine Cached Pages. These rules also allow you to shape bandwidth to Web sites as well as assign priority levels for all traffic. avi. mp3. If you would like to create you own IUR. Violence. log. bat. Cults. mov. Peer File Transfer. Job Search. Through Shaping Rules. Real Estate. 52 . You may simply add users to these groups for the policy to apply. Illegal Drugs. m3u. flv. iso. pab. mpeg. Enable Filter Avoidance Deep HTTP Inspection Again. Shaping Rules Shaping Rules allow you to “shape” network bandwidth for applications. com. cab. Real-Time Filter. m4a. rm. Cars and Motorcycles. asx. exe. Instant Messaging. Tattoos. wmv Spyware Enable Spyware URL Blocking. moov. Web-based Email Anti-Virus Enable Anti-Virus Blocking Blocked File Types aac. Sex Ed and Abortion. and web sites. Filter Avoidance.Network Composer User Guide Strict Policy Rules TFRS Web Filter + Anonymous Proxy Guard + SSL Block Blocked Categories Adult. emo. users. mpu. cmd. qt. Enable Spyware ClassID Blocking Web Policy Enable Safe Search Protection for Search Engines. wav. Online Trading.

you can select the different tabs for each corresponding shaping rule. these amounts must not exceed the Group shaping rule. Settings). Higher. The Max Upload refers to traffic passing from the LAN port to the WAN port of Network Composer. application. many users and applications may not need a shaping rule unless they pose a threat to the network or are known consumers of bandwidth. Knowing what types of traffic are passing in the network and the amounts will help in creating a better shaping rule. if only one group member is active within a group that has a shaping rule of 1Mbps. you must first enter a name for Shaping Rule Detail. These rules do not ensure that traffic will meet a certain amount. Group shaping rules are divided dynamically between active members.e. If you have not adjusted this amount for your bandwidth. then that one member will have total access of the bandwidth up to 1Mbps. For example. keep in mind several things (listed below). When you decide to implement a shaping rule. P2P. This means that Network Composer will not allow a group. A good practice is to install Network Composer in the network and have it report on users and application before implementing shaping rules. i. please do so during the Setup Wizard or under the Miscellaneous settings (Admin -> Configuration -> Misc. This means that if you apply Application shaping rules as well as Web content shaping rules for the same group. High. Because of this.. The default settings are set to 5000Kbps and will restrict traffic to that amount. As such. and Web Content. or web content to exceed the bandwidth assigned. Group shaping rules restrict total bandwidth for all users within groups. Afterwards. Streaming Media. Application. and MIME Types. but rather will not go beyond the restriction. • All shaping rules will have three settings: Max Upload. Think of shaping rules as a ceiling and not a floor.Network Composer User Guide Network Composer has no default shaping rules. Application shaping rules administer bandwidth for specific application sets. Make sure that the amounts entered in these fields are the correct amounts for your network (Admin -> Configuration -> Misc. web categories. Max Download refers to traffic passing from the WAN port to the LAN port of Network Composer. The percentages of traffic shown in the Drop-Down Boxes for all tabs are calculated from the Available Upload Bandwidth and Available Download Bandwidth listed under Miscellaneous Settings. However. Max Download. and Lowest. 53 . • • • Please note that the amounts listed in the available upload and download under Miscellaneous Settings will restrict total traffic through Network Composer. VoIP. Web Content shaping rules control bandwidth for specific web sites. you will need to create them under the Shaping Rule Manager (Manage -> Policies & Rules -> Shaping Rules). and Priority Level. The options are Highest. Priority refers to the precedence level assigned to the traffic. Group shaping rules manage total bandwidth for users and groups. etc. Low. Network Composer will dynamically divide the restriction and cap each member to 500 Kbps and so on depending on the amount of active group members. Here you will be presented with three tabs: Group. if another group member becomes active. To create shaping rules. Please remember that shaping rules are restrictions. Default. File Types. Lower. Settings).

Network Composer User Guide • If you choose to enter a custom amount for the upload and download restrictions, remember that this amount is presented in kilobits per second (Kbps). You will need to compute your bandwidth into this amount (1024Kbps = 1 Mbps). There are two application sets that you probably should not restrict: HTTP and Uncategorized. The application set of HTTP correlates to all web-based traffic, including regular web browsing. Because this application set is commonly used more than any other application set, we recommend that you do not set a highly stringent shaping rule for HTTP. The application set of Uncategorized correlates to network traffic for which Network Composer does not have an explicit signature. These applications could be proprietary, recent, or uncommon. In addition to this, this application set could also include traffic that is very important, such as a custom accounting application, or an unrecognized VoIP system, etc. Because of this, we strongly recommend that you do not disable this traffic or create a strict shaping rule for this traffic. Priority levels are only used when there is not enough bandwidth to complete requests for active users or applications. For example, if you have two shaping rules: 1Mbps for VPN with a High priority level and 1Mbps for P2P with a Low priority level and there is not enough bandwidth to complete the requests for both applications, Network Composer will restrict P2P even more than 1Mbps to allocate more bandwidth for VPN. There can be some variance between shaping rules and reporting, especially with P2P and Streaming Media, because of how initial communications for these applications take place. For example, Bit Torrent will negotiate on random ports and may be considered Uncategorized until data begins to pass. After data is passed Network Composer can identify Bit Torrent as P2P and will then report on all traffic passed beginning with the initial connections. However, shaping rules for Bit Torrent will not take effect until the data is confirmed as P2P, normally after the initial connections. Below are some general expectations for the variance: o o o • Shaping rules under 256K can have up to 20% difference in reporting Shaping rules under 1M can have up to 10% difference in reporting Shaping rules under 5M can have up to 5% difference in reporting

If you chose to shape a web URL, use general phrases. For instance, if you want to shape traffic to the Web site YouTube, enter the phrase youtube instead of http://www.youtube.com. Web Content shaping rules take precedence over Application shaping rules and will be recorded jointly for shared applications. For example, if you have an Application shaping rule for Streaming Media at 1Mbps and a Web Content shaping rule for YouTube at 1Mbps, the Web Content shaping rule will take preference while the Application shaping rule will not apply. Reporting for the Streaming Media Application Set will then report traffic for Streaming Media combined with traffic for YouTube (2Mbps). To assure that Streaming Media does not exceed a specific amount, balance the amount with Web Content shaping rules designated for Streaming Media Web sites. All changes to shaping rules will flush Network Composer’s forwarding plane. The forwarding plane is the architecture that decides how to handle packets arriving on

54

Network Composer User Guide the LAN interface, i.e., applying shaping rules, denying traffic, etc. Flushing Network Composer’s forwarding plane will drop all connections and reassign traffic accordingly. Because of this, we recommend that you only make changes to shaping rules during off peak hours. Once you have created a shaping rule, don’t forget to Save the changes. Also remember that shaping rules are not active until you assign them to a group in the Policy Manager.

Policy Manager
The Policy Manager correlates all polices to groups. That is to say, all the rules you have created under Time-of-Day Rules, Internet Usage Rules, and Shaping Rules will need to be assigned to groups using the Policy Manager. The default groups Network Composer offers have already been assigned their corresponding Internet Usage Rules under the Policy Manager. In addition to this, the default groups use the default Time-of-Day Rule (TDR) of 24 hours a day, 7 days a week. However, if you would like to change their Internet Usage Rule or TDR, you can do so for all groups except for the Deny Access Group and the Filter Bypass Group with the Policy Manager. Also the Policy Manager allows you to assign shaping rules to groups. Click on Manage -> Policies & Rules -> Policy Manager -> Default Group. This will post the Add/Edit Policy. Presented here are two tabs: Single Rule Set and Multiple Rule Set. The Single Rule Set is used for Internet Usage Rules that will apply 24 hours a day, 7 days a week. The Multiple Rule Set is used for Internet Usage Rules that will use different blocks of time from TDRs. Under the Single Rule Set tab, select the Drop-Down Box for Internet Usage Rule Set. This will present you will all available IURs created under Internet Usage Rules. You may do the same for shaping rules under the Drop-Down Box for Shaping Rule Set. Once you have chosen an IUR and Shaping Rule for the group, select Save. The Multiple Rule Sets are used for assigning different IURs and Shaping Rule for time blocks created under TDRs. Click on Manage -> Policies & Rules -> Policy Manager -> Default Group -> Multiple Rule Sets. This tab will post a weekly calendar. Select the day of the week you will be assigning the time blocks. Towards the bottom will be a Time-of-Day Rule Set Drop-Down Box. Select this box and chose the TDR you have created. This will populate the time blocks created. Next, for each time block assign an Internet Usage Rule Set and a Shaping Rule that will be active for the time specified. Repeat these steps for each day of the week (you may use the Copy button) and select the Save button. Once you complete these steps, Group membership, Time-of-day Rules, Internet Usage Rules, and Shaping Rules will be active for devices and users. Remember to always use this method when creating groups and policies: create Groups, create Time-ofDay Rules, create Internet Usage Rules, create Shaping Rules, and tie them all together with the Policy Manager. Next we’ll discuss the other options available under the Manage tab.

Directory Users & Nodes
Network Composer can track Internet traffic by devices (Network Nodes) and by username (if Directory integration has been enabled). Once a device or user is discovered, Network

55

Network Composer User Guide Composer will create a profile and list it accordingly under Directory Users & Nodes. These profiles (devices or users) will then be available for group membership assignment under the Group menu (Manage -> Policies & Rules -> Groups). Directory Users & Nodes lists three separate options: Network Nodes, Directory Users, and Directory Agent. Network Nodes will list devices discovered by Network Composer, while Directory Users will list Directory profiles. Directory Agent will list agents you have created for your directory servers. These topics are covered in more detail under Chapter 7: Integrating Directory Users with Network Composer.

Network Nodes
Click Manage -> Directory Users & Nodes -> Network Nodes. This will post the Network Node Manager, which lists all devices (Network Nodes) discovered by Network Composer. Network Composer discovers these devices by examining network traffic as it passes through the bridge interface. Once a unique device is discovered, Network Composer will send a port scan to retrieve several pieces of information to create a profile, i.e., NetBIOS name, Internet Protocol (IP) address, Operating System (OS), Media Access Control (MAC) address, and open ports. Network Composer will also list the scan status and the date the profile was created. Network Composer accomplishes this scan via a utility called Network Mapper (Nmap). For Nmap to retrieve these pieces of information successfully, some options may need to be permitted on the network (listed below): • • • • • • UDP port 137 Client for Microsoft Network NetBIOS over TCP/IP Samba to respond to NetBIOS queries DNS entries for Macintosh computers Simple Network Management Protocol (SNMP) for Macintosh computers

If after enabling these settings, you need to rescan profiles for missing or changed information, you can select the profiles under Network Node Manager and click Re-scan port under the Tasks pane. The Scan Status for the selected profiles will then list Pending. After several minutes, the profile will be updated with the missing or changed information. If after rescanning a profile Network Composer still cannot retrieve the missing or changed information, you can select profiles and manually enter change for the profile name. Don’t forget to Save your changes afterwards. If you have profiles listed under the Network Node Manager, click on one to see the information gathered for each device on the network. The first information posted is the Scan Name (NetBIOS name if available accompanied by the current IP address), Operating System (OS), Detected OS, and MAC address. Below that are posted two settings: Ignore multiple IP Addresses from this Network Node and Treat IPs as Remote Subnets from this Network Node. Ignore multiple IP Addresses from this Network Node can be used when Network Composer identifies a single unique MAC address being used by multiple IP addresses. This behavior is typical in an asymmetrical network. Because profiles are created by MAC addresses,

56

e. Thus if Network Composer sees the MAC address being used by another IP address.e. to search for a specific MAC address. If you have an asymmetrical network. Network Composer will assume this is due to asymmetrical routing and group the traffic based on the IP address and attempt to discover the true MAC address of the original sending device. and OS. The next option is Treat IPs as Remote Subnets from this Network Node.. Unknown Network Node simply represents profiles that have not been completely scanned.cymphonix. enter the MAC address you are searching for. you may see a profile entitled Unknown Network Node (mostly under the Report tab).com). enter the corresponding value. You can search for profiles based on IP address. one hundred connections on your network will constitute 100 Network Node licenses. For more information on configuring Network Composer in an asymmetrical or MAC alternating network. please review the tutorial document entitled How to Configure Network Composer with Asymmetrical Routing (http://kb. and date profiles were created by clicking on the column titles. For example. Network Composer will create profiles for network devices based on IP addresses. Use the format presented in the Network Node Manager. You can also sort the profiles by Name. and hit Enter. IP address. That is to say. network segments separated by layer three devices that use the same broadcast range or physical connections. With time. asymmetrical networks. Profile Name (normally the NetBIOS name or IP address). Licensing with Network Composer is based on network connections or active IP addresses on the network. on the other hand. this profile will disappear as Network Composer is able to complete the profile scan and identify the new profiles. Network Composer has identified new devices on the network but has not had sufficient time to complete the profile scan or is in the process of doing so. and click the Search icon (or press the Enter key). Simply select the search criteria from the Search Drop-Down Menu. Also listed under the Add/Edit Network Node Detail are the IP addresses used by this Network Node as well as the open ports.Network Composer User Guide Network Composer can sometimes incorrectly associate traffic to the wrong Network Node with asymmetrical networks. In these cases.) and MAC addresses are not separated by colons (:) to search according to the values. state and services utilized by the device. i. which will permanently associate the IP address to the MAC address listed. Lastly. protocols. etc. OS. IP addresses are separated by dots (. select MAC address from the Search Drop-Down Menu. By default Network Composer will create profiles for network devices in the local subnet based on MAC addresses. Another option available under Network Node Manager is the Search box.g. With routed networks. There are rare scenarios where profiles based on MAC addresses within the local subnet should be treated as remote profiles because of unique network architectures. Network Node Manager allows you to license and unlicense devices. These settings can be sorted by selecting the Column title of each setting. MAC address. you can select Ignore Multiple IP Addresses from this Network Node. These profiles will have the MAC addresses listed as all 0s while local profiles will post true MAC addresses. In essence.. Please note that when Network Composer is first installed or if new devices are installed on the network. you may need to regard local profiles as remote. Scan Status. 57 . MAC address.

Hence. In addition to multiple Internet connections being a problem. This can be accomplished with Network Node Manager.com). More than likely traffic from Unlicensed Network Nodes will fall into the Default Group. you will want to closely watch your license count and confirm that you do not exceed the license amount. scanners. please see the tutorial document entitled How to Manage Licensing with Network Composer (http://kb. You can verify whether Network Composer is licensing based on MAC addresses by reviewing the column of MAC Address under Network Node Manager. If a device is unlicensed. in this scenario a device could possibly consume several licenses depending on how DHCP is configured. Traffic from Unlicensed Network Nodes will be aggregated into one profile entitled Unlicensed Network Nodes. or any other “non-user” specific devices that have Internet connections. they can potentially consume licenses unless configured otherwise. Network Composer will again issue an additional license but now to the new IP address. Network Composer will issue a license to that IP address. a laptop with a wireless card and an Ethernet port. in a flat network where all devices are connected via switches or hubs. then Network Composer is licensing based on IP addresses (typical of routed networks as MAC address remain in local subnets). large Dynamic Host Configuration Protocol (DHCP) ranges or short DCHP lease times can possibly pose an issue as well with licensing. and profiles will be based on such. For example. Reporting for unlicensed devices will not list individual statistics.g.cymphonix. If that same device is assigned a different IP address via DHCP. e. Because these devices are configured with a MAC or IP address. devices that are unlicensed are handled quite differently than licensed devices. However. filtering will be handled differently with Unlicensed Network Nodes. Other scenarios to be aware of with licensing are devices such as printers. 58 . Also. you will not be able to select it when adding members to groups. then Network Composer is essentially issuing a license to those MAC addresses. plotters. Another drawback for Unlicensed Network Nodes is the inability to add these devices to a group via the Network Node Manager.Network Composer User Guide For example. Filtering for Unlicensed Network Nodes will still be in effect for these devices but depending upon your group configuration. for example. if an entry of all zeros is listed under the column of MAC address. You may review Chapter 6: Administrating Network Composer for more information on installing Network Composer in a routed network. Because of this. network cameras. If licensing is based on IP addresses. a device will be assigned an IP address via DHCP. a device with multiple Internet connections can possibly take up two licenses. Network Composer can normally discover MAC addresses for individual devices. Knowing how Network Composer is issuing licenses will help you better manage your license count as exceeding the license count can cause inconsistencies with content filtering and reporting. For more information on how Network Composer handles traffic from Unlicensed Network Nodes. This means that individual IP addresses will consume licenses. If individual MAC addresses are listed. Also. With this scenario. it is highly recommended that you purchase sufficient licenses to filter and report on all connections present in the network. traffic from Unlicensed Network Nodes can be in different groups. licensing and profile creation will be based on unique MAC addresses. Also please note that historical data and grouping based on IP addresses will follow IP addresses as well and not the devices per se. but different configurations can change this. Lastly.

This will flag those profiles as unlicensed.. i. After selecting the profiles.. and Network Composer will no count those devices towards the total license count. The last number listed is the complete number of profiles that have consumed licenses. Directory User Manager will list all user names that Network Composer has discovered. will be posted under the Directory Users Manager. Network Node Manager also allows you to license and unlicense selected nodes. The Directory User Manager will also list the domain names associated with the profiles. Additional licenses are issued in the form of a license key and may be entered during the Setup Wizard (Step 1) or under Admin -> Configuration -> License. as well as the Directory Agent (if applicable) and username used to access the directory. Chapter 7 covers these topics in more detail. 90%. If you have implemented Directory Users with Network Composer. Again. however. etc. and 100%. etc. network cameras. Directory Users Directory User Manager is similar to Network Node Manager in the sense that this manager keeps track of all reported profiles. and System Message Alerts will be sent when the license count is nearing 80%.e. The difference being that Directory User Manager tracks all Directory Users and not Network Node Profiles. if you had several printers that you do not wish to consume licenses you can select those profiles and click the Unlicense Selected Nodes button located at the bottom of the page of the Network Node Manager (Manage -> Directory User & Nodes -> Network Nodes -> Unlicense Selected Nodes). If you need to purchase additional licenses. Also. devices such as printers. For example. the total license count is posted on the Home Page under Hardware Settings. the Directory User Manager will post all Directory Users Profiles discovered by Network Composer. normally do not need content filtering and shaping. you may do so from Cymphonix or your Authorized Cymphonix Reseller. This option allows you to update a profile by selecting the checkbox next to the user profile(s) you want to rescan. One last important detail to note is that Directory Users have no effect on licensing. new directory group.Network Composer User Guide Click Manage -> Directory Users & Nodes -> Network Nodes. changed name. Towards the bottom of the page you will see a listing of how many licenses have been issued (Showing 1—25 of 100). Please review Chapter 7: Integrating Directory Users with Network Composer for more information. Again. You can also license profiles that have been unlicensed by changing the License Status to Unlicensed (located in the top right corner of Network Node Manager). Another option available with the Directory Users Manager is Re-scan Directory User Name (located under the Tasks pane). unlicensed nodes are handled quite differently than licensed nodes.. 59 . This will post all devices that have not been issued a license. You will want to periodically compare this number to your license count to confirm that you have sufficient licenses to report and filter correctly. select Re-scan Directory User Name and any changes made to the profiles. These profiles will now be issued a license and counted towards the total license count. You may select those profiles that you want be licensed and select License Selected Nodes.

Description. you may select the Email icon under the Tasks pane. All Email Broadcasts are handled by Cymphonix’ in-house Report Server. and Schedule. Reply To:. it will be saved under the Broadcast Manager (unless you have selected Send Once and Delete). which displays all email reports that have been created for automated reporting. separate the emails with a semicolon (. Activate Broadcast must be selected for any action to occur. If you need to alter or delete the report in the future. For example. however. XML. please refer to Chapter 7: Integrating Directory Users with Network Composer. Once you have done this. As a practice. Once you have selected all settings. don’t forget to select the Save button. the data is immediately deleted from the Report Server. Email reports must first be created by selecting the report you want to email. Once you have created the report and filled out the necessary fields. Also after the finalized Email Broadcast has been sent. Fill out the required information such as Name.Network Composer User Guide Directory Agent The Directory Agent Manager lists all created Directory Agents used for synchronization of Directory Users. Physical access at Cymphonix’ Report Server is permitted through a minimum of two biometric authentication systems. other formats available are HTML. Under the Tasks pane select the Email icon. you may do so under the Broadcast Manager by selecting the individual Email Broadcast or selecting the checkbox next to the report and clicking the Delete Selected button. several new fields will appear that will allow you to select the day of the week you want the report to run. If you need to send the email to multiple recipients. you will need to select which Activation mode for the email. The entire process normally takes less than 5 seconds. Send Format. Send To: Send From:. Now that you have created the email report. if you choose Weekly. Run Now will send the email report as soon as it is created. The process creates performance advantages for Network Composer while still allowing automatic delivery of important reports and information. CSV. Subject Line. For more information on this menu. On-site staff is notified of all building access in real time and environmental systems are maintained with N+1 redundancy. The Report Server then sends the completed report to the requested email address(es) for retrieval. The schedule will depend on how frequent you want the automated report sent. Send Once and Delete will send the report at the scheduled time and will then automatically delete the report once it has been sent. The same is true with Monthly and Yearly.). Also. After you have created and activated an Email Broadcast. click on Report -> Application -> Application Overview. which will populate the Add/Edit Broadcast field. Broadcasts tab The Broadcast tab grants access to the Broadcast Manager. the recommended Send Format is PDF as this format is more presentable. 60 . the data is encrypted using Secure Socket Layer (SSL) and sent to Cymphonix’ Report Server. you can set up this report for a weekly email. The Report Server processes the encrypted data and creates the desired report in the selected format. For example.

Another access level exists (Read-Only) which allows users to view reports and configuration settings. First Name. Select the Manage -> System Access -> Logins link to make these changes. This menu and submenus allow you to customize applications and redefine default signature sets for a more tailored environment. We strongly recommend that you create a new administrative login. Don’t forget to Save your changes after creating or modifying a login. The Add/Edit Login Detail field (Manage -> System Access -> Logins -> Admin) allows you to customize all logins with User Name. However. By default only one account is present on the device (the admin account with a password of cymphonix). Applications tab The Applications tab is designed for expert use. All accounts are listed under the Manage -> System Access -> Logins menu. if a spam filter is present on the network.XMISSION. Password. 61 . if you would like to customize signature definitions as well as Traffic Flow Rule Sets (TFRS). Administrative login accounts can do anything that the default admin account can do. Applications Sets. you can do so under the Applications tab. For example. and Applications. System Access tab Network Composer allows you to create multiple login accounts used to access the system. users with Read-Only access cannot make configuration or administrative changes to the device.Network Composer User Guide Because the data is leaving Network Composer. you may need to alter the sender and receiver of the email to be different email addresses as same email addresses are commonly flagged as spoofing techniques. The three options available under the Applications tab are Traffic Flow Rule Sets. Nevertheless. some technical considerations may need to be implemented in order for the recipients to receive email reports. all data is encrypted. uncheck the box). Also note that when the data leaves Network Composer to Cymphonix Report Server. the transmission from Cymphonix’ Report Server to the recipients is not encrypted. and Activate Login (the login will not be accessible until this option is checked).com).cymphonix. The default application sets provided should be sufficient for most environments. Nonetheless.COM). you may need to allow email transmissions from Cymphonix’ Internet Service Provider (IP. A more detailed explanation on how to customize TFRS and Application Sets is available on Cymphonix’ Knowledge Base entitled How to Create Custom Signatures (http://kb. Email Address. In addition to this. They can view any report and can make any configuration changes. However. Last Name. Admin Level (if you would like to create a login that does not have Admin Level. and change the default login password to limit access to the management interface. this is the same level of security as most common email messages sent over the Internet.

Now let’s continue our example of a custom TFRS by discussing the Application Sets and Applications menus. There is also a search box to search available TFRS. The following sections will give a brief explanation of the options available and a common example of configuration changes. Doing so can cause severe problems if the TFRS are configured incorrectly. you will only want to customize the name and description in this field as removing applications can cause unexpected effects. Case in point would be the need to filter Web traffic (Web Filter). The key factor in creating a custom TFRS is to choose a default one that closely represents the end result. deny IM Client communications (Deny IM). we will need to alter the targets. Although you can select the default TFRS and edit them. Network Composer ships with 12 default TFRS (for more information see previous section on Traffic Flow Rules Sets). Copying TFRS is quite simple: select the checkbox next to the TFRS that is going to be copied and select the Copy Selected button. The steps to alter targets are covered under the next sections. For example. This field also allows you to remove certain applications for the TFRS. Nevertheless. TFRS define content rules and implement restrictions on identified traffic. you could remove this application using the < Remove button. however. In our example. For example. In our example we will need to alter the SSL targets to block this traffic. Select Manage -> Applications -> Traffic Flow Rule Sets. you can create a distinct name and description for the custom TFRS. you can copy them and make the necessary changes to create a custom TFRS. This will bring up the Add/Edit Traffic Flow Rule Set field. More often than not. if you didn’t want this TFRS to identify ICMP traffic. Other options available under the Traffic Flow Rule Set Manager are deleting and creating. it is highly recommended that you do not edit default TFRS. the Traffic Flow Rule Set Manager allows you to combine or delete components of the TFRS to tailor how traffic will be handled. don’t forget to Save your changes. 62 . Again. This is done under the Application Signature Manager (covered later under the Applications section). you can customize TFRS using the Traffic Flow Rule Set Manager. Here. Rather than editing the default TFRS. For this example. suppose you had a group of users that needed a variety of functions not available in the default TFRS. You are better served by copying default TFRS and editing the copies. there is no one TRFS that has all components (Web Filter + Deny IM + SSL Block). we would name the TFRS Web Filter + Deny IM + SSL Block. Now that we have created a custom TFRS to block SSL traffic. By default. we will select to copy the TFRS of Web Filter + Deny IM and afterwards add the component of SSL Block.Network Composer User Guide Traffic Flow Rule Sets Traffic Flow Rule Sets (TFRS) are the basic traffic identification and control engine within Network Composer. and block HTTPS traffic (SSL Block). however. Once you have created a custom TFRS. you will alter the targets according to the desired modifications. There are several default TFRS that can do some of these options. Another suggestion is to name the TFRS according to the targets.

are groups of signatures for similar applications that perform a comparable purpose. users. e. Network Control Program (NCP). and Collaboration—this application set comprises signature definitions for email services and protocols used to transmit emails. FTP/File Transfer—this application set comprises signature definitions for File Transfer Protocol (FTP).. etc. War of World Craft. Routing Information Protocol (RIP). GoToMyPC. etc. Network Utility—this application set comprises signature definitions for protocols used to manage networking devices. the signature set of Remote Desktop /Remote Control /X comprises the applications of PC Anywhere. Domain Name Service (DNS). e. e. Oracle.g. and many more. Network Management Service (NMS).g. • • • • • • • • • 63 . e. Network Management and Monitoring—this application set comprises signature definitions for services that manage and monitor networks. XBOX Live.Network Composer User Guide Application Sets Application sets. e. The Application Signature Set Manager (Manage -> Applications -> Application Sets) lists all sets of applications that Network Composer can identify and shape.. DNS/Naming/Locators and Information—this application set comprises signature definitions for services that identify domains. For example.g. and devices on a network. etc. Currently there are 23 Application Sets that Network Composer identifies. Windows Live Messenger. Citrix..g. Simple Mail Transfer Protocol (SMTP).. NetBIOS/Microsoft File Services—this application set comprises signature definitions for Network Basic Input/Output Service (NetBIOS) and Server Message Block (SMB or Samba) protocol. Network Routing—this application set comprises signature definitions for networking protocols. Lightweight Directory Access Protocol (LDAP). Games—this application set comprises signature definitions for online games or network games. Databases—this application set comprises signature definitions for database applications. Dynamic Host Configuration Protocol (DHCP). or simply signature sets. e...g. PING. e. Email. SQL. NSW under System FE.g.g. etc.g. etc.. Internet Message Access Protocol (IMAP). Simple Network Management Protocol (SNMP). HTTP—this application set comprises signature definitions for Web traffic or Hypertext Transfer Protocol (HTTP).. • • • Chat and IM—this application set comprises signature definitions for chat and IM applications. etc. ICMP—this application set comprises signature definitions for Internet Control Message Protocol (ICMP) e. e. Paging. Because these applications use similar signatures and perform an equivalent purpose (connecting users remotely to computers) the different applications are grouped together in an Application set. etc. Microsoft’s Remote Desktop.g.. Yahoo! Messenger.

Citrix. e. Ventrilo. Flash. Printing and Reporting—this application set comprises signature definitions for printing and reporting services.Network Composer User Guide • • • • Peer to Peer—this application set comprises signature definitions for programs that share files via a direct (peer to peer) connection... we will call the Application Set SMTP. etc.g.g. RPC/Remote Execution and Message—this application set comprises signature definitions for programs that execute other programs or routines remotely. e.cymphonix. VOIP and Voice Chat—this application set comprises signature definitions for Voice over Internet Protocol (VoIP) and programs that facilitate voice conversations over the Internet..g. if you wanted to separate Citrix traffic from Remote Desktop/Remote Control/X application set for individual shaping and reporting. you could create a new application set or custom TFRS to do so. e. etc. Security. Remote Desktop/Remote Control/X—this application set comprises signature definitions for programs used for remote management and administration. This will populate the Add/Edit Application Set Details field.g. Sockets Server (SOCKS). and Auth—this application set comprises signature definitions for network protocols that authenticate and secure users or devices. In our example. Windows Media Player. etc.. etc. As such. Secure Socket Layer (SSL). Proxy and Cache—this application set comprises signature definitions for Proxy and cache servers. etc. e.g. e. Still. Here you will give the custom application set a Name and Description. In addition to reviewing the applications within the set.. Auditing. PC Anywhere. 64 . Uncategorized—this application set comprises all traffic that does not meet a specific application set. e. e. Pretty Group Privacy (PGP). you may add or remove individual applications.. Bit Torrent. Remote Procedure Call (RPC)..g.. Internet Protocol Security (IPSec). Telnet and SSH—this application set comprises signature definitions for applications that use Telecommunication Network (Telnet) and Secure Shell (SSH) protocols. following the example in the previous section of creating a custom TFRS of Web Filter + Deny IM + SSL Block. etc.com). Internet Printing.g. In this example.. Gnutella. this menu is intended for expert use. e. Paging. Once more. For example. etc. Click Manage -> Applications -> Application Set -> Create.g. Streaming Media—this application set comprises signature definitions for programs that stream audio and video content. e. Kerberos.g. VPN and Tunnel—this application set comprises signature definitions for protocols used for Virtual Private Network (VPN) and for tunneling. etc. we will create a custom Application Set. • • • • • • • The Application Signature Set Manager also allows you to select Application Sets to review all applications present within the set. IBM’s Tivoli. Buddy Phone. you may want to review the Tutorial Document on how to create a custom signature located at Cymphonix’ Knowledge Base (http://kb. and Collaboration Application set. Squid. Don’t forget to Save the changes. Network Printing. we will separate SMTP traffic from Email. etc.

this menu is intended for expert use. Two other options available under the Application Signature Set Manager is the ability to search for Application Sets using the Search box (located in the upper-left corner) and delete a custom Application Set using the Delete Selected button (located in the bottom of the page). VLAN—this type is the Virtual Local Area Network (VLAN) used for the application. DiffServ is a networking architecture that specifies a simple. Click Manage -> Applications -> Applications. This can be accomplished under the Applications Menu. The Application Signature manager lists each individual application alphabetically according to the Traffic Flow Rule Set listed in the top right-hand corner. These final steps are covered in the next section. or Value and sort the different applications by the column titles. Application Set. o o o o 65 .e. this menu allows you to search for individual applications. Type—this will list the type of signature identification used to recognize the traffic. and application sets to see how traffic is being categorized. Below are the column titles and corresponding definitions: • • • Name—this is the name of the application. Lastly. i. You can also search for a particular application based on the Name. Diff Serv—this type is the Differentiated Services (DiffServ) of the application. TOS is a single-byte field in an IP packet header that specifies the service level required for the packet. Like other menus under the Applications menu. TCP.Network Composer User Guide Once a custom TFRS and Application Set have been created. This will bring up the Application Signature Manager. Length—this type is the Ethernet Length of the application. we can now look at the individual applications that Network Composer can shape. UDP. The Applications menu will allow you to finish creating the custom TFRS. values (ports). etc. you will need to alter the individual applications under the Application Manager. You can also finish altering the Application Set to add or remove specific applications for an Application Set. Application Set—this will list which application set the application belongs under. scalable and coarse-grained mechanism for classifying. Protocol Only—this type is the protocol used for the application.. managing network traffic and providing Quality of Service (QoS). Ethernet length specifies the size of the frame used within the network interface. The different types are the following: o o Destination Port—this type is the target port of the application. Applications Now that we have detailed the applications listed under each Application Set. Type of Service—this type is the Type of Service (TOS) of the application.

the Type is listed Destination and Port. and Value. For example. Web Request MIME Type—this type is the Multipurpose Internet Mail Extensions (MIME) for the application. spyware scanning. In general only use Destination Port. web logging. Chose Web Filter + Deny IM + SSL Block. Again. Finally. None (no action taken). More often than not you will only need to change the Application Set. and Target. you will change the targets from Pass Thru to Deny. this will block all SSL connections. the Value is listed as 80 as this is the Destination and Port number for HTTP traffic. Web Request File Type—this type is the File Type for the application. o o o o o o • Value—this will list the corresponding measures from the Type field. and Source and Destination Port for the Type field. Select the application of SSL CONNECT L7. i. and all other associated values for Types. under the application of HTTP. Source Port. You can do this by changing the Target field under the SSL applications. Enter in the value of SSL and hit the Enter key. You will need to do this for all other application that use SSL. Target—this will list what actions will be taken with the corresponding application. In the top right-hand corner. Source and Destination Port—this type is the sending and target port of the application. Type. For example. Application Set. Other entries listed here will be the XLi values. changing options can cause serious errors if you are unsure of the settings. This will show the Add/Edit Application Detail page.. if the target is set to Pass Thru the application will be allowed. you will need to create a custom TFRS. (search for HTTPS applications as well). for Protocol you will probably only need to use TCP and UDP. XLi Engine—this type is the Cross Layer Intelligence (XLi) Engine used for the application. By creating a custom TFRS and application set. Type. Traffic Flow Rule Set. Web Filter (content filtering. and Value.e. • To review the different options for each application. and Target with Pass Thru or Deny. MIME values. The Application Signatures Manager will post the associated applications for SSL traffic. Other options available are Deny (block traffic).Network Composer User Guide Layer7—this type is Network Composer’s Layer 7 signature used for the application. Let’s continue with the example of the custom TFRS created in the previous section. To block all SSL connections. and virus scanning) and Web Logging (only logs web request URLs). Traffic Flow Rule Set. hence. you can adjust each application and change settings such as Protocol. XLi is the component of Network Composer that scans and identifies packet payload using 6 layers of the OSI model. This will then list all TFRS available. The Add/Edit Application Detail field allows you to change the Name of the application as well as other options. Protocol. the Description. Click on the drop-down search box and select Value as the search criteria. Notice how the individual applications are now clickable. select the link for the TFRS of IM Only. Value. File Type values. Once you save the changes. Source Port—this type is the target port of the application. Remember that we need to change the target of the custom TFRS to deny SSL traffic. 66 .

Paging. change the Application Set to SMTP from E-mail. You may follow the general instructions listed above to create custom TFRS or Applications Set or review a more complete tutorial of these steps entitled How to Create Custom Signatures (http://kb. This will post all applications that use SMTP as a signature. Make sure the custom TFRS is selected as the Traffic Flow Rule Sets in the top right-hand corner. you only need to apply the custom TFRS.com). we can continue with the example of separating an application from an application set. and Collaboration and tie it to the custom Application set of SMTP (created in the previous section). One last option available under the Applications Set Manager is deleting custom applications. 67 . Don’t forget to Save your changes. click on Manage -> Applications > Applications. Because we have created a custom TFRS and application set.cymphonix. we will separate SMTP from the application set of E-mail. Again. This is done by creating an Internet Usage Rule and applying it to a group under the Policy Manager. Please review the sections Internet Usage Rules and Policy Manager for more information. Click on the first SMTP application (On Demand SMTP Relay). Here. Again. Select Name as the Search criteria and enter in the name of the application. The next chapters describe advanced configuration methods and options with Network Composer followed by chapters dedicated to Directory Users and HTTPS/SSL Filtering. Now. In our example we will search for SMTP traffic. This concludes Chapter 5: Managing Network Composer. and Collaboration. let’s search for the application that we’re going to separate. these changes will take final effect once they are initiated under Internet Usage Rules and Policy Manager. we can select the applications to separate or modify them. Paging. Before leaving the Application Signature Manager. This will post the Add/Edit Application Detail. Repeat the previous steps for all applications listed after the search.Network Composer User Guide Once you have set all SSL applications to Deny. In this example.

and Spyware Removal. Remember that the Setup Wizard does require a live Internet connection to the network and will reboot if a firmware upgrade is downloaded.Network Composer User Guide Chapter 6: Administrating Network Composer The Admin tab of Network Composer provides you with administration functions for initial configuration of the device. the Admin tab has advanced configuration options for Directory Users. For more information. please review Chapter 2: Installing Network Composer. 68 . This chapter is divided into 6 sections. If you would like to run the Setup Wizard again after the initial setup. Also available are maintenance options such as backup settings and diagnostic tools that allow you to prevent failures or down time. you may do so with this tab. custom redirection pages. • • • • • • • Setup Wizard Configuration tab Diagnostic Tools tab Downloads tab Logs tab Redirection Pages tab Utilities tab Setup Wizard The Setup Wizard is available during the first login to Network Composer and if the device has been reset back to factory defaults. Lastly. SSL Certificate.

Advanced Setup The Advanced Setup provides you with enhanced configuration settings that are used for customization of Network Composer within the network. if Network Composer is installed in a more complex or uncommon network topology. you can disable this feature by unchecking this setting. Enable Port Scanning / OS Detection—this refers to the Nmap scan that is performed when a unique profile is discovered. Lastly. remote subnets. You can also assign a default gateway.Network Composer User Guide Configuration tab The Configuration tab provides you with a variety of tools that can help manage the installation and maintenance of Network Composer.ntp. backup settings and static routes. as such. and an IP address and Subnet Mask to the Management/Auxiliary Port. license settings. Disable MAC based Network Node Discovery—this is used when you do not want Network Composer to create profiles based on MAC addresses. you can specify the time zone for Network Composer. Below are all the options available under the Configuration tab. Don’t forget to Apply any changes made. If you would prefer Network Composer to profile these devices based on IP addresses. As previously mentioned in Chapter 5. Among these settings are basic and advanced settings. You can also use this menu to enter in the name or IP address of the Email server (if you would like to receive email alerts for viral web downloads).org. NTP Server—this is used to specify a Network Time Protocol (NTP) server used to sync time for Network Composer. devices located in Network Composer’s local subnet will be profiled based on MAC addresses. Remember that the IP address assigned to the Management/Auxiliary Port cannot be in any active subnet in your network. • • Domain—this allows you to identify the domain name in which Network Composer is installed. you may enter in either the IP address or domain name for the • • • 69 . if you have an NTP server or an Active Directory server and would prefer to use those devices instead. however. some security settings may identify Nmap scans as intrusions. LDAP. However. The default setting is pool. Setup Use this menu to manually assign an IP address and Subnet Mask to the Bridge (WAN/LAN) interface. you may need to disable or adjust some of the settings. This setting allows Network Composer to post unique information about each device present on the network. Enable TCP Window Scaling—this allows Network Composer to send a larger window size to improve TCP performance in networks with large bandwidth. This menu is intended for manual configurations of Network Composer if you are unable to run the Setup Wizard or need to customize settings. If you are experiencing latency with Network Composer or connection failure to web sites. For more information see section Network Nodes in Chapter 5: Managing Network Composer. however. you will need to check this option. you may need to disable this option to improve performance. However. Most of the below options are enabled by default. some routers or web sites do not support this feature and can cause latency. DNS Server. The options available under this tab allow you to optimize and customize your Network Composer to meet the organization’s needs.

allowing for faster response times for Internet Usage reports. MIME Type. Group. and • • • • 70 . Network Composer can encounter a problem with group assignments and reporting. first correlation by Category. and Level 2 Summary. if MAC addresses change during data transmission. Host. and Network Node. This option can improve performance on frequently visited web sites and should be checked. MIME Type. For example. Summary Table Conversion Utility—this utility will take previous data that has not been summarized and create summary tables.Network Composer User Guide device in this field. However. For more information please see the section Report Recommendations in Chapter 3: Generating Reports. i. • HTTP Keep-Alive Mode HTTP—this allows Network Composer to use the same connection to send and receive multiple HTTP requests and responses. • Allow HTTP Connections on port 8888—this allows Network Composer to act as a proxy for web traffic. as opposed to opening new connections for every single HTTP request or response. Group. File Type. Level 1 Summary Table will summarize the first correlation for those reports. For more information please see the section Report Recommendations in Chapter3: Generating Reports. This option is also necessary if you want to enable HTTPS/SSL Filtering.. by enabling Network Normalization Mode. EBM facilitates an easier installation. Because EBM does not alter web requests. As a transparent bridge.e. Directory User.. Lastly. Enhanced Bridging Mode (EBM)—this allows Network Composer to act as a transparent bridge. Web Request Summary Table will summarize all Web requests data. for NTP to function properly UDP port 123 must be open for Network Composer. without requiring static routes or running the risk of dropping network traffic. This option must be selected if you would like to install Network Composer in Proxy Mode or use NTLM Web Authentication. Host. i. File Type. and Network Node. Selecting the link will present three options for converting previous data: Web Request Summary Table. second correlation by Category. Network Composer can send Address Resolution Protocol (ARP) requests and discover MAC addresses of devices. This utility will index web reports and correlations for all reports. Level 2 Summary Table will summarize the second correlation for those reports. Also. Please see sections Proxy Mode in Chapter 2 and NTLM Web Authentication in Chapter 7 for more information. Network Composer can rely on networking devices already present to route traffic correctly. Network Composer does not modify the web request or response beyond what is required for content filtering and identification. Level 1 Summary. We highly recommend that EBM is enabled to avoid interrupting network traffic. EBM can improve performance with Network Composer and is necessary for HTTPS/SSL Filtering. especially in a routed network. Enable Summary Tables—this allows Network Composer to summarize or condense large web reports.e. Directory User. Network Normalization Mode—this setting enables Network Composer to discover MAC addresses in an asymmetrical network or where MAC addresses are alternating.

This menu allows you to enter in the Company Name. Company City. If needed. Database Timeout—this setting places a limit (in minutes) of how much time Network Composer has to complete a report. Please see the section Report Recommendations in Chapter 4: Generating Reports for more information.) 71 . you will receive a timeout message stating accordingly. priority is given to filtering and shaping so that reporting does not consume resources that may impact network performance.com). Network Composer’s Menu Bar. these settings will reflect in other menus as well (Anti-Virus Email Alert. Once done. Company Address. You can allocate up to 15 minutes for reports to complete.). if Network Composer is unable to auto-negotiate correctly. The scenario can become even more complex if Network Composer is configured to identify multiple groups based on VLANs. • Allow DNS and HTTP block page for Deny Access Traffic Flow Rule Set—this will present group members of the Deny Access Group a blocked redirection page if they attempt to access the Internet. you may alter the time limit with this setting. Network Composer has a default timeout of five minutes for reports to complete. a problem can arise when a device or a user can possibly be in multiple groups at the same time. Technical Admin Name. reporting.cymphonix.com). specific IP addresses. LAN. The recommended setting for this option is to be enabled (checked). • Ethernet Settings This menu allows you to hard code speed and duplex settings for the WAN. Because Network Composer runs several different functions simultaneously (filtering. you may need to hard set the speed and duplex settings. However. Please note that if you make changes under this menu. shaping. As mentioned in Chapter 2: Installing Network Composer. please review the tutorial document entitled How to Configure Network Composer with Asymmetrical Routing (http://kb. and Management/Auxiliary ports. Company Settings Company Settings allows you to customize Network Composer and the GUI with information pertinent to the organization. Please note. If a report cannot complete within the five minutes. normally Network Composer will auto-negotiate correctly with the devices directly connected into the ports. etc. if a user begins to access the Internet. • Group Member Type Precedence (GMTP)—this option is critical for assigning devices and users to correct groups. This can be done under the Ethernet Settings menu. that for this page to post. more than likely you will need to hard code the interface settings of the devices connected to Network Composer’s ports. For more information on this setting.cymphonix. if you are experiencing problems with users being assigned to incorrect groups. Company ZIP Code. and Technical Admin E-mail. For example. or Classless Inter-Domain Routing (CIDR) Blocks. The default list should be sufficient. or the Directory User account. please review the Tutorial Document entitled How to Configure Group Member Type Precedence on Cymphonix’ Knowledge Base (http://kb. IP address. DNS and HTTP traffic will be allowed to pass for the Deny Access Group for initial connections. Also note that you may experience some network interruption while Network Composer makes the necessary changes. Company State. Network Composer can identify the user and place him/her in a group by MAC address. nonetheless.Network Composer User Guide therefore group and report correctly. etc. Because Network Composer allows for multiple groups.

is used to calculate the amount of time for the Web Time Online Report (Report -> Internet Usage -> Web Time Online). Please note that the Web Time Online report is an estimated value generated by counting the number of hits per page.Network Composer User Guide Registration Settings The Registration Settings menu presents the information that is used to register Network Composer. The managing system can retrieve the information through the GET and WALK protocol operations. The default setting of 20 seconds is an approximation based on typical business usage. please do so during the Setup Wizard or under this menu. The first two settings (Available Upload Bandwidth and Available Download Bandwidth) are used to calculate percentage for both shaping rules and reporting values and will cap total bandwidth available within the network. The settings are the same settings as Company settings with two differences. The default setting for this field is public. Simple Network Management Protocol (SNMP) can be used to monitor the state of Network Composer and poll the device to verify its CPU. but the Read Only Community password can be changed to the desired password with this menu. Web Time Online seconds per hit. The first field. Afterwards. Make sure that the amounts entered in these fields are the correct amounts for your network. the following fields will allow you to interact with Network Composer’s SNMP agent. and other pertinent information. The next option. Network Composer SNMP Values Value 1 2 3 4 CPU Percent Hard Drive Usage Percent Web Hits Web Hits by Category ID Result 72 . Don’t forget to Apply the changes after altering the field.) Settings Miscellaneous Settings displays five important options that are used in a variety of menus. SNMP works by a software component called an agent that runs on Network Composer and reports information via SNMP to the managing systems. If you have not adjusted this amount for your bandwidth. Although you will have to supply the SNMP managing system to retrieve the information. Miscellaneous (Misc. in other circumstances the values may need to be altered. Please note that the amounts listed in the available upload and download under Miscellaneous Settings will restrict total traffic through Network Composer. you can use the SNMP GET command to poll the following values from Network Composer. SNMP Read Only Community is the password used for the GET requests and allows access to Network Composer’s SNMP agent. hard drive usage. Company Address 2 and Technical Admin Phone. However. The default settings are set to 5000Kbps and will restrict traffic to that amount. and then multiplying the number of hits by the number listed under this setting.

SNMPWALK will search all SNMP values for Network Composer and post the corresponding values. Update Settings The Update Settings menu lists the available updates for Network Composer.3. All updates can be configured to execute automatically via the Enable check boxes and Daily Schedule Drop-Down Boxes.4. Again. maintenance patches. Firmware updates deal with new features.1. Content Filter.4. Content Filter updates are for updating web categories.1.6.6.3. The WALK command allows you to use the SNMP GETNEXT request to query Network Composer for a several pieces of information. Software updates deal with component changes. Any changes made to these two fields will not take effect until you Apply the changes. you should schedule updates during non- 73 . Spyware updates are for new definitions on spyware. For updates to be successful. These writes are protected by the write community string and are set to the default settings of private. you can query Network Composer’s SNMP agent for all values present: snmpwalk –v 2c –c publick localhost 1. you should be able to use the SNMP Get command: snmpget –v 2c –c public localhost 1.31010.31010. with Network Composer’s OID. This setting is used to set SNMP MIB variables to a specified value. Also. please note that Object Identifier (OID) for Network Composer is 1.1. except for Firmware updates. Spyware. and code resolutions. These updates are divided into five categories: Firmware. while Anti-Virus handles new definitions for web viruses. Software. Network Composer OS upgrades.1. Because of this you will need to manually update the firmware using the Update Now button. and Anti-Virus.6. web sites.Network Composer User Guide 5 6 7 8 9 10 11 Web Category Name by ID Application Set Name by ID Application Set Upload by ID Application Set Download by ID Total Traffic Upload/Download Number of Possibly Infected Spyware Number of Possibly Infected Virus Also.1. and file types.1 The next setting is the SNMP Read Write Community. You will be notified via the Message Center on the Home Page when a new firmware version is offered.3.4. Network Composer will need access to port 80 as well as authorization to download MD5 check sums. With the above listed values and Network Composer’s OID.1. and signature updates. However.31010. The reason being is that Firmware updates require a reboot.1. this field allows you to alter the password for the SNMP Read Write Community.

com in the domain name regardless of http. by default the web site YouTube is categorized as Online Communities. Regular expression (regex) is a method used to describe a string of text using metacharacters or wildcard symbols. Afterwards. you will need to understand the functions of regular expression metacharacters. • URL-Regular Expression—this compare string utilizes regular expressions to categorize web sites.youtube. 2am for Content Filter. an entry of http://www. and entry of youtube. To use URL-Regular Expression. you can choose which priority level will be assigned to the entry.com/forums as Online Communities while other web sites under 74 . 3am for Spyware. an entry of youtube. for your organization YouTube may be considered more of a streaming media web site than an online community. Afterwards. URL—this compare string looks for an exact URL match. This rule will then take effect for both reporting and Internet Usage Rules (IURs).com/forums as a high priority. or your organization needs a distinct categorization for the web site. and Domain.com for additional information. For example. However. • • After you make your entry in the Match String field and chose a Compare String. URL-Regular Expression supports regular expressions for POSIX Basic and Extended Regular Expression. This menu allows you to categorize web sites that has been miss-categorized. and 4am for Anti-Virus. You can also use an asterisk symbol (*) as a wildcard with the compare string of Domain. There are three distinct compare strings that can be used to categorize web sites: URL-Regular Expression. The Custom Category Rules allow you to enter the URL of YouTube and “re-categorize” the site as Streaming Media instead of Online Communities. an entry of *youtube. Domain—this compare string looks for any web page that begins with the domain name of the web site. https. select which categorize the web site will be assigned. For example.cymphonix.com will categorize any web page that has youtube. you would select the URL of youtube. For example.com/forums as Online Communities. URL. Default settings for Update Settings are 1am for Software. To categorize a web site with the Custom Category Rules. enter the URL in the Match String field. do not have an explicit categorization. Once selected. Priority levels are only used when there are conflictions with other custom categorizations. For instance. Use this compare string to categorize specific web pages where an exact match is necessary. you can entry in the name of the custom category.com as Streaming Media but the web page of youtube. A complete discussion of Regular Expression capabilities is beyond the scope of this document. For example. However. you can use an asterisk symbol (*) as a wildcard with the compare string of URL. but not necessarily other YouTube web pages. or www. Custom Category Rules The Custom Category Rules menu allows you to modify or create web site categorization.Network Composer User Guide peak traffic times as some services may need to restart after the updates have completed. chose a Compare String for the entry. For instance.com will categorize all of YouTube’s web pages. if you chose to categorize the web site youtube.com* will categorize any web page that begins with http://www. This indicates to Network Composer to always categorize youtube.com/forums will categorize YouTube’s forum web page.com. Use this compare string to categorize web sites where the domain name is constant in the URL.youtube. See the Cymphonix Knowledgebase on kb. You can also create your own category by selecting the **Add a Custom Category** selection.

the names of these categories will appear in the new category list under Admin -> Configuration -> Custom Category Rules -> Assign a Category as well as under the Edit Blocked Categories list. Network Composer can also monitor subnets outside the local subnet. If you have a flat network. there are no layer three devices (routers or layer 3 switches). the category of Computers and Internet covers web sites that post information about computers and software but also covers web sites with information about the Web and the Internet in general. Remove Selected Rows (clear selected custom category entry). The Precedence tab allows you to modify the order in which the Compare String is examined for classification of web sites.Network Composer User Guide youtube. and Cancel button. To finalize your entry. If you wanted to separate this category into two separate categories. but you can alter the order by clicking and dragging an entry and then selecting the Apply button. The Categories tab allows you to create or modify categories listed in Network Composer’s current category list. click the Update button followed by the Apply button. one category called Internet and another called Computers. and you will not need to add entries to the Remote Subnets menu as Network Composer will be able to track by MAC addresses. enter the name of category in the Add/Edit Category Name field and click the Update button.com will be categorized as Streaming Media. As you add web sites to these new categories.. The Custom Category Rules use three compare strings to classify web sites: URL-Regular Expression. and Domain. all devices will fall into the local subnet.e. Edit Selected Rows (modify selected custom category entry). If there is any site with conflicting criteria. Export List and Import List (export or import a plain text file of entries from the custom category list). The Cancel button is also available under this menu. This is an example of a flat network. Remote Subnets By default. To add a new category. These subnets are called Remote Subnets because they are not within Network Composer’s local subnet. However. Custom Category Options The Custom Options menu works in conjunction with the Custom Category Rules and has two tabs: Categories and Precedence. 75 . the higher priority rule will direct the categorization. and the network is not segmented logically by different IP address ranges (VLANs or remote subnets). Network Composer will monitor all traffic within the local subnet. For example. Characteristics of a flat network are all devices are connected via switches or hubs. The Default order should be sufficient. Review the following topology. i. you could create two new categories with the Custom Category Options menu. Other options available in this menu are Reset (clear current entries under the Add/Edit Custom Category Rules). Other options available are Edit Selected Row. Apply. and Cancel. URL.

e.0.0 will be identified as remote subnets.0.168..255. This is an example of a routed network. Also notice how there is a layer three device present in the network (Router 1). Figure 6. 192. Network Composer can track Internet traffic by IP addresses once these 76 .Network Composer User Guide Figure 6. and 10.16.1 Flat Network Topology Now review the following topology.0.0 and 172. the network subnets of 10.2 Routed Network Topology In this example.0. These are characteristics of a routed network.0.0.16.0. 172.0. i. Notice how there are different logical segments separated by the IP address ranges within the network.0.

enter in the network address with the subnet mask in Classless Inter-Domain Routing (CIDR) notation.16.1.Network Composer User Guide networks are identified as remote subnets.0 would be entered in as 172. Default Rows per Page indicate how many results will be posted for each report. The last setting in the User Preferences menu is Enable Automatic Downloads. Clicking these fields will populate the Select Filter Group.e.com). if you wanted the report to post the top 30 users of Peer to Peer traffic. i. Network Composer has several downloads for different features. Network Nodes.16. If you would like to skip the additional dialog box and have files from Network Composer be downloaded automatically.0 with a subnet mask of 255. Please note that may also need to add the IP address of Network Composer to the “Local Internet” security zone on your web browser as well as select Medium-Low security 77 . Once you have added the remote subnets. However. These filters are available under individual reports and allow you to search for specific Groups. or Directory User box. etc. This topic is covered the section Static Routes. For example. the lowest amounts for both fields are 5 and the highest is 500. Network Composer will not be able to track by MAC addresses for remote subnets as layer three devices maintain MAC addresses within their corresponding subnets. Once you have entered in the network address.. For more information on CIDR notation.0/24. You can change this amount by altering the Report Filter Per Page. Report Filter Per Page is for Group. To add network segments to the Remote Subnet menu. please see Appendix D: CIDR Cheat Sheet. Network Node. or Directory User profile. Network Node.255. For example. If you remove network addresses from remote subnets. This menu also allows you to automatically accept downloads from Network Composer’s GUI. By default these filters will post 10 profiles per page. Lastly. Please note that you may at any time add network addresses to remote subnets for monitoring and filtering. this will require a Reset on Telemetry and Profile Data because of how Network Composer profiles devices. section Directory Users & Nodes or the Tutorial Document called How to Install Network Composer in a Routed Network (http://kb. a network address of 172. or Directory Users for the specified reports. SSL Certificate. This report will post by default the top 25 users of Peer to Peer traffic. Please review section System Utilities for more information on resetting the database. Once the amount has been altered. and Directory User filters. User Preferences User Preferences menu allows you to customize how reports and filters will be displayed by Network Composer. you can access this information under Report -> Applications -> Peer to Peer -> Correlate by Network Node.cymphonix. Network Node. if you want to see how many users have passed Peer to Peer traffic.1. Afterwards. Selecting these downloads will post a file download dialog box with an additional link for the download. select the Add> button and Apply. you will need to change the amount of Default Rows per Page to 30. you will need to enable this option.255. all report filters will post the number specified on every filter page accordingly. You can then search the Available profiles listed for the desired Group. For more information on this you can review Chapter 5: Managing Network Composer. all reports by default will post 30 results instead of 25. Directory Clients. you can create static routes for those subnets.

The next hop is referred to as the gateway or destination gateway for the remote subnets. Static Routes The Static Routes menu is used in conjunction with the Remote Subnets menu.168. In this example. One circumstance is remote administration.0.0. if you had a network entry in the Remote Subnet menu and wanted to allow users on that remote subnet administrative access to Network Composer. Static routes are created by identifying the next hop for Network Composer to the remote subnets. Figure 6. Other scenarios that require static routes are disabling Enhanced Bridging Mode (EBM). For instance. For Network Composer to communicate properly with the users on the 10.0.0. most users are located on 10. if you do not have entries in that menu. Essentially.0.0. Default setting for Enable Automatic Downloads is unchecked. you would need to create a static route for that network.168. This is not the gateway for Network Composer’s static route as this address is not the next hop for the remote subnet.0.0 network. The 10. you may need to create static routes for those subnets. If you meet some of these requirements.3.0. Once you make changes to the User Preferences menu. you will need to create static routes.0 network. more than likely you will not need to add static routes.0. Review the following topology.0. 78 .0 has a default gateway of 10. using Redirect blocked pages. and installing Directory Agents outside Network Composer’s local subnet.Network Composer User Guide settings for downloads. However. if you have entries in the Remote Subnet menu. the remote subnet will be 10.1. the device will need to know the next hop to this network. The gateway will be 192. Notice how Network Composer is installed on a network with a schema of 192.3 Static Routes Diagram Please take special notice of the different gateways.0. the static route will indicate to Network Composer the routing path to take when direct communication is required to a host on the 10. However. static routes are only necessary under certain circumstances.0. don’t forget to Apply the changes.255.255.168. In addition to this.0/8 with a gateway of 192. For example.0.0.0.255.0 network.3 as this is the next hop for Network Composer to communicate to users on the 10.0.

you can review the Tutorial Document How to Install Network Composer in Routed Networks (http://kb. and if correct will alter the Licensed Network Nodes to the correct amount. If ASM is not current. ASM is used for support on your device and provides Network Composer with continued updates on Web content. To renew your ASM please contact your Authorized Cymphonix Reseller or Cymphonix Sales at (801) 938-1500 option 1. do not confuse the static route with Network Composer’s default gateway. Network Composer uses the default gateway to access the Internet for updates while static route gateways are used to communicate with users on the remote subnet.cymphonix. software. Web viruses. one hundred connections on your network will constitute 100 licenses. After you have identified the correct static route with the corresponding remote subnet. That is to say. Licensing with Network Composer is based on network connections. you can enter them by entering in the network address of the remote subnet and the route gateway. Serial Number.com) Remember that static routes are only necessary for remote subnets. This option is also available during the Setup Wizard. Don’t forget to Apply the changes. For full functionality of Network Composer. You can purchase the license key from Cymphonix or your Authorized Cymphonix Reseller. or virus definitions nor will Cymphonix Technical support be available. License Settings The License Settings menu allows you to enter a license key to increase the amount of devices Network Composer will profile. and application signatures. such as Model Number. and Annual Software Maintenance (ASM) Expiration Date are posted on this menu as well. Once purchased. Spyware. 79 . SSL Certificate Settings This menu is covered in Chapter 8: Implementing HTTPS/SSL Filtering with Network Composer.Network Composer User Guide Also. Static route gateways will always be on the LAN side of Network Composer. network addresses will be entered in CIDR notation. Do not add a static route that will encompass the local subnet as this may cause routing problems with the default gateway for Network Composer. you will need to have sufficient licenses for all active connections on your network. Information pertinent to the device. you can select the Add button and then apply. Network Composer will not be able to update on firmware. For more information on static routes. Network Composer will then confirm that License Key. you can enter in the License Key by selecting the Update button. Again. Static route gateways will never be the default gateway for the remote subnets. Spyware. content filtering. Things that can help you to identify proper static gateways for Network Composer are the following: • • • • Static route gateways will always be in the same local subnet as Network Composer’s Bridge IP address. Static route gateways will never be the same IP address as Network Composer’s default gateway. ASM also allows you to utilize Cymphonix Technical support if needed. Once you have correctly entered in the settings.

to which group the user is being assigned. By entering in the URL into a web browser. Once these settings are configured. These backups can be completed via FTP or HTTP manual backups. you will need to create the backup file using the Create File button. Network Composer will disassociate the web connections to the Directory Users. you can confirm how Network Composer is identifying the user. The first setting is Web Authentication Logout Domain. you will need to make specific entries for these web sites in users’ DNS records. 80 . The options available under Backup are Backup File Name.com). Network Composer does this by associating initial web connections to Directory Users. and Last Spyware Definition Update Date. For this setting to work properly. etc. For more information on Web Authentication.). etc. Afterwards. you can manually push the backup file to a FTP server or use HTTP to place the backup file in a folder accessible to Network Composer.). Add Timestamp to File Name. FTP Manual Backup/Restore. groups. If you alter the URLs under the Special Domains menu. FTP Automated Backup. Directory Users can immediately notify Network Composer when they have logged out. and HTTP Manual Backup. LDAP Settings LDAP Settings are defined in Chapter 7: Integrating Directory Users with Network Composer. Web Authentication does not identify when Directory Users have logged out unless an inactivity or session timeout have been met. Backup Configuration Data (device configuration. To use Web Filter Info. IUR. Available Software Version. However. please see Chapter 7: Integrating Directory Users with Network Composer. and HTTPS/SSL Filtering rules. Internet Usage Rules. After logging out. Last Software Update Date.com.cymphonix. and Backup Telemetry Data (Web logs. application reports. Special Domains The Special Domains menu offers two settings to assist in troubleshooting group membership as well as Directory User integration. enter the URL into a web browser (default setting is info. The default setting is logout. but you can use this menu to change the URL. Backup Network Composer allows you to back up configuration data and telemetry data. The next setting is Web Filter Info Domain. Last Anti-Virus Update Date.Network Composer User Guide Other stats available on this menu are Current Software Version. Web Filter Info Domain allows you to confirm group membership.cymphonix. Web Authentication allows Network Composer to identify Directory Users without using the Directory/LDAP Client. Network Composer will present them with a logout page. and the Web Filter Status Report will post the results. you must have some form of Web Authentication enabled for users. By using the URL in Web Authentication Logout Domain. shaping rules. Please note that any changes to these two settings will require correct Domain Name Service (DNS) resolution. Once users enter this URL into their web browser. and if the correct rules are being applied. The submenus available here are Backup File Settings.

Lastly. Server User Name. and path for the backup directory. If the proxy server is an inline device. Proxy Settings Proxy Settings menu allows you to configure Network Composer to work with your network’s proxy server. the recommended placement for Network Composer will be in between the proxy server and users to allow for correct identification of users and devices. In addition to this. the restore options can only be accomplished with a FTP server. if the proxy server requires users to enter a username and password for Internet connectivity. You can select Enable Automatic Backups and select the day and time for the backup to execute. For correct reporting.Network Composer User Guide The FTP Automatic Backup menu allows you to automate backups via File Transfer Protocol. The most important factor with configuring Network Composer with your network’s proxy server is the placement of the device in regards to the proxy server. Hostname or IP address. i.e. Afterwards. We recommend that you create a user specific account on the proxy server for Network Composer. Again. This option is available as the check box for Create Backup File Only. For example. The options available under this submenu are Restore From FTP Server and Backup To FTP Server. Also please note that restores are only possible through same Network Composer models. you will need to create the backup file using the submenu Backup File Settings. once for the initial request and once for the response. Server Password. Network Composer will need to know the IP address and port used (other than port 80 and 8080) for the proxy server. Network Composer will need specifics related to the FTP server. remember to Apply the changes. Server Password. you can backup manually via HTTP if they do not have access to a FTP server. if you need to replace your current Network Composer with another device. You can also restore backups to Network Composer in the case of device failure. Network Composer will also need access to the Web for updates and TCP port 22 for the Support Link utility to work. Network Composer needs write access to a FTP server. you will need to select Restore from FTP Server. you will not be able to place Network Composer in between users and the proxy server as web requests will be traversing the proxy server’s connection twice. you can specify that Network Composer only create a backup file automatically and not downloaded to an FTP server. or even to your desktop to place the backup file. If you are intending to restore information to Network Composer. In other words you cannot restore a DC10 backup file to a DC30. For this to work. When you are finished modifying the backup settings. These settings are entitled Parent Proxy Username and Parent Proxy Password. Network Composer likewise will need such information to access the Internet for updates. Network Composer will need to have listed the hostname or IP address of the FTP server as well as the Server User Name. Path. If your network’s Proxy Server is not an inline device. please contact your Authorized Reseller or Cymphonix support before installing Network Composer. As 81 . If the network’s proxy server is not an inline device. Again.. you can select the Download button and browse to a network drive. you can use a stored backup file to restore device settings on the replacement device. and File Name. Finally. network directory. Although easy to execute. In addition to this. The Backup To FTP Server is for manual backups to a FTP server as opposed to automated backups available in the previous submenu.

Here you can confirm that the IP address for the bridge interface is correctly assigned. some advanced options are specifically designed for interoperability with current proxy servers. LAN. Network Composer’s ARP tables displays IP or MAC 82 .Network Composer User Guide such. You may need to disable these options (Admin -> Configuration -> Advanced Setup). Directory Agent Diagnostics This menu is covered in more detail under Chapter 7: Integrating Directory Users with Network Composer. If your network’s proxy server allows you to disable NAT. You can also verify the status of all Ethernet ports. Second. you will need to contact Cymphonix Support or your Authorized Cymphonix Reseller for assistance with installing Network Composer with this scenario. NAT is a technique of routing network traffic that involves re-writing or masquerading IP addresses. If the proxy server is located on Network Composer’s LAN side. you will need to configure Network Composer differently. This menu is a great place to start the troubleshooting process to confirm device settings and status. Directory Agent Users This menu is covered in more detail under Chapter 7: Integrating Directory Users with Network Composer. in particular Enhanced Bridging Mode (EBM) and HTTP Keep-Alive Mode. Diagnostic Tools tab The Diagnostic Tools provides you with a variety of tools that you can use to test the functionality of your network as well as Network Composer. If Network Composer cannot be placed in between the users and your network’s proxy server. ARP provides dynamic address mapping between an IP address and hardware or MAC address. Display ARP Table The Display ARP Table lets you view current entries in Network Composer’s Address Resolution Protocol (ARP) table. and Used Disk Space. Finally. Lastly. First. most proxy servers execute web requests via Network Address Translation (NAT). Serial Number) and device status in regards to uptime (how long the device has been up). this may be an option for individual reporting and filtering. you can validate device settings (Device Key. and Management/Auxiliary. CPU load. With the proxy server on the LAN side of Network Composer. the device no longer needs these options enabled as the proxy server will perform similar functions. you will not need to enter any information in the Proxy Settings menu as your network’s proxy server will be on the LAN side of Network Composer. WAN. Device Status Device Status posts the condition of Network Composer and several key components of the device. Network Composer will only see the IP address of the proxy server passing web traffic instead of unique users. individual filtering and reporting may be impossible because Network Composer will not receive the users IP addresses. The Diagnostic Tools tab includes utilities to test network connectivity and device status.

If the test results in a failure. You can enter in the hostname or IP address to run the PING test. Management/Auxiliary. it responds with an ICMP Echo Response packet. You may need to enable ICMP traffic through firewall systems for this utility to be successful. IP Address Map This menu is covered in more detail under Chapter 7: Integrating Directory Users with Network Composer. Ethernet Status The Ethernet Status menu lists the state of Network Composer’s ports. speed. For example. Group IP List Group IP List is a great tool that can be used to verify group membership for individual users. WAN. such as those that ship with Microsoft Windows XP and Vista. but not necessary. you can use this tool as well as Group Member Type Precedence to resolve the issue and better configure Network Composer. MAC address. you may want to review the network topology and the Static Routes menu. This tool is used to test whether or not network hosts are reachable by sending an ICMP Echo Request packet. and IP address of the devices currently passing traffic through Network Composer. Network Composer includes PING as a troubleshooting tool in the event that a device or web site cannot communicate with Network Composer. HW Types (Ethernet). 83 . Also available is a drop-down list that allows you to search entries based on Group name. Flags (C—reachable). MAC address (where available). deny PING traffic by default. PING Packet Internet Groups (PING) is a useful troubleshooting tool for computer networks. No LDAP Network Nodes This menu is covered in more detail under Chapter 7: Integrating Directory Users with Network Composer. or IP address. MAC Address.Network Composer User Guide address of devices that have directly communicated with Network Composer within the last 5 minutes. AutoNegotiation is recommended. The columns listed in the ARP table are Address (IP address). You can also alter the number of attempts. You can then verify this group assignment against the member type and assigned group (Manage -> Policies & Rules -> Groups). eth1—LAN). LAN. Group IP List will list the Group. When the destination system receives the packet. If users or devices are being assigned to incorrect groups. eth0—WAN. The tabs are divided by each port and list the status. if you have a device or user that is not being assigned to a group correctly. Use this tab to confirm that each active port is operating at correct speeds and duplex settings and not generating any errors. autonegotiate. Please note that many host-based software firewalls. packets. and errors. duplex. you can confirm which group is being assigned within the past five minutes for that user or device. and Interface (bro—Bridge.

e. Similar to Test DNS Settings. Enter in the URL of the web site. backups. e. enter in the hostname or IP address for the Traceroute and select the Run button. etc.. These topics are covered in Chapter 7: Integrating Directory Users with Network Composer and Chapter 8: Implementing HTTPS/SSL Filtering with Network Composer.com.Network Composer User Guide Test DNS Settings Test Domain Names System (DNS) Settings menu allows you to test the DNS settings for Network Composer.e. i. routers. You can use the Activity Logs and Kernel logs to view these files for troubleshooting purposes.e. A positive result will reply with a host name and an IP address. i. or the NetBIOS name of the computer. Some of the information posted can be used to diagnose network connectivity problems as well as confirm highest bandwidth consuming IP addresses within the network. or web sites that respond to traceroute.g. i. The menu will also list the time spent in reaching each individual hop. www.. Directory Client.com. You can also alter the Timeout in seconds. and SSL Certificate necessary for Directory Users integration and SSL Filtering respectively. updates. activities. Section Text Menu Interface for more information. Please see Chapter 1: Configuring Network Composer. The difference with this diagnostic tool is that it is not accessible from the Diagnostic tab or any other menu in Network Composer’s GUI. Network Composer’s Traceroute menu allows you to confirm the path taken by Network Composer to reach individual computers. interface statistics and activity indicators.mydomain.. and select Run for a test. Option 3—IP Traffic Monitor). the menu will list how many hops are taken for the packet to reach the destination. If some of these functions are not working properly. Instead. and errors in log files. you can access this utility via the Text Menu Interface (Option 2—Utilities.google.. IP Traffic Monitor IP Traffic Monitor is a console-based network statistics utility that gathers a variety of data such as TCP connection packet and byte counts. If the test is successful. Activity Log The Activity Log records information about programmed events and their status. you can use the 84 . Traceroute Traceroute is a computer networking tool used to determine the route taken by packets across an IP network. computername. Logs tab As Network Composer completes its day-to-day tasks. You can also change the DNS server for the test by entering in a different IP address for the DNS server. if Network Composer can resolve web sites or NetBIOS names to their corresponding IP addresses correctly. Downloads tab The Downloads tab stores the Directory Agent. IP Traffic Monitor shows information on network traffic as it passes in real-time through Network Composer. the device will track important events. LDAP Client.

Content Filter. Initialization messages are from boot-up or process launchers. i. Last 7 Days. Warnings are non-fatal process errors or unexpected conditions. all types of Activity Log messages are for the last 24 hours. Verbose. Last Month. while Errors are fatal process faults that can affect device functionality. System. The options available under Context are No Filter. you can use the Selected Date option to browse for messages during different times. Alert messages are not currently used. Error. pay close attention to messages that concern the hard drive and messages that repeat several times in a row. The Directory Agent Login Page is defined in Chapter 7: Integrating Directory Users with Network Composer. The message type options are No Filter. and Alert. By default. Last Week. The other option available under logs is Context. the Activity Log is useful in troubleshooting Directory Users. and custom dates. However. For example. Backup. Kernel Log The Kernel is the central component of Network Composer’s Operating System (OS). However. applying shaping rules. Comment. Initialization. Context describes which components of Network Composer have delivered the message. if an error happens with the backup utility of Network Composer. Warning. Invalid messages denote invalid or unexpected conditions that might prevent future code execution or cause future Warnings or Errors.Network Composer User Guide Activity Log to troubleshoot the process. 85 . the Context will be backup and the message will be error. Firmware. Status.g. denying traffic. Status messages give information regarding the current status of processes and or programmed event.. etc.g. e. As the Kernel does this. The Kernel’s responsibilities include managing communication between the hardware and software components. Informational. which will be covered in Chapter 7: Integrating Directory Users with Network Composer. it keeps several key entries in a log file that can be reviewed. Last Hour.e. Last Year. Backup messages come from the backup system (automated and forced). System Context means the error came from the forwarding plane. Verbose are debug-level messages. etc. and Broadcast messages come from the e-mail broadcast system. Also available are message type filters that can be used to post messages only relative to problem. Also. e. Last 24 Hours. These messages will give information regarding normal operation of processes and events.. Broadcast. and Invalid. Updates. Some of the entries are common markers or steps that are routinely run by Network Composer. Comment. Informational. This is an excellent place to begin troubleshooting hardware or software problems. The forwarding plane is the Network Composer architecture that decides how to handle packets arriving on the LAN interface.. Updates Context indicates the messages were generated by the update system. Redirection Pages Network Composer offers two customizable pages for blocking web sites and authentication Directory Users. Software.

The first option available under Block URL Redirection Page is Display Blocked Reason.myspace. Contact Message allows users to contact the Network Composer administrator in case a web site needs to be re-categorized or allowed.com. you can alter the text. this message will not post.e. The default message is “Your access to the website %blockedURL% was blocked for the following reason:”. color. Also note that the URL will not be automatically posted in the email. The next option is the Blocked Phrase. The Redirection Pages menu allows you to customize the Block URL page to display company messages.Network Composer User Guide Blocked URL When Network Composer blocks web sites based on Internet Usage Rules (IURs). The difference with these options is that the 302 HTTP response posts an image of a stop sign located in the top righthand corner of the Blocked URL Page. etc. however. etc. Please note that if you have not enabled the Enable Bypass. The Bypass Message is for those users who have the password for the Enable Bypass (setting that allows users to bypass a blocked web site if he/she knows the Bypass Password). the Contact Email needs to have the email address of the Network Composer administrator. Also the IP address of Network Composer will be displayed in the URL of the web browser requesting the page. the device needs to know the route taken by the initial request for redirection. customized phrases. but believes that the web site should be allowed or recategorized. Normally this is handled by a 200 HTTP response. For this setting to be active. he/she can send an email by clicking on the link posted in the Blocked URL page. The following are some suggestions on what lines of codes handle the different format options within the page. Please note that the option of Redirect blocked pages requires static routes for remote subnets to issue the Blocked URL Page. Blocked Phrase allows you to customize the message posted to users. However. you should be familiar with HTML code to make any alterations. 86 . which redirects the response to another page.. indicating that the request was received and that the result is the Blocked URL Page. You should alter the Contact Message asking users to place the URL in the email. you can change the response to a 302 HTTP response.com. again. Please see the previous section of Static Routes for more information. This will post the reason to users why the page has been blocked. If you are familiar with HTML. by selecting Redirect blocked pages. For example if a user is blocked from http://www. To activate the 302 HTTP response. i. The last checkbox available is Reset to Defaults. and format of the Blocked URL Redirection Page manually using the code present on the page. because of a Blocked Category. users will be presented a Block Redirection or Block Uniform Resource Locator (URL) page. For Network Composer to send the Blocked URL Page. This option allows you to erase any alternations to the Blocked URL Redirection Page and default back to the original settings. select the checkbox next to Redirect blocked pages. Blocked URL. The default message for the Bypass Message is “Click here to bypass the filter for this website”. The box below the Reset to Defaults is the actual Hypertext Markup Language (HTML) code used for the Blocked URL Redirection Page. The Blocked Reason will then post underneath the message.

Also available are the menus of Support Link (allows Cymphonix Technicians to access your device for remote assistance) and Spyware Removal Tool (utility that allows you to remotely scan and delete Spyware present on infected devices). for troubleshooting you may need to select this option if a service is not responding correctly. Utilities The Utilities menu offers several functions that are used for troubleshooting and also deletion of information.e.. application shaping. access to this URL is restricted because… Post a link to bypass the Blocked Web site. you may need to restart all services to terminate an orphan process and enable the particular report to run again. Restart All 87 . URL. Directory Agent Login Page This menu is covered in more detail under Chapter 7: Integrating Directory Users with Network Composer.e. e. Filter Resets. Normally. and report generating.. Posts an explanation why the pages has been blocked. Each utility should be used with caution as some of the options can drastically erase data and configuration of Network Composer. Once you have completed the alterations. however.g. Database Resets.. System Resets System Resets is divided into four subsections: Restart Services. i. and Device Power Resets. Click here to bypass… Allows users to send an email to the Network Composer administrator for recategorization of a blocked Web site. Restart Services Restart All Services will stop and reinitialize all system processes such as content filtering.Network Composer User Guide Name Bypass URL Spyware Removal Tool Network Composer Trademark Blocked URL Blocked Reason Blocked Message Syntax %bypassURL% %spywareCleaner% %productName% %blockedURL% %blockedReason% %blockedMessage% Bypass Message Contact Message %bypassHTML% %contactMessage% Contact Email %contactAddr% Function Posts a link to the Enable Bypass Password Posts a link to the Spyware Removal tool Posts the trademark on Network Composer Posts the original URL requested by users that has been blocked Posts the reason for the Block URL Redirection Page. For example. i. if you are unable to run a report. Category. Posts the email address of the Network Composer administrator. don’t forget to Apply the changes. etc. you will not need to select this option.

device profiling. This utility is almost as drastic as Reset to Factory Defaults except that basic configuration settings. Lost Settings after Resetting the Database Report All information Manage Groups Time of Day Rules Custom IURs Shaping Rules Network Nodes Directory Users Broadcasts Custom Logins Admin Mail server Backup Settings Update Settings (dates erased) Logs (erased) 88 . Reset the Database erases the database used by Network Composer for group configuration.Network Composer User Guide Services may cause a temporary drop in traffic. default gateway. The next option is Reset the Database. Use this option with care. such as the bridge IP address. Followed by a table that lists which options will be enabled or disabled after resetting the database. This option is covered in Chapter 8: Implementing HTTPS/SSL Filtering with Network Composer. and Shaping Rules. You will lose your configuration parameters. If you select this option. These utilities are covered in Chapter 7: Integrating Directory Users with Network Composer. Database Resets Reset to Factory Defaults sets Network Composer back to the factory settings. telemetry data. The following is a table that lists all settings lost with Reset the Database. licensing information. Access to the device is reset to the username of admin and a password of cymphonix. and DNS server will remain intact. accounts. then it will be retained accordingly. After that come Force cymdir. subnet mask. as Reset to Factory Defaults completely wipes the entire system. Licensing and ASM information will still remain. This option also erases all historical data on the device. This means that all information is erased as well as configuration data. but should allow you to continue a service if it was not functioning correctly before. you must connect a system to Network Composer’s LAN port and run the initial configuration of the device. and annual support contract information. If an item is not mentioned. Internet Usage Rules. rules.exe Session Timeouts and Flush Web Auth Cache. Filter Resets The first option under Filter Resets is Clear SSL Certificate. Basically the device will be reset to the original settings as the device was received.

For example. Another scenario that may require resetting the database is if you move Network Composer within the network or from one network to another. you will want to reset the database to avoid invalid licenses. web logs. Reset Telemetry Data is the least drastic of the reset options. at any time that you remove subnets from the Remote Subnets settings. This utility only erases the historical data from Network Composer. Device Admin Domain set to cymphonix. you will need to reset the database. or inconsistent grouping. Application reports.org HTTP-Keep Alive Mode Selected Allow DNS and HTTP Block page for Deny Access Traffic Flow Rule Set not selected Enable Summary Tables selected Database Timeout set to 5 minutes Default Settings for Group Member Type Precedence Default Settings for Special Domains Web Time Online set to 20 seconds Default Times for Update Settings SSL Certificate Settings set to default Blocked URL Redirection Page set to default Directory Agent Login Page set to default Although resetting the database can be drastic.Network Composer User Guide Custom TFRS Custom Application Sets Custom Applications Default Settings after Resetting the Database Manage All users assigned to Default Group Default IUR set to Web Filter + IM System Access admin. incorrect device profiles. cymphonix NTP Server set to pool.ntp. if you have made extensive changes to your network such as IP address schemes or new hardware.com Enable Port Scanning/OS Detection selected Enable TCP Window Scaling selected 89 . Also. this option is necessary in many scenarios. For example.

which applications were infected. This tool can be activated by accessing the GUI of Network Composer from the infected device or having the user browse to http://spyware. Shapers. Support Link Support Link is a utility that allows a Cymphonix technician to access your Network Composer remotely and assist in troubleshooting or configuring the device. the Spyware Removal Tool will begin to scan the hard drive for infected applications. All these options will require confirmation via a dialog box. the Spyware Removal Tool will prompt the user to download and install a program called WebDeploy.com. The final database reset option is Reset Telemetry and Profile Data (Preserves IURs. etc. you must first call Cymphonix Technical Support for a port number. If you need to reset the database but would like to retain these settings. You can pause or stop this scan at any time. Once the technician issues you the port.e. you will be presented with the results of the scan.cab. Network Composer offers a removal tool that allows you to scan the hard drive of the infected device and remove or quarantine the infected program. This port number is only relevant to the technician and used on his/her side.. This utility is mostly used when a particular web log needs to be erased while rules and groups will remain. or Cookies. Once the Spyware Removal Tool has been installed properly. To activate a support link. Shaping Rules. You may also need to install an Active X Control for browsing capabilities. but groups. Full Scan. Hardware Reboot powers down the device and automatically powers it back up. Network Composer will require outbound access to the Internet on port 22 (both TCP and UDP) for the support link to work. This tool is powered by Counter Spy and is called Spyware Removal Tool. and other settings will be retained. This option is similar to Resetting the Database except that Internet Usage Rules. and members of the Filter Bypass Group by CIDR Block Override will be retained. enter in the number and select Connect. After you choose which scan to perform. Spyware Removal Tool Network Composer has several tools that can identify applications and devices that are infected with spyware. Shaping Rules. This program is used to push the latest spyware definitions to the computer.cymphonix. As soon as the scan is completed. i. you can then select to perform a Quick Scan. IURs. Once activated. Once a device has been identified as infected. and the Filter Bypass Group). Device Power Resets The last two options are for the actual power for Network Composer. you can select this option instead. Do not power down Network Composer by pulling the power cord or pressing the power button on the front bezel.Network Composer User Guide Status reports will be erased with this option. 90 . Hardware Shutdown will physically shut down the device and should be used when the device needs to be powered down. which applications were quarantined. These procedures should only be used when there is no other alternative for powering down the device.

91 . and to filter secure web traffic via HTTPS/SSL Filtering. This concludes the chapter on administrating Network Composer. The next chapters deal with additional options that allow you to use Network Composer with an existing directory on the network to track traffic by Directory Users.Network Composer User Guide Please note that the Spyware Removal Tool can only be used on computers using Windows OS. and users must have administrative rights to the hard drive as the Spyware Removal Tool will scan the entire drive.

Network Composer User Guide

Chapter 7: Integrating Directory Users with Network Composer
Network Composer by default tracks all web and application traffic based on device addresses (MAC addresses or IP addresses). This is to say, by default Network Composer will report traffic by each individual device located on the network and list the traffic by Network Nodes. However, reporting by these criteria may be daunting or insufficient as IP addresses can change constantly or users will move from one machine to another on the network. In these cases, reporting by Directory Users may be more useful as Network Composer can monitor and report based on Directory User Names as well as by Network Nodes. This chapter will explain how to integrate Directory Users with Network Composer. The following topics will be explained.

• • • •

Directory Overview Directory Options Directory Configurations Directory Troubleshooting

Directory Overview
Integrating Directory Users with the Network Composer consists of two steps: (1) allowing Network Composer access to your directory server, and (2) identifying when users are accessing the network. The first step can be accomplished through either the Directory Agent or LDAP settings while the second step is done via the Directory Client, LDAP Client, or Web Authentication. Choosing which option depends upon the architecture of your network and how you are going to identify Directory Users on your network.

92

Network Composer User Guide

The Directory Client, LDAP Client, and Web Authentication are processes that signal to Network Composer when users are logging onto the network. These processes correlate the Directory User profile to the corresponding Network Node in use. Review the following diagram.

Figure 7.1 Directory Integration with Network Composer Network Composer uses both processes to identify Directory Users and filter accordingly. For example, when a user logs into a computer, the Directory Client, the LDAP Client, or Web Authentication will signal to Network Composer where the user is located and what credentials were used to access the network. When Network Composer receives this traffic, it then queries the directory server either through the Directory Agent or LDAP Settings to find the user with his/her associated group, Organizational Unit (OU), attribute, or other settings from your directory structure. Once the user has been identified, Network Composer will then apply any filtering or shaping rules to the user and begin reporting traffic by the Directory User profile. When the user logs out or logs into another computer, the Directory Client, LDAP Client, or Web Authentication again will send an appropriate signal to Network Composer that the user has logged out or started using a new workstation. Using these processes, Network Composer can monitor all web traffic by Directory User regardless of where in the network he/she is located and apply appropriate rules to the traffic.

93

Network Composer User Guide The first step in integrating Directory Users with Network Composer is deciding on which option will fit best for your network. Each option is designed for specific scenarios and has inherited advantages as well as disadvantages.

Directory Options
Use the following Directory User Decision Tree to help you decide which Directory Option is correct for your environment. Again, each Directory Option is designed for specific scenarios or networks to facilitate Directory User integration. In essence, you will need to decide which level of Directory User integration is right for your organization and which requirements can be met by your network. Followed by the Directory Decision Tree are descriptions of each Directory Option with a Directory Matrix listing advantages and disadvantages of each Directory Option.

Figure 7.2 Directory User Decision Tree

Directory Option 1: Directory Agent with Directory Client (cymdir.exe)
This is the recommended option for most networks. This option allows Network Composer to immediately identify when users are accessing the network while synchronizing with the already defined directory groups, OUs, or user attributes. This method involves installing the Directory Agent on your directory server and deploying a Directory Client through the login process to identify when users access the network.

94

IP Lookup will seamlessly identify users without presenting them a secondary login page. Also. After Network Composer intercepts initial web requests from users. this option will not report on individual users through Terminal Services sessions or Citrix sessions. The main advantage to this option is that you do not have to execute the Directory Client during the login process. which will allow you to use Directory Option 1: Directory Agent with Directory Client. login credentials are cached on devices locally. Directory Option 3 allows Network Composer to identify individual users through devices or applications that use one single IP address for several users. the Directory Agent must be installed on the Directory server with administrator rights (Log on as Administrator). If you can enable VIPs with your Citrix Servers. Both these groups will need to use the same Internet Usage Rule (IUR) configured to use Web Based Authentication-IP Lookup. Network Composer will be instantly notified of the user and will be able to associate all traffic to the corresponding Directory User. you will be able to identify and filter individual users that access the Internet from the same device. using Directory Option 1 is recommended. Please note that Citrix Servers offer a feature called Virtual IPs (VIPs). One disadvantage is that users will not be correctly identified until Network Composer first receives web (HTTP) traffic from users. File and Print share rights must be enable as well as their primary DNS server set to the IP address of the Active Directory server. one for the devices used by the users (Network Node Group) and another for the Directory Users (Directory Group). you will need to create two groups with this feature. For computers to successfully communicate login credentials to the directory server. there may be some discrepancy with application control and reporting for users. As such. 32-bit (2000 SP4 or above).3 or above) Operating Systems (OS). Also. Because IP Lookup will petition the directory server to find login credentials. Lastly. or company policies restrict pushing end client processes. Directory Option 2: Directory Agent with IP Lookup This option is designed for networks that cannot deploy the Directory Client because no login process is initiated. Because users will be executing the Directory Client as they login to the network. In addition to this. Network Composer (through the Directory Agent) will petition the directory server to find the credentials used to login to the device. This option involves installing the Directory Agent on your directory server and creating an Internet Usage Rule to use IP Lookup. Network Composer identifies Directory Users when they initiate web (HTTP) traffic.Network Composer User Guide The advantages to this option are immediate identification of users when they access the network and more accurate application reporting based on Directory Users. Directory Option 3: Directory Agent with NTLM This option is intended for networks that use Terminal Server and Citrix Server sessions. With this option. these computers must be joined to the domain and use Windows (2000 SP4 or above) OS. In addition to this. 95 . The Directory Client supports Windows 64-bit. and their computers must be joined to the domain. With this option. the Operating System (OS) of users will need to be Windows 2000 (SP4) or above. Some of the disadvantages with this option are that it only supports Microsoft Active Directory and computers that are members of the Active Directory domain. if successfully executed. and Macintosh OSX (10.

acting as a proxy. This allows Network Composer to identify users by on initial web (HTTP) requests and then query the directory server to confirm the user. You can also completely alter the page by using HTML code present on the page. Essentially. The main advantage to this option is the ability to individually identify and filter users through Terminal Server or Citrix Server sessions. The main disadvantage to this scenario is (depending upon your network) users may be presented with two login processes. Whether users access the network via Microsoft PC. Another disadvantage is that users will not be correctly identified until Network Composer first receives web (HTTP) traffic from users. You can also edit the login page presented to users under Admin -> Redirection Pages -> Login Page. but you will not be able to control application and bandwidth traffic for specific users. This menu allows you to name the Login Page. Linux devices. users must have a login for the directory to use this feature. there may be some discrepancy with application control and reporting for users. you will need to create two groups. you will be able to control application and bandwidth traffic for the Terminal Services server or Citrix server. Also. one for the computer or network and one for Internet access. Although users will be using identical devices to browse the Web. one for their devices (Network Node Group) and one for Directory Users 96 . users will send web traffic to Network Composer. where they can enter in their username and password. you can enforce different filtering policies based on Directory Users. Both groups will use the same Internet Usage Rule set to Web Authentication-NTLM.Network Composer User Guide This option requires that you install the Directory Agent on your directory server and then deploy proxy settings to users’ web browsers. you will need to create two groups for users. and one Directory User Group that will include the Directory Users. add a description. as with all Web Authentication options. This allows Network Composer to identify users based on web sessions rather than by IP addresses (method used by all other directory options). Directory Option 4: Directory Agent with Login Page This option is designed as a failsafe in the event that Directory Option 2 or Directory Option 3 does not succeed. You cannot create a Network Composer login specific for this feature. Also. we recommend you create a guest account on your directory server and inform guest users of the credentials or alter the login page to present this information. This option allows you to present users with a login page. This option requires that the Directory Agent is installed on your directory server and that you create an IUR set to Require Web based authentication. Macintosh computers. This option will only support Windows (2000 SP4 or above) devices. you will need to configure proxy settings accordingly. or even hand held PDAs. Network Composer will present all users with a login page before accessing the Web. or if users have directory accounts but their devices are not members of the domain. In addition to this. Essentially. If you are attempting to use this feature for guest users. As such. The main advantage to this scenario is you can confirm Directory Users regardless of the device in use. In addition to this. The main disadvantage is that all application reporting and control are global for these users. one Network Node Group that will include the Terminal Services servers or Citrix Servers. and a username hint. Network Composer will then verify the credentials and enforce any filtering or shaping rules to the devices used to access the network.

you could use Directory Option 1 for you static directory users. This option supports eDirectory. This option allows Network Composer to identify users based on user names and manual creation of groups for these users.3 or above) computers. The main disadvantage to this option is that you will have to manually create groups on Network Composer for these users. Both groups will need to use the same Internet Usage Rule set to Web Authentication. you can proceed by following the configuration steps for the Directory Options. you can use a combination of options. you will not be able to synchronize already created directory groups. and also Microsoft AD if you can not install the Directory Client on the directory server. Directory Option 5 will support both Windows (2000 SP4 or above) devices as well as Macintosh OSX (10. Web Authentication (which encompasses Directory Options 2 through 4) can be used in conjunction with all other options. By identifying which option is best for which set of users. or attributes from your directory server. OUs.Network Composer User Guide (Directory Group). The main advantage with this option is support for networks that do not use Microsoft’s AD. Directory Option 5: LDAP Settings with LDAP Client (cymldap. Also. this option only supports integration with one directory. Below is a Directory Matrix listing all Directory Options with their accompanied advantages and disadvantages. In other words. True Open LDAP. you can create Directory Groups designed around each option. and for rooming users you could use Directory Option 4. This option requires that you create an account for Network Composer on your directory server and that you deploy the LDAP Client during the login process. 97 . Lastly. Once you decide which option is best for your groups.exe) The last directory option is mainly designed for networks that do not use Microsoft’s Active Directory. Although each Directory Option is targeted for a distinct network. For example.

Below are listed the instructions on how to configure the various Directory Options. you will need to follow the individual steps for the corresponding option.Network Composer User Guide Figure 7.3 Directory User Matrix Directory Configurations After deciding which Directory Option to use. Directory Instructions Directory Option 1 Install Directory Agent Create Directory Agent Create Directory Agent Group Deploy Directory Client Create Directory IURs Directory Option 3 Install Directory Agent Create Directory Agent Create Network Composer Group Create Directory Agent Group Directory Option 2 Install Directory Agent Create Directory Agent Create Network Composer Group Create Directory Agent Group Create Directory IURs Directory Option 4 Install Directory Agent Create Directory Agent Create Network Composer Group Create Directory Agent Group 98 .

You can download the Directory Agent under Admin -> Downloads -> Directory/LDAP Software -> Download 32-bit Active Directory Agent. selecting a destination folder (C:\\Program Files\Cymphonix Directory Agent\ is the recommended placement). and the password for authentication 99 . domain controller. you can adjust the port used to communicate (we recommend you use the default setting of TCP 3462). etc.4 Directory Agent Settings The Directory Agent Settings allow you to specify how Network Composer will communicate with the Directory Agent. This will present you with the Directory Agent Installation Wizard. Follow the steps of the Wizard by accepting the License Agreement. The Directory Agent will also indicate how to display user names under Reports. e. Active Directory server. In this step.g. Once downloaded. double-click on the Directory Agent installation package. Figure 7. or user attributes with Network Composer’s Directory Groups.Network Composer User Guide Create Directory IURs Directory Option 5 Enable LDAP Settings Deploy LDAP Client Create LDAP Groups Create Directory IURs Create Directory IURs Install Directory Agents The Directory Agent will allow Network Composer to synchronize your Directory groups. and Directory Agent Settings. The Directory Agent must be installed on a Windows (2000 or above) Server that has access to the directory. OUs..

5 Cymphonix Directory Agent Properties One final note is that the Directory Agent needs domain user access with all Directory Options except for Directory Option 2: Directory Agent with IP Lookup. To avoid this. you can configure the Directory Agent to restart after failures. Please make sure you select Log On as Administrator with this option. Remember these settings in this step as you will need to use the same settings for creating the Directory Agent on Network Composer. On the Recovery Tab. Access the Services on your directory server (Start -> Administrative Tools -> Services) and search for the service called Cymphonix Directory Agent. Figure 7. 100 . perform the same steps on the additional directory servers. select Finish as the last step for installing the Directory Agent. There are certain events that can cause the Directory Agent to fail. Second Failure. Right-click on the Cymphonix Directory Agent service and select Properties.Network Composer User Guide to and from the Directory Agent. Once complete. and Subsequent Failures. This allows the Directory Agent to force the directory server to retrieve user credentials. This option requires that the Directory Agent has administrative access (Log on as Administrator) to the directory server. If you need to support multiple directories. you can select Restart the Service under First Failure.

Network Composer User Guide

Figure 7.6 Cymphonix Directory Agent Properties

Create Directory Agents
The second part to using the Directory Agent is to establish an association with Network Composer. This is done by creating the Directory Agent on Network Composer, which will allow the device to synchronize directory groups, OUs, and user attributes. Under Manage -> Directory Users & Nodes -> Directory Agent -> Click the Create button. This will bring up the Add/Edit Directory Agent menu. In this menu you can create a name for the Directory Agent, but more importantly you will specify the IP address of the AD server where the Directory Agent is installed. Also, indicate the Directory Agent settings from the previous section, i.e., TCP port (recommended port 3462), and the Directory Agent Password. Once you have entered these settings, click Save and Network Composer will attempt to contact the Directory Agent confirming it can communicate with the Directory Agent. If any errors are returned, verify that you have entered the correct IP address, TCP port number, and password. If you have installed multiple Directory Agents, you will need to create multiple Directory Agents as a result.

Create Network Composer Groups
Directory Options 2, 3, and 4 are different in the fact that the Directory Client is not used to indicate when Directory Users access the network. Rather, Network Composer identifies Directory Users by initial web (HTTP) requests. Because of this, there is a potential that non-web (HTTP) traffic coming from users will not be handled or grouped correctly until they access the Web. To compensate for this, you will need to create Network Node Groups

101

Network Composer User Guide for the devices that will be used by Directory Users to ensure that all their traffic is handled correctly. To do this, follow the steps under the section Groups in Chapter 5: Managing Network Composer. Add the devices that the Directory Users will be using to access the network. For example, if you are using Directory Option 3: Directory Agent with NTLM, you will place the Citrix servers or Terminal Services servers into this group. Later, you will create a single Internet Usage Rule that will be used by both the Network Node Group as well as the Directory Users Group. If you are unaware of the exact devices that will be in use by the Directory Users, you can create a Network Composer Group based on the IP address range assigned to their devices. Again, see the section Groups in Chapter 5: Managing Network Composer for information on how to create Network Composer Groups with different member types. An additional option is to have the Default Group (all unassigned devices) use the same Internet Usage Rule as your Directory Users.

Create Directory Agent Group
Directory Agent Groups are created under the same menu as Network Composer Groups. The difference with Directory Agent Groups is that these groups will use the Directory Agent and your directory sever to identify Directory Users. You must first install and create a Directory Agent before you can create Directory Agent Groups. Click on Manage -> Policies & Rules -> Groups -> Create -> Create a Directory Agent Group. This will post the Add/Edit Directory Agent Group Detail. In this menu, you will need to assign a name for the Directory Agent Group as well as a description. Afterwards, select which Directory Agent you will use to synchronize the Directory Agent Group with the Directory Agent drop-down box. Once you have selected your Directory Agent, click the Add Members button. Network Composer will now communicate with the Directory Agent and query your directory server for Distribution Groups or Security Groups. To add these groups select the empty checkboxes next to the groups and then click the Ok button. If you need to select multiple profiles, you can use the Shift + Click or CTRL + Click accordingly. Distribution or Security Groups are just one of four member types you can synchronize with the Directory Agent. You can also synchronize Organizational Units (OUs) and user attributes. To select these different member types, click on the Chose a Member Type dropdown box under the Add Directory Group Members menu. If you select OUs, again, Network Composer will communicate with the Directory Agent and query your directory server for OUs. You can then select the profiles for the OUs with the empty checkboxes and select Add. If you choose Attribute or Custom, you will be prompted to define the user attribute of the Directory Users you want to synchronize to the Directory Agent Group. Attributes are characteristics or distinguishing features that are applied to users. You can use the Directory Agent to query the directory server and find distinguishing attributes and group users accordingly. The two menus (Attributes and Custom) require advanced knowledge of your directory and users attributes. With Attribute you will need to specifically identify which user attributes will identify members of the Directory Agent Group, i.e., phone numbers, names, locations, etc. With Custom, you can use a combination of Attributes.

102

Network Composer User Guide Below is a table of some common examples used in directory servers and how to synchronize groups based on attributes. Use this guide or your own directory attributes to assist in synchronizing Directory Agent Groups with Network Composer. Common Directory Attributes CN (Common Name) displayName givenName objectCategory sAMAccountName userPrincipalName mail c (Country) company department location manager postalCode st (State) streetAddress telephoneNumber CN=John Doe displayName=John Doe givenName=Joe objectClass =user sAMAccountName=jdoe userPrincipalName=jdoe@mycompany.com mail=jdoe@mycompany.com c=usa company=mycompany department=IT location=remote site manager=boss postalCode=11111 st=New York streetAddress=123 Main telephoneNumber=111-111-1111

An example of how to synchronize Directory Agent Groups based on Attributes would be creating a Directory Agent Group for all users that are upper level managers. The Attribute would read “manager” followed by “is exactly” and then “upper level”.

Figure 7.7 Attribute Example This Directory Agent would then query the directory server for any user that has an Attribute of manager set to upper level. Accordingly, every time upper level managers access the network, Network Composer will group the users as a result. Again, the member type of Attribute requires a high level of understanding on how to identify specific characteristics with Directory Users. The examples listed above are common directory attributes, but keep in mind that your directory server may have its own attributes specific to your organization. Because of this, you may need to perform some independent research on how to use the Attribute feature. The drop down options for the Attribute member type are is exactly, is approximately, is not, is less than or equal to, is greater then or equal to, contains, does not contain, starts with, and ends with. The Attribute and Value field allow you to enter case sensitive options from your directory server.

103

This menu is available under the Add/Edit Directory Agent Group Detail. Select the checkbox next to each Directory Member and click the Show User List button.Network Composer User Guide The member type of Attribute allows you specifically identify how to synchronize Directory Agent Groups based on a single attribute. Common Directory Operators & | ! = ~= > < >= <= And Or Not Equals Approximately Greater than Less than Greater than or equals Less than or equals Once more. Towards the end would be the attribute for the stipulation to not include the remote site “! location=remote site”.g. Custom allows you to synchronize Directory Agent Groups based on combined attributes. The Edit Member button is only available with Directory Members based on Attributes or Custom member types. However. ((manager=upperlevel)!(location=remote site)).8 Custom Example The following table lists common operators with Directory Custom Attributes. This setting is used when you have created multiple Directory Agent Groups 104 . if you want to synchronize Directory Agent Groups based on multiple Attributes.. One last note is that you can also combine Directory Users into one group using a combination of the different member types. please contact your Authorized Cymphonix Reseller or Cymphonix Support at (801) 938-1500 option 2. e. you can also review the Directory Members by selecting Show User List. The custom attribute would read “manager” followed by “= upper level”. If you are having difficulty creating Directory Agent Groups based on Attributes or Custom. After you have added members to the Directory Agent Group. The Custom member type would require that you separate the different Attributes as well as enclose the entire string with parenthesis to identify these Directory Users correctly. You can also remove Directory Members with the Remove Members button. you will need to select the member type of Custom. using Custom member type requires advanced knowledge of how to define Directory Attributes. Using the example above we could create a group based on all upper level managers that didn’t include those from a remote site. The last option available with the Add/Edit Directory Agent Group Detail is the Edit Precedence. Figure 7.

You will need to be logged into a Windows PC that is a member of the domain for these steps to work. Thus. and cymldap_MAC (LDAP Client for Macintosh computers).3 and above platforms. you can use the Edit Precedence to specify which Directory Agent Group assignment will take priority.exe (LDAP Client for 32-bit Windows OS). You can also test how user names will be posted with Network Composer. double-click the executable.Network Composer User Guide and may have conflicting user membership. In essence. The other Directory Clients are also available under Admin -> Downloads -> Directory/LDAP Software. you will want to execute the file locally to present some of the help features that the Clients offer. cymldap_64. shaping.exe (Directory Client for 64-bit Windows OS). For example. The Macintosh clients have read me files that instruct on how to deploy cymdir_MAC and cymldap_MAC clients. Network Composer watches traffic from that IP address and associates it with the user. 105 . You should receive the following help dialog box. make sure to Save your changes. the Directory and LDAP Client identify the traffic by user name and associate it with the current computer’s IP address. The LDAP Clients are available under Admin -> Downloads -> Directory/LDAP Software -> Click here for legacy executables. Executing the Directory/LDAP Client Place the Directory or LDAP Client on your desktop.exe (LDAP Client for 64-bit Windows OS). The Edit Precedence allows you to drag and drop Directory Agent Group names to adjust group precedence. Although the Clients are signed applications. Please note that both the Directory and LDAP Client are compatible for Windows 2000 SP4 and above platforms as well as Macintosh OSX 10.exe (Directory Client for 32-bit Windows OS). They allow Network Composer to identify the specific user that is generating network traffic from a particular computer. and cymdir_MAC (Directory Client for Macintosh computers). While the Directory and LDAP Client continue to send heartbeats. Simply click Run to continue executing the Client. Now. The three versions of the Directory Client are cymdir. These transmissions are called heartbeats. Deploy Directory Client/LDAP Client The Directory and LDAP Client are small executable files that send user information to Network Composer. the Directory and LDAP Client stop sending heartbeats. Once the user logs out. After you have synchronized your Directory Agent Groups. if you have two Directory Agent Groups based on OUs and some users of the Directory Agent Groups are members of both OUs. and blocking. You can download the Macintosh client to access the read me files under Admin -> Configuration -> Downloads -> Directory/LDAP Software. The three versions of the LDAP Client are cymldap. and Network Composer disassociates the IP address from the user name. This next section details how to deploy the Directory and LDAP Client for 32-bit Windows XP. cymdir_64. Directory Client/LDAP Client Versions There are three versions of the Directory and LDAP Client. Once you download the Directory or LDAP Client. the Directory and LDAP Client allow Network Composer to identify user traffic for monitoring. your security settings may trigger a warning about running executables. The steps to deploy these two clients are similar.

You can use the Error Message to diagnose problems with the Clients if they occur. Please note that Network Composer’s IP address is always required and should always come last. If the computer is not part of a Domain. Authentication Type—this message will post which type of authentication appears to be on the network. Authentication Information—this option displays the current user logged into the computer as well as the Domain (Windows) or Context (eDirectory). you should receive a help dialog box like the one posted above. This box will also appear if there are syntax errors or if no Network Composer’s IP address is not provided. • • • 106 . the Clients will return the name of the Windows workstation. Causes of connection failures are invalid IP addresses assigned as parameter values. If both are available. bad command line parameters. You want to use Active Directory even though eDirectory is present. etc. you can choose which you prefer by using the /AD switch (please see section Usage below).Network Composer User Guide Figure 7.9 Directory Client Help Dialog Box Without any parameters set for the Clients. The Help Dialog will provide several useful pieces of information: • Error Messages—this message will post when a connection failure is present for the Clients. o /ad switch—this option is only necessary under either of the following conditions: Some of your workstations have the Novell Client installed. such as Windows authentication or Novell authentication. This help dialog box will post when the Clients are unable to send heartbeats to Network Composer or have other communication errors. Network Composer is powered off. computers running the Clients are unable to connect to the network. Usage—this is intended to show the proper syntax for command line options given to the Clients.

/sleep switch—this option allows you to change the number of minutes the Clients will allow to pass before sending heartbeats and becoming dormant. This setting is not recommended for troubleshooting and testing purposes. If you enable this option. you will prevent end users from seeing this dialog box and possibly disabling it or causing other problems.exe) should be less than the LDAP Client Heartbeat Timeout (Admin -> Configuration -> LDAP Settings).exe to the Command Prompt. • • • Once you have reviewed the options available on the help dialog box for the Clients.exe” type in the IP address of the Network Composer (in this example.168. Drag cymdir. • /silent switch—this option will prevent the help dialog from coming up under any circumstances. you may exit the dialog box and properly execute the client locally for testing. Complete Usage Information—this option lists further reference information for assistance on deploying the Clients. IP address—this option is necessary to direct the Client to Network Composer for heartbeats. o /tcp switch—this option is used to force the Clients to use TCP connections instead of UDP. and drop it (this will paste the full path).exe or cymldap. 3. UDP connections are preferred as they do not require static routes. Open a Windows Run Prompt (Start -> Run). 2. By doing so. 5. Click OK. however.2). Please follow these steps: 1. and with the LDAP Client (cymldap. we will use 192. Type “cmd” in the open dialog box.exe” or “cymldap. Please see the section Static Routes in Chapter 6: Administrating Network Composer. however. you will need to create static routes accordingly. under normal usage this option is recommended. The value must be 1 minute or greater. This option should be used when you deploy the Clients in your production environment. You will need to use the IP address of Network Composer. 107 . this option is available for backwards compatibility and troubleshooting. The default setting is 5 minutes.Network Composer User Guide This option will force the Clients to send Windows Active Directory user information and not eDirectory user information. 4. After “cymdir.255.

i. IP address. however. Click Manage -> Directory Users & Nodes -> Directory Users. This section will provide the best information. let’s confirm that Network Composer received the heartbeat and posted the correct username. Please review the syntax and correct any possible errors.10 Command Line Syntax for Directory Client 6. switches.exe should be listed. Deploying the Directory/LDAP Client Now that you have confirmed that the Client can communicate to Network Composer.. Verify there is a new profile listed by username used to access the computer.Network Composer User Guide Figure 7. Now that you have properly executed the Client locally. you are ready to deploy the Client in your network. Because each network is unique. a. You can verify this by looking at the process list of the Windows Task Manager. A process called cymdir. then there were communication errors. Execute the command by pressing ENTER.e. etc. the User Guide and Cymphonix cannot make specific recommendations as to how you should integrate Directory/LDAP Client into your network and directory server. The most common ways are the following: • • • • Batch file Registry Setting Domain Group Policy Object (GPO) Netware Login Script 108 . There are a variety of ways to deploy Directory/LDAP in your network that will execute when users login to the domain. If the help dialog is raised.exe or cymldap. If the help dialog is not raised. please note that this information is provided “AS-IS” and without warranty of any kind. b. then the command executed properly.

11 Batch File for Client 5. 2. Creating a Batch File for Directory/LDAP Client 1. this User Guide will not advise which method is better. Other methods presented will need to be researched and deployed at your discretion. use the full syntax as displayed below.exe /silent 192. and Netware Login Script.exe /silent IP address of Network Composer (in this example we will use the path of \\mydomain. this chapter will only cover how to deploy Directory/LDAP Clients via a batch file. Copy Directory/LDAP Client to this folder. because each network is different. However. 109 . 4. However.255. a. registry settings. However. Domain GPO.168. Again.exe if you are using the LDAP Client. Verify that the newly created batch file executes when users login to the domain by loading the Windows Task Manger and confirming Directory/LDAP Client is in the process list. this may require additional troubleshooting if the variables do not resolve correctly. simply substitute cymdir. If this is the case.2). For example.168. 3. This guide will merely present the most common techniques used. Open a Windows Run Prompt (Start -> Run).tld\netlogon\cymphonix and the IP address of 192. Using Windows shell environment variables can add power and flexibility to the batch file.255.bat). The examples below are for the Directory Client. Enter the following text into the file: start /d “\\server\share\folder” cymdir. Figure 7.Network Composer User Guide • • • VB Script Registry Key Shortcut in Startup folder All of these methods employ different means for executing Directory/LDAP Client. Create a Windows batch/command file in this folder (you can do this from notepad and change the file extension to . Log on to your Domain or Active Directory server.2 you can deploy Directory/LDAP Client over multiple directory servers. 2. Pick a file directory on your directory server that will store both the batch file and Client (for example \\server\share\folder).exe for cymldap. Deploying the Directory/LDAP Client in a Group Policy Object 1. by using the syntax: start /d “\\%directoryserver%\netlogin\” cymdir.

7. Figure 7. In the Open field type “mmc” (Microsoft Management Console).13 Add Standalone Snap In 8. Click OK. Scroll down and select Group Policy Object Editor. Figure 7. 110 . In the File menu select Add/Remove Snap-in. 10. 5. Click the Add button (this will launch the Group Policy Object Wizard). 4. Select Default Domain Policy.Network Composer User Guide 3. 11. Press the Browse button.12 Console Prompt 6. Click OK. Click the Add button. 9.

13. Expand the Default Domain Policy. 14. Click OK on the Add/Remove Snap-in dialog box (you should now be looking at the MMC screen with the Console Root Folder above the new Default Domain Policy you have just added. Figure 7. Expand the User Configuration option.14 Browse for Group Policy Object 12.Network Composer User Guide Figure 7. 17. 16.15 Console Root 15. Click Finish on the Add Group Policy Wizard. 111 . Expand the Windows Settings option. Close the Add Standalone Snap-in dialog box.

2). 21. Click Add to open the Add a Script dialog box. Select Directory/LDAP Client and click Open (you should now be in the Add a Script Dialog box.16 Scripts Logon 18. Copy Directory/LDAP Client and paste it into the logon scripts folder (please confirm that you copied the entire file into the folder and not just a shortcut to the file or the file path). 23. 112 . Close the logon scripts folder to return to the Logon Properties dialog box.255. Right-click the Logon option for the Logon Properties dialog box (depending on your current configuration you may already have several scripts running).Network Composer User Guide Figure 7. Directory/LDAP Client should appear in the Script Name box). 19. In order to place Directory/LDAP Client in the correct folder for your Domain Policy select Show Files button (this will open a new window displaying the current files for the Domain Policy). 20. Enter Network Composer’s IP address in the Script Parameters box (in this example we will use 192. Click Browse to open the Logon Script Folder. 26. 25. Select Scripts (Logon/Logoff).168. 22. 24.

Network Composer User Guide Figure 7. 28.reg). Confirm any other changes to the Console Root settings that you have edited.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Cymphonix”=”cymdir.168. you can confirm this by reviewing the Directory User tab in Network Composer to verify that Network Composer is receiving heartbeats from users. Also the last line requires the IP address of Network Composer. this will not impact performance or reporting. (You may need to adjust the path depending on your settings.17 Script Parameters 27. 29.2” 113 . Create a Windows registry file (you can do this from notepad and change the file extension to .255. Directory/LDAP Client is now ready to run the next time users login to the Active Directory domain. Click OK again to close the Logon Properties dialog box.exe /silent 192. we will use 192.2) Windows Registry Editor Version 5. however. 1. In this example. Directory/LDAP Client also may require multiple running instances in some circumstances. Insert the following text. 2.168. Click OK to close the Add a Script dialog box. Again. Deploying Directory/LDAP Client in a Registry Entry This method requires additional administrative effort as Directory/LDAP Client must be deployed to each work station in question and a registry key imported.255.

Edit the properties of the OU to add a login script similar to the following. Place a copy of Directory/LDAP Client on each workstation’s Windows folder. Please note that the screen shots presented here are represented in ConsoleOne for Novell eDirectory. the following steps are just for the LDAP Client. We will use an Organizational Unit to set a common login script for all users.exe to an accessible location (this could be on a Netware Server with a mapped drive. Figure 7. Save and exit the registry file 4.2\bin if you have installed it locally).Network Composer User Guide 3. or the local workstation.exe if your Netware “Public” share is mapped or C:\novell\consoleone\1. Copy the cymldap. Import the registry file into each Windows’s registry.18 ConsoleOne 2. Deploying the LDAP Client in a Netware Login Script Because the Directory Client cannot be used in an eDirectory environment. network attached storage. (You can also choose any location in PATH). 4. 5. 1. Run ConsoleOne (this is usually located at Z:\mgmt\ ConsoleOne\1.2\bin\ ConsoleOne. 3. Similar functionality is available from iManager. 114 . The LDAP Client will be executed with “/silent” and the IP address of Network Composer. Navigate to an Organizational Unit containing users.

5. TLS can prevent Network Composer from retrieving user data.19 Login Script Properties Depending on your LDAP settings. Open the properties and of the LDAP group. However. Again. To allow Network Composer to retrieve LDAP User data. because each network is unique. eDirectory could be requiring TLS for simple binds. Verify the Require TLS for simple binds with password is unchecked.Network Composer User Guide Figure 7. you may need to determine the best method (or perhaps combination of methods) to deploy the Directory and LDAP Client.20 Properties of LDAP group This concludes the section on how to deploy Directory/LDAP Client. you will need to disable TLS for simple binds. Figure 7. 115 . 6.

With Directory Option 3: Directory Agent with NTLM. The default time for this setting is 5 minutes. IM. Both these groups will need to use the exact same IUR. P2P. Network Composer will present a user with a login page on his/her first initial web (HTTP) request. If you have chosen Directory Options 2. URLs. may not at first be correctly reported or controlled until Network Composer receives a web request from Directory Users. • • Web Authentication White List—these are web sites for which Network Composer will not require Directory credentials to access. For example.g. if you use Directory Option 4: Directory Agent with Login Page. Network Composer will again present the login page to the user. and 4. Because of this. This is done under the Web Authentication tab. Web Authentication Remember that Web Authentication identifies uses by web (HTTP) requests. If you have chosen Directory Option 1 and Directory Option 5 for integrating Directory Users. Network Composer Groups for Directory Users’ devices and Directory Groups for Directory Users. 4. Inactivity Timeout—this setting allows you to identify how much inactive time can pass before Network Composer re-confirms Directory Users. There are several options that are universal for Directory Options 2. Network Composer will again (via the Directory Agent) have the Directory Server re-confirm the credentials of the Directory Users. you will need to enable the different features tailored for each option under the Internet Usage Rule Manager. with Directory Option 4: Directory Agent with Login Page. Name the Internet Usage Rule after its corresponding Directory Group. non Web traffic. and other settings to block for the Directory Group by following the instructions listed under Internet Usage Rules in Chapter 5: Managing Network Composer for your IURs. The default time for this setting is 30 minutes. • Directory Option 2: Directory Agent with IP Lookup For Directory Option 2. before Network Composer re-confirms Directory Users. Because of this. these two Web Authentication pieces fail (IP Lookup or NTLM) Network Composer will present a login page for members of the Directory Group. 116 . 4 that are listed under Web Authentication.. require you to make two groups. With Directory Option 2: Directory Agent with IP Lookup. You can also select web categories. go to Manage -> Policies & Rules -> Internet Usage Rule -> Create. regardless of activity.Network Composer User Guide Create Directory Internet Usage Rules Creating Internet Usage Rules (IURs) for Directory Groups in quite similar to creating IURs for Network Composer Groups. you will follow the same steps listed in Chapter 5: Managing Network Composer for your IURs. Lastly. e. Directory Options 2. 3. remember that Directory Option 4 is the safeguard for Directory Option 2 and 3. the user does not pass any more web traffic within a certain amount of time. 3. etc. If for some reason. Session Timeout—this setting allows you to identify how much time can pass. If after logging in. Network Composer will present users with a Login page. the IUR you assign to the Directory Users needs to be the same IUR you assign to device in use by Directory Users. Below are settings that can be used with all Web Authentication rules. Network Composer will review the Proxy connections of the users and reconfirm their credentials. Also. 3.

Don’t forget to apply the IUR to the Directory Group and its corresponding Network Composer Group using the Policy Manager. In addition to this. • LDAP Server IP/Hostname—this is the IP address or hostname of the LDAP Server. click on the Web Authentication tab and select Require Web Based Authentication. Once you have selected this. and other settings to block for the Directory Group by following the instructions listed under Internet Usage Rules in Chapter 5: Managing Network Composer for your IURs. Afterwards.168. click on the Web Authentication tab and select Require Web Based Authentication. Network Composer offers utilities that can scan your network for the appropriate information. Remember to Save your changes and apply the IUR to the Directory Group as well as the Network Composer Group using the Policy Manager. Because the NTLM handshake will be issued via a proxy connection. URLs. User will now be presented with a Login Page as soon as they initiate a web (HTTP) request. click on the Web Authentication tab and select Require Web Based Authentication. e. LDAP Server Query Port—TCP port 389 is registered with the Internet Assigned Numbers Authority (IANA) for LDAP Traffic. Afterwards.Network Composer User Guide Afterwards.com. If you are unsure of the IP address assigned to the LDAP Server. You can also select Web categories. you will need the information listed below. go to Manage -> Policies & Rules -> Internet Usage Rule -> Create. Name the Internet Usage Rule after its corresponding Directory Group.. You can select which web categories.2 or ldap. and other settings to block for the Directory Agent Group by following the instructions listed under Internet Usage Rules in Chapter 5: Managing Network Composer for your IURs. For more information on this setting please see Chapter 2: Installing Network Composer.g. Don’t forget to apply the IUR to the Directory Group and Network Composer Group using the Policy Manager. 192. Directory Option 3: Directory Agent with NTLM For Directory Option 3. you may select Scan My Network during the Setup Wizard or under Admin -> Configuration -> LDAP Settings for possible LDAP Servers.255. Name the Internet Usage Rule after its corresponding Directory Agent Group. Enable LDAP Settings To enable LDAP settings on Network Composer. the checkbox next to Directory Agent NTLM Handshake will be available. Check the box next to the option and Save your changes. the checkbox next to Directory Agent IP Lookup will be available.mycompany. Once you have selected this. go to Manage -> Policies & Rules -> Internet Usage Rule -> Create. If you are unaware of some of these settings. URLs. Directory Option 4: Directory Agent with Login Page For Directory Option 4. Do not change this value unless your LDAP Server uses a port other than 389. a brief explanation follows the terms for clarification. make sure that Network Composer is configured in Proxy mode (Admin -> Configuration -> Advanced Setup -> Allow HTTP Connections on Port 8888). • 117 . Check the box next to the option and Save your changes.

However. or %sAMAccountName%. Remember to Apply the changes once you enter in the information. The default Given Name %givenName% and Surname %sn% use standard LDAP attributes that should work for all LDAP Servers. if users are located in different directories. some LDAP deployments do not populate these attributes and should instead use %displayName%. If you are unsure of the LDAP Server Base DN. o o o Windows Active Directory example—username@mydomain. has terminated (likely by user intervention) The user disconnects his/her computer from the network • The default value is 15 minutes.com Novell eDirectory example—CN=username. In Windows. a timeout is most likely under two circumstances: o o The LDAP Client. this means a user with “Domain User” privileges. o o • Windows Active Directory example—DC=mydomain. Also. Usually the root directory is the preferred setting for the LDAP Server Base DN as all users can be found from the root directory. Please remember that the password is case sensitive and will need to be updated if you change the password on the LDAP Server. With the previous information provided. LDAP Profile Default Name Mask—this value controls which LDAP attributes are used for the names associated with each LDAP User.Network Composer User Guide • LDAP Server Base Distinguished Name (DN)—the LDAP Server Base Distinguished Name tells Network Composer where to begin searching for user information. you will want to select a common directory where are users can be found. LDAP Client Heartbeat Timeout (in minutes)—this setting indicates to Network Composer how many minutes must pass with no heartbeat before a user is considered to be gone. you are now ready to enable Network Composer LDAP settings. network traffic associated with that particular network node is not associated with the former user. you may select Query My LDAP Server during the Setup Wizard or under Admin -> Configuration -> LDAP Settings for possible options. A default name mask of such will result in displaying a name of “John Doe” for a user. You can enable LDAP under Admin -> Configuration -> LDAP Settings. we recommend that you create an account on your LDAP Server that is specific to Network Composer and no other user. Because CymLDAP tracks when a user logs in or out and sends heartbeats at regular interval. %cn%. For example. 118 .O=MyOrganization mycompany\jdoe may not work as expected because some LDAP Servers don’t accept this setting by default. This field must use the User Principle Name with Active Directory and the Fully Qualified Distinguished Name (FQDN) for eDirectory. When a timeout occurs.DC=com Novell eDirectory example—O=MyOrganization • LDAP Server User Name—this represents an LDAP account with sufficient access in the directory to perform searches associated with the network users and groups. CymLDAP. • LDAP Server Password—this is the password associated with the LDAP Server User Name.

you will need to deploy the LDAP Client for user reporting and filtering. Select the IP Lookup from the Test Type drop-down box and the Directory Agent for the specific Directory User. The next option is IP Lookup. Enter in the Username and click the Run Diagnostic button. and other possible problems. and the time taken to run the test will be posted. All the tools are listed below as bulleted items: • Directory Agent Diagnostics—this menu allows you to confirm Directory group synchronization. If this information is not posted or is incorrect. Please see Chapter 5: Managing Network Composer for more information. will help you find a solution. Create LDAP Groups LDAP Groups are created the same as Network Composer groups. Directory Troubleshooting There are several variables that can cause Directory integration to not work properly with Network Composer. CIDR Block Source and Destination or any other member types. Identifying which components of Directory integration are not working properly. If the Directory Agent can successfully find the Username. and that Network Composer is able to associate network traffic with the correct Directory User. 119 .Network Composer User Guide Once you have enabled LDAP Settings within Network Composer. MAC address. The last is listed under Admin -> Logs. Enter in the IP address of the device you want to query. the user’s Common Name. This menu has several options to confirm that the Directory Agent is operating correctly. This option allows you to query a workstation and confirm that the user present on the workstation. you will use the member type of LDAP instead of Network Node. The first four tools are located under Admin -> Configuration -> Diagnostic Tools. verify that the Directory Agent is running correctly and can communicate to Network Composer. This option is used in conjunction with Directory Option 2: Directory Agent with IP Lookup and will (via the Directory Agent) petition the Directory Server to confirm user credentials for specific IP addresses. scripting issues. Also. Directory Agent Group (the synchronized group for Network Composer). and current devices in use by Directory Users. We’ll first discuss using Network Composer to diagnose the problem. Using Diagnostic Tools There are five Network Composer diagnostic tools that can be used to confirm if Directory is working properly. User Lookup can determine where users are located on the Directory Server to ensure they are synchronized correctly to Directory Groups on Network Composer. however. the Distinguished Name. Select Test Type User Lookup and the Directory Agent that is installed on the Directory Server for the corresponding user. We then discuss troubleshooting Group Policy Objects with the Directory and LDAP Client. The first option is User Lookup. the Directory Agent Group (the actual user group from the Directory Server). Directory User assignment. confirm that the user’s account is present on the Directory Server where the Directory Agent is installed.

and Directory Agent Group. verify that the user’s DNS server is set to use the Directory server where the Directory Agent is installed. and the Mode (Directory Option 1. also listed are the IP address of the user currently in use. If the test is unsuccessful. enter in the parameters for the search. the Distinguished Name. confirm that File and Print share rights are enabled on the end user’s device. Common Name. if the test is successful. Network Composer will then query the Directory Agent Users menu and post the results. the Directory Agent Group (the actual user group from the Directory Server).Network Composer User Guide and click the Run Diagnostic button. 120 . 3. However. Select the Validate Username/Password selection from the Test Type drop-down box.e. etc. you can use this tool to confirm credentials. • Directory Agent Users—this menu allow you to confirm how Network Composer is identifying Directory Users. i. active. and Common Name from the Directory. the user’s Common Name. Directory Agent Group (the synchronized group for Network Composer). If the Directory Server can successfully communicate to IP address. Directory Agent Group (the synchronized group for Network Composer). the Directory Agent Group (the actual user group from the Directory Server).. and their associated IP addresses. Also. and click the Search icon (or hit the Enter key). Other search options available are Common Name. You can then enter the Username and Password and click the Run Diagnostic button. Lastly. the Directory Agent will post the Username. Then. confirm that the user’s account is present on the Directory Server where the Directory Agent is installed. Simply select the searchable option you want to use as criteria. the Results will post the Username. The fist option (Username) allows you to enter a Username and confirm the user’s Username. IP Address. Directory Agent Group. IP Address. the Directory Agent Group to which Network Composer is assigning the user. select the corresponding Directory Agent from the Directory Agent drop-down box. If users are having trouble accessing their Directory account. and the time taken to run the test. Mode. inactive. 4. and Status will list current conditions for the selected Directory Users. confirm the Username and Password (case sensitive) for the user on the Directory Server. This option will query the Directory Server to verify the username and password of the user. You will also want to verify that Network Composer can communicate to the Directory Server and that the user’s account is present on the Directory Server where the Directory Agent is installed. If Directory Users are being assigned to incorrect groups or by incorrect modes. 2. If this test is unsuccessful. you should confirm how you have created your Directory Groups or what particular attributes have been assigned to your users on your Directory Server. the Distinguished Name. The last option available Directory Agent Diagnostics menu is Validate Username/Password. Lastly. the status will be listed to post the current status stage of the user. One additional line will post with this test confirming if the password is valid or not. which Directory Group users are being assigned. Again. The columns of Username. the user’s Common Name. or 5) being used to identify the Directory User. and the time taken to run the test.

If Web Authentication is working properly. No LDAP Network Nodes—this menu lists all devices currently passing traffic that do not have an associated Directory/LDAP heartbeat. you are still experiencing problems with LDAP. This is a great tool to use to confirm if a computer on the network is sending Directory/LDAP heartbeats.80 REM This part runs the version 8 login client for production use 121 .1. If Network Composer cannot communicate with the Directory Agent or cannot query the Directory Server. If after using these tools. Use this tool if Web Authentication users are not being correctly grouped and you need to verify the Web Authentication process. Please keep in mind that there will inevitably be some devices on the network that do not execute the Directory/LDAP Client upon login (such as network printers. Review your deployment of the Directory/LDAP Client as a possible culprit for this problem. etc). If after a user logs in and the IP address is not posting the correct Directory User profile. wireless access points.Network Composer User Guide • IP Address Map—IP Address Map shows the association between Directory Users and IP addresses. Network Composer should receive new heartbeats after forcing session timeouts and begin to regroup users according to their Directory Agent Group assignment. Use this tool if cymdir. you can then confirm that the Directory/LDAP Client is not executing correctly. Force cymdir.exe. If you are using the LDAP Client. network appliances.exe). • Activity Logs—this log keeps tracks of all process running from Network Composer.bat with the following (where the text is bold and italicized you will need to replace with the pertinent information). • • • Troubleshooting GPO Issues To troubleshoot potential GPO issues. replace cymdir. Network Composer should identify users after forcing session timeouts and begin to regroup users according to their Directory Agent Group assignment. the Activity log will post an error or alert accordingly. Verify that the Directory Agent is running or that the LDAP settings are correct as this log normally indicates a failed communication between Network Composer and the Directory server. continue with the following suggestions.exe Session Timeouts—this utility forces all cymdir. If the Directory Client has been deployed correctly.exe with cymldap.exe users are not being correctly grouped and you need to verify the deployment process. replace the text in cymdir or cymldap Login Script.168. You can use IP Address Map and No LDAP Network Nodes to confirm if a user is executing the Directory/LDAP Client upon login. These steps are written for the Directory Client (cymdir.exe sessions to time out immediately. @ECHO OFF REM This part runs the login client for troubleshooting and testing REM add /tcp if you suspect network/routing problems start /d \\server\share\ cymdir.exe /log %tmp% 192. You can use this tool to confirm that an active IP Address is being assigned to the correct Directory User. Flush Web Auth Cache—this utility forces all Web Authentication sessions to time out immediately.

21 %TMP% Folder After logging in with this policy. The top portion of the cymdir. You can navigate to it directly by putting %TMP% in the Address Line of Windows Explorer. time /t > %TMP%\login.txt file in %TMP% folder.txt is in the Temporary Directory.168. time.Network Composer User Guide REM start /d \\server\share\ cymdir. cymdir. browse to the temporary folder %TMP%.log and also a login.1.txt date /t >> %TMP%\login. etc).txt does not exist or does not contain the correct information. look for an error message.80 REM This part verifies that this Login Script is being run by calling standard Windows routines. 122 . %TMP% is a Windows Shell Variable that corresponds to each user’s Temporary Files Folder.txt if it exists.txt echo %USERNAME% >> %TMP%\login. unrecognized option. If the login.com The purpose of this script is the put the date. date. this script is not being run REM if both are present.log to support@cymphonix. verify the login time. Once your Group Policy Object Login scripts are performing as expected. Open login. bad or misspelled command name.exe or cymldap. Invalid IP address. send cymdir. As these are all standard Windows Shell Functions. Figure 7. then Group Policies seem to be working properly. there are no references to cymdir or cymldap. you will more than likely need to contact perform some troubleshooting and verify your GPO settings.exe /silent 192. If login.txt REM Browse to “%tmp%” in windows explorer by typing %TMP% in the address bar (use internet explorer if necessary) REM There should be BOTH a cymdir.exe dialog will display a relevant error message (connection failure. Troubleshooting Directory/LDAP Client If the Directory/LDAP Client Help Dialog Box keeps popping up. and you should try some of the other troubleshooting methods mentioned below. and username of the last login in a text file called login. If so. REM If both are missing.exe can be deployed in your network. and username are correct.txt located in the user’s %TMP% directory.

their workstation will be added to the next appropriate group (typically the Default Group). then please review your firewall or settings on the network as they may be blocking access on port 3642. If this happens.exe and cymldap. If the workstation has not sent traffic to the Internet. users can potentially terminate the cymdir. In some circumstances (particularly involving laptop computers) a user will not run the login script or Group Policy Object from the network as they log in.80 3642. If not. Windows may not detach the referenced program as an independent process. This will correct itself as soon as the workstation sends traffic to the Internet through Network Composer.exe or cymldap.1. Also. it will not be associated with any user. If there are no error messages. there may be a script problem.exe). Remember to use the IP address of your Network Composer. and wait 10 minutes before terminating the process. If you are able to connect and receive an error message about needing to authenticate then there are no network issues. This commonly occurs when a user reboots. If there are no Directory User profiles under Manage -> Directory Users & Nodes -> Directory Users. they are connected to a network that is not their home network. If traffic occurs when no user is logged into a Network Node. or they have somehow bypassed their network login script. Also confirm that cymdir. To 123 . Another scenario that will impede Network Composer from posting the Directory User profile for a user is if the computer has not sent Internet traffic through Network Composer. You can verify that this port is open by using telnet and attempting to connect to Network Composer on port 3642 from an affected workstation. this could be due to the syntax in the batch file. some traffic is not associated with a Directory User.exe process from the Task Manager in an attempt to escalate their network privileges. (Checking the Admin -> Logs -> Activity Log can be used to identify this issue). If it is omitted. (Consider using an alternate method like Web Authentication for these users instead of using the Directory/LDAP Client. the Directory/LDAP Client use port 3642 to communicate with Network Composer. you may need to restart services to ensure that the LDAP service is working properly (Admin -> Utilities -> System Resets -> Restart All Services). Use the /tcp switch to test for connection failures. network routing issues can prevent packets from reaching Network Composer.exe run when a user logs in. If the Directory/LDAP Client causes long login times.exe or cymldap. it implies that no command line arguments were given to Directory/LDAP Client (Similar to double clicking cymdir. If you are not able to connect. and stop running when a user logs off.exe are being loaded at login by checking the Process list in the Windows Task Manager. Verify that Admin > Configuration > LDAP > Use LDAP is checked for the LDAP Client. Network Composer is not receiving heartbeats from the Directory/LDAP Client. Cymdire. Also. If one or more users are not sending heartbeats. which logs the user off and then generates network traffic. Some scripting languages require enclosing the parameters in quotes.Network Composer User Guide Double check the login script. or when Windows updates are downloaded and installed. Make sure that the batch file begins with the “start”. Please note that you will not be able to use the /silent option for this test.exe and cymldap.168. then Network Composer has no Network Node profile (IP address or MAC address) with which to attach the Directory User. The syntax for the Windows command line telnet client is this: C:\>telnet 192. This could be because they are not connected to any network. By default. Occasionally. Start is required to detach programs from the Windows shell.

The next chapter will deal with filtering HTTPS/SSL traffic.e. Under the General tab. Thus.dc=com.exe or cymldap. There is an additional Tutorial Document entitled How to Implement LDAP posted on Cymphonix’ Knowledge Base (http://kb. Remember that the Directory/LDAP Clients have three versions (32-bit. Lastly make sure that the Username and Password used for LDAP Settings are current.dc=com. Network Composer will have complete access to the entire directory. 124 . Also remember that Network Composer is compatible with Windows Active Directory and Novell’s eDirectory. and Macintosh) and should be deployed accordingly. you may need to unblock the executable from running. Windows NT4 or NetWare 3. Verify that your LDAP Default Name Mask (Admin -> Configuration -> LDAP Settings) is asking for the LDAP Attributes you want posted. A good practice is to use the root or base of the directory for the LDAP Server Base DN. You can do this by right-clicking on the cymdire. Lastly make sure that you use the correct Directory/LDAP Client for your Operating System.Network Composer User Guide prevent privilege escalation. users will only deescalate their access by terminating the Directory/LDAP Client. Some security settings may impede the Directory/LDAP Client from executing correctly. %cn%. you may have to use the Fully Qualified Username or User Principle Name for tracking. i. That document complements the information presented here. If you have changed the password or have deleted the account. For example. This concludes the chapter on implementing LDAP with Network Composer. If you are using a different directory service. If you are unable to execute the client after following the deployment steps. Network Composer may not be able to post the information correctly.cymphonix.dc=mydomain.com). This way. simply make the Default Group (or other group as appropriate) have the fewest network privileges available.exe and selecting Properties. use dc=mydomain. Network Composer may not be able to retrieve that user’s information. or %sAMAccountName% may be good alternatives. If you prefer to use different attributes. %sn% = Last Name). %displayName%. Troubleshooting LDAP Settings Network Composer must be able to query the LDAP Server in order to gather accurate user information. using Active Directory Users use a mask that is appropriate to LDAP attribute (%givenName% = First Name. 64-bit. click the Unblock button and then apply the changes. instead of using ou=IT. However. In such scenarios. if a user is located in a directory path not include in the LDAP Server Base DN. For example.. Network Composer will not be able to query the directory for LDAP Profiles.

This technology is most commonly associated with Secure Hypertext Transfer Protocol (HTTPS) sent over the Internet. web pages such as banking or ecommerce sites post information that is very sensitive for users. • • • • • Certificate Authorities SSL Anonymous Proxies HTTPS/SSL Filtering HTTPS/SSL Blocking HTTPS/SSL Filtering Requirements 125 . i. Statements in this User Guide regarding SSL also apply to TLS.e.Network Composer User Guide Chapter 8: Implementing HTTPS/SSL Filtering with Network Composer Secure Socket Layer (SSL) is a technology that is used to encrypt data sent over the network. the Web site needs to confirm the identity of the site visitor and make sure that the transmission of data across the Internet is not intercepted by anyone. However. The most common practice of this is with proxy web sites or proxy web servers. the web site must take some special precautions to make sure that this information is not viewed by the wrong person. etc.. (Newer versions of SSL are called Transport Layer Security or TLS. For example. Also. social security numbers. credit card numbers. SSL can also be used to conceal web traffic and visit prohibited sites. The following topics will be covered.) This encryption is done to insure that the data transmission is secure and only readable by the intended recipients. This chapter can be used to enable HTTPS/SSL Filtering. Network Composer utilizes HTTPS/SSL Filtering to allow you to view and restrict Web traffic for secure web sites and also prohibit users from viewing unauthorized content. Because this information is important.

However. they allow a user to put in a URL. web browsers have a list of trustworthy CAs. How do users know if a web site is secure?—through the digital certificate presented on the web site. SSL Anonymous Proxies. When users connect to a secure web site. which the proxy then fetches and returns to the user. Thus web sites and users depend on digital certificates to confirm identities and information. or other entity noted in the certificate. a warning is displayed indicating the error. server. Below are listed the most common Anonymous Proxy Services and how they conceal web traffic. A CA issues and signs a digital certificate which confirms the identity of the Web site and that the page is secure. instruct users on how to direct their web traffic to a specific web site or service. and is signed by a trusted CA. the web browser will display the web site. 126 . it is as if all the content was from the proxy site. thereby concealing the user’s traffic and visiting prohibited web sites. Like traditional anonymous proxies. the web browser will check the name of the web site with the corresponding certificate. The purpose of Network Composer’s HTTPS/SSL Filtering is to prohibit users from concealing their web traffic and from viewing unauthorized content. there are many forms of proxy servers that are designed to make web surfing anonymous and bypass content filtering. they employ a digital certificate signed by Certificate Authorities (CA). The CA also attests that the certificate belongs to the organization. like VeriSign or Thawte. SSL Anonymous Proxies In addition to using SSL for securing web traffic.Network Composer User Guide • • • • • • • Enabling SSL Certificate-Based Filtering Network Composer’s Digital Certificate Installing Network Composer’s Digital Certificate Enabling Full SSL Content Filtering Confirming Network Composer’s Digital Certificate Reporting on HTTPS/SSL Web Sites Viewing Sensitive Content on HTTPS/SSL Web Sites Certificate Authorities For Web sites to use SSL to post secure data. If any of these checks fail. Normally. From a web filter’s perspective. One of the ways users can conceal web traffic with SSL is by using SSL Anonymous Proxies. The most common tactics of SSL Anonymous Proxy Servers is using Common Gateway Interface (CGI) web sites that create tunnels to web sites. SSL can also be used to conceal web traffic. If the certificate name matches the name of the web site. available to anyone with Internet access. is not expired. An SSL Anonymous Proxy takes this one step further by encrypting this data.

This is the default option and will not filter. SSL Full Proxy This type of proxy requires users to modify their web browser settings to use a proxy server. In addition to this. this option will only log and filter the first web page accessed for the site. TFRS are the basic traffic identification and control engine within Network Composer. you will need to configure HTTPS/SSL Filtering accordingly. and virus scanning on all HTTPS web sites. reported. Below are all available options. HTTPS/SSL Filtering Network Composer offers you several tools to filter HTTPS/SSL traffic. SSL Filter can perform content filtering. The web site then processes the request and retrieves the page on behalf of the user. TFRS allow you to dictate how traffic will be identified. if the certificate name does not 127 . Disable SSL Inspection and Filtering This option will not perform any HTTPS/SSL Filtering or Inspection. Also. The component of TFRS that handle HTTPS/SSL Filtering is called SSL Filter. Enable SSL Certificate-Based Content Filtering This option allows you to filter HTTPS web sites based only on the certificate name present. TorPark normally uses non standard port numbers to avoid detection and uses SSL to conceal the content of web sites. However.Network Composer User Guide SSL CGI Proxy This type of proxy has users enter the Universal Resource Locator (URL) of the web site they want to browse to into a web form. Some of these sites will also use non-standard ports to conceal web traffic. controlled. or inspect any HTTPS/SSL traffic. report. The web sites changes the links and images within the page so that the requests are actually hosted by the proxy web site and not the original web site. Network Composer has several TFRS that will handle HTTPS/SSL traffic according to the settings listed below. there are several options with SSL Filtering. spyware scanning. filtered and shaped. Network Composer has several options that allow you to block Anonymous SSL web surfing and users from concealing their traffic. No other pages on the web site will be scanned. In the case of HTTPS/SSL traffic. Depending upon the type of control you want over SSL traffic. web logging. TorPark Network This type of proxy is a SSL based network that allows users to hide web browsing. SOCKS4/5 Proxy This type of proxy also has users modify web browser settings to use a proxy server. These options are discussed in the next section. All HTTPS/SSL filtering options are handled by Traffic Flow Rule Sets (TFRS). and to block proxy web sites that allow users to cover their web traffic.

Do not enable Full SSL Content Filtering without deploying Network Composer’s Digital Certificate beforehand. Enable Full SSL Content Filtering This option allows you to filter HTTPS web sites based on both the certificate name present. if you have entered myspace in the 128 . some miss-categorization can happen. Because of the additional steps required to enable Full SSL Content Filtering. This option can be used in conjunction with SSL Certificate-Based Content Filtering and Full SSL Content Filtering. some miss-categorization can happen. please call Cymphonix Technical Support at (801) 938-1500 option 2. Enable Denied Access Page for SSL Certificate-Based Content Filtering This option allows you to filter HTTPS web sites based only on the certificate name present. If you are interested in enabling Full SSL Content Filtering. continued filtering of all pages within the web site. and blocked redirection pages for prohibited secure sites. For example. this option will present users with a blocked redirection page if the web site has been prohibited and can be used in conjunction with SSL Certificate-Base Content Filtering. Also. the name of the web site. Also.Network Composer User Guide match the URL of the web site. Doing so will cause interruption with HTTPS web sites. No other pages on the web site will be scanned. In addition to this. For sensitive web sites. and the site’s content. This option can be used in conjunction will all SSL filtering options. Please read the section on Installing Network Composer’s Certificate before enabling this option. this is the only SSL Filter option that offers full scanning of HTTPS web sites for spyware and virus. Only Allow Trusted Certificate Authorities and Non-Expired Certificates This option will increase security for web traffic as it will not allow users to visit HTTPS sites that have expired certificates or certificates issued from non-trusted CAs. HTTPS/SSL Filter Exemption List This option allows you to enter URLs of secure web sites that will be exempt from SSL Filtering. Finally. you will not be able to turn on this option without first contacting a Cymphonix Support Technician. This option is the most robust and complete of all SSL Filter options as it allows for better categorization of HTTPS web sites. such as banking and ecommerce. if users attempt to access an HTTPS web site that has been prohibited. all your Content Filtering Rules will now apply to HTTPS web sites. However. Content Filtering Rules Once you have enabled any of the HTTPS/SSL Filtering options. This is the level of protection provided by almost all Secure Net Gateway devices that support SSL features. they will not receive a redirection page alerting them that the site has been blocked by Network Composer. you may want to enter the URLs of these sites to avoid content filtering on specific web sites. if the certificate name does not match the URL of the web site. this option will only log and filter the first web page accessed for the site.

com or https://www. Finally this TFRS prohibits all HTTPS/SSL traffic from passing through Network Composer (SSL Block). select a TFRS that has SSL Filtering and chose one of the HTTPS/SSL Filtering options. please confirm that your HTTPS traffic does not exceed the specified amount listed below. As such. DC50XS. virus scanning for HTTP traffic (Web Filter).Network Composer User Guide Blocked URL list under the Content Filtering tab and enabled HTTPS/SSL Filtering. Model DC10 DC20 DC30 DC30X DC40X DC50X DC60X Max Throughput 2 Mbps 5 Mbps 8 Mbps 20 Mbps 45 Mbps 100 Mbps 200 Mbps Max HTTPS Throughput 500 Kbps 1.25 Mbps 2 Mbps 5 Mbps 12 Mbps 25 Mbps 50 Mbps If the amount of HTTPS traffic exceeds 25% of maximum bandwidth. This TFRS performs content filtering. These co-processors perform part of the HTTPS/SSL Filtering. Model DC30XS DC40XS Max Throughput 20 Mbps 45 Mbps Max SSL Throughput 20 Mbps 45 Mbps 129 .myspace. By default there is only one TFRS that is set to block HTTPS traffic. and DC60XS. web logging. Before enabling any form of HTTPS/SSL Filtering. This TFRS also prohibits HTTP traffic on any port other than port 80 or a designated proxy port (Anonymous Proxy Guard). This TFRS only prohibits all HTTPS/SSL traffic from passing through Network Composer. web logging.myspace. enter the web site as blocked in the Content Filtering tab. These models are called the DC30XS. This TFRS is called Web Filter + Anonymous Proxy Guard + SSL Block. HTTPS/SSL Filtering Requirements HTTPS/SSL Filtering does place additional processing load on Network Composer. you may either purchase a more powerful Network Composer or an SSL Acceleration Network Composer model. and virus scanning on HTTPS web sites. SSL Acceleration Network Composer models come equipped with a Peripheral Component Interconnect (PCI) expansion cards that contain co-processors. if you want to block a specific web category or web site that is using HTTPS. spyware scanning. users will not be able to access http://www.com. This TFRS does not perform any content filtering. Network Composer will be outside of operating specification. HTTPS traffic cannot be more 25% of bandwidth specs (see following table). relieving the load on Network Composer. As such. HTTPS/SSL Blocking There is an additional TFRS for SSL traffic entitled SSL Block. In this case. spyware scanning. DC40XS.

HTTPS/SSL Filtering is not possible. However. SSL v3. A good practice is to install Network Composer and let the device collect data for at least 24 hours. As a transparent filter. To do this. If either of these options is not enabled.0. HTTPS/SSL Filtering does require a live Internet connection preferably active for at least 24 hours. Lastly.0. HTTP Keep-Alive Mode allows Network Composer to use the same connection to send and receive multiple HTTP requests and responses. Using HTTP Keep-Alive Mode is essential for improving Web performance with HTTPS/SSL Filtering. Network Composer only supports HTTPS/SSL Filtering for web browsers that use SSL v2. These two options are HTTP Keep-Alive Mode and Enhanced Bridging Mode (EBM). EBM also improves the quality of service delivering content at higher bandwidth and reducing transmission latency. All HTTPS/SSL filtering is handled by TFRS.0. Please review the section entitled Installing Network Composer’s Digital Certificate. Also. This option utilizes a digital certificate from Network Composer similar to ones used by CAs. 130 . In addition to bandwidth and connections requirements.Network Composer User Guide DC50XS DC60XS 100 Mbps 200 Mbps 100 Mbps 200 Mbps If you are interested in purchasing a more powerful Network Composer or a SSL Accelerating Network Composer. One last requirement before enabling HTTPS/SSL Filtering is deciding on what options to use. For example. Network Composer does not modify the Web request or response beyond what is required for authentication and identification. you will first select an Internet Usage Rule (IUR). Full SSL Content Filtering requires additional steps for configuration before enabling HTTPS/SSL Filtering. but you may want to verify that your network’s web browsers are updated. Current web browsers use these versions by default. Enabling SSL Certificate-Based Filtering Enabling SSL Certificate-Based Content Filtering allows you to filter HTTPS web sites based only on the certificate name present. and Transport Layer Security (TLS) v1. This way you can verify via Report -> Application Overview -> HTTPS if the amount of traffic is below 25% of Network Composer’s maximum bandwidth specification and afterwards enable HTTPS/SSL Filtering. you will need to deploy the certificate before enabling HTTPS/SSL Filtering. If you plan on utilizing Full SSL Content Filtering. some of the different HTTPS/SSL Filtering options will determine what steps need to be preformed first. You can also select Denied Access Page for SSL Certificate-Based Content Filtering to present users a redirection page for blocked HTTPS Web sites as well as Only Allow Trusted Certificate Authorities and Non-expired Certificates. HTTPS/SSL Filtering requires that you enable two options under the Advanced Setup tab (Admin -> Configuration -> Advanced Setup) that will allow Network Composer to support HTTPS/SSL filtering. please contact your reseller or Cymphonix sales at (801) 938-1500 option 1. EBM allows Network Composer to act as a transparent filter. as opposed to opening a new connection for every single HTTP request or response.

Depending upon how you would like to filter HTTPS traffic. you can choose the TFRS accordingly. You can review how to do this under Chapter 5: Managing Network Composer. You can also enter in any URLs for the Filter Exemption List. Please note that these are the default settings for the TFRS and can be changed or customized based on your needs. web logging. Once the IUR has been saved. once you have selected a TFRS of SSL Filter. You can follow the previous mentioned steps to assign additional IURs that will filter certificates for HTTPS web sites or groups as well. In this section. These TFRS are listed below with their corresponding targets. You have now finished creating an Internet Usage Rule that will filter certificates for HTTPS Web sites and assigned it to the corresponding group. Again. make sure that the new rules are being applied to the group under the Policy Manager. Also. virus scanning for both HTTP (Web Filter) and HTTPS traffic (SSL Filter). virus scanning for both HTTP (Web Filter) and HTTPS traffic (SSL Filter). if you like you can select the check box for the Enable “Denied Access” page and Only Allow for Trusted Certificate Authorities and Non-expired Certificates. web logging.cymphonix.com). you can now select options under the HTTPS/SSL Filtering tab. spyware scanning. spyware scanning. This TFRS also prohibits HTTP traffic on any port other than port 80 or a designated proxy port and SSL traffic on any port other than port 443 (Anonymous Proxy Guard). The first step is to alter an IUR for HTTPS/SSL Filtering by choosing a TFRS that can identify and filter HTTPS traffic. and select the radio button for Enable SSL Certificate-Based Content Filtering. spyware scanning. This will then allow you to access the HTTPS/SSL Filtering tab. the device will need to inspect the data traversing the SSL connection between the user and the Web site.Network Composer User Guide Click Manage -> Policies & Rules -> Internet Usage Rules -> Default Usage Rules (or another group’s usage rules). deploying a third party certificate to act as the “middle man” for the user and the secure 131 . Web Filter + Deny IM + Anonymous Proxy Guard + SSL Filter This TFRS performs content filtering. Consequently. we will only be detailing the options of SSL Certificate-Based Filtering. Web Filter + Anonymous Proxy Guard + SSL Filter This TFRS performs content filtering. Network Composer has three default TFRS that filter HTTPS/SSL traffic. Click on the HTTPS/SSL Filtering tab. web logging. Network Composer’s Digital Certificate For Network Composer to fully scan HTTPS web sites. virus scanning for both HTTP (Web Filter) and HTTPS traffic (SSL Filter). Select the Drop-Down Box for TFRS and chose a rule set that has SSL Filter as a component. This TFRS also denies all IM Client conversations (Deny IM) and prohibits HTTP traffic on any port other than port 80 or the designated proxy ports and SSL traffic on any port other than port 443 (Anonymous Proxy Guard). Please see the Tutorial Document entitled How to Manage Traffic Flow Rule Sets for more information (http://kb. don’t forget to save your changes. Web Filter + SSL Filter This TFRS performs content filtering. Once modified.

make sure that users have the new finalized certificate before enabling Full SSL Filtering. and then sends a SSL request on behalf of the user to the web site. After these connections are established. Network Composer reviews the SSL request. By deploying a third party certificate from Network Composer to the user. one to the user and one to the web site.cer. In this fashion. the user sends the SSL request to Network Composer. Installing Network Composer’s Digital Certificate Network Composer’s certificate can be deployed individually on each computer’s Web browser or it can be deployed as a Group Policy Object (GPO) by Active Directory. or your contact information. Network Composer establishes two SSL connections. if you alter the SSL certificate in any form. If you make any errors or need to change the SSL Certificate Settings. your company’s organizational unit. This certificate can be downloaded from Network Composer under Admin -> Configuration -> Downloads -> SSL Authority Certificate or at http://IP address of Network Composer/downloads/cacert. This will set the SSL Certificate Settings back to default settings. you can select the Clear SSL Certificates (Admin -> Utilities -> System Resets -> Clear SSL Certificates). Lastly. This process allows Network Composer to fully inspect the SSL traffic from both the user and the responding web server. you can also customize the certificate used for Full SSL Content Filtering. Figure 8. The following sections describe how to perform each accordingly. users will need Network Composer’s digital certificate installed in their individual Web browsers. However. Although you can install the certificate individually for each user. If you would prefer the certificate to display your company information. this chapter has several options on how to deploy the certificate on a wider scale. allowing the two connections to be fully inspected without dropping the connection (see the following diagram). Network Composer acts as an SSL proxy. Again for this option to work correctly. a secure connection between the two is established. Network Composer then issues a separate secure connection between itself and the secure Web site or server. 132 .1 Network Composer Certificate In essence. verifies filtering rules. you may modify these settings under Admin -> Configuration -> SSL Certificate Settings.Network Composer User Guide Web site is the most effective method to allow the secure connection while examining the content.

Although you may be unfamiliar with the term HTTPS. we have decided to employ content filtering for Secure Hypertext Transfer Protocol (HTTPS). this protocol is used by web sites to secure information.cer. 7. Another option is to send an email to users with an attached zipped file of the certificate or with the URL of the certificate (http://IP address of Network Composer/downloads/cacert. Filtering HTTPS web sites will improve our ability to protect the network and ensure safe web browsing. Below are email templates you can copy and use to instruct users how to install the certificate using Windows PCs and Internet Explorer and Firefox. Select the Trusted Root Certification Authorities tab and then click the Import button (this will bring up the Certificate Import Wizard) 5.cer). HTTPS can also be used fraudulently to conceal web traffic and pose a danger to users and the network. 2. simply have users import the certificate. Please click on the following link and save the certificate (cacert. With other Web browsers or OS you will need to research and find how to import digital certificates. Once you have distributed the certificate. the steps will be different on how to install the certificate. Click on Tools -> Internet Options 3. Select the Content tab and click the Certificates button (this will bring Certificate dialog box) 4. Complete the Certificate Import Wizard by selecting Next when prompted. Depending upon users OS or default web browsers. Or please download the following zipped attachment (cacert. However. allow Windows to automatically select the certificate store. Email Template for Windows XP and Internet Explorer 6 As part of our efforts to better provide a secure work environment and offer users reliable Web access. A good practice is to download and install the certificate in a network share and have users install the certificate directly from the shared drive. Begin the Wizard by selecting Next and when prompted browse to the certificate you downloaded to your desktop 6. 1. Thanks and have a nice day.Network Composer User Guide Deploying Network Composer’s Certificate via Web Browsers Network Composer’s certificate can be downloaded and installed directing by your users into their Web browsers.cer) to your desktop.cer) to your desktop: http://IP address of your Network Composer/downloads/cacert. Then follow the instructions listed below to import the certificate. Open up Internet Explorer 6. Areas where you need to add information before sending the template are italicized and bold. 133 . If asked. You will need to import a digital certificate into your web browser that will allow you to access legitimate web sites that use HTTPS.

You will need to import a digital certificate into your Web browser that will allow you to access legitimate web sites that use HTTPS.cer) to your desktop: http://IP address of your Network Composer/downloads/cacert. HTTPS can also be used fraudulently to conceal web traffic and pose a danger to users and the network. Email Template for Windows Vista and Internet Explorer 7 As part of our efforts to better provide a secure work environment and offer users reliable web access. we have decided to employ content filtering for Secure Hypertext Transfer 134 . Then follow the instructions listed below to import the certificate. You have now completed the Certificate Import Wizard for Internet Explorer 6. Complete the Certificate Import Wizard by selecting Next when prompted.Network Composer User Guide 8. select Yes to allow the import). After you have completed the Certificate Import Wizard click the Finish button (you may receive a security warning about installing the certificate. this protocol is used by web sites to secure information. 7. Please click on the following link and save the certificate (cacert. Begin the Wizard by selecting Next and when prompted browse to the certificate you downloaded to your desktop 6. You can delete the certificate file on your desktop. 2. select Yes to allow the import). we have decided to employ content filtering for Secure Hypertext Transfer Protocol (HTTPS). Click on Tools -> Internet Options 3. Select the Content tab and click the Certificates button (this will bring Certificate dialog box) 4. Or please download the following zipped attachment (cacert.cer) to your desktop. 8. allow Windows to automatically select the certificate store. You have now completed the Certificate Import Wizard for Internet Explorer 7. However. Although you may be unfamiliar with the term HTTPS. Filtering HTTPS web sites will improve our ability to protect the network and ensure safe web browsing. Open up Internet Explorer 7. Email Template for Windows XP and Internet Explorer 7 As part of our efforts to better provide a secure work environment and offer users reliable web access. Thanks and have a nice day. Select the Trusted Root Certification Authorities tab and then click the Import button (this will bring up the Certificate Import Wizard) 5.cer. You can delete the certificate file on your desktop. After you have completed the Certificate Import Wizard click the Finish button (you may receive a security warning about installing the certificate. 1. If asked.

When asked. However. 135 . Or please download the following zipped attachment (cacert. this protocol is used by web sites to secure information.cer. Then follow the instructions listed below to import the certificate. Although you may be unfamiliar with the term HTTPS. 8. Although you may be unfamiliar with the term HTTPS. Begin the Wizard by selecting Next and when prompted browse to the certificate you downloaded to your desktop 6. Filtering HTTPS web sites will improve our ability to protect the network and ensure safe web browsing. After you have completed the Certificate Import Wizard click the Finish button (you may receive a security warning about installing the certificate.cer) to your desktop. Complete the Certificate Import Wizard by selecting Next when prompted. However. 7. Place the certificate in the Trusted Root Certification Authorities store. You will need to import a digital certificate into your web browser that will allow you to access legitimate web sites that use HTTPS. Or please download the following zipped attachment (cacert.Network Composer User Guide Protocol (HTTPS). Thanks and have a nice day.cer. this protocol is used by web sites to secure sensitive information. Click on Tools -> Internet Options 3. You have now completed the Certificate Import Wizard for Internet Explorer 7.cer) to your desktop: http://IP address of your Network Composer/downloads/cacert. Filtering HTTPS web sites will improve our ability to protect the network and ensure safe web browsing. Please click on the following link and save the certificate (cacert. Please click on the following link and save the certificate (cacert. HTTPS can also be used fraudulently to conceal web traffic and pose a danger to users and the network. 2. select Yes to allow the import).cer) to your desktop: http://IP address of your Network Composer/downloads/cacert. Select the Content tab and click the Certificates button (this will bring Certificate dialog box) 4. we have decided to employ content filtering for Secure Hypertext Transfer Protocol (HTTPS). Open up Internet Explorer 7. You can delete the certificate file on your desktop. You will need to import a digital certificate into your web browser that will allow you to access legitimate web sites that use HTTPS. Email Template for Windows XP/Vista and Firefox 2 As part of our efforts to better provide a secure work environment and offer users reliable web access. 1.cer) to your desktop. Select the Trusted Root Certification Authorities tab and then click the Import button (this will bring up the Certificate Import Wizard) 5. HTTPS can also be used fraudulently to conceal web traffic and pose a danger to users and the network.

Open a Windows Run Prompt (Start -> Run). 2. Click OK. 136 . Open up Firefox 2. Click on Tools -> Options 3. In the Open field type "mmc" (Microsoft Management Console). Deploying Network Composer’s Certificate via Active Directory Again. 4. You can delete the certificate file on your desktop. Select Trust this CA to identify web sites. Select the Authorities tab and then click the Import button 5. 7. Click OK twice to complete the import. 5. 1. follow the previous steps to download the certificate and place in on the local drive of the Active Directory server. 2. Click the Add button. You have now completed the Certificate Import Wizard for Firefox. 7.2 Console Prompt 6. Figure 8. follow the subsequent steps. Browse to your desktop and select the certificate you just downloaded. Thanks and have a nice day. 3. In the File menu select Add/Remove Snap-in. Once you have done that. 6. 1. Scroll down and select Group Policy Object Editor. Select the Encryption tab and click the View Certificates button (this will bring the Certificate Manager box) 4. Log on to your Domain or Active Directory server.Network Composer User Guide Then follow the instructions listed below to import the certificate.

Figure 8. 10. Click OK. Press the Browse button. 13. 11. Click the Add button (this will launch the Group Policy Object Wizard). Close the Add Standalone Snap-in dialog box. Click Finish on the Add Group Policy Wizard.4 Group Policy Object 12. 137 .Network Composer User Guide Figure 8. Select Default Domain Policy. Click OK on the Add/Remove Snap-in dialog box (you should now be looking at the MMC screen with the Console Root Folder above the new Default Domain Policy you have just added).3 Add Standalone Snap-in 8. 14. 9.

Expand the Windows Settings option.Network Composer User Guide Figure Console Root 15. 8. 138 . select Import (this will launce the Import Wizard). 20. the certificate is entitled cacert. Select the Trusted Root Certification Authorities. 23. Expand the Public Key Policies. 18.cer). Expand the Security Settings option. 16. Expand the Default Domain Policy. 19. Expand the Computer Configuration option. 21. 17.5 Figure 8. In the Action menu. Browse to where you download Network Composer’s certificate (unless you have changed the title.6 Group Policy Object Editor 22. Click the Next button.

Please note that if you clear the SSL Certificate under Admin -> Utilities -> System Resets or alter the certificate under Admin -> Configuration -> SSL Certificate Settings. Click on the tab. Make sure the Certificate Store is Trusted Root Certification Authorities.Network Composer User Guide 24. 139 . In addition to this. Once approved by a support technician. 28. 25. Click the Finish button. you can review the settings under Manage -> Policy & Rules -> Internet Usage Rules -> Default Usage Rules (or another group’s usage rules). You can contact Cymphonix Technical Support at (801) 938-1500 option 2. You have now finished deploying Network Composer’s certificate either via a direct import or Active Directory’s GPO. Make sure the Place All Certificates in the Following Store radio button is selected. the last item to verify is that Network Composer’s digital certificate is working correctly. Confirming Network Composer’s Digital Certificate Now that you have deployed Network Composer’s certificate. 27. Click the Next button. Enabling Full SSL Content Filtering Now that you have installed Network Composer’s certificate. After a TFRS of SSL Filter has been select. This precaution has been taken to avoid unnecessary interruption with secure Web sites. you can enter in the URLs for the Filter Exemption list. Afterwards. Now that you have completed these steps. Select the Traffic Flow Rule Set Drop-Down Box and chose a TFRS that has listed the component of SSL Filter. this option is only available after a certified Cymphonix Technician reviews the device settings. he/she will ask you what Internet Usage Rules will have Full SSL Content Filtering. If you like you can also select the check box next to Only Allow Trusted Certificate Authorities and Non-Expired Certificates. You can do this by browsing to a secure Web site (https) and viewing the digital certificate on the page. you will need to contact Cymphonix Technical Support to enable Full SSL Filtering. Click the Next button (the Import Wizard will now display a summary of the import process. You can click on the padlock icon located at the end of the URL of the web site and select View certificates. You can also enable Only Allow Trusted Certificate Authorities and Non-Expired Certificates. Again don’t forget to Save your changes and apply the IUR to the correct groups under Policy Manager. 29. The Import Wizard will inform you if the import was successful. you are ready to enable Full SSL Content Filtering. you will need to deploy the new certificate to users’ Web browsers. and confirm that the radio button of Enable Full SSL Content Filtering is selected. Because Full SSL Filtering requires additional steps. the HTTPS/SSL Filtering tab is accessible. and you have finished configuring Network Composer for Full SSL Content Filtering. 26.

Although Web sites that use SSL can be monitored and filtered using Network Composer. items such as passwords. In the top right-hand corner of the report is a reporting option entitled Encryption Type. 140 . please read the following section on getting help.Network Composer User Guide Once selected. you can list Web sites in the HTTPS/SSL Filter Exemption List. please review the section HTTPS/SSL Filter Exemption List. bank account numbers. you can report on HTTPS/SSL web sites. etc. make sure that the digital certificate is issued by the Certificate Common Name from Network Composer (Admin -> Configuration -> SSL Certificate Settings). Viewing Sensitive Content on HTTPS/SSL Web Sites SSL operates by opening a tunnel session and passing information using a public and private key for transmission. You can then adjust the report to correlate and filter for specific user. The report will then display all HTTPS/SSL Web site hits within the last 24 hours. By default this option is set to No Filter. If you need further assistance with this or any other component of Network Composer. Select that option and chose SSL. This concludes the chapter for HTTPS/SSL Filtering. Network Composer normally cannot decipher these items. Web sites listed in the HTTPS/SSL Exemption List will not be filtered. and social security numbers are normally encrypted at an additional layer within the SSL tunnel. Typically Network Composer will only capture the URL and Hypertext Markup Language (HTML) of the web site accessed and not the additional encrypted items. monitored. or decrypted in any form. which will post all Web hits. times frames. As such. However. Wherever the option of Encryption Type is displayed. This will post all allowed Web hits within the past 24 hours. you can adjust reporting to display HTTPS/SSL Web sites. For more information. if you are concerned about sensitive content being captured by Network Composer. Reporting on HTTPS/SSL Web Sites After you have enabled HTTPS/SSL Filtering. Click on Report -> Internet Usage -> Web Hits Overview -> Allowed.

com or by phone at (801) 938-1500 option 2. Contact us at feature@cymphonix.cymphonix. Additionally. remote subnets What symptoms or issues you are experiencing We Welcome Your Feedback We welcome your comments on Network Composer and your ideas for modifications or feature requests. Please identify the Network Composer model you are using and tell us how we can reach you. Please have the following information ready: • • • • • • • Total bandwidth Total # of network nodes and Directory Users Network Composer model & serial number Network Composer firmware version A network topology diagram Presence of VLANs. Cymphonix Premium Support Services are also available for • • • Configuration & Installation Guidance Network Composer Training Technical Support Services For more information or to purchase Cymphonix Premium Support Services. please consult Cymphonix’ Knowledge Base (http://kb. proxy servers. 141 . contact your Authorized Cymphonix Reseller for additional support.com). contact Cymphonix at support@cymphonix.Network Composer User Guide Customer Support and Feedback Getting Help For additional help.com.

To use this tool. http://www. Among the most distinct layers are URL checks against database entries. 142 . This will post the Web Filter Category Report and list the categorization of the web page and which component (URL database. digital certificate scans.cymphonix. Enter the URL of the web site you want to confirm categorization. indistinct and constantly changing Web sites. i. If you would like to confirm the categorization of a web site. If you would like to re-categorize a web site.com/?webFilterCategory.com/category. and append to it the phrase /?webFilterCategory. These distinct layers allow Network Composer to quickly categorize well-known web sites while providing a more in-depth identification for new. These categories are followed with a brief description of the type of content contained by each and some web site examples.Network Composer User Guide Appendix A: Web Filtering Categories Network Composer has several distinct layers to identify and filter web sites depending upon the settings you employ on the device. you can use the diagnostic tool of /?webFilterCategory. key-word searches. The following table lists the available categories. real-time analysis on web page context. key-word search. or content analysis) categorized the site. you can use the Custom Category Rules menu (Admin -> Configuration -> Custom Category Rules) or submit the URL to http://www. together with the filtering level typically applied to each. and full payload decryption on HTTPS/SSL traffic..e.google. go to any computer that is being filtered by Network Composer and open a web browser.

etc. materials handling equipment.com cybereroticanews. Web pages that monitor activities and automatically update page content on a regular basis. information about cars and motorcycles. photography. ocean shipping. manufacturing: solids handling. heating equipment. literature and books. road feeder services. (Note: auto and motorcycle racing is categorized as Sports and Recreation). Also Motorcycles. moving & storage. load & freight matching. tobacco. truckload carriers. such as stock tickers or weather reports. freight forwarders. machines and mechanical systems. spirits: beer and wine making.msn. commerce. cooling equipment. corporations. car clubs.com autos. non-pornographic in nature. etc. adult greeting cards. drinking establishments. Advertising. marketing. metal fabrication construction and building. Also Entertainment. building materials. business practices.com Automatic Updating Non-business Business and Industry Business ticker. workforce. television. shipping and freight: freight services. passenger transportation. track & trace. liquor sellers.com dow.com Cheating and Plagiarism Non-business cheathouse. architecture. strippers. humor.com philipmorrisusa.com pub. genital piercing. Galleries and exhibitions. shopping for new and used cars and motorcycles. escort services. publishing. boats. payroll. Sites about personal transportation. vineyards. Sites promoting cheating and selling written work (e.com Cars and Motorcycles Non-business autobytel. information about sex not in the context of health or disease. term papers) for plagiarism. commerce. Sites involved in business-to-business transactions of all kinds. human resources. music and radio.com ussteel. industrial equipment (process equipment). Beer. packaging equipment. construction. venture capital.com 143 .g. adult products. movies. RVs. trucking.com Arts and Entertainment Non-business disney. Examples fhm. performing arts and theater.weatherbug. Also Industry.com Alcohol and Tobacco Non-business budweiser.com bestpapers. office supplies. cocktail recipes. celebrities and fan sites. mixed drinks. expedited services. industrial design. freight/transportation brokers. entertainment news. general information about sex. artists and art. Also Plagiarism. breweries. industrial design. wineries. venues. transportation. NVOCC.Network Composer User Guide Category Filtering (Typical) Adult Unacceptable Description These are sites directed to adults. pipes and smoking products. security. Adult clubs: strip clubs.nasdaq. railroad shipping.com mgm. wine. not necessarily pornographic sites. design. swingers clubs. Also Tobacco.

Also Internet. phreaking and cracking. crime reporting.com partypoker. retirement and estate planning. loans. stock screens.com games.microsoft. computer viruses.edu proxify. weather. personal information. mortgages.com illegalworld. time. crime statistics. etc. law enforcement. game reviews. sports gambling. Cults and cult behavior. personal finance involving insurance of all types. stocks. taxation. the national economy. kimmillerconcernedchris tians. matrimonial agencies. bars.com friendfinder. dictionaries. taverns. downloadable games. schedules. software. for adults. video games. website design. stock charts. museums. credit cards.com terrorism. subway. Internet games (RPGs and D&D). warez and pirated software. City and state guides. mutual funds. school funding.. financial aid. stock splits.com anarchistcookbook. mass transportation: consumer mass transit information (bus.com usc. taxes.com mortons. sports games. online training.com proxyblind. brokers. restaurants. computer science. information for software engineers. airport). horse and dog racing in a gambling context. programming and networking. cheat sheets.google. technical and vocational training. gambling advice. insurance. word games.edu nyu. bonds. education issues and policy. and anarchy.com maps. brewpubs. maps.com eharmony.Network Composer User Guide Category Filtering (Typical) Computers and Internet Business Description Information about computers and software such as: hardware. combat games.com heavensgate. IPOs. universities. investing: information relating to the stock market. etc. teaching materials. bookmakers and odds. Examples dell. commuter train. terrorism.com 144 .com weather. stock analysis and commentary. Pages that promote crime such as stealing. Various card games. sports book.com worldofwarcraft. maps. reference sources. Eating and drinking establishments.yahoo.com pizzahut. Web pages that promote and aid undetectable and anonymous surfing Sites and information that are primarily financial in nature such as: accounting practices and accountants. online personals. Casinos and online gambling sites.com bodog. software support sites. fraud. bombs. and the web and Internet in general. restaurant guides and reviews Education-related sites and web pages such as schools. banking. teachers resources. computer graphics and clipart. Sites related to crime. board games. colleges. ski conditions. libraries. computer games.com Cults Non-business Dating Unacceptable Dinning and Drinking Non-business Education Business Filter Avoidance Unacceptable Finance Business FYI Business Gambling Non-business Games Non-business Dating sites.com Crime Business Criminal Related Non-business crime. sites depicting murder and suicide as well as explaining ways to commit them.com update.org nasdaq. standards and testing.com wellsfargo.

racist theology. election news and voting. Also Law. White Aryan Resistance. exercise and fitness. psychiatry.yahoo. Christian identity religions. vitamins and supplements. National Alliance. antiterrorism.Network Composer User Guide Category Filtering (Typical) Gay and Lesbian Non-business Description Gay. pharmacology.org firstgov.com Health and Nutrition Non-business efitness. transgender: gay family. food in general. sites relating to the military such as: the armed forces. dieting. Hate-related sites. involving racism. political parties.com blacksandjews. doctors. dockets. World Church of the Creator. immigration. lesbian. sites and information relating the field of law such as: attorneys.com messenger. Holocaust denial. military bases. politics.com cannabis. drug paraphernalia. and gambling in a context of health (disease and health care). and computers. hate music. especially when modeled. mental health. sex in a context of health (disease and health care). leisure activities. white supremacists.com emedicine. hospitals. clubs and events. gay parenting. legislation and court decisions. marijuana seeds. Career advice.com powerball. Web-based instant messaging.com pamperedpassions. medical care.com hackerstuff. law publications. law firms. software.com gayamerica. sexism. Neo-Nazi organizations: Aryan Nations. gay bars Foreign relations. travel and accommodations. Health care. bisexual. legal associations. sites and information relating to law enforcement and correctional systems. Sites discussing ways to hack into web sites. sports. job placement services. Examples gay. legal reference material. employer sites. job databanks.com meebo.com Lingerie Unacceptable Lottery and Sweepstakes Non-business Miscellaneous Non-business victoriasecret. cooking and recipes. civil rights issues. Information about recreational drugs.com Cannot be categorized—often because the web page is secured from outside visibility or there’s either no text or too little text to access it.com dice. National Socialist Movement. food and nutrition. military organizations. Neo-Nazis. disease and disabilities.com calottery. Intimate apparel. news and information relating to politics and elections such as: politics. contests and lotteries. gay civil rights. food and beverage. medicinal drugs. advice on how to grow marijuana. courts. drug use. American Nazi parties. patents and copyrights. physical disabilities. Sweepstakes. alcohol use.com Government and Law Business foreignaffairs. health. 145 . and military equipment. advice on resume writing and interviewing skills. Ku Klux Klan. employment and temp agencies.com Illegal Drugs Non-business Instant Messaging Non-business Job Search Non-business weedcity. gay pride sites.gov Hacking Non-business Hate Speech Unacceptable elitehackers.com monster. tobacco use. coming out.com kkk.

sadomasochism. roommates. witchcraft.com century21. paranormal: out of body. harvesting. bestiality). landscaping. Examples peta. snuff. numerology. hazardous waste. sites that offer strip poker. conservation. house building. necrophilia). Sexually explicit text or depictions. anime and XXX cartoons. coming out. horoscopes.com Real Estate Non-business remax. environmental clean-up industry. enema. astrology. gay pornography. forest management (re-forestation. pony-play. Nudism/nudity. politics. sex simulators. fantasy death. torture. fortune telling practices: I Ching. forest conservation.com facebook. lesbian and bisexual: gay family. XXX chat rooms. sports. UFOs and aliens.com ameritrade.com penthouse. pregnant women. forests.com psychic.com piratebay. gay parenting. plants. pets. travel and accommodations. professional organizations for social purposes. Online brokerages.com 146 .Network Composer User Guide Category Filtering (Typical) Nature Non-business Description Natural resources.org nature. special interest groups.com tarot. gay pride sites. forestry practices. spanking. gay. other fetish material (foot/legs. zoology. affinity groups.com hustler. psychic advice. forest protection. TV station wireless Non-mainstream approaches to life. forest health. web-based pornographic e-mail. rape. botany. astral travel. sites which afford the user the ability to trade stocks online. prescribed burning). web newsgroups. forest. Tarot. agricultural practices: agriculture. clubs and events. Peer-to-peer file request sites. recycling. flowers. balloon sex. biology. etc. newspapers. artistic nudes Personal web pages. adult movies. This does not track the file transfers themselves. séances.org News Non-business Non-mainstream Non-business nytimes. planting. apartments. homes. animals. lewd art. Includes the following: nude celebrities. nudist camps. pollution prevention. personal photo collections. thinning. Occult practices: esoteric magic. wilderness. pollution issues: air quality. general XXX depictions.com myspace. gay bars. waste management. pruning. headlines. weed control.com fineartnude.com torrentz. BBW.com Non-sexual nudity Unacceptable Online Communities Non-business barenakedgallery. Information that would support the search for real estate.com msnbc. wilderness. voodoo. harvesting. infantilism.com Online Trading Non-business Peer File Transfer Non-business Porn Non-business franklintrading. water quality. civil rights issues. News. irrigation. ecology and conservation. horticulture. livestock. material of a sexually violent nature (bondage. leisure activities. real estate listings: rentals. casting spells. gardening. latex gloves. domination. This includes: office and commercial space.

hobbies.. public parks. yellow pages. philosophy. cultural studies. Spiritual healing. do-ityourself.Network Composer User Guide Category Filtering (Typical) Science and Technology Non-business Description Sites involving science and technology: aerospace.com prolife. environment. body painting. travel agents.com hotels. surgical abortions. energy: oil. Examples space. lodging and accommodations. mathematics. Cannot be categorized—often because the web page is secured from outside visibility or there’s either no text or too little text to access it.com civilwar. abortions procedures such as: abortion pills. recreational activities.com torture-museum. nuclear. toys for kids. vacation packages. tobacco. bartering.com Uncategorized Non-business Vice Non-business viceland. electronics. communications: telephones. amusement parks. gun and hunting clubs.org goodhousekeeping. political science.org enhancedhealing. wind. cruises. seniors. social organizations. online malls. abortion clinics and abortion providers.com ssrc. Business and personal travel: travel information. articles and information about tattoos and piercing.com sirius. and Google. Auctions.com tattoofinder. online catalogs.com amazon. theology.com ieee. ethnicity and race. economics. toy soldiers. zoos and aquariums. medical abortions. Also Technology. geography. model and remote control cars. genealogy.org Society and Culture Non-business unitedway. linguistics. telecomm. Pictures and text relating to body modification. anthropology. Sites that involve: net radio. sites displaying excessive obscene material.com facesofdeath. hunting. space exploration. often gory photographs such as autopsy photos.com si. streaming audio. travel resources. renting cars. tattoos and piercing venues. history. Sexual health. MSN. meteorology.com Spiritual Healing Non-business Sports and Recreation Non-business aetherius. engineering.com abortion. sun. All sports. net TV. Sites related to: archaeology. information about. theme parks. general office supplies. streaming video. Family and relationships. alcohol. spas. fantasy sports. crime or accident victims.com travelocity. Sites that offer tasteless. psychology. Alta Vista.com vbs. women's studies. alternative approaches to health.org Search Engines and Portals Business Sex Education and Abortion Unacceptable Shopping Non-business Social Science Non-business google. or descriptions of. Web directories and search engines that often serve as home pages such as Excite. fishing. both physical and mental. web casts. cosmetics (skin care for diseases or conditions may be categorized as Health and Nutrition). water parks. hair salons.com Streaming Media Non-business Tasteless or Obscene Unacceptable xmradio. and gambling.com Tattoos Non-business Travel Non-business tatoo. classified ads. clothing and fashion. Sites involving illegal drugs.com ebay. photos of crime scenes.tv 147 . vacation homes. travel transportation: flight booking. religions. etc. coupons and free offers. online purchasing.com espn.com msn. airfares. professional and amateur.

com groovygirls.Network Composer User Guide Category Filtering (Typical) Violence Unacceptable Weapons Business Description Sites related to violence and violent behavior.com bluemountain.aol.com boldchat.com realfights. message boards.g.com hotmail. Sites or information relating to the purchase or use of conventional weapons such as: gun sellers.com pbskids.. Sites that provide web site hosting services. gun training. gun accessories. online meetings. Email portals and email messages ported through the web. knives.com chatango. gun shows. Web-based chat sites. gun classified ads. Sites directed toward and specifically approved for young children Examples psfights.com webmail.com Web Hosting Business Web Messaging Non-business Web-based Chat Non-business Web-based Email Non-business Young Child Non-business webmasters.org remington. General use of the web for messages: e-cards.org 148 . other weapons (e. gun auctions.com rackspace. brass knuckles) may be included.com nrahq. general information about guns.com ecards. etc.

obj application/index.Appendix B: MIME Types The following lists contain the MIME types you can block on your network. MIME type application/EDI-Consent application/EDI-X12 application/EDIFACT application/activemessage application/andrew-inset application/applefile application/atomicmail application/batch-SMTP application/beep+xml application/cals-1840 application/cnrp+xml application/commonground application/cpl+xml application/cybercash application/dca-rft application/dec-dx application/dicom application/dns application/dvcs application/epp+xml application/eshop application/fits application/font-tdpfr application/http MIME type application/hyperstudio application/iges application/im-iscomposing+xml application/index application/index.cmd application/index.response application/index.vnd application/iotp application/ipp application/isup application/mac-binhex40 application/macwriteii application/marc application/mathematica application/mikey application/mpeg4-generic application/msword application/news-message-id application/news-transmission application/ocsp-request application/ocsp-response application/octet-stream application/oda 149 .

plucker application/qsig application/rdf+xml application/reginfo+xml application/remote-printing application/riscos application/rtf application/samlassertion+xml application/samlmetadata+xml application/sbml+xml application/sdp application/set-payment application/set-payment-initiation application/set-registration application/set-registration-initiation application/sgml application/sgml-open-catalog application/sieve application/simple-message-summary application/slate application/soap+xml application/spirits-event+xml application/timestamp-query application/timestamp-reply application/tve-trigger application/vemmi application/watcherinfo+xml application/whoispp-query application/whoispp-response application/wita application/wordperfect5.cww application/prs.1 application/x400-bp application/xhtml+xml application/xml application/xml-dtd 150 .nprend application/prs.alvestrand.titrax-sheet application/prs.Network Composer User Guide MIME type application/ogg application/parityfec application/pdf application/pgp-encrypted application/pgp-keys application/pgp-signature application/pidf+xml application/pkcs10 application/pkcs7-mime application/pkcs7-signature application/pkix-cert application/pkix-crl application/pkix-pkipath application/pkixcmp application/postscript application/prs.

1 audio/G722 audio/G723 audio/G726-16 audio/G726-24 audio/G726-32 audio/G726-40 audio/G728 audio/G729 audio/G729D audio/G729E audio/GSM audio/GSM-EFR audio/L16 audio/L20 audio/L24 audio/L8 audio/LPC audio/MP4A-LATM audio/MPA audio/PCMA audio/PCMU audio/QCELP audio/RED audio/SMV audio/SMV-QCP audio/SMV0 audio/VDVI audio/basic audio/clearmode audio/dsr-es201108 audio/dsr-es202050 audio/dsr-es202211 audio/dsr-es202212 audio/iLBC audio/mpa-robust audio/mpeg audio/mpeg4-generic audio/parityfec 151 .722.Network Composer User Guide MIME type application/xml-external-parsed-entity application/xmpp+xml application/xop+xml application/zip audio/32kadpcm audio/3gpp audio/AMR audio/AMR-WB audio/CN audio/DAT12 audio/DVI4 audio/EVRC audio/EVRC-QCP audio/EVRC0 audio/G.

pti image/t38 image/tiff image/tiff-fx message/CPIM message/delivery-status message/disposition-notification message/external-body message/http message/news message/partial message/rfc822 message/s-http message/sip message/sipfrag message/tracking-status model/iges model/mesh model/vrml multipart/alternative multipart/appledouble multipart/byteranges multipart/digest multipart/encrypted multipart/form-data multipart/header-set multipart/mixed multipart/parallel multipart/related multipart/report multipart/signed multipart/voice-message text/calendar text/css text/directory text/dns text/enriched text/html MIME type text/parityfec text/plain text/prs.btif image/prs.fallenstein.rst text/prs.Network Composer User Guide MIME type audio/prs.lines.sid audio/telephone-event audio/tone image/cgm image/fits image/g3fax image/gif image/ief image/jp2 image/jpeg image/jpm image/jpx image/naplps image/png image/prs.tag text/rfc822-headers text/richtext text/rtf text/sgml text/t140 text/tab-separated-values text/uri-list text/xml text/xml-external-parsed-entity video/3gpp video/BMPEG video/BT656 video/CelB video/DV video/H261 video/H263 video/H263-1998 video/H263-2000 video/H264 video/JPEG video/MJ2 video/MP1S video/MP2P video/MP2T video/MP4V-ES video/MPV video/SMPTE292M video/mpeg video/mpeg4-generic video/nv video/parityfec video/pointer video/quicktime 152 .

mpu .gz .asmx .dll .ico .wpd .wpt .jpeg .pab .bat .asp .gif .lit .wma .html .gzip .dmg .ra .ram .aiff .pdf .aspx .jpg .img .wav .midi .Appendix C: File Types The following lists contain the file types you can block on your network.m4a .aac .rtf .png 153 .exe .lnk .mp3 .mdb .jpe .fpt . File type Active Server Page Active Server Page Active Server Page ActiveX Control Address Book Audio Audio Audio Audio Audio Audio Audio Audio Audio Audio Audio CGI Script Cascading Style Sheet Comma Separated Value Compressed Compressed Compressed Compressed Compressed Compressed Compressed File extension .ocx .db .cgi .dbx .css .hqx .zip .rar .swf .sea .z .sit File type Compressed Compressed DOS Batch Database Database Disk Image Disk Image Document Document Document Document Dynamic Link Library eBook Executable File Shortcut Filemaker Pro Flash FoxPro HTML Icon Image Image Image Image Image Image Image File extension .csv .pct .arc .mid .bmp .

Network Composer User Guide

File type
Image Image Initialization Internet Certificate Java Archive JavaScript Log Lotus Lotus Database Lotus Database Lotus Database MIME MIME Macro Metafile Microsoft Project Microsoft Publisher Outlook PHP PHP PHP PageMaker Perl Script Photoshop Postscript PowerPoint

File extension
.tga .tiff .ini .cer .jar .js .log .wk1 .ns2 .ns3 .ns4 .mim .mime .wpm .wmf .mpp .pub .pst .php .php3 .php4 .p65 .pl .psd .ps .pps

File type
PowerPoint Quark Express SQL Spreadsheet Spreadsheet Spreadsheet Swap Tar Text Uuencoded Uuencoded Video Video Video Video Video Video Video Video Video Visio Windows Help Word Document Word Template XML

File extension
.ppt .qxd .sql .xls .xlt .xlw .sqp .tar .txt .uu .uue .avi .moov .mov .mp4 .mpeg .mpg .qt .rm .wmv .vsd .hlp .doc .dot .xml

154

Network Composer User Guide

Appendix D: Cymphonix CIDR Cheat Sheet
Classless Inter-Domain Routing (CIDR) is the latest refinement on how to present IP Addresses and Subnet masks. CIDR replaces the previous generation of IP Address syntax, Classful networks. Rather than allocating address blocks in 8-bit (octet) boundaries, it uses a technique of a variable subnet mask to allow more allocation. With Network Composer all IP Address are presented as CIDR notations, i.e., the network address of 192.168.255.0 with a subnet mask of 255.255.255.0 is presented as 192.168.255.0/24. Below is a CIDR Cheat Sheet that will help you enter IP Address in CIDR notation.

CIDR Cheat Sheet CIDR Notation /32 /31 /30 /29 /28 /27 /26 /25 /24 /23 1/256 C 1/128 C 1/64 C 1/32 C 1/16 C 1/8 C 1/4 C 1/2 C 1C 2C Class 1 2 4 8 16 32 64 128 256 512 Hosts Mask 255.255.255.255 255.255.255.254 255.255.255.252 255.255.255.248 255.255.255.240 255.255.255.224 255.255.255.192 255.255.255.128 255.255.255.0 255.255.254.0

155

Network Composer User Guide

/22 /21 /20 /19 /18 /17 /16 /15 /14 /13 /12 /11 /10 /9 /8 /7 /6 /5 /4 /3 /2 /1 /0

4C 8C 16 C 32 C 64 C 128 C 256 C 1B 512 C 2 B 1024 C 4 B 2048 C 8 B 4096 C 16 B 8192 C 32 B 16384 C 64 B 32768 C 128 B 65536 C 256 B 1 A 131072 C 512 B 2 A 262144 C 1024 B 4 A 524288 C 2048 B 8 A 1048576 C 4096 B 16 A 2097152 C 8192 B 32 A 4194304 C 16384 B 64 A 8388608 C 32768 B 128 A 1677216 C 65536 B 256 A

1024 2048 4096 8192 16384 32768 65536 131072 262144 524288 1048576 2097152 4194304 8388608 16777216 33554432 67108864 134217728 268435456 536870912 1073741824 2147483648 4294967296

255.255.252.0 255.255.248.0 255.255.240.0 255.255.224.0 255.255.192.0 255.255.128.0 255.255.0.0 255.254.0.0 255.252.0.0 255.248.0.0 255.240.0.0 255.224.0.0 255.192.0.0 255.128.0.0 255.0.0.0 254.0.0.0 252.0.0.0 248.0.0.0 240.0.0.0 224.0.0.0 192.0.0.0 128.0.0.0 0.0.0.0

156

which Cymphonix supports. 157 . In addition. This license does not grant you any rights to patents. trademarks or any other rights with respect to the Software and Appliance. (1) you may not reverse engineer. Cymphonix reserves all rights not expressly granted herein. trade secrets. DO NOT USE THE PRODUCT. provided that. the Software and Appliance. and (2) you may not transfer rights under this License unless such transfer is part of a permanent sale or transfer of the Product.openssl. Software. However. disassemble or modify the Software or Appliance.fsf. and other intellectual property laws and treaties. THE USE OF THE PRODUCT IS LICENSED FOR USE ONLY AS SET FORTH BELOW.Network Composer User Guide Appendix E: Cymphonix License Agreement and Warranty PLEASE READ THE FOLLOWING BEFORE USING THE ACCOMPANYING PRODUCT. you must reproduce and include all copyright notices and any other proprietary rights notices appearing on the electronic documentation. Cymphonix and its suppliers retain all ownership of. Cymphonix grants you a nonexclusive right and license to use the Software on the Appliance. IF YOU DO NOT AGREE TO THE TERMS AND CONDITIONS OF THIS AGREEMENT. and intellectual property rights in (including copyright).org/copyleft/gpl. Cymphonix will provide source code for any of the components of the Software licensed under the GNU General Public License upon request. decompile. SUCH USE WILL INDICATE THAT YOU ACCEPT. Intellectual Property Rights The Software and Appliance is protected by copyright laws. any part thereof.org). copyright. IF YOU USE ANY PART OF THE SOFTWARE AND HARDWARE. certain components of the Software are components licensed under the GNU General Public License (version 2). You may obtain a copy of the GNU General Public License at http:/www. and the recipient agrees to this License.html. License Grant Subject to the terms and conditions of this License. Export Restrictions You agree that you will not export or re-export the Appliance. No license is granted in any of the Software’s proprietary source code. YOU SHOULD CAREFULLY READ THE FOLLOWING TERMS AND CONDITIONS BEFORE USING THE ACCOMPANYING SOFTWARE AND HARDWARE (“APPLIANCE”). Additionally this product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www. except and only to the extent that such activity is expressly permitted by applicable law notwithstanding this limitation. and you transfer at the same time the Appliance and Software to the same party or destroy such materials not transferred. You may make a reasonable number of copies of the electronic documentation accompanying the Software for each Software license you acquire. international copyright treaties. or any process or service that is the direct product of the Appliance or Software in violation of any applicable laws or regulations of the United States or the country in which you obtained them.

LOSS OF DATA. and supersedes all other agreements or representations. LOSS. or disclosure by the Government is subject to restrictions set forth in subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS 252. warrants your Cymphonix product to be in good working order and to be free from defects in workmanship and material (except in those cases where materials are supplied by the Purchaser) under normal and proper use and service for the period of one (1) year from the date of purchase from an Authorized Cymphonix Reseller. or removed.R. excluding its conflict of law rules. the prevailing party will be entitled to recover its costs. CYMPHONIX SHALL HAVE NO LIABILITY FOR COSTS. at Cymphonix’ sole discretion. Use. as its property. WHETHER EXPRESS OR IMPLIED. THERE IS NO WARRANTY AGAINST INTERFERENCE WITH YOUR ENJOYMENT OF THE SOFTWARE OR AGAINST INFRINGEMENT. TORT.Network Composer User Guide U. 158 . including reasonable attorneys’ fees. In any action or suit to enforce any right or remedy under this License or to interpret any provision of this License. whether written or oral. or other cause not arising out of defects in material or workmanship. OR ANY INCIDENTAL. the Purchaser will be invoiced for said inspection and testing at Cymphonix’ then current rates. WHETHER UNDER CONTRACT. If any part of this License is held to be unenforceable as written. any nonCymphonix modification of the product except as provided or explicitly recommended by Cymphonix. you must destroy all copies of the Software. Governing Law and Attorney’s Fees This License is governed by the laws of the State of Utah.227-7013 or subparagraphs (c) (1) and (2) of the Commercial Computer Software–Restricted Rights at 48 C. If Cymphonix does not find the product to be defective. This hardware warranty also does not include service to replace or repair damage to the product if the serial number or seal or any part thereof has been altered. NO LIABILITY FOR CERTAIN DAMAGES. Hardware Warranty Cymphonix Corp. IF YOU HAVE RECEIVED ANY WARRANTIES REGARDING THE DEVICE OR THE SOFTWARE. and will not affect the enforceability of any other part. repair or replace such product at the place of manufacture. defaced. electrical stress. all replaced parts and products. SO THIS LIMITATION MAY NOT APPLY TO YOU. as applicable. duplication. You agree that the United Nations Convention on Contracts for the International Sale of Goods is hereby excluded in its entirety and does not apply to this License.227-19. The terms of this License can only be modified by express written consent of both parties. EXCEPT AS PROHIBITED BY LAW. AND EFFORT IS WITH YOU. Purchaser’s sole remedy is to have Cymphonix. abuse. LOSS OF USE. ACCURACY. negligence. WARRANTY OR OTHERWISE ARISING FROM OR IN CONNECTION WITH THIS LICENSE OR THE USE OR PERFORMANCE OF THE SOFTWARE. 52. Repair costs and replacement products will be provided on an exchange basis and will be either new or reconditioned. disaster. THE ENTIRE RISK AS TO SATISFACTORY QUALITY. misuse. CYMPHONIX DISCLAIMS ANY AND ALL OTHER WARRANTIES. LOST OR ANTICIPATED PROFITS. ALSO. EXEMPLARY SPECIAL OR CONSEQUENTIAL DAMAGES. SOME STATES AND COUNTRIES DO NOT ALLOW THE LIMITATION OR EXCLUSION OF LIABILITY FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES. ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. and provided that Cymphonix confirms the specified defects. THOSE WARRANTIES DO NOT ORIGINATE FROM. it will be enforced to the maximum extent allowed by applicable law.F. this hardware warranty does not include service to replace or repair damage to the product resulting from accident. Notwithstanding the foregoing. Term and Termination This License is effective until terminated. CYMPHONIX. USA. or any successor regulations. Cymphonix will retain. INCLUDING BUT NOT LIMITED TO. PERFORMANCE. Entire Agreement This License constitutes the entire agreement between you and Cymphonix with respect to the Software. at no additional charge other than the cost of freight of the defective product to and from the Purchaser. OTHER THAN AS STATED HEREIN. In the event that this product fails to meet this warranty within the applicable warranty period.S. The License terminates immediately if you fail to comply with any term or condition. AND ARE NOT BINDING ON. INCLUDING WITHOUT LIMITATION. regardless of whether the product is under warranty. The Software and related documentation are provided with Restricted Rights. DAMAGES OR LOST OPPORTUNITY OF ANY TYPE WHATSOEVER. IN NO EVENT SHALL CYMPHONIX BE LIABLE FOR ANY AMOUNT IN EXCESS OF THE PURCHASE PRICE AND/OR ANY LICENSE FEES PAID TO CYMPHONIX UNDER THIS LICENSE. In such an event. Government Restricted Rights. You may also terminate this License at any time by destroying the Product.

Sign up to vote on this title
UsefulNot useful