Administrator Guide Find out how to configure GFI WebMonitor in

Administrator Guide Find out how to configure GFI WebMonitor in
Administrator Guide
Find out how to configure GFI WebMonitor in different environments, and learn
how to set up advanced features.
The information and content in this document is provided for informational purposes only and is provided "as is"
with no warranties of any kind, either express or implied, including without limitation any warranties of
merchantability, fitness for a particular purpose, and non-infringement. GFI Software disclaims and in no event shall
be liable for any losses or damages of any kind, including any consequential or incidental damages in connection
with the furnishing, performance or use of this document. The information is obtained from publicly available
sources. Though reasonable effort has been made to ensure the accuracy of the data provided, GFI makes no
warranty, promise or guarantee about the completeness, accuracy, recency or adequacy of information contained in
this document and is not responsible for misprints, out-of-date information, or errors. GFI reserves the right to revise or
update its products, software or documentation without notice. You must take full responsibility for your use and
application of any GFI product or service. No part of this documentation may be reproduced in any form by any
means without prior written authorization of GFI Software.
If you believe there are any factual errors in this document, please contact us and we will review your concerns as
soon as practical.
GFI and GFI WebMonitor are trademarks or registered trademarks of GFI Software or its affiliates in the US and other
countries. Any other trademarks contained herein are the property of their respective owners.
GFI WebMonitor is copyright of GFI Software Ltd. - 1999-2016 GFI Software Ltd. All rights reserved.
Document Version: 3.2.0
Last updated (month/day/year): 05/12/2016
Contents
1 Introduction
1.1 Why monitor and control Internet usage?
1.2 Licensing information
2 Installing GFI WebMonitor
2.1 System requirements
2.2 Deployment scenarios
2.3 Installing GFI WebMonitor
2.4 Using the Post-installation Configuration Wizard
2.5 Configure browser proxy settings on GFI WebMonitor machine
2.6 Disabling Internet connection settings on client computers
2.7 Launching GFI WebMonitor
2.8 Verify that GFI WebMonitor is working correctly
2.9 Using the Settings Importer tool
2.10 Installing GFI WebMonitor in parallel with Microsoft Forefront TMG
2.11 Upgrading from previous versions
3 Configuring
3.1 Configuring Core Settings
3.2 Advanced Settings
3.3 Licensing and subscription details
3.4 UI Access Control
3.5 Configuring Activity Logging
3.6 Configuring Anonymization
3.7 Language settings
3.8 Configuring Security Engines
3.9 Configuring WebGrade updates
3.10 Configuring system updates
3.11 Configuring search engine options
3.12 Configuring Caching settings
3.13 Configure Proxy settings on client Internet browsers
3.14 Configuring Internet Browsers to use a Proxy Server
3.15 Configuring the GFI WebMonitor Agent
3.16 Downloading the GFI WebMonitor Agent
3.17 How the GFI WebMonitor Agent works
3.18 Installing the WebMonitor Agent Manually
3.19 Installing the GFI WebMonitor Agent via GPO in Windows Server 2008
3.20 Installing the GFI WebMonitor Agent via GPO - Windows Server 2008 R2 / 2012
3.21 Configuring Remote Policies
3.22 Edit existing Remote Policies
4 Using GFI WebMonitor
4.1 Working with Policies
4.2 Configuring Blacklist
4.3 Configuring the Whitelist
4.4 Adding a new policy
5
5
5
7
7
10
15
16
17
18
20
20
22
24
26
28
28
48
49
50
51
52
52
52
53
53
54
54
55
57
58
58
59
60
61
62
64
65
66
66
67
68
69
4.5 Configuring Exceptions
4.6 Application control
4.7 Security scanning policies
4.8 Monitoring and filtering Internet browsing
4.9 Editing an existing Policy
4.10 Cloning a Policy
4.11 Enabling or disabling a configured policy
4.12 Using the Dashboards
4.13 Overview of Internet Activity
4.14 Monitoring Bandwidth
4.15 Monitoring Security
4.16 Monitoring Real-Time Traffic
4.17 Using the Quotas Dashboard
4.18 Monitoring Agents
4.19 Using WebInsights
4.20 Productivity Insights
4.21 Security Insights
4.22 Bandwidth Insights
4.23 Working with Reports
4.24 Notification Center
5 Troubleshooting and support
5.1 Introduction
5.2 GFI knowledge base
5.3 Web Forum
5.4 Request Technical Support
5.5 Documentation
6 Glossary
7 Index
77
77
78
78
78
79
79
79
80
80
82
84
85
85
87
87
89
90
91
93
95
95
95
95
95
95
96
102
1 Introduction
GFI WebMonitor® is a comprehensive Internet usage monitoring solution. It enables you to monitor and filter Web
browsing and file downloads in real-time. It also enables you to optimize bandwidth by limiting access to streaming
media and other bandwidth consuming activities, while enhancing network security with built-in tools that scan traffic
for viruses, trojans, spyware and phishing material.
It is the ideal solution to transparently and seamlessly exercise control over browsing and downloading habits. At the
same time, it enables you to ensure legal liability and best practice initiatives without alienating network users.
1.1 Why monitor and control Internet usage?
Avoid legal liability by:
blocking access to problem sites such as gambling, pornography, and hacking
making sure pirated software or copyrighted media are not downloaded to company computers.
Ensure that employees are always safe from the most recent online security risks:
hidden malware
websites that exploit software vulnerabilities
phishing attacks that steal personal and company data
other online threats.
Improve productivity by:
monitoring Internet activity
identifying problem websites and applications (social networks, news, webmail),
filtering streaming media, categories or users
introducing more sensible control.
Make better use of your bandwidth by:
identifying any network bottlenecks (video sharing sites, online file storage and streaming media)
applying some limits to conserve resources as necessary.
1.1.1 Downloading GFI WebMonitor
GFI WebMonitor can be downloaded from: http://go.gfi.com/?pageid=WebMon_Download.
1.2 Licensing information
GFI WebMonitor requires a license for every user (or IP address) that needs to be monitored. You can configure a list of
users or IP addresses that do not need to be monitored or protected so that these users do not consume a license.
This can be done by configuring an Exclusion list through the Configuration Wizard or from Settings > Licensing. For
more information, refer to Configuring a Licensing Exclusion List (page 49).
NOTE
Adding users or IPs to the default Whitelist policy excludes users from being monitored, however they still consume
a license. For more information, refer to Configuring the Whitelist (page 68).
GFI WebMonitor
1 Introduction | 5
For more information about licensing, refer to GFI Software Ltd. website at: http://go.gfi.com/?pageid=WebMon_
LicensingInformation
See also:
Licensing and subscription details
GFI WebMonitor
1 Introduction | 6
2 Installing GFI WebMonitor
The following sections provide information for the successful deployment of GFI WebMonitor.
System requirements
Deployment scenarios
Gateway mode pre-requisites
Simple Proxy mode pre-requisites
Installation procedure
Post-installation setup
2.1 System requirements
2.1.1 Software
TYPE
SOFTWARE REQUIREMENTS (x86 and x64)
Supported Operating Sys
tems
Windows® Server 2003 or later
Windows® 7 or later
Gateway and Simple Proxy
Modes - Other server side
required components
Microsoft.NET ® Framework 4.0
IIS ® Express
SQL Server ® Express 2005 or later
SQL Server ® 2005 or later (for reporting purposes)
Gateway Mode - Other
required components
Routing and Remote Access configuration on Windows® Server 2003/2008
GFI WebMonitor Agent
Windows® Vista SP2 or later
Supported Internet browsers
Server side (for the main product console):
Microsoft Internet Explorer 10 or later
Microsoft Edge
Google Chrome (v36 or later)
Mozilla Firefox (v31 or later)
Client side:
Microsoft Internet Explorer 8 or later
Microsoft Edge
Google Chrome (v36 or later)
Safari
Mozilla Firefox v. 31 or later
Note
Any client browser is supported for the main product functions, including mobile browsers, and
other versions of the supported browsers; however in order to display block / warn messages
properly, one of the above browsers is required.
NOTE
The installation wizard checks that Microsoft .NET ® 4.0, Report Viewer, Windows® Image Component, .net Hotfix,
Microsoft® Visual C++ Redistributable and IIS® Express are installed. If not installed the wizard will guide you through
the installation automatically.
GFI WebMonitor
2 Installing GFI WebMonitor | 7
2.1.2 Hardware
x86 ARCHITECTURES
MINIMUM HARDWARE REQUIREMENTS
Processor
2.0 GHz processor
Memory
4 GB RAM
Physical storage
12 GB of available disk space
x64 ARCHITECTURES
MINIMUM HARDWARE REQUIREMENTS
Processor
2.0 GHz (multi-core recommended)
Memory
8 GB
Physical storage
12 GB of available disk space.
NOTE
Allocation of hard disk space depends on your environment. The size specified in the requirements is the minimum
required to install and use GFI WebMonitor. The recommended size is between 150 and 250GB.
Other Hardware
COMPONENT
HARDWARE REQUIREMENTS
Network card
Router
2 network interface cards when installing in Gateway Mode
1 network interface card required when installing in Simple Proxy Mode.
A Router\gateway that supports traffic forwarding or port blocking when installing in Simple Proxy Mode.
2.1.3 Listening ports
PRODUCT
PORT
GFI WebMonitor Gateway and Simply Proxy
Mode
Listening Port (Default 8080)
GFI WebMonitor Agent
Listening Port (Default 5996) - this port will accept transfer of data from the agent to
the server
GFI WebMonitor Management Console
Listening Port (Default 1007)
GFI WebMonitor Transparent Proxy
Listening Port (Default 8082)
2.1.4 GFI WebMonitor services
The table below lists Windows® services used by GFI WebMonitor. These services are created when GFI WebMonitor is
installed and require an account with administrative privileges. For more information, refer to Admin Credentials for
GFI WebMonitor Services (page 45).
SERVICE NAME
DESCRIPTION
LOCATION AND NAME
GFI Proxy - Local
System
The GFI Proxy service is only created in the Standalone Proxy Version of
GFI WebMonitor. It is used as an agent service for the Proxy server, ISAPI
module and Web Filtering.
<drive>:\Program Files\GFI\We
bMonitor\GFiProxy.exe
GFI WebMonitor
2 Installing GFI WebMonitor | 8
SERVICE NAME
DESCRIPTION
LOCATION AND NAME
GFI WebMonitor
Core Service Local System
The GFI WebMonitor Core Service is used a worker service. Its
functionality includes:
Scanning downloads via AV scanning engines.
Managing content updates for the various GFI WebMon
itormodules.
Sending notification emails to administrator and users.
Provide services used to host admin UI.
Loading WebGrade database to memory
<drive>:\Program Files\GFI\We
bMonitor
NOTE
During product updates the GFI WebMonitor services need to be stopped and restarted. This action causes the
disruption of Internet connections going through GFI WebMonitor. Internet usage can resume once the services are
restarted.
To view status of GFI WebMonitor services:
1. On the GFI WebMonitor server, click Start > Run and key in “services.msc”
2. From the list of services displayed locate the following services:
GFI Proxy
GFI WebMonitor Core Service
2.1.5 Assigning log on as a service rights
The GFI WebMonitor service needs to run with administrative privileges. The username and password provided for the
GFI WebMonitor service must have Logon as a service rights.
Log on as a service rights allow a user to log on as a service. Services can be configured to run under the Local System,
Local Service, or Network Service accounts, which have a built-in right to log on as a service. Any service that runs under a
separate user account must be assigned the right.
Manually assigning Log On As A Service Rights on Windows® Vista/7/8
1. Go to Start > Control Panel > Administrative Tools > Local Security Policy.
2. Expand Security Settings > Local Policies > User Rights Assignment .
3. Right-click Log on as a service from the right panel and click Properties.
4. Select the Local Security Setting tab.
5. Click Add User or Group.
6. Key in the account name and click OK.
7. Click Apply and OK.
8. Close Local Security Settings dialog.
9. Close all open windows.
Manually assigning Log On As A Service Rights on a Server Machine
1. Go to Start > Programs > Administrative Tools > Local Security Policy.
2. Expand Security Settings > Local Policies > User Rights Assignment .
3. Right-click Log on as a service from the right panel and click Properties.
4. Select the Local Security Setting tab.
5. Click Add User or Group button.
GFI WebMonitor
2 Installing GFI WebMonitor | 9
6. Key in the account name and click OK.
7. Click Apply and OK.
8. Close all open windows.
Assigning Log On As A Service Rights via GPO in Windows® Server 2008 or later
To assign Log on as service rights on clients machines via GPO through Windows® Server 2008 or later:
1. In the command prompt key in mmc.exe and press Enter.
2. In the Console Root window, go to File > Add/Remove Snap-in… to open the Add or Remove Snap-ins window.
3. Select Group Policy Management from the Available snap-ins list , and click Add.
4. Click OK.
5. Expand Group Policy Management > Forest > Domains and <domain>.
6. Right-click Default Domain Policy and click Edit to open the Group Policy Management Editor.
7. Expand Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies and click User
Rights Assignment .
8. Right-click Log on as a service from the right panel and click Properties.
9. Select the Security Policy Setting tab.
10. Check Define these policy settings checkbox
11. Click Add User or Group button.
12. Key in the account name and click OK.
13. Click Apply and OK.
14. Close all open windows.
2.2 Deployment scenarios
Deployment depends on the network infrastructure and the network role of the machine where GFI WebMonitor is to
be installed. GFI WebMonitor can be deployed in the following modes:
MODE
DESCRIPTION
Simple
Proxy
mode
Select Simple Proxy mode if you want to route client HTTP traffic through GFI WebMonitor and non-HTTP traffic
through a separate router. This setup requires an Internet facing router with port blocking and traffic forwarding cap
abilities.
Gateway
mode
Deploy GFI WebMonitor in Gateway mode if you are installing the application on a server that is configured as an Inter
net gateway. All outbound and inbound client traffic (HTTP and non-HTTP) is routed through GFI WebMonitor. When
GFI WebMonitor is deployed in this mode, you can enable Transparent Proxy, eliminating the need to set client
browser settings to point to a specific proxy. For more information, refer to Configuring Transparent Proxy (page 34).
In par
allel with
Microsoft
Forefront
TMG
GFI WebMonitor 2015 SR3 and later editions can be installed in parallel with Microsoft Forefront TMG on the same
machine where Microsoft Forefront TMG is running. Use this setup when you want to keep Microsoft Forefront TMG as a
firewall and use the same machine to perform web filtering by GFI WebMonitor. This setup also provides an alternative
when it is not possible to add another dedicated machine in the network just for GFI WebMonitor.
2.2.1 Deployment in an Internet Gateway environment
Select Gateway mode to use GFI WebMonitor as a trusted agent that can access the Internet on behalf of client
computers. All outbound and inbound client traffic (HTTP, HTTPS and non-HTTP) is routed through the GFI WebMonitor
GFI WebMonitor
2 Installing GFI WebMonitor | 10
gateway. However, only HTTP and HTTPS traffic is filtered. Use this mode also when deploying GFI WebMonitor as a
Transparent Proxy. For more information, refer to Configuring Transparent Proxy (page 34).
NOTE
To configure GFI WebMonitor in gateway mode you need a server with 2 network cards. The option to configure GFI
WebMonitor in gateway mode is grayed out if only one network card is detected.
Screenshot 1: GFI WebMonitor installed on a gateway machine
In this scenario, GFI WebMonitor is installed on the gateway machine, usually a Domain Controller. GFI WebMonitor can
be configured to set up a WPAD server which will advertise the existence of the proxy on the network. For more
information, refer to Configuring WPAD (page 30).
When WPAD is enabled, client machines have to be aware of the proxy by activating proxy auto detection in the
browser. For more information, refer to Configure Internet browser for WPAD (page 31).
If WPAD is not enabled you need to manually set the proxy IP and port of client machines. For more information, refer
to Configure Proxy settings on client Internet browsers (page 55).
When installed in Gateway Mode, the GFI WebMonitor machine must have a minimum of two network interface cards.
During the Configuration Wizard, you are asked to specify the Internal network interface card and by default
WebMonitor will bind to it on port 8080.
2.2.2 Gateway mode pre-requisites
Before installing GFI WebMonitor on an Internet Gateway Server, ensure that:
1. Client machines are configured to use the server as the default Internet gateway.
2. The server’s network cards are connected:
one to the internal network (LAN)
one to the external network (WAN)
GFI WebMonitor
2 Installing GFI WebMonitor | 11
3. Start Routing and Remote Access service if installing GFI WebMonitor on Windows® Server 2003 or Windows® Server
2008.
IMPORTANT
Ensure that the listening port (default 8080) is not blocked by your firewall. For more information on how to enable
firewall ports on Microsoft Windows Firewall, refer to http://go.gfi.com/?pageid=WebMon_WIndowsFirewall
2.2.3 Deployment in a Simple Proxy environment
Install GFI WebMonitor in Simple Proxy mode if you want to route client HTTP traffic through GFI WebMonitor and nonHTTP traffic through a separate router. To select this mode, ensure that:
Users are using a router to connect to the Internet
GFI WebMonitor is installed within the local LAN.
IMPORTANT
The Transparent Proxy feature cannot be enabled when GFI WebMonitor is deployed in Simple Proxy mode.
For more information, refer to Configuring Transparent Proxy (page 34).
Screenshot 2: GFI WebMonitor installed in Simple Proxy Mode
The router must be configured to block all traffic except traffic generated by GFI WebMonitor. This can be achieved by
using one of the following methods:
OPTION
DESCRIPTION
Port Blocking
Blocking client requests and allowing GFI WebMonitor traffic.
Traffic Forwarding
Forwarding all traffic from the client to GFI WebMonitor machine.
2.2.4 Simple Proxy Mode Pre-requisites
Before installing GFI WebMonitor on a Proxy server, the router/gateway must be configured to:
GFI WebMonitor
2 Installing GFI WebMonitor | 12
Block all outgoing HTTP/HTTPS traffic generated from the client machines
Allow outgoing HTTP/HTTPS traffic generated by GFI WebMonitor only
Allow Non-HTTP/HTTPS traffic generated from client machines.
In this environment, traffic forwarding can be used to forward HTTP/HTTPS traffic from the client machines to GFI
WebMonitor machine.
IMPORTANT
Ensure that the listening port (default 8080) is not blocked by your firewall. For more information on how to enable
firewall ports on Microsoft Windows Firewall, refer to http://go.gfi.com/?pageid=WebMon_WIndowsFirewall
2.2.5 Port blocking
The router must be configured to allow both HTTP/HTTPS traffic generated from GFI WebMonitor machine and NonHTTP/HTTPS traffic generated from client machines. In addition, it must also block HTTP/HTTPS traffic generated from
client machines.
NOTE
Client machines must be configured to use the GFI WebMonitor machine as the default proxy server.
GFI WebMonitor
2 Installing GFI WebMonitor | 13
Screenshot 3: GFI WebMonitorinstalled on a proxy machine connected to a router supporting port blocking
2.2.6 Traffic forwarding
The router/gateway must be configured to allow outgoing web traffic generated by GFI WebMonitor only. In addition, it
must forward client HTTP/HTTPS traffic to GFI WebMonitor.
GFI WebMonitor
2 Installing GFI WebMonitor | 14
Screenshot 4: GFI WebMonitor installed on a proxy machine connected to a router supporting traffic forwarding
To install GFI WebMonitor on a proxy server, refer to Installing in Simple Proxy Mode.
2.3 Installing GFI WebMonitor
Run the installer as a user with administrative privileges on the target machine.
1. Double click the GFI WebMonitor executable file.
2. Ensure you have no Windows programs running and click Next .
3. The installer checks if required components are installed, and automatically installs missing components.
GFI WebMonitor
2 Installing GFI WebMonitor | 15
4. Choose whether you want the installation wizard to search for a newer build of GFI WebMonitor on the GFI website
and click Next .
5. Read the licensing agreement. To proceed with the installation select I accept the terms in the license agreement
and click Next .
6. Key in the user name or IP address of users that need administrative access to the GFI WebMonitor web interface and
click Next . Access can be managed later on from Settings > Advanced Settings > UI Access Control.
NOTE
Enter only users that need access to configure GFI WebMonitor. Do not enter IPs of normal users that will be proxied
through GFI WebMonitor. More than one user or machine can be specified by separating entries with semicolons ‘;’
7. Specify the Installation Folder where GFI WebMonitor will be installed. The default path is C:\Program
Files\GFI\WebMonitor\. Click Next .
8. Click Install to start the installation, and wait for the installation to complete.
9. Click Finish to finalize setup.
10. After the installation, GFI WebMonitor Configuration Wizard is launched automatically.
NOTE
After installing GFI WebMonitor, you can manually launch the Configuration Wizard from the settings menu at any
time.
11. Click Get Started to configure GFI WebMonitor for first use.
See also:
Configuring Core settings
Configuring Advanced settings
2.4 Using the Post-installation Configuration Wizard
After performing the installation, use the Configuration Wizard to configure GFI WebMonitor for first use. In the welcome
screen, click Get started. The wizard guides trough the following steps:
OPTION
DESCRIPTION
Configure con
nection set
tings
Choose your Network Mode depending on your current network setup. Establish a connection between your
internal network and the Internet through the GFI WebMonitor server.
Enable Trans
parent Proxy
Enable Transparent Proxy to monitor and control HTTP and HTTPS traffic transparently. When a user makes a
request to a web server, the Transparent Proxy intercepts the request to deliver the requested content. When GFI
WebMonitor is deployed in this mode, you do not need to set client browser settings to point to a specific proxy.
IMPORTANT
Ensure that GFI WebMonitor is running in Gateway mode. Transparent Proxy cannot work in Simple Proxy
mode.
Enter your
License key
GFI WebMonitor
Key in a valid license to use GFI WebMonitor. This can either be a trial license or a regular license key obtained on
renewal.
2 Installing GFI WebMonitor | 16
OPTION
DESCRIPTION
Configure
HTTPS Scan
ning
Configure HTTPS scanning to monitor and block encrypted traffic.
Set up the
Database
Configure the database to use with GFI WebMonitor where collected data is stored. Use the Firebird database
only during the evaluation period. It is highly recommended to switch to a Microsoft SQL Server based database
for live systems.
Define Admin
Credentials
Key in the admin credentials required by the GFI WebMonitor services to control internal security engines, man
age updates, send notifications and control data displayed in the User Interface. The GFI WebMonitor services are
Windows services installed automatically during installation and require administrative privileges to operate.
Setup Email
notification set
tings
Provide the email addresses required by GFI WebMonitor to send messages containing information related to
tasks such as auto-updates and licensing issues.
Configuring
Internet
Browsers to
use a Proxy
Server
If you have not configured WPAD or Transparent Proxy, ensure that proxy settings of client machines are con
figured to use GFI WebMonitor as the default proxy. This ensures that Internet traffic is routed through GFI
WebMonitor.
IMPORTANT
Ensure that by enabling HTTPS Scanning you are not violating any laws in your jurisdiction or any compliance
regulations for your industry.
NOTE
The Configuration Wizard is launched automatically after installing GFI WebMonitor or manually from the Settings
menu.
See also:
Configuring Advanced settings
2.5 Configure browser proxy settings on GFI WebMonitor machine
Configure your server's Internet browser to use GFI WebMonitor machine as the default proxy. This can be achieved by
performing the following:
1. On the machine where GFI WebMonitor is installed, go to Control Panel and select Internet Options.
2. Click the Connections tab.
3. Click LAN settings.
GFI WebMonitor
2 Installing GFI WebMonitor | 17
Screenshot 5: Configure fixed proxy settings
4. Check Use a proxy server for your LAN checkbox.
5. In the Address field, key in the proxy server name or IP address of the GFI WebMonitor machine.
6. In the Port field enter the port used (default = 8080).
2.6 Disabling Internet connection settings on client computers
To prevent users from modifying Internet settings to bypass GFI WebMonitor, the Internet Connections settings tab can
be disabled on client machines.
Disabling the Internet connections page using GPO in Microsoft Windows Server 2003
Disabling the Internet connections page using GPO in Microsoft Windows Server 2008
IMPORTANT
When deploying GFI WebMonitor in Transparent Proxy mode, you do not need to disable Internet connection
settings on client computers if a gateway machine is configured as the only possible exit point to the internet.
Traffic is filtered by the Transparent Proxy. For more information, refer to Configuring Transparent Proxy (page
34).
GFI WebMonitor
2 Installing GFI WebMonitor | 18
2.6.1 Disabling Internet connections page via GPO in Windows® Server 2003
The Internet Connections settings tab can be disabled on client machines to prevent users from modifying Internet
settings to bypass GFI WebMonitor.
IMPORTANT
When deploying GFI WebMonitor in Transparent Proxy mode, you do not need to disable Internet connection
settings on client computers if a gateway machine is configured as the only possible exit point to the internet.
Traffic is filtered by the Transparent Proxy. For more information, refer to Configuring Transparent Proxy (page
34).
To disable Connections settings on client machines through Windows® Server 2003 GPO:
1. Go to Start > Programs > Administrative Tools > Active Directory Users and Computers on the DNS server.
2. Right-click the domain node and click Properties.
3. Select Group Policy tab in the Domain Properties dialog.
4. Select Default Domain Policy from the list and click Edit .
5. Expand User Configuration > Administrative Templates > Windows Components > Internet Explorer and click
Internet Control Panel.
6. Right-click Disable the Connections page from the right panel and click Properties.
7. In the Setting tab, select Enabled.
NOTE
This policy prevents users from viewing and modifying connection and proxy settings from their client machines.
8. Click Apply and OK.
9. Close all open windows.
2.6.2 Disabling Internet connections page via GPO in Windows® Server 2008
The Internet Connections settings tab can be disabled on client machines to prevent users from modifying Internet
settings to bypass GFI WebMonitor.
IMPORTANT
When deploying GFI WebMonitor in Transparent Proxy mode, you do not need to disable Internet connection
settings on client computers if a gateway machine is configured as the only possible exit point to the internet.
Traffic is filtered by the Transparent Proxy. For more information, refer to Configuring Transparent Proxy (page
34).
To disable Connections settings on clients machines through Windows® Server 2008 GPO:
1. In the command prompt key in mmc.exe and press Enter.
2. In the Console Root window, Go to File > Add/Remove Snap-in… to open the Add or Remove Snap-ins window.
3. Select Group Policy Management from the Available snap-ins list, and click Add.
4. Click OK.
5. Expand Group Policy Management > Forest > Domains and <domain>.
GFI WebMonitor
2 Installing GFI WebMonitor | 19
6. Right-click Default Domain Policy and click Edit to open the Group Policy Management Editor.
7. Expand User Configuration > Policies > Administrative Templates > Windows Components > Internet Explorer
and click Internet Control Panel.
8. Right-click Disable the Connection page from the right panel and click Properties.
9. In the Setting tab, select Enabled.
NOTE
This policy prevents users from viewing and modifying connection and proxy settings from their client machines.
10. Click Apply and OK.
11. Close Group Policy Management Editor dialog and save the management console created.
2.7 Launching GFI WebMonitor
On the same machine where GFI WebMonitor is installed:
There are 2 options for launching the GFI WebMonitor Management Console:
Option 1: click Start > All Programs > GFI WebMonitor > GFI WebMonitor Management Console
Option 2: Key in the URL http://1.1.1.1 or http://127.0.0.1:1007 in a web browser on the same machine.
NOTE
If using the GFI WebMonitor through the web browser interface on the same machine, Internet browser must be
configured to use a proxy server. For http://127.0.0.1:1007 disable Bypass proxy server for local addresses from
Internet options. For more information, refer to Configure browser proxy settings on GFI WebMonitor machine
(page 17).
IMPORTANT
In http://127.0.0.1:1007, 1007 refers to the port on which the GFI WebMonitor Management Console listens by
default. If this listening port is changed, the URL used to access the Management Console should reflect this, for
example http://127.0.0.1:<port>. This is different from the port on which the GFI Proxy listens for
incoming connections.
From a remote machine:
To launch GFI WebMonitor installation from machines of users and/or IP addresses that were allowed access to the
application, key in the URL http://1.1.1.1 or http://127.0.0.1:1007 in a web browser from their machine. The Internet
browser must be configured to use specific proxy settings to enable this access. For http://127.0.0.1:1007 disable Bypass
proxy server for local addresses from Internet options. For more information, refer to Configure Proxy settings on
client Internet browsers (page 55).
NOTE
User access to the application can be granted either during installation or from Settings > Advanced Settings > UI
Access Control.
2.8 Verify that GFI WebMonitor is working correctly
To determine that GFI WebMonitor is working correctly, perform a simple test to check whether an Internet request is
blocked. To do this:
GFI WebMonitor
2 Installing GFI WebMonitor | 20
1. Go to Manage > Policies.
NOTE
You will see that a Default Web Filtering Policy is already enabled. This policy applies to every user whose traffic is
routed through GFI WebMonitor.
2. In the sidebar, select Blacklist from the list of configured policies.
3. Click Edit .
3. In the Websites element, type *.cnn.com.
4. Click the Add sign. The URL is added to the list of blocked sites.
5. Click Save to apply the changes.
6. Go back to your browser and open http://www.cnn.com. The GFI WebMonitor blocking page should now be
displayed.
Screenshot 6: Warning that the page you requested was blocked by GFI WebMonitor
If the warning above is displayed, then your GFI WebMonitor installation is working correctly!
You can now remove the URL from the Blacklist policy.
GFI WebMonitor
2 Installing GFI WebMonitor | 21
2.9 Using the Settings Importer tool
The Settings Importer Tool helps you import GFI WebMonitor settings from one server to another. The tool can be used
to migrate GFI WebMonitor 2013 SR1 or later versions. For example, you can use this tool to import settings configured on
a machine with GFI WebMonitor 2015 to a new machine on which you have the latest GFI WebMonitor installed.
NOTE
The Settings Importer Tool is available in GFI WebMonitor 2015 SR2 and later.
There are two versions of the Settings Importer Tool. The command line version of the tool is located in the GFI
WebMonitor installation folder. The default path is C:\Program
Files\GFI\WebMonitor\Interface\Bin\WebMon.SettingsImporterTool.exe. For more
information on how to use this tool refer to the following article: http://go.gfi.com/?pageid=webmon_
settingsimporttool.
1. From C:\Program Files\GFI\WebMonitor\Interface\Bin\ locate and double click
WebMon.SettingsImporterTool.exe.
2. Select from the following options:
OPTION
DESCRIPTION
Export settings to a
chosen file/folder
Select this option to back up settings of current GFI WebMonitor installation. Settings can be exported to a
file or to a destination folder.
Import settings from
a file
Select this option to import GFI WebMonitor settings from a file to current GFI WebMonitor installation.
Applicable for GFI WebMonitor 2015 SR2 and later versions.
Import settings from
a folder
Select this option to import GFI WebMonitor settings from a folder into your current GFI WebMonitor
installation. Applicable for GFI WebMonitor 2013 SR1 and later versions.
2.9.1 Export settings to a chosen file/folder
To export settings to a file or folder:
1. In the GFI WebMonitor Settings Import Tool, select Export settings to a chosen file/folder and click Next .
2. Select one of the following options:
OPTION
DESCRIPTION
Use the settings from the current GFI
WebMonitor installation
When selecting this option, the wizard automatically selects the default settings
folder for export.
Select custom settings folder
Select this option to use an external settings folder. Click Choose source to browse
and locate the desired folder.
3. Click Next .
4. Click Choose destination folder and provide the path where the settings file will be saved.
5. Select one of the following Export options:
OPTION
DESCRIPTION
Use pre-defined file
name
Select this option to use the filename created automatically by the wizard.
Use custom file name
Select this option to provide a custom name for the exported file.
Export to folder
Select this option to export settings to a folder. The wizard creates a folder called Data and a PAC File
called proxypac.pac.
GFI WebMonitor
2 Installing GFI WebMonitor | 22
6. Click Next .
7. Review the Summary and use the link to open the export location.
8. Click Close.
2.9.2 Import settings from a file
To import settings from a file for GFI WebMonitor 2015 SR2 and later versions:
1. In the GFI WebMonitor Settings Import Tool, select Import settings from a file and click Next .
2. Click Choose source and select the file that contains the settings to import.
3. Click Next .
4. Select the settings to import or check the All Settings checkbox to select them all. Click Next .
5. Click Choose destination folder to change the default location where to save the settings. The default path is set
to: C:\Program Files\GFI\WebMonitor. Click Next .
6. View the summary and click Finish to start the import.
7. When the import is complete, select one of the following options:
OPTION
DESCRIPTION
Click here to browse
import location
Click to open the location where the settings have been saved.
Click here to restart
WebMonitor services
If you have chosen to use the default destination folder in Step 5, GFI WebMonitor services need to be
restarted after the import is ready. Click this link to let the wizard restart the services.
8. Click Close.
2.9.3 Import settings from a folder
To import settings from a folder for GFI WebMonitor 2013 SR1 and later versions:
1. In the GFI WebMonitor Settings Import Tool, select Import settings from folder and click Next .
2. Click Choose source and select the folder that contains the settings to import.
3. Click Next .
4. Select the settings to import or check the All Settings checkbox to select them all. Click Next .
5. Click Choose destination folder to change the default location where to save the settings. The default path is set
to: C:\Program Files\GFI\WebMonitor. Click Next .
6. View the summary and click Finish to start the import.
7. When the import is complete, select one of the following options:
OPTION
DESCRIPTION
Click here to browse
import location
Click to open the location where the settings have been saved.
Click here to restart
WebMonitor services
If you have chosen to use the default destination folder in Step 5, GFI WebMonitor services need to be
restarted after the import is ready. Click this link to let the wizard restart the services.
8. Click Close.
GFI WebMonitor
2 Installing GFI WebMonitor | 23
2.10 Installing GFI WebMonitor in parallel with Microsoft Forefront TMG
GFI WebMonitor 2015 SR3 and later editions can be installed on the same machine where Microsoft Forefront TMG is
running.
GFI WebMonitor should be installed in parallel with Microsoft Forefront TMG when you want to keep Microsoft Forefront
TMG as a firewall and use the same machine to perform web filtering by GFI WebMonitor. This setup also provides an
alternative when it is not possible to add another dedicated machine in the network just for GFI WebMonitor.
NOTE
GFI WebMonitor cannot be deployed in Transparent Proxy mode when installed on machines where Microsoft
Forefront TMG is running. For more information, refer to Configuring Transparent Proxy (page 34).
Microsoft Forefront Threat Management Gateway (Microsoft Forefront TMG), is a web gateway solution designed to
protect users from web-based threats.
In environments where there is already GFI WebMonitor 2013 installed with Microsoft Forefront TMG, it is possible to
upgrade to GFI WebMonitor 2015. Otherwise, a fresh install of GFI WebMonitor 2015 is possible.
2.10.1 What is the difference between GFI WebMonitor 2013 and 2015 in a Microsoft Forefront
TMG environment?
While GFI WebMonitor 2013 was a plugin for Microsoft Forefront TMG and depended on Microsoft Forefront TMG for all
proxy functions, authentication process and https scanning, GFI WebMonitor 2015 installs the GFI proxy service in
parallel with the Microsoft Forefront TMG. This eliminates all dependence on Microsoft Forefront TMG for proxy,
authentication and https scanning functions.
With GFI WebMonitor 2015, traffic is captured directly by the GFI WebMonitor proxy and only this traffic is monitored or
controlled by GFI WebMonitor. Client machines need to be configured in order to pass through the GFI Proxy when
connecting to the Internet.
Upgrading to the new GFI WebMonitor 2015 SR3 on Microsoft Forefront TMG machines is recommended to benefit
from new features such as application control, new policy system, enhanced real time traffic reporting, WebInsights and
increased overall performance.
2.10.2 System requirements:
Minimum hardware requirements for x64 architectures:
OPTION
DESCRIPTION
Processor
2.0 GHz (multi-core highly recommended)
RAM
8 GB
Hard disk
12 GB of available disk space
Supported Operating Systems
Windows 2008 x64 and Windows 2008 R2
Other required components
Microsoft Forefront TMG firewall needs to be installed. (ISA version – 32bit is not supported).
NOTE
Allocation of hard disk space depends on your environment. The size specified in the requirements is the minimum
required to install and use GFI WebMonitor. The recommended size is from 150-250GB.
GFI WebMonitor
2 Installing GFI WebMonitor | 24
2.10.3 Upgrading from a previous GFI WebMonitor 2013 for TMG installation
Upgrades from the following editions are officially supported:
GFI WebMonitor 2013 SR1 TMG edition (build 20130910)
GFI WebMonitor 2012 R2 SR TMG edition (build 20121029).
NOTE
For different Microsoft Forefront TMG builds, we strongly recommend to perform an upgrade to GFI WebMonitor
2013 SR1 build first and then upgrade to GFI WebMonitor 2015 SR3 or later.
During the upgrade, the previously defined GFI WebMonitor configuration is retained and converted to the new format.
After the upgrade process is complete, the Configuration Wizard guides the user in setting up the most important
settings. The proxy related settings will contain pre-configured values if no such setting is detected from previous
installations. The proxy listening port is set to 8081 instead of the default port of 8080, in order to avoid conflict with
Microsoft Forefront TMG’s proxy.
2.10.4 Clean GFI WebMonitor 2015 installation on a Microsoft Forefront TMG server
In environments where there was no previous GFI WebMonitor installation, you can install the product by performing an
installation process similar to the regular GFI WebMonitor Proxy edition installations.
The proxy listening port is set to 8081 instead of the default port of 8080, in order to avoid conflict with Microsoft
Forefront TMG’s proxy.
2.10.5 Installing or upgrading to GFI WebMonitor 2015
Run the installer to install or upgrade GFI WebMonitor. For more information, refer to Installing GFI WebMonitor (page
15).
The installation process is similar to the regular GFI WebMonitor Proxy edition installation with an additional step that
notifies the administrator if the GFI WebMonitor installer detects a Microsoft Forefront TMG instance on the machine.
After installation or upgrade is complete, client machines need to be configured to use the GFI WebMonitor 2015 as
proxy instead of the Microsoft Forefront TMG. This can be done either by configuring every client browser manually, or
via GPO or by enabling WPAD.
For more information, refer to the following sections:
Configuring Proxy settings via GPO in Microsoft Server 2008
Manually configure Internet Browsers to use a Proxy Server
Configuring WPAD
NOTE
If GFI WebMonitor proxy is published on the network via WPAD, Microsoft Forefront TMG firewall’s WPAD server
needs to be de-activated in order to ensure all traffic is passing through the GFI WebMonitor proxy.
Important notes:
Once the setup is complete and client machines point to GFI WebMonitor, Internet traffic generated by these
machines is captured by the GFI proxy and only this traffic is monitored or controlled by GFI WebMonitor. The Microsoft
Forefront TMG firewall can still capture traffic via its own proxy or in transparent mode; however this traffic will not be
seen by GFI WebMonitor.
GFI WebMonitor
2 Installing GFI WebMonitor | 25
Previous GFI WebMonitor rules on the Microsoft Forefront TMG firewall configuration are no longer in effect and
they can be disabled or deleted.
Microsoft Forefront TMG firewall remains operational and the GFI WebMonitor proxy works in parallel with the fol
lowing Microsoft Forefront TMG operation modes:
Single Network Adapter - Microsoft Forefront TMG with one network adapter connected to the Internal net
work or to a Perimeter network.
Edge Firewall - Microsoft Forefront TMG located at the network edge, acting as an edge firewall and con
nected to two networks: the internal network and the external network (usually the Internet).
3-Leg Perimeter - Microsoft Forefront TMG deployed at the edge of the network, connected to the Internal
network, the Perimeter network and the Internet.
Back Firewall - Microsoft Forefront TMG deployed at the edge of the network, connected to the Internal net
work and the Perimeter network.
2.11 Upgrading from previous versions
The current version of GFI WebMonitor includes a number of new features aimed at making web monitoring and
filtering an easier job for you, with improved user experience and performance.
GFI WebMonitor can be upgraded from version 2013 SR1 and later to the current version.
NOTE
For versions older than 2013 SR1 we recommend to first upgrade to GFI WebMonitor 2013 SR1 and then to the
current version.
With a few exceptions, existing settings, policies, some alerts and reports are imported automatically into GFI WebMonitor
2015 and later versions during the upgrade process. The table below lists the exceptions and other important changes:
FEATURE
DESCRIPTION
Policies
The upgrade process imports existing policies to GFI WebMonitor 2015 and later version of the product. However, the
list of policies will be different.
Web Filtering policies – for a WebFiltering policy 2013 that has both block and warn actions set, after the upgrade
there will be two corresponding policies:
WebFiltering policy 2013 - block - this will contain the blocked categories, the sites from Always Blocked
section and the Reputation Index.
WebFiltering policy 2013 - warn - this will have Warn action and the corresponding categories.
Both policies will have the settings that were configured in the previous version: Notification, Logging
enabled and Schedule. The policy with Block action has the higher priority.
Web Browsing policies – existing web browsing policies are imported with the same settings.
Web Security policies – for an existing Web security policy that has both block and warn actions set, after the
upgrade there will be two new corresponding policies. Additionally, if in the existing policy there are file types with
download window enabled and others that do not, after the upgrade these will be separated into two policies, one
with AV Scanning and Download Window enabled and one with only AV Scanning.
Streaming Media and Instant Messaging – Existing Streaming Media and Instant Messaging polices will be impor
ted into a new policy with Block action and corresponding applications added.
ThreatTrack and AntiPhishing – If at least one of these features was enabled in the previous version, a new policy with
Block action and URL Scanning enabled is added after the upgrade. Since ThreatTrack and AntiPhishing are no longer
separated GFI WebMonitor 2015 and later versions, both features will be enabled.
NOTE
GFI WebMonitor 2013 had an advanced setting that allowed the user to set a condition on multiple categories with
AND operator between them. This is not imported.
GFI WebMonitor
2 Installing GFI WebMonitor | 26
FEATURE
DESCRIPTION
Activity
Logging
The Activity Logging settings in GFI WebMonitor 2015 and later versions are different than previous versions. This
feature is now integrated in the new policy builder, using the Logging element. Therefore, if your current installation
contains Activity Logging policies please note that no corresponding policy is added after the upgrade.
Alerts
In previous versions, Monitor, Bandwidth and Security Alerts could be set up from a separate location to apply to all
policies. In GFI WebMonitor 2015 and later versions these are now configured per policy using the Log Alert element.
The upgrade process can import some existing alerts with a few exceptions as detailed below:
Existing Monitoring Alerts that were set for Sites Accessed will be imported into new policies with Monitor action.
However, alerts for Warning Bypassed and Sites Blocked are not imported.
Existing Security Alerts are not imported.
Bandwidth Alerts that were set for All Users cannot be imported. All other bandwidth alerts are imported into
new policies with a Monitor action.
Reports
The following reports cannot be imported into GFI WebMonitor 2015 and later versions:
Bandwidth - Download Only
Bandwidth - Upload Only
Activity - Filtered Only by Type
Bandwidth Usage Trends - Downloads
Bandwidth Usage Trends - Uploads
Bandwidth - Non productive traffic
Upgrade procedure
The upgrade procedure is similar to the installation procedure. Refer to the installation topic for more information.
Before upgrading, ensure you have the latest version of GFI WebMonitor. This can be downloaded from
http://go.gfi.com/?pageid=WebMon_Download.
NOTE
If installing a new version of GFI WebMonitor on a different infrastructure, it is recommended to uninstall the
previous version before installing the new one.
2.11.1 Uninstall information
To uninstall GFI WebMonitor:
1. Click Start > Control Panel > Programs > Programs and Features.
2. Select GFI WebMonitor from the list, and click Uninstall.
3. When Are you sure you want to uninstall GFI WebMonitor? appears, click Yes.
4. On completion, click Finish.
GFI WebMonitor
2 Installing GFI WebMonitor | 27
3 Configuring
The following topics contain information on how to configure your GFI WebMonitor deployment to your needs and
requirements:
3.1 Configuring Core Settings
The Core Settings ensure that your GFI WebMonitor installation is properly configured to start monitoring Internet traffic
on your network. After installation is complete, the Configuration Wizard helps you configure the following settings to
start achieving results immediately:
OPTION
DESCRIPTION
Configure con
nection set
tings
Choose your Network Mode depending on your current network setup. Establish a connection between your
internal network and the Internet through the GFI WebMonitor server.
Enable Trans
parent Proxy
Enable Transparent Proxy to monitor and control HTTP and HTTPS traffic transparently. When a user makes a
request to a web server, the Transparent Proxy intercepts the request to deliver the requested content. When GFI
WebMonitor is deployed in this mode, you do not need to set client browser settings to point to a specific proxy.
IMPORTANT
Ensure that GFI WebMonitor is running in Gateway mode. Transparent Proxy cannot work in Simple Proxy
mode.
Enter your
License key
Key in a valid license to use GFI WebMonitor. This can either be a trial license or a regular license key obtained on
renewal.
Configure
HTTPS Scan
ning
Configure HTTPS scanning to monitor and block encrypted traffic.
Set up the
Database
Configure the database to use with GFI WebMonitor where collected data is stored. Use the Firebird database
only during the evaluation period. It is highly recommended to switch to a Microsoft SQL Server based database
for live systems.
Define Admin
Credentials
Key in the admin credentials required by the GFI WebMonitor services to control internal security engines, man
age updates, send notifications and control data displayed in the User Interface. The GFI WebMonitor services are
Windows services installed automatically during installation and require administrative privileges to operate.
Setup Email
notification set
tings
Provide the email addresses required by GFI WebMonitor to send messages containing information related to
tasks such as auto-updates and licensing issues.
Configuring
Internet
Browsers to
use a Proxy
Server
If you have not configured WPAD or Transparent Proxy, ensure that proxy settings of client machines are con
figured to use GFI WebMonitor as the default proxy. This ensures that Internet traffic is routed through GFI
WebMonitor.
IMPORTANT
Ensure that by enabling HTTPS Scanning you are not violating any laws in your jurisdiction or any compliance
regulations for your industry.
NOTE
The Configuration Wizard is launched automatically after installing GFI WebMonitor or manually from the Settings
menu.
GFI WebMonitor
3 Configuring | 28
3.1.1 Connection Settings
Select how GFI WebMonitor is configured within your network and configure the connection between your internal
network and the Internet through the GFI WebMonitor server.
NOTE
The Configuration Wizard is launched automatically after installing GFI WebMonitor or manually from the Settings
menu.
1. Go to Settings > Core Settings > Connection Settings.
2. In the Network Mode area, select one of the following options:
MODE
DESCRIPTION
Simple
Proxy
mode
Select Simple Proxy mode if you want to route client HTTP traffic through GFI WebMonitor and non-HTTP traffic
through a separate router. This setup requires an Internet facing router with port blocking and traffic forwarding cap
abilities.
Gateway
mode
Deploy GFI WebMonitor in Gateway mode if you are installing the application on a server that is configured as an Inter
net gateway. All outbound and inbound client traffic (HTTP and non-HTTP) is routed through GFI WebMonitor. When
GFI WebMonitor is deployed in this mode, you can enable Transparent Proxy, eliminating the need to set client
browser settings to point to a specific proxy. For more information, refer to Configuring Transparent Proxy (page 34).
In par
allel with
Microsoft
Forefront
TMG
GFI WebMonitor 2015 SR3 and later editions can be installed in parallel with Microsoft Forefront TMG on the same
machine where Microsoft Forefront TMG is running. Use this setup when you want to keep Microsoft Forefront TMG as a
firewall and use the same machine to perform web filtering by GFI WebMonitor. This setup also provides an alternative
when it is not possible to add another dedicated machine in the network just for GFI WebMonitor.
If you selected Simple Proxy mode, configure the following settings:
OPTION
DESCRIPTION
Listen on all network
interfaces
Configure GFI WebMonitor to listen for incoming HTTP and HTTPS requests on all available network inter
face cards.
Proxy Server
In the Proxy Server field, enter the IP address of the computer where GFI WebMonitor is installed.
Port
In the Port field, enter the port number used by GFI WebMonitor to listen to traffic (Default is 8080).
Use WPAD
[Optional] Enable Use WPAD if you want to use Web Proxy Auto-Discovery to enable client computers to
automatically detect the GFI WebMonitor server.
Repeat WPAD detec
tion
Click to enable GFI WebMonitor to search for available WPAD servers on your network.
Proxy Authentication
Configure the authentication method used when client machines are validated when accessing the Internet.
Chained Proxy
Connecting several proxy servers together to obtain greater anonymity. These servers act together as one
proxy server to process web requests.
If you selected Gateway mode, configure the following settings:
OPTION
DESCRIPTION
Internal Net
work card
Select a network card from the available drop-down list. GFI WebMonitor listens for incoming HTTP and HTTPS
requests on the selected network card.
IP Address
If the chosen network adapter has multiple IP addresses, select the IP address you want to use from the list.
GFI WebMonitor
3 Configuring | 29
OPTION
DESCRIPTION
Use WPAD
[Optional] Enable Use WPAD if you want to use Web Proxy Auto-Discovery to enable client computers to
automatically detect the GFI WebMonitor server.
Repeat WPAD
detection
Click to enable GFI WebMonitor to search for available WPAD servers on your network.
Proxy Authentic
ation
Configure the authentication method used when client machines are validated when accessing the Internet.
Chained Proxy
Connecting several proxy servers together to obtain greater anonymity. These servers act together as one proxy
server to process web requests.
3. Click Next .
3.1.2 Network Interface Configuration
GFI WebMonitor must be configured to listen for incoming HTTP and HTTPS requests originating from client computers
on the internal network. You can configure GFI WebMonitor to listen on a specific network card or to listen on all
network cards installed on the server.
NOTE
The Configuration Wizard is launched automatically after installing GFI WebMonitor or manually from the Settings
menu.
To configure GFI WebMonitor to listen for incoming HTTP and HTTPS requests:
1. Go to Settings > Core Settings > Connection Settings.
2. Select from the following options:
OPTION
DESCRIPTION
Proxy Server
Key in the IP Address of the internal facing network card that will listen to traffic from client computers.
Port
Specify the port number on which the internal facing network card will listen to requests.
Listen on all network
interfaces
If you want GFI WebMonitor to listen for incoming requests on all available network cards, click Show
Advanced Options. Click the switch to enable.
3.1.3 Configuring WPAD
The Web Proxy Auto Discovery (WPAD) is an Internet protocol supported by all major Internet browsers. It enables client
web browsers to automatically retrieve proxy settings from a WPAD data file stored on a machine on your network.
WPAD is a convenient way for administrators to configure client machines to use the GFI WebMonitor machine as a proxy
server without having to supply settings manually or via Active Directory Group Policies. When this feature is enabled and
the Internet browser connection settings are configured to 'Automatically Detect Settings', each client machine will
automatically determine the IP address of the GFI WebMonitor server and use it as a proxy without further configuration.
WPAD is particularly useful when you want to configure roaming devices such as laptops and tablets to use GFI
WebMonitor as the proxy server when they are in the office.
NOTE
For client Internet browsers to use WPAD, these must be configured to automatically detect proxy settings. For more
information, refer to Configure Internet browser for WPAD (page 31).
When GFI WebMonitor is installed the first time, it tries to detect available WPAD servers. Discovered WPAD servers are
listed in an information window.
GFI WebMonitor
3 Configuring | 30
To enable WPAD:
1. Go to Core Settings > Connection Settings.
2. Locate Use WPAD switch. Click ON to enable.
NOTE
If GFI WebMonitor does not discover any WPAD Servers on your network, this option is disabled. Click Repeat
WPAD detection to check for available servers.
3. A warning is displayed informing you that by enabling WPAD, server information is updated that might create net
work conflicts. These conflicts may arise when you have multiple GFI WebMonitor installations within the same network.
Click Proceed to continue.
4. Select one of the following options:
OPTION
DESCRIPTION
Publish the IP of the GFI WebMonitor proxy in WPAD
Select to include the GFI WebMonitor IP address in the WPAD.dat
file.
Publish the host name of the GFI WebMonitor proxy in
WPAD
Select to include the GFI WebMonitor host name in the WPAD.dat
file.
5. Click Next .
3.1.4 Configure Internet browser for WPAD
After enabling WPAD in GFI WebMonitor, ensure that the updated Internet settings are automatically detected by a
client browser:
1. On the client machine, go to Control Panel and select Internet Options.
2. Click the Connections tab.
3. Click LAN settings.
4. Check Automatically detect settings checkbox.
GFI WebMonitor
3 Configuring | 31
Screenshot 7: Configuring Automatically detect settings
5. Close LAN Settings dialog.
6. Click OK to close Internet Options dialog.
7. Restart Internet browser to refresh settings.
NOTE
WPAD is supported by all major Internet browsers.
3.1.5 Configuring Proxy Authentication Method
Proxy Authentication enables you to configure the authentication method used by the proxy. This determines how
client machines are validated when accessing the Internet. Proxy Authentication must be enabled to be able to create
new polices for users or groups. By default, Proxy Authentication is disabled. When Proxy Authentication is disabled, you
are only allowed to configure new policies using IP addresses.
For enhanced security we recommend using Integrated Authentication. This method is more secure since unlike Basic
Authentication it does not transmit user credentials over the network.
GFI WebMonitor
3 Configuring | 32
NOTE
The Configuration Wizard is launched automatically after installing GFI WebMonitor or manually from the Settings
menu.
To configure user authentication method:
1. Go to Core Settings > Connection Settings.
2. Click the Proxy Authentication switch to enable.
3. In the Proxy Authentication area, select one of the following options:
Option 1: Leave Proxy Authentication off if the user is not required to provide login credentials when new Internet
sessions are launched.
Option 2: If proxy authentication is required, select one of the following options:
OPTION
DESCRIPTION
Basic authen
tication
Select if user is required to provide login credentials when new Internet sessions are launched. When using Basic
authentication, the browser prompts the user for a user name and password. This information is transmitted across
HTTP as plain text and considered insecure.
Integrated
authentication
(Recommended) This option enables GFI WebMonitor proxy to authenticate users by using the client machine
access control service. User is not prompted to provide login credentials when new Internet sessions are launched.
We recommend using Integrated authentication in a Windows domain environment since this method of
authentication does not transmit user passwords across the network.
NOTE
Integrated authentication is disabled if the GFI WebMonitor machine authenticates local users as Guest. The
Guest only network access model grants all users the same level of access to system resources and so GFI
WebMonitor proxy will not be able to differentiate between the different users using a client machine.
4. [Optional] In the IP's that will bypass the authentication field, key in IP addresses to exclude from proxy authen
tication. IP addresses specified in this field will not be prompted to provide login credentials when new Internet ses
sions are launched.
3.1.6 Authentication Test (in Real-Time)
Try browsing to http://www.youtube.com and open a video of considerable length (more than 10 minutes should be
enough). If you have chosen Basic Authentication you are prompted for a username and password. Enter the
credentials you used to log onto the machine you are using, then you should be able to proceed.
If you go to Dashboards > Real-Time Traffic you should see the connection to http://www.youtube.com listed. Other
details include the IP of the test machine and your user name, status of traffic and size of download.
Real-Time Bandwidth Chart
If you now switch from Active Connections to Bandwidth you will see a real time graph of bandwidth being used at
that point in time. The more connections you open, the higher the graph will climb.
3.1.7 Blocking Test by Username
With GFI WebMonitor configured to use Basic Authentication, repeat the blocking test previously carried out, but this
time use the logged on user credentials. The outcome of this test will confirm that policies are being applied by
username.
1. Go to Manage > Policies and create a new Policy.
2. In Policy Name field, enter Authentication Test .
GFI WebMonitor
3 Configuring | 33
3. In Policy Description, enter a description.
3. Change the Allow, Block, Warn, Monitor element to Block.
4. From the left sidebar, add the Websites element.
5. Locate and insert the Social Network category to block social networking websites (for blocking test purposes).
6. Insert the Users, Groups, IPs and insert the username currently logged on the machine.
7. Click Save to apply the changes.
8. Go back to your browser and open http://www.linkedin.com/. The GFI WebMonitor blocking page should now be
displayed. Note that this time the label Breached Policy has changed to 'Authentication Test'.
If the warning is displayed, then GFI WebMonitor is working correctly!
If the block did not work, make sure you have entered all details correctly, and that you have saved changes to the policy.
Try closing and re-opening the browser, and check the Real-Time Traffic dashboard in the GFI WebMonitor interface to
ensure that traffic is being routed through the proxy correctly. If you see the request with the IP, this means that you
have not forced authentication correctly and you should use IPs for your policies. If you see a different username, you
need to enter this username in the policy.
If you don’t manage to get this part working you should contact our support team so that we can help you to
troubleshoot your installation.
3.1.8 Configuring Chained Proxy
Proxy Chaining is a method of connecting several proxy servers together to obtain greater anonymity. These servers act
together as one proxy server to process web requests.
Client machines can be configured to forward web traffic to the GFI WebMonitor server. Additionally, the GFI
WebMonitor server forwards the filtered traffic to a proxy server.
NOTE
The Configuration Wizard is launched automatically after installing GFI WebMonitor or manually from the Settings
menu.
To configure GFI WebMonitor to forward web traffic to another proxy machine:
1. Go to Settings > Core Settings > Connection Settings.
2. Click the Chained Proxy switch to turn on and enable GFI WebMonitor to route traffic to another proxy server.
3. In the Proxy Server field, key in the IP address
4. In the Port field, key in the port number (default 8080).
5. [Optional] If proxy authentication requires alternate credentials, click Alternative Credentials and key in the required
credentials in the Username and Password fields.
NOTE
If no credentials are keyed in, the default user credentials are used.
6. [Optional] Click Test Proxy Chaining to test the connection between GFI WebMonitor machine and proxy server.
3.1.9 Configuring Transparent Proxy
When configured as a Transparent Proxy, GFI WebMonitor acts as an intermediary between client machines and web
servers to monitor and control HTTP and HTTPS traffic transparently. When a user makes a request to a web server, the
GFI WebMonitor
3 Configuring | 34
Transparent Proxy intercepts the request to deliver the requested content. When GFI WebMonitor is deployed in this
mode, you do not need to set client browser settings to point to a specific proxy.
NOTE
Transparent Proxy can filter only HTTP (TCP port 80) and HTTPS (TCP port 443) traffic.
System Requirements and environment considerations
TYPE
SOFTWARE REQUIREMENTS (x64 Editions only)
Supported
Operating
Systems
Transparent Proxy can be enabled on servers running the following operating systems:
Windows® Server 2008 R2
Windows® Server 2012 (Including R2)
Windows® 7 SR3
Windows® 8.1
NOTE
Ensure the Operating System is up-to-date with all windows updates installed.
Ports
By default, Transparent Proxy uses port 8082. Ensure that the listening port does not conflict with other applications.
When the port is changed the proxy is restarted and ongoing connections are terminated. Applications do not need
to be configured to connect to the transparent proxy port. The port is needed for internal operations by GFI
WebMonitor.
Gateway
Mode
Ensure that GFI WebMonitor is running in Gateway mode. Transparent Proxy cannot work in Simple Proxy mode. For
more information, refer to Deployment in an Internet Gateway environment (page 10).
Microsoft
TMG fire
wall and
Transparent
Proxy
Transparent proxy is not compatible with Microsoft Forefront TMG.
Proxy Chain
ing
Transparent proxy cannot be enabled if Proxy Chaining is already used, because of possible conflicts. For more inform
ation, refer to Configuring Chained Proxy (page 34).
Network
address
translation
(NAT)
Ensure Network address translation (NAT) is disabled on the GFI WebMonitor server for transparent proxy to work.
Network address translation (NAT) modifies network address information in HTTP and HTTPS traffic.
NOTE
Certain restrictions may apply on transparent proxy usage depending on the network topology. Configuration
changes might be needed on the network to enable transparent mode.
How it works
Transparent Proxy can work in parallel with the regular proxy. HTTP and HTTPS traffic originating from client machines
that are not set to explicitly point to GFI WebMonitor (manually or through WPAD) is captured by the transparent proxy
once this functionality is enabled.
GFI WebMonitor
3 Configuring | 35
Screenshot 8: How Transparent Proxy works
When a user makes a request, the GFI WebMonitor Transparent Proxy intercepts the request even if the client machine
has no configured proxy. If the requested content is allowed by GFI WebMonitor, the Transparent Proxy delivers it to the
destination.
3.1.10 Enabling Transparent Proxy
To enable Transparent Proxy:
1. Go to Core Settings > Transparent settings.
2. Click the Enable Transparent Proxy switch to enable.
3. Configure the following options:
OPTION
DESCRIPTION
Port
Specify the port number on which the internal facing network card will listen to requests. The default port is
8082.
IMPORTANT
Ensure that the listening port does not conflict with other applications. When the port is changed the proxy is
restarted and ongoing connections are terminated.
Save and Test
Transparent
Proxy
Use the Save and Test Transparent Proxy button to check if the transparent proxy is operational.
Use general
proxy authen
tication set
tings
By default, Transparent Proxy inherits the authentication settings from the regular proxy set from Connection
Settings > Proxy Authentication. For more information, refer to Configuring Proxy Authentication Method (page
32).
To override the regular authentication settings, uncheck this option and then set new authentication settings in
the Proxy Authentication area.
GFI WebMonitor
NOTE
The test checks if the transparent proxy driver and modules are working well and traffic generated from the GFI
WebMonitor server machine is filtered properly. It cannot guarantee that traffic coming from the internal
network gets processed properly.
3 Configuring | 36
OPTION
DESCRIPTION
Proxy
Authentication
Basic authentication - Select if user is required to provide login credentials when new Internet sessions are
launched. When using Basic authentication, the browser prompts the user for a user name and password. This
information is transmitted across HTTP as plain text and considered insecure.
Integrated authentication - (Recommended) This option enables GFI WebMonitor proxy to authenticate users
by using the client machine access control service. User is not prompted to provide login credentials when new
Internet sessions are launched. We recommend using Integrated authentication in a Windows domain envir
onment since this method of authentication does not transmit user passwords across the network.
NOTE
Integrated authentication is disabled if the GFI WebMonitor machine authenticates local users as Guest. The
Guest only network access model grants all users the same level of access to system resources and so GFI
WebMonitor proxy will not be able to differentiate between the different users using a client machine.
IPs that will
bypass the
authentication
Key in the IP addresses of machines to be excluded from authentication. Traffic from excluded IPs will not be
authenticated by GFI WebMonitor. The dashboards will display only IP addresses and not user names.
4. Click Save.
3.1.11 Testing Transparent Proxy
The GFI WebMonitor user interface provides a test button in the Transparent Proxy settings screen. Use this feature to
check if the Transparent Proxy is operational. This test checks only if the transparent proxy driver and modules are
working well and traffic generated from the GFI WebMonitor server machine is filtered properly. It cannot guarantee that
traffic coming from the internal network gets processed properly.
To test if traffic generated from the internal network is properly filtered by the Transparent Proxy, perform the following
steps:
1. Ensure the client browser is not configured to use any proxy. Also uncheck options of automatic proxy detections
within browser to avoid regular proxy usage through WPAD. For more information, refer to Configuring WPAD (page
30).
2. From the client browser try to access the following URL: whatismyproxy.com. GFI WebMonitor policies might
block the URL and in that case the GFI WebMonitor blocking page will appear. Otherwise, the opening web site should
detect that the browser is passing through the GFI Proxy. Both behaviors prove that traffic flows through GFI WebMon
itor (via transparent mode).
3. Additionally, if you have set up logging within the GFI WebMonitor policies, you can also check the Dashboards and
locate requests made by the client machine. If requests were captured and logged by the product, Transparent Proxy is
configured correctly. For more information, refer to Logging (page 74).
3.1.12 HTTPS Proxy Scanning settings
HTTPS Scanning gives GFI WebMonitor visibility into secure Internet sessions (URLs starting with https://). This feature
enables you to apply policies to this type of traffic and to scan the content for threats that may be present in these sites
and on downloaded files .
With HTTPS Proxy Scanning enabled, GFI WebMonitor can monitor and block traffic within an encrypted stream. This
includes blocking and Anti-Virus scanning of downloads within that stream. HTTPS inspection decrypts the data in the
connection coming from the client, then processes the traffic, and encrypts the traffic going to the target web server.
The actual data that is passed between source and destination is not shown because GFI WebMonitor cannot read the
encrypted contents. Only the destination web server is shown. Therefore, an administrator cannot see details of the data
sent, such as account information, usernames and passwords.
GFI WebMonitor
3 Configuring | 37
IMPORTANT
Ensure that by enabling HTTPS Scanning, you are not violating any legal and compliance regulations.
When HTTPS inspection is enabled, two secure connections are started for each HTTPS session; one between the web
server and the GFI WebMonitor Proxy and one between the GFI WebMonitor Proxy and the client browser.
NOTE
When HTTPS Scanning is not enabled, GFI WebMonitor allows users to browse HTTPS websites without decrypting
and inspecting their contents.
GFI WebMonitor needs a valid certificate for these two secure connections to be established. The Internet browser must
verify that the certificate is signed by a trusted Certification Authority (CA). This means that for your client machines to be
able to access HTTPS sites, they need to trust the certificate used by GFI WebMonitor to sign certificates.
CA certificates trusted by Windows machines are stored in the 'Trusted Root Certification Authorities' certificate store.
Export the certificate from your GFI WebMonitor and deploy it on client machines manually or through Group Policy in
an Active Directory domain environment.
The following topics will guide you through the steps required to:
Configure HTTPS Proxy Settings
Create a new HTTPS Scanning certificate
Import an existing HTTPS Scanning certificate
Export an HTTPS Scanning certificate
Deploy an HTTPS Inspection Certificate Manually
Deploy an HTTPS Inspection Certificate Using GPO
NOTE
It is recommended that any HTTPS website that would be inappropriate for GFI WebMonitor to decrypt and inspect
is added to the HTTPS scanning exclusion list. For more information refer to Adding Items to the HTTPS Scanning
Exclusion List .
3.1.13 Configuring HTTPS Proxy settings
Enable HTTPS Scanning to monitor and block traffic within encrypted streams (URLs starting with https://). This prevents
threats from malicious content that may be present in HTTPS sites or downloads. GFI WebMonitor does not read or
display any encrypted contents.
To configure HTTPS Scanning settings:
1. Go to Settings > Core Settings > HTTPS Scanning.
Screenshot 9: Enable HTTPS Scanning
GFI WebMonitor
3 Configuring | 38
2. Click the HTTPS Scanning switch to turn on.
Screenshot 10: Information related to active certificate
3. In the Current Certificate area, view relevant information of the currently used certificate. GFI WebMonitor needs a
valid certificate to inspect HTTPS traffic. If no certificate is currently enabled, consult the following sections that show you
how to work with certificates:
Creating a new HTTPS Scanning certificate
Import an existing HTTPS Scanning certificate
Export an HTTPS Scanning certificate
Screenshot 11: Configure advanced HTTPS options
GFI WebMonitor
3 Configuring | 39
4. Click the Display Warning switch to display a warning page to users before GFI WebMonitor starts decrypting and
inspecting HTTPS traffic.
5. Click the Block Non-Validated switch to start blocking HTTPS websites with certificates that are not yet validated.
6. Click the Block Expired switch to block pages that contain expired certificates.
7. Use the Accept up to 'x' days after expiry field to accept websites whose certificate has expired by a number of days.
8. Click the Block Revoked switch to block websites with revoked certificates.
IMPORTANT
Ensure that by enabling HTTPS Scanning, you are not violating any legal and compliance regulations.
NOTE
It is recommended that any HTTPS website that would be inappropriate for GFI WebMonitor to decrypt and inspect
is added to the HTTPS scanning exclusion list. For more information refer to Adding Items to the HTTPS Scanning
Exclusion List .
3.1.14 Creating a new HTTPS Scanning certificate
After decrypting HTTPS websites, GFI WebMonitor can re-encrypt these websites for secure transmission to the client
browser. To perform these actions, GFI WebMonitor requires a valid certificate signed by a trusted Certification Authority
(CA). You can import an existing certificate or create a new certificate in GFI WebMonitor by performing the following
steps:
NOTE
When the certificate expires, browsing of HTTPS websites is not allowed. Renew, export and deploy the certificate
again to client computers.
To create a new certificate:
1. Go to Settings > Core Settings > HTTPS Scanning.
2. In the Current Certificate area, click Create Certificate.
3. In the Certificate Name field, type a name for the certificate.
4. Set the expiration date and click Create.
3.1.15 Importing an HTTPS Scanning certificate
To import an existing HTTPS Scanning certificate:
1. Go to Settings > Core Settings > HTTPS Scanning.
2. In the Current Certificate area, click Import Certificate.
3. Click Browse and locate the certificate you want to import.
4. Click Import .
5. If the certificate you are importing is password protected, key in the required password.
3.1.16 Exporting an HTTPS Scanning Certificate
A created or imported certificate can be exported from GFI WebMonitor in the following file formats:
GFI WebMonitor
3 Configuring | 40
FILE FORMAT
DESCRIPTION
Personal Information
Exchange file format
(.pfx)
Contains the certificate data and its public and private keys. Required by GFI WebMonitor proxy to reencrypt inspected HTTPS traffic. Ideal for backing up the certificate and its keys.
Certificate file format
(.cer)
Contains the certificate data but not its private key. Ideal for deploying the certificate as a trusted cer
tificate to the client computer.
NOTE
Keep the private key of the certificate safe to avoid unauthorized generation of trusted certificates.
To export an existing certificate:
1. Go to Settings > Core Settings > HTTPS Scanning.
2. In the Current Certificate area, click Export as .cer or Export as .pfx as required.
3. Specify the destination path of the certificate.
NOTE
It is recommended that when the certificate is not issued by a trusted Certificate Authority, it is exported from GFI
WebMonitor and deployed to the client computers as a trusted certificate. For more information on how to deploy a
certificate to client computers, refer to: http://go.gfi.com/?pageid=WebMon_HTTPSInspectionCertificate
3.1.17 Deploy the HTTPS Inspection certificate via GPO
For your client machines to access HTTPS sites, a trusted HTTPS Inspection certificate needs to be deployed on client
computers. Use the Export Certificate functionality to save the certificate to disk, then deploy your certificate to multiple
computers using Active Directory Domain Services and a Group Policy object (GPO). A GPO can contain multiple
configuration options, and is applied to all computers that are within the scope of the GPO.
NOTE
To complete this procedure you need Domain Administrator rights.
To deploy a certificate by using GPO:
1. Open Group Policy Management Console.
2. Find an existing or create a new GPO to contain the certificate settings. Ensure that the GPO is associated with the
domain, site, or organizational unit which users you want affected by the policy.
3. Right-click the GPO, and then select Edit . Group Policy Management Editor opens, and displays the current contents
of the policy object.
4. In the navigation pane, open Computer Configuration > Windows Settings > Security Settings > Public Key
Policies > Trusted Publishers.
5. Click the Action menu, and then click Import .
6. Follow the instructions in the Certificate Import Wizard to find and import the certificate.
7. If the certificate is self-signed, and cannot be traced back to a certificate that is in the Trusted Root Certification Author
ities certificate store, then you must also copy the certificate to that store. In the navigation pane, click Trusted Root Cer
tification Authorities, and then repeat steps 5 and 6 to install a copy of the certificate to that store.
GFI WebMonitor
3 Configuring | 41
3.1.18 Deploy the HTTPS Inspection certificate manually
For your client machines to access HTTPS sites, a trusted HTTPS Inspection certificate needs to be deployed on client
computers. Use the Export Certificate functionality to save the certificate to disk, then deploy your certificate manually as
follows:
1. Copy the exported certificate to the client machine.
2. On the client machine, go to Start > Run > mmc.exe
3. In the MMC window, select File > Add/Remove Snap-in
4. Click Add, select Certificates and click Add.
5. Select Computer Account and click Next .
6. Select Local computer and click Finish.
7. In the MMC, browse to Certificates (Local Computer) > Trusted Root Certification Authorities.
8. Right click on the node and select All Tasks > Import .
9. Locate the certificate copied in step 1 and import the certificate.
10. Leave the password field blank and proceed to the end of the wizard.
To verify that the certificate was successfully imported, open an Internet browser on the client machine and browse to
any HTTPS site. Verify that no warnings are shown.
NOTE
Some applications or browsers (such as Mozilla Firefox), might have their own custom certificate store. For such
applications the certificate will need to be imported to the certificate store separately. To import the certificate in
Firefox, perform the following steps.
1. Go to Tools > Options > Advanced > Encryption > View Certificates.
2. Click Import and select the certificate.
3. Click OK.
3.1.19 Adding Items to the HTTPS Scanning Exclusion List
When HTTPS inspection is enabled, by default this applies to all HTTPS sessions passing via the GFI WebMonitor Proxy.
Administrators may however wish to exclude some domains, users, or client IPs from having their sessions inspected. This
is achieved by adding them to the HTTPS scanning exclusion list.
IMPORTANT
Backup ProxyConfig.xml before making any changes.
Excluding Domains
1. Open ..\WebMonitor\Data\ProxyConfig.xml
2. Remove <DomainsExceptedFromHTTPSInspection /> tag
3. Add the sites exclude between a DomainsExceptedFromHTTPSInspection tag. For example:
<DomainsExceptedFromHTTPSInspection>
<string>www.domain.com</string>
<string>*.domain.com</string>
</DomainsExceptedFromHTTPSInspection >
GFI WebMonitor
3 Configuring | 42
4. Save file.
Excluding Users
1. Open ..\WebMonitor\Data\ProxyConfig.xml
2. Remove the <UsersExceptedFromHTTPSInspection /> tag
3. Add the users to be excluded between a UsersExceptedFromHTTPSInspection tag, for example:
<UsersExceptedFromHTTPSInspection>
<string>mydomain\user1</string>
<string>mydomain\user2</string>
</UsersExceptedFromHTTPSInspection>
4. Save file.
Excluding Client IPs
1. Open ..\WebMonitor\Data\ProxyConfig.xml
2. Remove the <UserIPsExceptedFromHTTPSInspection /> tag
3. Add the client IP addresses to be excluded between a UsersExceptedFromHTTPSInspection tag, for
example:
<UserIPsExceptedFromHTTPSInspection>
<string>10.0.0.11</string>
<string>10.0.0.23</string>
</UserIPsExceptedFromHTTPSInspection>
4. Save file.
NOTE
Changes are applied as soon as the file is saved.
3.1.20 Configuring Databases
GFI WebMonitor supports two types of databases that can be configured to store collected monitoring data. This data is
used to populate the dashboards and for reporting purposes by GFI WebMonitor. The supported databases are:
DATABASE
DESCRIPTION
Firebird Data
base
Firebird is the default database, embedded automatically with the installation. We highly recommend using this
database for evaluation purposes only.
Microsoft SQL
Database
GFI WebMonitor supports both Microsoft SQL Express and Microsoft SQL Server databases.
The currently configured database can be viewed from Settings > Core Settings > Database.
NOTE
The Configuration Wizard is launched automatically after installing GFI WebMonitor or manually from the Settings
menu.
To change the current database configuration refer to the following sections:
GFI WebMonitor
3 Configuring | 43
Configuring the embedded Firebird Database
Configuring Microsoft SQL Database
Create a new Microsoft SQL Database
Configuring the Embedded Database
During installation, GFI WebMonitor automatically installs a Firebird database that is used by the application as the default
database. The default path is: C:\Program Files\GFI\WebMonitor\Data\WEBMON.FDB.
IMPORTANT
It is highly recommended to use this database for evaluation purposes only.
To change the default location of the Firebird database:
1. Go to C:\Program Files\GFI\WebMonitor\Data and copy the WEBMON.FDB file.
2. Save the copied file to the new location.
3. In GFI WebMonitor, go to Settings > Core Settings > Database.
4. From Database Type, select Embedded.
5. In the Database Path field, change the path to point to the new location.
NOTE
To create a new Firebird Database, enter a new database name in the following format: <database name>.fdb
Configuring Microsoft® SQL Database
GFI WebMonitor supports both Microsoft® SQL Server Express and Microsoft® SQL Server databases.
To point GFI WebMonitor to use a previously created Microsoft® SQL Server database:
1. In GFI WebMonitor, go to Settings > Core Settings > Database.
2. From Database Type, select SQL Server.
3. In the SQL Server field, type the SQL Server instance name.
4. In the Authentication area, select one of the following:
OPTION
DESCRIPTION
Windows Authentic
ation
Select this option to use Windows® credentials when connecting to your SQL Server ®.
SQL Server Authentic
ation
If your SQL Server ® has been installed in SQL Server Authentication Mode, select this option and provide
Username and Password.
5. In the Database Name field, type the name of the database created in SQL Server®.
IMPORTANT
Ensure that the database name entered is unique, otherwise you will overwrite the existing database.
GFI WebMonitor
3 Configuring | 44
NOTE
You can create a new database from within GFI WebMonitor. For more information, refer to Creating a new
Microsoft SQL Database (page 45).
Creating a new Microsoft SQL Database
GFI WebMonitor supports both Microsoft® SQL Server Express and Microsoft® SQL Server databases.
You can create a new database from within GFI WebMonitor. To create a new database:
1. In GFI WebMonitor, go to Settings > Core Settings > Database.
2. From Database Type, select SQL Server.
3. In the SQL Server field, type the SQL Server instance name.
4. In the Authentication area, select one of the following:
OPTION
DESCRIPTION
Windows Authentic
ation
Select this option to use Windows® credentials when connecting to your SQL Server ®.
SQL Server Authentic
ation
If your SQL Server ® has been installed in SQL Server Authentication Mode, select this option and provide
Username and Password.
5. In the Database Name field, type the name of the database you want to create in SQL Server®.
3.1.21 Admin Credentials for GFI WebMonitor Services
When GFI WebMonitor is installed, the following Windows services are created:
GFI Proxy
GFI WebMonitor Core Service
An account with Administrative privileges is required by these Windows services to control internal security engines,
manage updates, notifications and User Interface. These credentials are configured after installation using the
Configuration Wizard.
IMPORTANT
We do not recommend updating the password as this change impacts GFI WebMonitor operations.
To manage the admin credentials from within the Configuration Wizard: 1. Go to Settings > Configuration Wizard.
2. Follow the wizard until you are presented with the Admin Credentials screen.
3. Use the provided fields to enter the server's Admin credentials. For example:
Admin Username: [domain name]\Administrator
Admin Password: [key in password]
4. Click Validate to have the enetered credentials validated by GFI WebMonitor.
5. Click Next and wait for GFI WebMonitor to restart the services.
GFI WebMonitor
3 Configuring | 45
NOTE
The Configuration Wizard is launched automatically after installing GFI WebMonitor or manually from the Settings
menu.
3.1.22 Updating Admin Credentials from services.msc
When GFI WebMonitor is installed, the following Windows services are created:
GFI Proxy
GFI WebMonitor Core Service
An account with Administrative privileges is required by these Windows services to control internal security engines,
manage updates, notifications and User Interface. These credentials are configured after installation using the
Configuration Wizard. For more information, refer to Using the Post-installation Configuration Wizard (page 16).
If you need to update the Admin Credentials after your GFI WebMonitor installation has been set up:
IMPORTANT
We do not recommend updating the password as this change impacts GFI WebMonitor operations.
1. On the GFI WebMonitor server, go to Start > Run and key in services.msc
2. Locate the GFI Proxy service, right-click and select Properties.
3. Go to the Log On tab and select This account .
4. Update the account name and the password.
GFI WebMonitor
3 Configuring | 46
NOTE
The account must have local administrator rights, including Log on as service rights.
5. Restart the GFI Proxy service.
6. Repeat steps 2-5 for the GFI WebMonitor Core service.
3.1.23 Configuring Email distribution settings for notifications
When distribution settings are configured, GFI WebMonitor sends email messages containing information related to
tasks such as auto-updates and licensing issues to specified email addresses.
NOTE
The Configuration Wizard is launched automatically after installing GFI WebMonitor or manually from the Settings
menu.
To manage distribution settings:
1. Go to Settings > Advanced Settings > Notifications > Settings.
2. Change any of the following options:
OPTION
DESCRIPTION
From Email
Specify the email address from which notifications are sent.
SMTP Server
Enter the name or IP of the SMTP server.
SMTP Port
Key in the port number of the SMTP server (Default 25).
Authentication
If you are using a hosted email provider, enable Authentication and provide a Username and Password to
connect to your hosted mail server and send notifications.
Enable Secure Sock
ets Layer (SSL)
If SSL is required to provide secure transmission between sender and recipients, check Enable Secure Sock
ets Layer (SSL) checkbox.
Email Recipients
Enter recipient email address and click the plus sign to add. You can key in as many recipients as required.
Verify Mail Settings
Click to send a test email and verify the mail server settings are configured correctly.
3.1.24 Configuring SMTP Settings for webmail accounts
You can set up webmail accounts as the delivery mechanism for notifications in GFI WebMonitor. The following is a list of
popular webmail providers with SMTP settings:
Provider
SMTP Server Details
Gmail
Email address from which notifications are sent. Example, [email protected]
SMTP Server: smtp.gmail.com
SMTP Port: 587
Authentication: Yes
User Name: Your email address
Password: Gmail password
Enable SSL: Yes
GFI WebMonitor
3 Configuring | 47
Provider
SMTP Server Details
Yahoo!
Email address from which notifications are sent. Example, [email protected]
SMTP Server: smtp.mail.yahoo.com
SMTP Port: 587
Authentication: Yes
User Name: Your email address
Password: Yahoo! ID password
Enable SSL: Yes
Outlook
Email address from which notifications are sent. Example, [email protected]
SMTP Server: smtp-mail.outlook.com
SMTP Port: 587
Authentication: Yes
User Name: Your email address
Password: outlook.com password
Enable SSL: Yes
3.2 Advanced Settings
After GFI WebMonitor is up and running, tweak your installation by configuring the following advanced options:
OPTION
DESCRIPTION
Licensing and sub
scription details
View information about the currently installed license. Renew or change your license.
Licensing Exclu
sion List
Set up a list of users that are always allowed access to the Internet without being monitored. Excluded users
do not consume a license.
UI Access Control
Turn Windows Authentication on or off for users defined in the configured Authorization Rules. Add new
Authorization Rules to grant limited access to users to different sections of GFI WebMonitor.
Configuring Activ
ity Logging
Configure data retention settings to enable the recording of data related to user activity. Collected data is
used by GFI WebMonitor for dashboards and reports. You can also enable/disable Anonymization; a feature that
masks user names in compliance with some countries’ data protection laws.
Configuring
Anonymization
Anonymization enables masking private user data in accordance with European privacy and data protection
laws.
Language settings
Change the language of warning messages sent to the user when GFI WebMonitor blocks user activity.
Configuring Secur
ity Engines
Configure various security technologies such as anti-virus and anti-phishing engines to protect your network.
WebGrade
updates
Configure WebGrade updates to ensure that categorization and websites and applications monitored by GFI
WebMonitor is always up to date.
System updates
Configure the frequency of GFI WebMonitor product updates.
Configuring
search engine
options
GFI WebMonitor can monitor user search queries to help identify potential risks, while also providing valuable
insight into the mindset of your users.
Enable Caching
Caching transparently stores data so that future requests for that data are served faster. Caching helps band
width optimization.
Configuring Proxy
settings on client
Internet browsers
When WPAD is not enabled, client Internet browsers need to be configured to use GFI WebMonitor as the
default proxy server. If this setting is not deployed, the client machines will by-pass GFI WebMonitor and the
Internet traffic they generate will remain undetected.
See also:
Configuring Core settings
GFI WebMonitor
3 Configuring | 48
3.3 Licensing and subscription details
A valid license key is required by GFI WebMonitor to work. When the product is installed for the first time, the
configuration wizard guides you to this area to enter the key you received when downloading the product. For more
information, refer to Licensing information (page 5).
NOTE
The Configuration Wizard is launched automatically after installing GFI WebMonitor or manually from the Settings
menu.
In GFI WebMonitor, users can be excluded from being counted against the license. For more information, refer to
Configuring a Licensing Exclusion List (page 49).
The Licensing screen provides the following information:
OPTION
DESCRIPTION
Product Ver
sion
Shows the currently installed version of GFI WebMonitor and the build number.
License Key
For a new GFI WebMonitor installation, key in your license key in this field and click Update License. For an existing
GFI WebMonitor deployment, this field displays the current license key.
NOTE
For users who wish to try out the product, an evaluation license key can be acquired from the GFI Software Ltd
website. Click register to fill in the registration form and receive your evaluation key by email.
License
Status
Defines the status of the current license, for example, whether the license key is active, expired, invalid or a trial
license.
Subscription
Shows the date of expiry of the current license.
Licensed
Seats
Displays the number of licensed users and how many are currently active on the network.
3.3.1 Updating the license
To update the current product license key:
1. Go to Settings > Advanced Settings > Licensing
2. Click Update License and enter license key.
3. Click Apply.
NOTE
To activate license key, an Internet connection must be available.
3.3.2 Configuring a Licensing Exclusion List
The Licensing Exclusion List is a feature that enables users specified in the list to be excluded from licensing. The users
in the list are still allowed full access to the Internet, but they will not be counted for licensing purposes.
NOTE
The Licensing Exclusion List feature is not available when the Configuration Wizard runs for the first time. It becomes
available after the initial setup has been completed.
GFI WebMonitor
3 Configuring | 49
To add users or IPs to the list:
1. Go to Settings > Advanced Settings > Licensing.
2. In the Licensing Exclusion List area select Users and enter a user name in the available field, or select IPs and key in
the IP number.
3. Click the Add sign.
4. Click Save.
3.4 UI Access Control
The UI Access Control node enables you to:
OPTIONS
DESCRIPTION
Use Windows Authentication to con
figure how GFI WebMonitor authen
ticates users.
When Windows Authentication is enabled, users are required to enter their credentials in
their browsers when accessing GFI WebMonitor UI. GFI WebMonitor Authentication uses Act
ive Directory Users and Groups.
Add new Authorization Rules to
grant users access to different sec
tions of GFI WebMonitor.
Users, groups or IPs listed in the configured Authorization Rules will have access to limited
views on the data so that, for example, Departmental Managers can access the Dashboards
and Reports of members of their teams.
3.4.1 Configuring Windows Authentication
When Windows Authentication is enabled, GFI WebMonitor uses Active Directory or Windows Users and Groups to
grant users access to the UI. Users are asked to enter their credentials when navigating within the GFI WebMonitor UI.
IMPORTANT
Users or groups specified in the Authorization Rules are allowed access only if their username is authenticated.
To turn Windows Authentication on or off:
1. Go to Settings > Advanced Settings > UI Access Control.
2. Click the Windows Authentication switch on or off.
3. Configure Authorization Rules to allow access to the GFI WebMonitor UI.
3.4.2 Add a New Authorization Rule
Configured Authorization Rules grant or deny access to users to different sections of GFI WebMonitor. Users, groups or
IPs listed in the configured Authorization Rules will have access to limited views on the data so that, for example,
Departmental Managers can access the Dashboards and Reports of members of their teams.
To add a new Authorization Rule:
1. Go to Settings > Advanced Settings > UI Access Control.
2. Click Add Rule.
3. Click UI Control tab.
4. In the Name field, enter a name for the new rule.
5. In the Apply Rule to area, specify the User, User Groups or IP Address, to which the rule will apply. Repeat for all
required users, groups and/or IPs.
GFI WebMonitor
3 Configuring | 50
IMPORTANT
Users or groups specified in the Authorization Rules are allowed access only if Windows Authentication is
enabled and their username is authenticated. When Windows Authentication is disabled, use IP addresses
instead. For more information, refer to Configuring Windows Authentication (page 50).
6. In the Can View Data for area, specify the User, Group or IP Address, to which the user specified in the previous step
has access to. For example, John Smith, the Marketing Manager, has access to all users in the Marketing group. Repeat
for all required users, groups and/or IPs.
7. Click Access Rights tab. Allow or Block the following:
OPTION
DESCRIPTION
View Dashboard
When enabled, user can view all GFI WebMonitor Dashboards.
View Reports
When enabled, user can access the Reports tab and generate reports.
Change Settings
When enabled, user is allowed to modify GFI WebMonitor settings.
8. Click Save.
9. New rules are displayed in the Configured Authorization Rules area. Use the Actions menu to perform additional
action:
OPTION
DESCRIPTION
Edit
Click to enter into editing mode. Change settings as required.
Delete
Click to delete the configured rule.
View
View a summary of the configured rule.
3.5 Configuring Activity Logging
By default, all Internet traffic (excluding GFI WebMonitor updates) routed through GFI WebMonitor is logged for all
licensed users. This data is required to populate dashboards and reports. GFI WebMonitor enables you to customize for
how long this data is kept in the database.
To configure logging options:
1. Go to Settings > Advanced Settings > Activity Logging.
2. For optimization purposes, configure Data Retention using the following options:
OPTION
DESCRIPTION
Retain
activity
data for
Specify the length of time that all type of data collected by GFI WebMonitor is retained. Data is deleted after the
specified period expires. To configure for how long to retain data, key in the number of days in this field. The default
value is set to 365 days.
NOTE
Activity data affects database size. Store activity data for a shorter period of time to save space. Data older than the
specified number of days will no longer be available in Dashboard. Reports defined for earlier periods will be empty.
Retain
Event
Log
data for
Define for how long event log data is kept in the database. After the specified period expires, only Event Log data is
deleted - other data collected by GFI WebMonitor is not affected by this option. We recommend setting a shorter
retention period when Full URL logging is enabled.
GFI WebMonitor
NOTE
When Event Log data is deleted, information in the Event Log column in Bandwidth, Activity and Security dashboards
will no longer be available. Some detailed reports are also affected.
3 Configuring | 51
3. Click Save.
3.6 Configuring Anonymization
Anonymization enables masking private user data in accordance with European privacy and data protection laws. If
enabled, GFI WebMonitor:
Cloaks personal data so that user names and IPs can no longer be viewed from the Dashboard or Monitoring
Reports
Enables a validation process requiring two passwords from two different users
Masks any features in the User Interface that provide access to private user information.
To enable Anonymization:
1. Go to Settings > Advanced Settings > Activity Logging.
2. Click the Anonymize switch to turn anonymization on.
3. Enter the passwords for Responsible Person 1 and Responsible Person 2
NOTE
To disable Anonymization, click the Anonymize switch to the off position and enter the required passwords.
3.7 Language settings
When GFI WebMonitor blocks user activity, a warning message is sent to the user, stating which policy was breached.
The language of these warning messages can be configured from a pre-defined list.
To change the language of warning messages, select a language from the drop down list and click Save.
3.8 Configuring Security Engines
GFI WebMonitor uses various security technologies such as malware protection, anti-virus and anti-phishing engines to
protect your network by scanning HTTP traffic. By default, all the security engines in GFI WebMonitor are enabled.
To turn off a security engine:
1. Go to Settings > Advanced Settings > Security & Updates > Security Engines.
2. In the Security Engines area, click the switch next to the engine to disable.
3. For each individual engine, configure the following:
OPTION
DESCRIPTION
Check and update every x hours
Configure the update frequency for individual engines by specifying the value in hours.
Update Now
Click to manually update individual engines.
4. [Optional] Configure the following options for all enabled security engines:
OPTION
DESCRIPTION
Send me an email when
updates are successful
If an engine update fails, an email notification is sent to the domain administrator. For more inform
ation, refer to Admin Credentials for GFI WebMonitor Services (page 45).
Additional options are available for the Kaspersky engine. To perform additional configuration refer to the following
section: Configuring Kaspersky.
GFI WebMonitor
3 Configuring | 52
3.8.1 Configuring Kaspersky
The Kaspersky anti-virus scanning engine enables you to state whether the actions specified in the Virus Scanning
Policies should also be used when files are identified as:
OPTION
DESCRIPTION
Suspicious
Files identified as suspicious.
Corrupted
Files that cannot be scanned since the file format is corrupted, for example, corrupted CAB files.
Hidden
Files that cannot be scanned since the contents are protected, for example, password protected ZIP files.
To configure Kaspersky:
1. Go to Settings > Advanced Settings > Security & Updates > Security Engines.
2. Next to Kaspersky, click Settings.
3. Next to Suspicious, click ON to enable scanning of files considered to be suspicious.
4. Next to Corrupted, click ON to enable scanning of corrupted files.
5. Next to Password Protected, click ON to enable scanning of protected files.
6. Click Save.
3.9 Configuring WebGrade updates
The WebGrade engine ensure that categorization for websites and applications monitored by GFI WebMonitor is always
up to date. These updates are enabled by default when GFI WebMonitor is installed.
To change update settings: 1. Go to Advanced Settings > Security & Updates > WebGrade.
2. Configure the following options:
OPTION
DESCRIPTION
Send me an email when updates
are successful
If an engine update fails, an email notification is sent to the domain administrator. For more
information, refer to Admin Credentials for GFI WebMonitor Services (page 45).
Enable real-time lookup for URLs
not found in the local database
This setting is enabled by default to allow GFI WebMonitor to search online for URL categories
not found in the local WebGrade database.
Check and update every x hours
Configure the update frequency for individual engines by specifying the value in hours.
Update Now
Click to send an update request.
3.10 Configuring system updates
System updates enable you to keep your GFI WebMonitor installation up to date with the latest updates. When enabled,
GFI WebMonitor checks for new updates at specified intervals, downloads the updates, and installs them.
NOTE
During product updates the GFI WebMonitor services need to be stopped and restarted. This action causes the
disruption of Internet connections going through GFI WebMonitor. Internet usage can resume once the services are
restarted.
To configure system updates:
GFI WebMonitor
3 Configuring | 53
1. Go to Settings > Advanced Settings > Security & Updates > GFI WebMonitor Updates.
2. Configure the following:
OPTION
DESCRIPTION
Product Updates
Setting is enabled by default to keep GFI WebMonitor up to date with the latest updates. If disabled,
GFI WebMonitor will still be active but the latest system updates are not downloaded.
Check and update weekly
on <week day> at <time>
Configure the update frequency by specifying the day of the week and the time of day when GFI
WebMonitor checks for updates.
Update Now
Click to manually check for system updates.
Send me an email when
updates are successful
If an engine update fails, an email notification is sent to the domain administrator.
3.11 Configuring search engine options
GFI WebMonitor can monitor user search queries to help identify potential risks, while also providing valuable insight
into the mindset of your users. The following search engine features are disabled by default when the product is
installed:
OPTION
DESCRIPTION
Safe
Search
Safe Search is a feature supported by a number of search engines. If enabled, GFI WebMonitor enforces filtering of
explicit email and images from user searches. Safe Search is compatible with the following search engines:
Google
Yahoo
Bing
Search
Terms Mon
itoring
Search Terms Monitoring is a feature that monitors and logs terms used during searches. If enabled, you will be able
to monitor what your users are searching for in various search engines. Monitoring user searches helps identify poten
tial high-risk issues as well as providing general mood indicators for your organization.
To exclude Users and IP addresses from Search Terms Monitoring:
1. Go to Settings > Advanced Settings > Search Engines.
2. Enable Search Terms Monitoring.
3. Insert the user name or IP address to exclude in the available field.
4. Click the Add icon.
5. Click Save.
3.12 Configuring Caching settings
If enabled, GFI WebMonitor caching transparently stores data so that future requests for that data are served faster.
Caching helps bandwidth optimization. It is recommended that any website that is not required to be kept in GFI
WebMonitor’s cache, is added to the Cache exclusion list. For more information refer to: Adding Items to the Cache
Exclusion List.
NOTE
GFI WebMonitor lets you specify the length of time to keep data from user requests in its local database. For more
information, refer to Configuring Activity Logging (page 51).
To configure cache settings:
GFI WebMonitor
3 Configuring | 54
1. Go to Settings > Advanced Settings > Proxy Settings.
2. Click Caching.
3. Click the Enable Caching switch to turn on.
4. In the Caching Size Limit field, specify the amount of data to keep in cache in MB.
5.
In the Cache Path field, specify a location where to store temporary cached files. If no path is specified the settings
cannot be saved.
NOTE
Ensure that the path exists and that the account under which GFI WebMonitor is running has sufficient privileges.
6. Click Save.
3.12.1 Adding Items to the Cache Exclusion list
When caching is enabled, content downloaded via HTTP is stored for future requests to the same resource, reducing
bandwidth consumption.
IMPORTANT
Backup ProxyConfig.xml before making any changes.
To exclude sites from having their content cached, add them to the Cache exclusion list as follows:
1. Open ..\WebMonitor\Data\ProxyConfig.xml
2. Add the sites to exclude between the CacheWhiteList tag. For example:
<CacheWhiteList>
<string>1.1.1.1</string>
<string>1.1.1.1</string>
<string>your_excluded_domain.com</string>
</CacheWhitelist>
3. Save file.
NOTE
Changes are applied as soon as the file is saved.
NOTE
The following wildcards are supported:
* substitutes any number of characters in the string.
? substitutes a single character in the string.
# substitutes a single digit in the string.
3.13 Configure Proxy settings on client Internet browsers
When WPAD or Transparent Proxy are not enabled, client Internet browsers need to be configured to use GFI
WebMonitor as the default proxy server. If this setting is not deployed, the client machines will by-pass GFI WebMonitor
GFI WebMonitor
3 Configuring | 55
and the Internet traffic they generate will remain undetected.
Proxy settings can be configured manually, by carrying out the configuration on every machine on your network that is
going to access the Internet, or through GPO (Group Policy Object), that lets you configure settings for a group of active
directory users.
3.13.1 Using WPAD or Transparent Proxy
Both WPAD and Transparent Proxy offer administrators a convenient way to configure client machines to use the GFI
WebMonitor machine as a proxy server without having to supply settings manually or via Active Directory Group Policies.
OPTION
DESCRIPTION
WPAD
The Web Proxy Auto Discovery (WPAD) is an Internet protocol supported by all major Internet browsers. It enables
client web browsers to automatically retrieve proxy settings from a WPAD data file stored on a machine on your
network. When this feature is enabled and the Internet browser connection settings are configured to Auto-detect
proxy settings for this network, each client machine will automatically determine the IP address of the GFI
WebMonitor server and use it as a proxy without further configuration. WPAD is particularly useful when you want to
configure roaming devices such as laptops and tablets to use GFI WebMonitor as the proxy server when they are in
the office.
Transparent
Proxy
Transparent Proxy can work in parallel with the regular proxy. HTTP and HTTPS traffic originating from client
machines that are not set to explicitly point to GFI WebMonitor (manually or through WPAD) is captured by the
transparent proxy once this functionality is enabled. When a user makes a request to a web server, the Transparent
Proxy intercepts the request to deliver the requested content. When GFI WebMonitor is deployed in this mode, you
do not need to set client browser settings to point to a specific proxy.
3.13.2 Configuring GFI WebMonitor machine as the Default Proxy using GPO in Windows® Server
2003
To configure all client machines to use GFI WebMonitor as a proxy server through Windows® Server 2003 GPO:
1. On the Domain Controller, go to Start > Programs > Administrative Tools > Active Directory Users and Computers.
2. Under the domain node, right-click the organizational unit where you wish to apply the group policy and click Prop
erties.
NOTE
To apply the group policy to all the computers on the domain, right-click on the domain node directly and click
Properties.
3. In the Domain Properties dialog, select Group Policy tab.
4. Select Default Domain Policy from the list and click Edit .
5. Expand User Configuration > Windows Settings > Internet Explorer Maintenance > Connection and double-click
Proxy Settings to open the Proxy Settings dialog.
6. Check Enable proxy settings checkbox.
7. Uncheck Use the same proxy server for all addresses checkbox.
8. In the HTTP and FTP text boxes key in the proxy server IP address and the port used (Default 8080).
9. Click OK to apply changes.
10. Close all open windows.
GFI WebMonitor
3 Configuring | 56
3.13.3 Configuring GFI WebMonitor machine as the Default Proxy using GPO in Windows® Server
2008
To configure the Proxy Settings on all client machines to use GFI WebMonitor as a proxy server through Windows®
Server 2008 GPO:
1. In command prompt, key in mmc.exe and press Enter.
2. In the Console Root window, Go to File > Add/Remove Snap-in… to open the Add or Remove Snap-ins window.
3. Select Group Policy Management from the Available snap-ins list, and click Add.
4. Click OK.
5. Expand Group Policy Management > Forest > Domains and <domain>, then select the organizational unit where
you wish to apply the group policy.
NOTE
To apply the group policy to all domain computers , select the domain node directly.
6. Right-click Default Domain Policy and click Edit to open the Group Policy Management Editor.
7. Expand User Configuration > Policies > Windows Settings > Internet Explorer Maintenance > Connection and
double-click Proxy Settings to open the Proxy Settings dialog.
8. Check Enable proxy settings checkbox.
9. Uncheck Use the same proxy server for all addresses checkbox.
10. In the HTTP and FTP text boxes key in the proxy server IP address and the port used (Default 8080).
11. Click OK to apply changes
12. Close Proxy Settings dialog.
13. Close Group Policy Management Editor dialog and save the management console.
IMPORTANT
When using Active Directory, the administrator can disable the Internet connection settings tab from the client
machines. For more information, refer to Disabling Internet connection settings on client computers (page 18).
3.14 Configuring Internet Browsers to use a Proxy Server
If you have not configured WPAD, ensure that proxy settings of client machines are configured to use GFI WebMonitor as
the default proxy. This ensures that Internet traffic is routed through GFI WebMonitor. You can manually configure each
individual user machine to use GFI WebMonitor as the default proxy.
To configure a fixed proxy:
1. On the client machine, go to Control Panel and select Internet Options.
2. Click the Connections tab.
3. Click LAN settings.
4. Check Use a proxy server for your LAN checkbox.
5. In the Address field, key in the proxy server name or IP address of the GFI WebMonitor machine.
6. In the Port field enter the port used (default = 8080).
GFI WebMonitor
3 Configuring | 57
NOTE
If WPAD is enabled in GFI WebMonitor, select Auto-detect proxy settings for this network. For more information,
refer to Configuring WPAD (page 30).
To close the Configuration Wizard and start using GFI WebMonitor, check the All the required clients are now routing
their Internet traffic through GFI WebMonitor checkbox and click See GFI WebMonitor in Action.
See also:
Configuring Proxy settings via GPO in Microsoft Server 2003
Configuring Proxy settings via GPO in Microsoft Server 2008
3.15 Configuring the GFI WebMonitor Agent
The GFI WebMonitor Agent is a small footprint version of GFI WebMonitor. It can be deployed on portable computers (as
a service) to apply web filtering policies when the machine is disconnected from the corporate network (for example
when the user is at home or traveling on business).
While the device is connected to the corporate network , the GFI WebMonitor Agent downloads Remote Filtering
Policies locally. These are specific policies that can be set up to be applied when roaming. With this functionality, the IT
Administrator can apply policies based on whether users are at the office or away. For example, Streaming Media can be
allowed outside the internal network but Adult material is always denied.
Web activity logging is still performed when the user is outside the network, providing full reporting capabilities. The GFI
WebMonitor Agent uploads the collected data to the server once the machine is connected to the corporate network.
NOTE
Anti-virus protection is not deployed with the GFI WebMonitor Agent. For a complete web security solution, we
recommend an additional local antivirus agent besides the web filtering agent.
When roaming, Web filtering is done by the agent (on the local computer) and therefore there is no additional
complexity of making any changes to your corporate network’s infrastructure to enable remote filtering capabilities. For
categorization and lookup purposes, the GFI WebMonitor Agent performs online lookups against the GFI WebGrade
categorization service.
3.16 Downloading the GFI WebMonitor Agent
To download the GFI WebMonitor Agent:
1. In GFI WebMonitor, go to Manage > Agents.
2. Select one of the following download options:
OPTION
DESCRIPTION
Download (32bit)
Select to install the agent on a 32-bit operating system. This downloads the following file:
GFIWebMonitorAgent_x86.msi
Download (64bit)
Select to install the agent on a 64-bit operating system. This downloads the following file:
GFIWebMonitorAgent_x64.msi
GFI WebMonitor
3 Configuring | 58
3.17 How the GFI WebMonitor Agent works
Screenshot 12: GFI WebMonitor Agent functionality inside and outside the network
3.17.1 In internal mode:
When a laptop or other roaming machine (installed with the GFI WebMonitor Agent) is connected to the corporate
network, Remote Filtering Policies are downloaded from the GFI WebMonitor server to the laptop. These policies are
applied when the laptop is taken outside the network.
Web activity logging collected by the laptop while outside the network is uploaded to the GFI WebMonitor server. The
GFI WebMonitor Agent disables itself after it completes the update processes.
GFI WebMonitor
3 Configuring | 59
IMPORTANT
Ensure port 5996 is not exposed outside the internal network
NOTE
Ensure that WPAD/Proxy settings are configured when the machine is on the Internal network, otherwise it will not
connect to the GFI WebMonitor server.
3.17.2 In external mode:
When the laptop is taken outside the network, the GFI WebMonitor Agent activates automatically to filter and log
Internet activity according to configured policies. For categorization and lookup purposes, GFI WebMonitor Agent
performs online lookups against the GFI WebGrade categorization service.
NOTE
Anti-virus protection is not deployed with the GFI WebMonitor Agent. For a complete web security solution, we
recommend an additional local antivirus agent besides the web filtering agent.
3.18 Installing the WebMonitor Agent Manually
To manually install GFI WebMonitor Agent:
1. Log on the client machine with Administrative rights.
2. Open GFI WebMonitor through a Web browser.
NOTE
To access GFI WebMonitor from a remote location, first grant remote access to the GFI WebMonitor server. For more
information, refer to UI Access Control (page 50).
3. Click Manage > Agents.
4. Download the GFI WebMonitor Agent to a local folder.
5. Double click the downloaded file and follow the wizard to install.
6. Read the End-User License Agreement and click I accept the terms in the License Agreement to continue, then
click Next .
7. In the Server Information window, provide the following settings:
OPTION
DESCRIPTION
Server
Address
Enter the IP address of the GFI WebMonitor server to get the filtering settings and to send browsing reports.
Server Port
Enter the Port number used by the GFI WebMonitor Agent to communicate with the GFI WebMonitor server.
Default is 5996.
IMPORTANT
Ensure port 5996 is not exposed outside the internal network
GFI WebMonitor
3 Configuring | 60
8. Click Next .
9. Select an installation folder were the GFI WebMonitor Agent will be installed, then click Next .
10. Click Install.
11. Click Finish.
3.19 Installing the GFI WebMonitor Agent via GPO in Windows Server 2008
You can deploy the GFI WebMonitor Agent as an MSI package using Group Policy Objects (GPO). This method assigns
the agent on a per-user or a per-machine basis. If assigned per-user basis, it is installed when the user logs on. If assigned
per-machine basis then the agent is installed for all users when the machine starts.
How the GFI WebMonitor Agent works
3.19.1 Step 1: Creating a distribution point
The first step in deploying the GFI WebMonitor Agent MSI through GPO is to create a distribution point on the
publishing server, with a shared folder to contain the MSI package:
1. Download the GFI WebMonitor Agent. For more information, refer to Downloading the GFI WebMonitor Agent
(page 58).
2. Log on to the server as a user with Administrative rights.
3. Create a shared network folder.
4. Set permissions on this folder in order to allow access to the distribution package.
5. Copy the downloaded GFI WebMonitor Agent MSI in the shared folder.
3.19.2 Step 2: Installing GFI WebMonitor Agent via GPO in Windows Server 2008
To distribute the GFI WebMonitor Agent MSI package through GPO as a Group Policy Object:
1. Go to command prompt, key in: mmc.exe and click Enter to launch the Microsoft Management Console.
2. Click File > Add/Remove Snap-in… and click Add...
3. Select Group Policy Management Editor snap-in and click Add.
4. Click Browse… and select the domain policy to edit.
5. Select the domain policy and click OK.
6. Click Finish to close ‘Select Group Policy Object’ dialog. Click Close to close ‘Add standalone Snap-in’ dialog and click
OK to close ‘Add/Remove Snap-in’ dialog; to return to the Microsoft Management Console.
7. Go to Console Root > <domain policy> > User Configuration > Policies, right-click Administrative Templates, and
select Add/Remove Templates….
8. Click Add…, browse for the file GFIWebMonitorAgentSettings.adm located in: <Program Files\GFI\We
bMonitor\Agent> and click Open.
NOTE
The license key value is not added to the registry when the .adm file is used. This value is taken from the server after
the agent starts and communicates with the GFI WebMonitor server for the first time.
GFI WebMonitor
3 Configuring | 61
9. Click Close to return to the Microsoft Management Console.
10. Expand Console Root > <domain policy> > User Configuration > Policies > Administrative Templates > Classic
Administrative Templates (ADM) > GFI Applications.
11. From the right pane, double click GFI WebMonitor Server Location policy and select Enabled. In the Server URL
text box enter the URL where user machines can access GFI WebMonitor in the form http://<hostname>/<GFI WebMonitor virtual folder name>
NOTE
When specifying the name of a machine in the domain, enter the machine name only, without the domain name.
The IP address can also be used.
12. Click OK when all settings are configured.
13. Select Console Root > <domain policy> > Computer Configuration > Policies > Software Settings.
14. Right click Software installation and select New > Package…
15. In the Open dialog, locate the share where the MSI file is saved.
NOTE
When selecting the location of the msi file ensure that this is done through ‘My network locations’ so that the share
name in GFI WebMonitor includes the full network share location rather than the local path.
16. Choose the deployment option - select Assigned and OK.
17. GFI WebMonitor Agent will be installed the Next time each client machine is started.
How the Agent works
3.19.3 Step 3: Verify Agent installation parameters
To verify the parameters have been set up:
1. On the server where GFI WebMonitor is installed, go to Start > Run and type regedit to open the Registry Editor.
2. Expand HKEY_LOCAL_MACHINE > SOFTWARE > GFI > WebMonitorAgent for 32 bit systems and HKEY_LOCAL_
MACHINE > SOFTWARE > Wow6432Node > GFI > WebMonitorAgent for 64 bit systems
3. Check the following keys: LicenseKey, ServerAddress, ServerPort.
NOTE
The license key value is not added to the registry when the .adm file is used. This value is taken from the server after
the agent starts and communicates with the GFI WebMonitor server for the first time.
How the Agent works
3.20 Installing the GFI WebMonitor Agent via GPO - Windows Server 2008 R2 /
2012
Group Policy software installation is a method that enables you to install applications automatically across your entire
network.
GFI WebMonitor
3 Configuring | 62
3.20.1 Prepare the software to install
1. Open the following location on the GFI WebMonitor server: <Program Files\GFI\WebMonitor\Agent> and copy one of
the following installation packages:
GFIWebMonitorAgent_x86 (Installer for Microsoft Windows 32-bit computers only)
GFIWebMonitorAgent_x64 (Installer for Microsoft Windows 64-bit computers only)
NOTE
Make sure that when deploying the 32-bit version of the GFI WebMonitor Agent, the domain policy used contains
only computers running Microsoft Windows 32-bit version.
Similarly, ensure that when deploying GFI WebMonitor Agent 64-bit edition, the domain policy used contains only
computers running Microsoft Windows 64-bit version.
2. Save the file to a shared folder on your network, accessible by all domains.
3. Locate the downloaded file. Take note of the folder path for later use.
4. Click Start > Administrative Tools > Group Policy Management .
5. Expand Forest > Domains > domain name. Right-click the domain name and select Create a GPO in this domain,
and Link it here...
6. Enter a name for the new Group Policy Object (GPO). For example: GFI WebMonitor Agent. Click OK.
7. Right-click the newly created Linked GPO and click Edit .
8. In the Group Policy Management Editor window, expand User Configuration > Policies > Software settings >
Software Installation. Right click Software Installation > New > Package to configure the GPO to install on log in.
9. Enter the network path of the shared folder that contains the GFI WebMonitor Agent package. Click OK.
NOTE
When selecting the location of the file ensure that this is done through ‘My network locations’ so that the share
name includes the full network share location rather than the local path.
10. In the Deploy Software pop-up, select Assigned and click OK.
11. The new package is now added under Software Installation.
3.20.2 Configure the ADM file
Use an Administrative Template file (ADM) to set up and manage the required registry settings for the GFI WebMonitor
Agent to communicate with GFI WebMonitor server.
To add an ADM template:
1. Click Start > Administrative Tools > Group Policy Management .
2. Expand Forest > Domains > domain name. Right-click GFI WebMonitor Agent and select Edit
3. In the Group Policy Management Editor window, expand User Configuration > Policies > Software settings >
Software Installation.
4. Double-click the package to open the properties window.
5. In the Deployment tab, select Install this application at logon.
6. Click Apply and OK to close the window.
7. In the Group Policy Management window expand Forest > Domains > domain name > GFI WebMonitor Agent
GFI WebMonitor
3 Configuring | 63
8. In the Security Filtering Pane, click Add.
9. In Select User, Computer or Group add Domain Users and click OK.
10. In Group Policy Management , expand Forest > Domains > Group Policy Objects. Right click GFI WebMonitor
Agent and click Edit .
11. In the Group Policy Management Editor, expand GFI WebMonitor Agent > User Configuration > Policies
> Administrative Templates.
12. Right-click Administrative Templates and select Add/Remove Templates.
13. Click Add. Open the GFI WebMonitor installation folder (default path: <Program Files\GFI\WebMonitor\Agent>).
14. Locate GFIWebMonitorAgentSettingsTemplate.adm and click Open to add the template. Click Close.
3.20.3 Configure the GFI WebMonitor server location
1. In the Group Policy Management Editor, expand GFI WebMonitor Agent > Computer Configuration > Policies
> Administrative Templates > Classic Administrative Templates (ADM) > Software > GFI > GFI WebMonitor Agent
Policies.
2. In the right-hand pane, double click Specify the settings used by the GFI WebMonitor Agent to connect to GFI
WebMonitor Server.
3. Select the Enabled radio-button.
4. In the Server URL field, type the GFI WebMonitor URL. Click Apply and OK to close the window.
5. The set up should now be complete. GFI WebMonitor Agent will be installed the Next time each client machine is
started.
How the Agent works
3.21 Configuring Remote Policies
Remote Policies control Web activity on roaming devices, offering the same level of web filtering protection to users who
take their devices with them outside the office. New or updated Remote Policies are downloaded from the GFI
WebMonitor server when the device is connected to the corporate network.
A default policy is automatically created when GFI WebMonitor is installed. This policy is configured to Allow all Internet
traffic to Everyone. You can change the policy type to Block, but you cannot delete or disable this default policy. New
policies are added on top of the default policy to provide monitoring and filtering options as required.
To add a new policy:
1. Go to Manage > Remote Polices
2. Click Add Policy.
3. In the Add Policy Name field, type a policy name.
4. Drag policy elements from the left sidebar to the main policy screen. Available elements include:
ELEMENT
DESCRIPTION
Policy Type
Select the action taken by GFI WebMonitor when filtering internet traffic. Available options are: Allow, Block or Warn.
Users or
Groups
Specify Users or Groups for whom the new policy applies.
Websites
Specify for which websites the policy applies. You can define specific website categories or input the URLs or IPs of
websites to include in the policy.
GFI WebMonitor
3 Configuring | 64
ELEMENT
DESCRIPTION
Exceptions
Define users, groups or websites that are to be excluded from the policy.
Schedule
Select the time-window during which the policy is active.
Logging
The logging feature is enabled by default and cannot be disabled for Remote Policies. This feature is used to keep
track of URLs visited by users.
5. Click Save.
3.22 Edit existing Remote Policies
Remote Policies control Web activity on roaming devices, offering the same level of web filtering protection to users who
take their devices with them outside the office. New or updated Remote Policies are downloaded from the GFI
WebMonitor server when the device is connected to the corporate network.
To edit an existing policy:
1. Go to Manage > Remote Polices
2. Click Edit .
3. Make the required changes. For more information, refer to Configuring Remote Policies (page 64).
4. Click Save.
GFI WebMonitor
3 Configuring | 65
4 Using GFI WebMonitor
After the initial configuration is complete, the home page is displayed. Use the main navigation bar to access all the
product features.
Screenshot 13: The product toolbar
4.1 Working with Policies
Policies enable you to exercise control over Internet activity that can effect security, productivity, performance and legal
issues.
You can create as many new policies as required, either by configuring each new policy from scratch or by cloning
existing policies. Configured policies are displayed as a list in the left sidebar. Click the switch next to configured policies
to activate or deactivate as required.
IMPORTANT
GFI WebMonitor policies work in a hierarchical order. The policies at the top take precedence over the ones
beneath. It is possible to change the order of the configured policies by dragging a policy to the desired place in
the list, however this may have repercussions on your setup.
A default policy is automatically created when GFI WebMonitor is installed. This is the fallback policy – if no policies are
matched for a given situation, the default policy will apply.
This policy is configured to Allow all Internet traffic to Everyone. You can change the policy type to Block, but you
cannot delete or disable this default policy. New policies are added on top of the default policy to provide monitoring
and filtering options as required.
GFI WebMonitor
4 Using GFI WebMonitor | 66
2 additional policies are also enabled by default when GFI WebMonitor is installed:
POLICY
DESCRIPTION
Blacklist
The Blacklist is a list of sites, users and IP addresses that are always blocked by GFI WebMonitor.
Whitelist
The Whitelist is a list of sites, users and IP addresses that are automatically excluded from all filtering policies configured
in GFI WebMonitor.
The default policies:
Apply to everyone
Can be edited - customization of default policy is limited
Cannot be disabled or deleted
For each configured policy, GFI WebMonitor provides a summary of the configured values. These values include:
OPTION
DESCRIPTION
Policy Type
There are 2 types of policies, Default Policy or Custom Policy.
Policy Action
Displays the action the policy will take when the configured criteria are met. The action can be Allow,
Block, Warn or Monitor.
Status
Shows if the selected policy is Active or Inactive.
Active Since
If the policy status is Active, the summary displays the date since the policy has been active.
Applies To
Displays the number of users, groups or IPs the selected policy applies to.
Allow, Warn, Monitor or
Block
This area shows how many websites, applications or file types are affected by the configured policy
action.
Thresholds
Displays configured limits based on bandwidth, hits or time.
Notify
Shows any configured notifications. Can be User, Administrator or both.
Scheduled on
Displays the period during which the selected policy is active.
Exceptions
Displays configured exceptions that are not affected by the policy.
4.2 Configuring Blacklist
The Blacklist list is a list of sites, users and IP addresses that should always be blocked. The Blacklist takes priority over all
other policies. The Blacklist cannot be switched off, however when GFI WebMonitor is first installed, the Blacklist policy
is inactive. This is because by default, the GFI WebMonitor Blacklist does not contain any pre-configured websites.
IMPORTANT
In GFI WebMonitor, the Blacklist takes priority over the Whitelist . Therefore, if a site is listed both in the Whitelist
and in the Blacklist , access to the site is blocked.
We recommend adding potentially unsafe sites to the Blacklist so that these are always blocked. These sites should
include websites known for their malicious content or illegal material such as malware sites, bot nets and fraudulent
websites.
NOTE
The Blacklist functions using an OR method. Any item added to the list will be blocked.
GFI WebMonitor
4 Using GFI WebMonitor | 67
4.2.1 Adding Items to the Blacklist
By default, the GFI WebMonitor Blacklist does not contain any pre-configured websites. We recommend adding
potentially unsafe sites to the Blacklist so that these are always blocked. These sites should include websites known for
their malicious content or illegal material such as malware sites, bot nets and fraudulent websites.
NOTE
The Blacklist functions using an OR method. Any item added to the list will be blocked.
To add an item to the Blacklist:
1. Go to Manage > Policies > Blacklist .
2. Click Edit .
3. Drag the Websites element into the policy builder.
4. Insert the URL or IP of the website you want to block and click the add symbol.
5. Drag any other elements from the left sidebar that you want to include.
NOTE
Customization of system policies is limited to ensure that the intended policy function is not altered. In these
policies, customization is limited to: Users, Groups or IPs, Websites filtering, notifications and logging.
6. Click Save.
Removing items from the Blacklist
To delete an item from the Blacklist:
1. Go to Manage > Policies > Blacklist .
2. Click Edit .
3. Locate the relevant element and click the icon next to the item to delete.
4. Click Save.
4.3 Configuring the Whitelist
The Whitelist is a list of sites, users and IP addresses that are automatically excluded from all filtering policies configured
in GFI WebMonitor. When GFI WebMonitor is installed, the Whitelist is populated with a list of sites that are needed by
GFI WebMonitor for system updates. Removing these sites from the Whitelist is not recommended.
NOTE
If the items in the Whitelist are also added to the Blacklist , priority is granted to the Blacklist and access is blocked.
GFI Software Ltd sites and Microsoft sites are automatically whitelisted in a separate internal whitelist. This is required
to enable automatic updates to both GFI WebMonitor and Microsoft products.
Using the whitelist, you can configure a list of users or IP addresses that do not need to be monitored or protected.
These users still consume a product license. For more information, refer to Licensing information (page 5).
GFI WebMonitor
4 Using GFI WebMonitor | 68
4.3.1 Adding items to the Whitelist
By default, GFI WebMonitor includes a number of pre-configured sites in the Whitelist . Additional items may be
included in the Whitelist to ensure they are always allowed access.
NOTE
The Whitelist functions using an OR method. Any item added to the list will be allowed.
To add an item to the Whitelist :
1. Go to Manage > Policies > Whitelist .
2. Click Edit .
3.
In the Websites element, insert the URL or IP of the website you want to allow and click the add symbol.
4. Use the left menu to drag any elements you want to include.
NOTE
Customization of system policies is limited to ensure that the intended policy function is not altered. In these
policies, customization is limited to: Users, Groups or IPs, Websites filtering, notifications and logging.
5. Click Save.
4.3.2 Removing items from the Whitelist
To delete an item from the Whitelist:
1. Go to Manage > Policies > Whitelist .
2. Click Edit .
3. Locate the relevant element and click the icon next to the item to delete.
4. Click Save.
4.4 Adding a new policy
GFI WebMonitor uses different elements that can be configured individually to create a policy.
NOTE
Policies use an AND method, where for the policy to function all the conditions of the configured elements in the
policy must be satisfied.
To add a new policy:
1. Go to Manage > Policies.
2. Click Add Policy.
3. In Add policy name field key in a title for that policy.
4. Add a policy description.
5. Some policy elements are already available in the main policy window. Drag additional elements from the list of ele
ments on the left. Available elements are:
GFI WebMonitor
4 Using GFI WebMonitor | 69
ELEMENT
DESCRIPTION
Policy Action: Allow,
Block, Warn or Monitor
Select the action taken by GFI WebMonitor when filtering internet traffic. Available options are: Allow,
Block, Warn or Monitor.
Users, Groups, IPs
Specify Users, Groups or IPs for whom the new policy applies.
Websites
Specify for which websites the policy applies. Select between All Websites or specific website cat
egories.
Applications
Specify for which applications the policy applies. Select between All Applications, application categories
or specific applications.
File Types
Specify for which file types the policy applies. Select between All file types, file type categories or spe
cific file types.
Exceptions
Define users, groups, IP addresses, websites or applications that are to be excluded from the policy.
Bandwidth limit
Select the type of bandwidth limit applied to users.
Time limit
Define time limits during which users specified in the policy are allowed/denied to perform particular
actions.
Schedule
Select the time-window during which the policy is active.
Schedule Expiry
Specify a deactivation date after which the policy will become inactive.
Breacher
Configure notifications sent to the users who infringe a policy. Provide the body text of the notification
email in the available space.
Administrator
Configure notifications sent to System Administrators when a user infringes policy. Provide the body text
of the notification email in the available space.
Log Alert
Automatically send alert notifications when the criteria in the configured policy are met.
Hits limit
Specify a limit type and the number of hits per period after which GFI WebMonitor will perform the
action specified in the Policy Type element.
Logging
Enable advanced logging options that keep track of full URLs visited by users. This option is useful for
investigative purposes.
NOTE
Full URL logging generates a large amount of data in the database. We recommend using this feature
only for specific users (or domains) and only for a limited period of time.
6. Click Save.
4.4.1 Policy action; Allow, Block, Warn or Monitor
Select what action the policy should take when the configured policy parameters are met. The options are:
OPTION
DESCRIPTION
Allow
GFI WebMonitor allows the user to access the requested content. Subsequent policies are not applied.
Block
The content requested by the user is blocked. Subsequent policies are not applied. The user attempting to access a
blocked website is notified that his request has been blocked. This notification contains a Request Access button that
works in conjunction with the Log Alert element to alert the system administrator that a user is requesting temporary
access to a blocked site. For more information, refer to Notification Center (page 93).
Warn
The user receives a notification that the requested content breaches a configured policy, but enables user to access the
content. Subsequent policies are not applied.
Monitor
GFI WebMonitor allows access to requested content and moves to the next applicable policy.
GFI WebMonitor
4 Using GFI WebMonitor | 70
OPTION
DESCRIPTION
Enable
users tem
porary
access
request
When enabled, a button called 'Request Access' is displayed in the blocking page, enabling users to request tem
porary access to certain pages.
4.4.2 Users, Groups, IPs
Specify Active Directory Users or Groups for whom the new policy applies. Select the following options:
OPTION
DESCRIPTION
Users
Key in user names in the available field and click the add icon.
Groups
Key in an Active Directory group name in the available field and click the add icon.
IPs
Key in an IP address in the available field and click the add icon.
4.4.3 Websites
Use the Websites element to specify for which websites the policy applies.
1. Drag the Websites element into the policy to edit.
2. Select from the following options:
OPTION
DESCRIPTION
Categories
Key in the website categories in the available field and click the add icon. To select multiple categories at the same
time, click the menu icon next to the add sign, select the required categories and click Add To Policy.
URLs / IPs
Key in website URL or IP address in the available field and click the add icon. Multiple URLs or IP addresses can be
included in the policy using the Import from file feature. Prepare a text (.txt) file with the URLs and IPs to import. Click
Browse and select the file.
NOTE
When keying in a URL for a website you can use the wildcard character [*], for example:
Type *.com to allow or block all '.com' top-level domains
Type *.website.com to allow or block all sub-domains of 'website.com'
URL Scan
ning
When this feature is enabled, all accessed URLs are scanned by ThreatTrack and AntiPhishing engines. URLs identified
as malicious, vulnerable, phishing or pointing to dangerous domains will be allowed/blocked/warned/monitored
depending on the configured action with that policy.
Filter by
Reputation
Move the slider to enable filtering by reputation. Reputation index can be set from 1 (Trustworthy) to 5 (High Risk).
4.4.4 Applications
Use the Applications element to specify for which applications the policy applies.
1. Drag the Applications element into the policy to edit.
2. Select from the following options:
OPTION
DESCRIPTION
Application
Category
Key in the application category in the available field and click the add icon. To select multiple categories at the same
time, click the menu icon next to the add sign, select the required categories and click Add To Policy.
GFI WebMonitor
4 Using GFI WebMonitor | 71
OPTION
DESCRIPTION
Applications
Key in a specific application name in the available field and click the add icon. To select multiple applications at the
same time, click the menu icon next to the add sign. Browse the list of application, use available filters or the search
tool to locate required applications. Select the applications and click Add To Policy.
4.4.5 File Types
Specify for which file types the policy applies.
1. Drag the File Types element into the policy to edit.
2. Select from the following options:
OPTION
DESCRIPTION
File Type
Categories
Key in the File Type category in the available field and click the add icon. To select multiple categories at the same
time, click the menu icon next to the add sign, select the required categories and click Add To Policy.
File Types
Key in a specific file type in the available field and click the add icon. To select multiple file types at the same time,
click the menu icon next to the add sign, select the required applications and click Add To Policy.
Custom
File Types
Click Manage File Types to add new File Types not available by default. Specify the file type in the Content Type field,
key in additional information in the Description field and click Add. To add the newly created Custom File Type to the
policy, start typing in the Insert a Custom File Type field, select the File Type and click the Add icon.
AV Scan
ning
When enabled, GFI WebMonitor scans the downloaded file using the internal Anti-Virus engines. Click Configure
Engines to select which AV engines to use.
Download
Progress
Window
Enable to show download progress information when users download file types configured in the policy.
4.4.6 Exceptions
Define users, groups, websites or applications that are to be excluded from the policy.
1. Drag the Exceptions element into the policy to edit.
2. Select from the following options:
OPTION
DESCRIPTION
Users
Key in user names in the available field and click the add icon.
User IP
Addresses
Key in the IP address or a range of IP addresses of user machines to exclude from the policy.
Groups
Key in an Active Directory group name in the available field and click the add icon.
URLs / IPs
Key in an IP address in the available field and click the add icon.
Applications
Key in a specific application name in the available field and click the add icon. To select multiple applications at the
same time, click the menu icon next to the add sign, select the required applications and click Add To Policy.
4.4.7 Bandwidth Limit
Select the type of bandwidth limit applied to users. Select from the following options:
OPTION
DESCRIPTION
Total Bandwidth
Select to set a limit according to specific value for combined download and upload bandwidth.
GFI WebMonitor
4 Using GFI WebMonitor | 72
OPTION
DESCRIPTION
Download
Select to set a limit according to specific value for download bandwidth.
Upload
Select to set a limit according to specific value for upload bandwidth.
Size
Input a value in the available field and select KB, MB or GB from the drop down menu.
Period
Specify if the limit is set per hour, day, week or month.
4.4.8 Time Limit
Define time limits during which users specified in the policy are allowed/denied to perform particular actions.
OPTION
DESCRIPTION
Limit by
Key in a value to set a limit.
Time
Select if the limit value is in minutes or hours from the drop down menu.
Period
Specify if the limit is set per hour, day, week or month.
4.4.9 Breacher notifications
Use the Breacher element to enable notifications to send when a user infringes policy. Provide the body text of the
notification email in the available space.
For example, you can trigger a notification in a policy that blocks Pornography. The message would say: 'Pornography is
strictly prohibited.'
4.4.10 Administrator notifications
Use the Administrators element to send notifications when a user infringes a policy. Add the administrator’s email
address and provide the body text of the notification email. Some examples include:
Notifications when a specific threshold is exceeded. Thresholds can be related to number of sites accessed, blocked
or the number of times a user bypassed warnings.
Notifications sent to administrators when a bandwidth limit is exceeded. Limits can be set on the total bandwidth
(download + upload traffic) consumed during a designated period, on download traffic only or on upload traffic only.
Notifications when specific security issues arise. These include detection of cyber-attacks, virus detection, phishing
campaigns and potential threats from malware.
4.4.11 Log Alert
Add the Log Alert element to any policy to automatically send alert notifications when the criteria in the configured
policy are met. Sent alerts are visible from the Notification Center.
4.4.12 Hits alert
Specify the number of hits per period after which GFI WebMonitor sends a notification specified in the Breacher and/or
Administrator elements.
OPTION
DESCRIPTION
The number of hits before a notification is triggered
Input a value in the available field.
Period
Specify if the limit is set per hour, day, week or month.
GFI WebMonitor
4 Using GFI WebMonitor | 73
4.4.13 Schedule
Use the Schedule element to specify the time period during which the new policy is enforced.
1. In the Applies from and to fields, specify the time during which the policy will be active.
2. Select the days of the week.
3. Click Add.
4.4.14 Policy Expiry
Specify a deactivation date after which the policy will become inactive.
1. Click in the Automatically deactivate policy on field and select a date from the calendar.
2. Click in the at field to key in the time.
4.4.15 Logging
Click Enable full URL Logging to enable advanced logging options that keep track of full URLs visited by users. This
option is useful for investigative purposes. When enabled, Dashboards and reports display the full address of visited sites.
NOTE
Full URL logging generates a large amount of data in the database. We recommend using this feature only for
specific users (or domains) and only for a limited period of time. Additionally, use the Data Retention options to store
activity logs for a shorter period of time to save database space. For more information, refer to Configuring Activity
Logging (page 51).
4.4.16 How to use Default Policies
A default policy is automatically created when GFI WebMonitor is installed. This is the fallback policy – if no policies are
matched for a given situation, the default policy will apply.
This policy is configured to Allow all Internet traffic to Everyone. You can change the policy type to Block, but you
cannot delete or disable this default policy. New policies are added on top of the default policy to provide monitoring
and filtering options as required.
2 additional policies are also enabled by default when GFI WebMonitor is installed:
POLICY
DESCRIPTION
Blacklist
The Blacklist is a list of sites, users and IP addresses that are always blocked by GFI WebMonitor.
Whitelist
The Whitelist is a list of sites, users and IP addresses that are automatically excluded from all filtering policies configured
in GFI WebMonitor.
The default policies:
Apply to everyone
Can be edited - customization of default policy is limited
Cannot be disabled or deleted
We recommend you use the blacklist policy to block only highly problematic websites, typically considered as high risk
(for example, sites in the following categories: Adult and Pornography, Gambling, Malware sites, Phishing and Other
Frauds, Proxy Avoidance and Anonymizers, SPAM URLs and Unconfirmed SPAM Sources).
GFI WebMonitor
4 Using GFI WebMonitor | 74
4.4.17 How to create a new blocking policy
In addition to the pre-configured and default policies which are automatically installed, you can add more policies to
refine your setup. The following steps guide you through the steps required to create a new policy that blocks social
networks and other leisure browsing to most users during office hours, but allow it for top management, marketing and
specific users.
To create a new policy:
1. Go to Manage > Policies.
2. Click Add Policy.
3. In the Policy Name field, enter Block social networks and leisure browsing.
4. In Policy Description, enter a description.
5. In the Block, Warn, Allow, Monitor element, select Block.
6. From the left sidebar, add the Websites element to block categories such as: Auctions, Dating, Entertainment and Arts,
Fashion and Beauty, Games, Hunting and Fishing, Internet Communications, Music, Recreation and Hobbies, Shopping,
Social Network and any other categories which could cause productivity issues in your company. Remember also to block
any Security and Legal Liability categories.
NOTE
The policy we are creating blocks all users. If you wish to excludes specific users add the Users, Groups, IPs element
to the policy. Use the Exceptions element to configure any exclusions.
7. Add the Schedule element and define the policy to be active Monday to Friday, during working hours (for example
08:00 to 12:00, and 13:00 to 17:00). This means the policy will not apply during lunch break hours and after office hours.
8. Click Save.
4.4.18 How to create a streaming media policy
Bandwidth hogging can be a major concern in any organization. GFI WebMonitor can help you reduce the headaches
associated with bandwidth intensive operations through appropriate blocking policies.
Streaming audio and video are bandwidth intensive. Coupled with the fact that this is not a temporary download, but
can go on for extended periods of time, streaming media can quickly create bandwidth issues. Internet radio can easily
be forgotten and you only require a few users to create a serious bottleneck. Websites in the News and Sports categories
are also bandwidth intensive due to video streaming – and highly newsworthy events or sports events can create
serious bandwidth issues.
For this purpose, we suggest you create a streaming media policy as described below:
1. Go to Manage > Policies.
2. Locate one of the existing blocking polices. Hold and drag to the middle of the UI and drop it over Drag policies here
to clone.
3. In the Policy Name field, replace the existing name with Block streaming media.
4. In Policy Description, enter a description.
5. In the Block, Warn, Allow, Monitor element, select Block.
6. From the left sidebar, add the Websites element and block categories such as: Music, Entertainment and Arts, News
and Media, Image and Video Search and Streaming Media.
7. Add the Applications element and block the Streaming Media category.
GFI WebMonitor
4 Using GFI WebMonitor | 75
NOTE
The policy we are creating blocks all users. If you wish to excludes specific users add the Users, Groups, IPs element
to the policy.
8. Click Save.
4.4.19 How to create a bandwidth threshold policy
GFI WebMonitor enables you to create bandwidth thresholds on a per user level. For example, you can create a policy
that allows users to download from specific sites not more than 100 MB.
NOTE
You can add users to a group, and add the group in the Users/Group/IP Element . The limits will still be applied to
each individual user in the group.
To limit bandwidth intensive sites to a specific download value:
1. Go to Manage > Policies.
2. Click Add Policy.
3. In the Policy Name field, enter Block by bandwidth limit .
4. In Policy Description, enter a description.
5. In the Block, Warn, Allow, Monitor element, select Block.
6. From the left sidebar, add the Users, Groups, IPs element to add specific users known to be “Bandwidth Hogs”.
7. Add the Websites element and select the following categories: Image and Video Search and Streaming
Media.These filters will apply to YouTube and similar sites.
8. Add also the Bandwidth element and configure it to limit by downloads of 100 MB per day.
9. Click Save.
4.4.20 How to create a time threshold policy
GFI WebMonitor enables you to create time thresholds on a per user level. For example, you can create a policy that
allows users to browse specific sites for only 30 minutes a day.
Social Networking is a good candidate for creating blocking or limiting policies based on browsing time, since sites in
this category often create serious productivity loss. Policies can be created that limit the amount of time spent on these
websites.
To create a policy for Social Networking:
1. Go to Manage > Policies.
2. Click Add Policy.
3. In the Policy Name field, enter Block social networks by time limit .
4. In Policy Description, enter a description.
5. In the Block, Warn, Allow, Monitor element, select Block.
6. From the left sidebar, add the Users, Groups, IPs element to add specific users known to be “Social Network” addicts.
7. Add the Websites element and add the Social Network category.
8. Add also the Time element and configure the limit to 30 minutes per day.
GFI WebMonitor
4 Using GFI WebMonitor | 76
NOTE
You can add users to a group, and add the group in the Apply Policy To field. The limits will still be applied to each
individual user in the group.
9. Click Save.
4.4.21 Using a soft blocking policy
We all know that although web filtering is required, being too restrictive may cause resentment. It may also lead to
people actually being stopped from doing productive work when some certain legitimate sites are blocked.
With soft-blocking you can advise a user that it is against the organization’s policy to visit the site, and leave it up to the
user to decide whether they really need to access this site or not. This allows you to empower your users rather than stifle
them.
NOTE
To apply “soft-blocking” policies, use the Block, Warn, Allow or Monitor element in configured polices. Instead of
“Block” use the “Warn” option.
4.5 Configuring Exceptions
To configure exceptions in GFI WebMonitor you can either use the Blacklist and Whitelist policies or use the Exceptions
element in the policy builder, which can be added to any custom policy.
The Blacklist is a list of sites, users and IP addresses banned from performing any web activity. The Blacklist list takes
priority over all policies.
The Whitelist is a list of sites, users and IP addresses automatically excluded from all filtering policies configured in GFI
WebMonitor, allowing them to bypass filtering and scanning policies.
IMPORTANT
In GFI WebMonitor, the Blacklist takes priority over the Whitelist list. Therefore, if a site is listed in the Blacklist and
that same site is listed in the Whitelist , access to the site is blocked.
The Exceptions element can be added to any custom policy to add exceptions per policy for:
Specific users
Groups of users
Websites and IP addresses
Specific applications
4.6 Application control
Using the Applications element within the policy builder, you can exert control over applications used within your
organization. This includes instant messaging apps, social networking, games, streaming apps and many more. If a policy
is breached, GFI WebMonitor uses the configured policy to determine what action to take.
When GFI WebMonitor is installed, a number of pre-configured policies are automatically configured for your
convenience. These include:
Block streaming media applications
Block P2P
GFI WebMonitor
4 Using GFI WebMonitor | 77
Block free VPN and Tunneling applications
Block application access to Proxy and Anonymity networks
NOTE
When GFI WebMonitor is installed, these policies are switched off and must be enabled.
For your trial these policies are typically sufficient, but if you wish to create a new policy or edit one of the existing
policies, you can do this from: Manage > Policies.
4.7 Security scanning policies
One of the pre-configured polices that ship with GFI WebMonitor is pre-configured to block files that may contain
malicious content. This policy is set to apply to every user on the domain and to scan all file types using the inbuilt
BitDefender, VIPRE and Kaspersky engines. This policy is called Security Scanning Policy with Download Window and
can be modified as required.
The parameter Download Progress Window in this policy ensures that a progress window is shown whenever a users
tries to download a file.
TIP
If you don't want your users to see a download progress window, switch off this policy and enable Security
Scanning Policy without Download Window instead.
To view or edit this policy go to Manage > Policies. You can customize the policy as necessary; however, the initial setup
should suffice for the trial period.
4.8 Monitoring and filtering Internet browsing
Using the Websites elements, GFI WebMonitor gives you the facility to create policies aimed at monitoring and filtering
user browsing. , GFI WebMonitor determines what action to take, according to what you configured in that policy. This
may be one of the following actions:
Allow, Block, Warn or Monitor Internet browsing
Scan URLs for viruses and malicious content
Filter by reputation using inbuilt controls that apply filters based on a website's reputation
Notify specific users when certain URLs are requested
Limit - limit browsing based on surf time or bandwidth limits
GFI WebMonitor ships with a number of pre-configured policies that are typically sufficient for the purposes of the trial.
However, if you wish to create a new policy or edit one of the existing policies, you can do this from: Manage > Policies.
4.9 Editing an existing Policy
To edit an existing policy:
1. Go to Manage > Policies.
2. From the policy sidebar, select an existing policy.
3. Click Edit to enter in edit mode.
GFI WebMonitor
4 Using GFI WebMonitor | 78
4. Change the required settings.
5. Click Save.
4.10 Cloning a Policy
Existing policies can be cloned to quickly create new polices which can then be edited as required.
To clone a policy:
1. Go to Manage > Policies
2. From the policy sidebar, select an existing policy.
3. Hold and drag the selected policy to the main window.
4. The cloned policy is added to the policy sidebar.
5. Select the cloned policy and click Edit to configure.
6. Click Save.
NOTE
Default policies cannot be cloned.
4.11 Enabling or disabling a configured policy
To enable or disable a policy:
1. Go to Manage > Policies.
2. Click the switch next to the desired policy to enable or disable.
4.11.1 Deleting a policy
To delete a policy click on the policy you want to delete, hold and drag into the recycle bin icon.
4.12 Using the Dashboards
The GFI WebMonitor Dashboards provide quick insight to activity on your network. Use the following monitoring tools to
identify potential problems:
OPTION
DESCRIPTION
Overview
(Home)
Provides a quick glance of current activity on the network, enabling you to identify network usage trends and tasks
that need to be carried out by the administrator.
Bandwidth
Shows activity related to bandwidth consumption. Use the provided filters to spot downloads or uploads that are
affecting your network performance.
Activity
Gives you insight on different types of activity during specific times of the day.
Security
Displays activity related to security issues such as detection of infected files, malicious and phishing sites, as well as
information related to the most common viruses attacking your network.
Real-Time
Traffic
Shows network traffic in real-time.
Quotas
The Quotas dashboard lists active Web Browsing Quota Polices and their respective status.
Agents
The Agents dashboard provides information related to the status of configured Agents.
GFI WebMonitor
4 Using GFI WebMonitor | 79
NOTE
If Anonymization is enabled, personal data (such as User Names and IPs) is masked. For more information, refer to
Configuring Anonymization (page 52).
4.13 Overview of Internet Activity
On launching GFI WebMonitor, the home page is displayed by default. You can return to the home page anytime by
clicking Home in the main navigation bar.
The page contains information about Internet usage trends, such as:
The bandwidth trends for the current day
Web Security issues identified by GFI WebMonitor
Top Web Categories displayed either by bandwidth consumed or by number of users
Top Web Applications displayed either by bandwidth consumed or by number of users
Top users consuming the most bandwidth.
Information related to current web sessions
4.13.1 Product Status
Screenshot 14: Product status widgets
Use the Status widgets at the bottom of the page to verify details related to:
STATUS
DESCRIPTION
Notifications
A list of critical items is displayed in the home page for the attention of the System Administrator. Links are
provided to the item that requires attention. Click Manage notifications to view the Notification Center.
Active
Polices
Check how many policies are active and use the Manage policies shortcut to manage configured polices or create
new policies. For more information, refer to Working with Policies (page 66).
Bandwidth
consumption
Displays the average bandwidth consumption for the current day. Click More Bandwidth Insights to be redirected
to the Bandwidth Insights page. For more information, refer to Bandwidth Insights (page 90).
Licensing
Click on the drop down list next to Bandwidth Consumption and select Licensing to display the number of active
users being monitored. Click Update license to view the current license or enter a new key. For more information
on how GFI WebMonitor counts users for licensing purposes, refer to Knowledge Base article:
http://go.gfi.com/?pageid=WebMon_Licensing.
4.14 Monitoring Bandwidth
The Bandwidth dashboard provides information related to traffic and user activity that affects bandwidth consumption.
To access the dashboard, click Dashboards > Bandwidth.
A report summary at the top provides the following information:
GFI WebMonitor
4 Using GFI WebMonitor | 80
Download
Projected Download
Upload
Projected Upload
Peak Day
Filter Dashboard data according to the following:
OPTION
DESCRIPTION
All Bandwidth
Shows download and upload traffic.
Websites
Select to display bandwidth consumed by websites only.
Applications
Select to display bandwidth consumed by applications only.
Download
Click Download underneath the graph to display only downloaded traffic.
Upload
Click Upload underneath the graph to display only uploaded traffic.
Period
Use the controls to switch between Hour, Day, Week or Month.
View by:
Use the filter in the top right corner of the page to view data for a specific date range.
The lower portion of the Bandwidth page provides a breakdown of the data monitored in the specified period.
Data is broken down as follows:
FILTER
DESCRIPTION
Categories
Select to view a list of categories and bandwidth consumption for each category.
Websites/Applications
A list of websites and applications with information related to bandwidth consumption.
Users
A list of users and bandwidth consumption information for a specified period.
Event Log
A log of all the web requests for a single day, displaying:
Website/Application Name
Time - date and time of request
User - User name
IP - IP address
Machine Name - the name of the machine from which the request originated.
4.14.1 One-click Report Functionality
After you customize the dashboard, the view can be exported as a report or scheduled to be sent automatically as
required.
Export Report
To export the report:
1. From the top of the Dashboard, click Actions and select Export Report .
2. GFI WebMonitor displays the exported report in a separate window in your browser.
3. Click Save and select one of the following options:
OPTION
DESCRIPTION
Excel
The report is exported in Microsoft Excel format (.xls)
PDF
The report is exported in PDF format.
Word
The report is exported in Microsoft Word format (.doc)
GFI WebMonitor
4 Using GFI WebMonitor | 81
Schedule Report
To schedule the report:
1. From the top of the Dashboard, click Actions and select Schedule Report .
2. GFI WebMonitor redirects you automatically to the Reports area.
3. Edit the report as required.
4. Save the report.
For more information refer to Reporting.
IMPORTANT
If Anonymization is enabled, personal data (such as User Names and IPs) will be masked. For more information,
refer to Configuring Anonymization (page 52).
4.15 Monitoring Security
The Security dashboard provides information related to web requests and user activity for a specified period. The
information provided enables you to identify security risks and threats to your network environment at a glance.
To access the dashboard, click Dashboard > Security.
A report summary at the top provides the following information:
Breaches
Warns
Top Filtered Category
Top AV Activity
Top Blocked Website/Application
Filter available data to provide information related to:
OPTION
DESCRIPTION
All Security
Shows all activity made through GFI WebMonitor in the specified period.
Websites
Displays only security issues related to websites.
Applications
Displays only security issues related to application usage.
Period
Use the controls to switch between Hour, Day, Week or Month.
View by:
Use the filter in the top right corner of the page to view data for a specific date range.
NOTE
Use the View by: filter in the top right corner of the page to view data for a specific date range.
The lower portion of the Security page provides a breakdown of the data monitored in the specified period. Click the
available tabs to view information filtered by the following categories:
FILTER
DESCRIPTION
Policies
Affected policies are listed in this tab, together with the total number of Breaches and the name of the
users who made the request.
GFI WebMonitor
4 Using GFI WebMonitor | 82
FILTER
DESCRIPTION
Policy Action
The type of action taken by GFI WebMonitor. Can be Blocked or Warned.
Categories
Select to view a list of categories with total number of Breaches for each category.
Websites/Applications
A list of websites or Applications with respective total number of Breaches. Data can be viewed by Domain
or by Site using the provided controls.
Viruses
A list of detected viruses, with the total number of Breaches.
Users
A list of users and the total Breaches for a specified period, broken down under the following headings:
Infected and Malicious.
Event Log
Provides a log of all the web requests that fall within the specified period, displaying:
Websites / Application Name - URL of request
Time - date and time of request
Machine Name - the name of the machine from which the request originated.
User - User name
IP - IP address
Policy Action - The type of action taken by GFI WebMonitor. Can be Blocked or Warned.
4.15.1 One-click Report Functionality
After you customize the dashboard, the view can be exported as a report or scheduled to be sent automatically as
required.
Export Report
To export the report:
1. From the top of the Dashboard, click Actions and select Export Report .
2. GFI WebMonitor displays the exported report in a separate window in your browser.
3. Click Save and select one of the following options:
OPTION
DESCRIPTION
Excel
The report is exported in Microsoft Excel format (.xls)
PDF
The report is exported in PDF format.
Word
The report is exported in Microsoft Word format (.doc)
Schedule Report
To schedule the report:
1. From the top of the Dashboard, click Actions and select Schedule Report .
2. GFI WebMonitor redirects you automatically to the Reports area.
3. Edit the report as required.
4. Save the report.
For more information refer to Reporting.
IMPORTANT
If Anonymization is enabled, personal data (such as User Names and IPs) will be masked. For more information,
refer to Configuring Anonymization (page 52).
GFI WebMonitor
4 Using GFI WebMonitor | 83
4.16 Monitoring Real-Time Traffic
The Real-Time Traffic dashboard enables you to monitor Internet usage in real-time. Monitor current active connections
and terminate them if necessary (for example, streaming media or large unauthorized downloads), and view most recent
connections. Real-time graphs of bandwidth and activity give you visual indicators of the current situation.
IMPORTANT
If Anonymization is enabled, personal data (such as User Names and IPs) will be masked. For more information,
refer to Configuring Anonymization (page 52).
To access the Real-Time Traffic dashboard:
1. Go to Dashboards > Real-Time Traffic .
2. Click one of the following tabs:
OPTION
DESCRIPTION
Active Con
nections
Provides information related to current active connections. Active connections can be terminated to free up
bandwidth. For more information, refer to Terminating active connections (page 84).
Additional filtering is available by:
Categories - Select to view a list of categories with total Web Requests and Bandwidth consumption for each cat
egory.
Websites - A list of websites with respective total Web Requestsand Bandwidth consumption per site. Data can
be viewed by Domain or by Site using the provided controls.
Users - A list of users with total Web Requests and Bandwidth consumption per user.
Bandwidth
A graph displays the current bandwidth consumption in KB/sec. Additional information includes:
IP (User)
Url
Status
Downloaded
Uploaded
Activity
Displays the number of current web requests
IP (User)
Url
Status
Downloaded
Uploaded
NOTE
For Bandwidth and Activity real-time traffic graph, set the Auto refresh interval at the top right corner of the page.
Default is set to 3.
4.16.1 Terminating active connections
GFI WebMonitor enables you to terminate any active connections for bandwidth optimization. This action can be
performed from the Real-Time Dashboard.
To terminate a connection:
1. Go to Dashboards > Real-Time Traffic .
2. Select Active Connections view.
3. Click the refresh button to display a list of currently active connections.
GFI WebMonitor
4 Using GFI WebMonitor | 84
4. Select the connections you want to terminate and click Terminate.
5. Click Confirm.
4.17 Using the Quotas Dashboard
The Quotas dashboard lists active Polices based on web browsing quotas and their respective status. If a quota is
exceeded, the administrator can review the listed items and decide on what action to take. If the policy is not reset,
browsing is blocked and a message displayed in the user's browser stating the reason why the browsing was blocked
and the name of the policy.
The Quotas Dashboard provides the following information:
OPTION
DESCRIPTION
User/IP
Displays the user name or IP address being blocked. If Anonymization is enabled, the data shown is generic, for
example, User 0, User 1. For more information, refer to Configuring Anonymization (page 52).
Policy
Name
The name of the active policy. Click policy name to access settings page and edit the policy.
Limit
Type
Limit type can be by Bandwidth or by Time.
Limit
Displays the amount of Bandwidth or Time allocated in the respective Policy.
Current
Threshold
Shows the current threshold for the configured policy. Click to sort by the current threshold.
Usage
Lists the amount remaining for each Web Browsing Quota Policy and a bar that fills up according to usage. Statistics are
displayed when the mouse is hovered over the bar and contains the following: Limited per
Policy Priority
An additional filter lets you view data by the following criteria:
OPTION
DESCRIPTION
Users (Default)
Lists Users or IP Addresses with a filter to search for entries of a particular user.
Limit Type
Click to filter data by the Limit Types. Drill down further by clicking on the types.
To reset an item from the Quotas list:
1. Go to Dashboards > Quotas.
2. Locate the item to reset, and select the check box next to it. You can also select multiple items.
3. To reset an exceeded policy perform one of the following actions:
OPTION
DESCRIPTION
Reset
Click to reset selected items in the list.
Reset All
Click to reset all items in the list.
4. From the Reset Web Browsing Quota For User window, click Confirm.
4.18 Monitoring Agents
The Agents dashboard provides information related to the status of configured GFI WebMonitor Agents. The GFI
WebMonitor Agent can be deployed on portable computers to apply web filtering policies when the machine is
disconnected from the corporate network (for example when the user is at home or traveling on business).
GFI WebMonitor
4 Using GFI WebMonitor | 85
The information provided by the Agents Dashboard enables you to quickly identify when remote users last
synchronized with your GFI WebMonitor server .
Data is filtered to provide information related to:
OPTION
DESCRIPTION
Host Name
Machine name where the GFI WebMonitor Agent is installed.
IP
Displays the detected GFI WebMonitor Agent by IP address.
Last Request
Lists the date and time of the last communication between the GFI WebMonitor Agent and the GFI WebMonitor
server.
Agent Ver
sion
Displays the version number of the detected GFI WebMonitor Agent. An icon shows if the Agent is up to date or
not.
An additional filter at the bottom of the dashboard lists Agent versions. This information is useful to identify outdated
Agents.
Removing Agents from the Dashboard
Agents can be removed from the dashboard when, for example, they are no longer active. This action does not remove
any information generated by the selected Agent/s or uninstall the WebMonitor Agent/s from the client machine.
To remove an Agent from the list:
1. Go to Dashboards > Agents
2. Select the checkbox next to the Agent you want to remove.
3. Click Delete.
4.18.1 Using Web Category Lookup
When GFI WebMonitor is installed, a database with a limited amount of categorized web sites is installed. GFI
WebMonitor updates this local database on activation.
Web categorization is a feature that connects to the Internet to look up URLs not found in the local database. For more
information on website categorization refer to the following whitepaper: How Web Reputation increases your online
protection.
The Web Categorization page also provides a lookup area where you can check a category for a specific URL.
To look up a URL:
1. Go to Manage > Tools.
2. Enter a URL in the Lookup website field.
3. Click Check Category.
4. If you think the website is wrongly categorized, click Send URL Feedback to GFI to report the problem.
5.
Click Add in the results box and perform one of the following actions:
Action
Description
Add to existing policy
Click to open the policy wizard and add the selected URL to an existing policy.
Create new policy
Click to open the policy wizard and add the selected URL to a new policy.
Create new remote policy
Click to open the policy wizard and add the selected URL to a new remote policy.
GFI WebMonitor
4 Using GFI WebMonitor | 86
4.19 Using WebInsights
WebInsights is an interactive facility within GFI WebMonitor that uses real-time and historical records to deliver
information related to Internet usage and trends. Using an internal behavior analysis engine, GFI WebMonitor
establishes a baseline based on your historical Internet usage data.
The WebInsights dashboards compare real-time data to this baseline, enabling you to gain a quick insight on Web
resource use, or misuse, while also identifying threats to your network.
IMPORTANT
The WebInsights dashboards are available in GFI WebMonitor 2015 SR2 edition and later.
The available dashboards are:
DASHBOARD
DESCRIPTION
Bandwidth
Insights
The Bandwidth Insights dashboard provides information related to traffic and user activity that affects bandwidth
consumption.
Security
Insights
The Security Insights dashboard provides information related to web requests and user activity for a specified
period. The information provided enables you to identify security risks and threats to your network environment at a
glance.
Productivity
Insights
The Productivity Insights dashboard provides information related to web requests and user activity for a specified
period. The information helps you identify unproductive users at a glance.
NOTE
When GFI WebMonitor is installed for the first time, the WebInsights dashboards do not display any data. Please wait
for a minimum of 1 hour until GFI WebMonitor gathers enough information to start populating the dashboards.
4.20 Productivity Insights
The Productivity Insights dashboard provides information related to web requests and user activity for a specified period.
The information helps you quantify your losses in terms of productivity and identify potential unproductive users,
enabling you to take adequate action.
To access the dashboard, click WebInsights > Productivity.
GFI WebMonitor
4 Using GFI WebMonitor | 87
Screenshot 15: Productivity Insights dashboard
NOTE
Use the View by: filter in the top right corner of the page to view data for a specific date range.
A summary at the top provides the following information:
Number of hits on websites and applications in the Productivity Loss category.
Time spent on websites and applications in the Productivity Loss category.
An estimate of productivity loss compared to the average for the same period.
Trend - this graph shows the peaks and lows of productivity loss compared to the average for the same period. Move
the cursor over the graph to display the projected loss on the selected period.
The lower portion of the WebInsights Productivity dashboard is composed of two widgets:
The Days Above Average in Terms of Web Activity widget compares current productivity loss with the previous
period averages. The period changes according to the filtering option selected.
The Top Users Browsing Unproductive Categories widget displays a list of users that browse sites that belong to
unproductive categories.
GFI WebMonitor
4 Using GFI WebMonitor | 88
IMPORTANT
If Anonymization is enabled, personal data (such as User Names and IPs) will be masked. For more information,
refer to Configuring Anonymization (page 52).
4.21 Security Insights
The Security Insights dashboard provides information related to malicious activity and infected files for a specified
period. The information provided enables you to identify security risks and threats to your network environment at a
glance.
To access the dashboard, click WebInsights > Security.
Screenshot 16: Security Insights dashboard
NOTE
Use the View by: filter in the top right corner of the page to view data for a specific date range.
A summary at the top provides the following information:
Security concerns broken down between blocked malicious URLs and infected downloads.
Blocked requests broken down between websites and applications.
GFI WebMonitor
4 Using GFI WebMonitor | 89
Trend - this graph shows the peaks and lows of actual security issues compared to the average consumption for the
same period. Move the cursor over the graph to display the amount of issues for the selected period.
The lower portion of the WebInsights Security dashboard is composed of two widgets:
The Days Above Average in Terms of Security Concerns widget shows on which days of the week your network
experienced security concerns that were above average. Toggle the view between results for this week or for the pre
vious week.
The Top Users Generating Security Concerns widget displays a list of users that are accessing content that is cre
ating security concerns to your organization.
IMPORTANT
If Anonymization is enabled, personal data (such as User Names and IPs) will be masked. For more information,
refer to Configuring Anonymization (page 52).
4.22 Bandwidth Insights
The Bandwidth Insights dashboard provides quick information related to traffic and user activity that affects bandwidth
consumption. The dashboard is useful to understand how allocated bandwidth is being used on your network and to
identify critical issues at a glance.
To access the dashboard, click WebInsights > Bandwidth.
Screenshot 17: Bandwidth Insights dashboard
GFI WebMonitor
4 Using GFI WebMonitor | 90
NOTE
Use the View by: filter in the top right corner of the page to view data for a specific date range.
A summary at the top provides the following information:
Bandwidth consumed by user downloads. This information is broken down between downloads originating from
websites and that originating from applications.
Bandwidth consumed by user uploads. This information is broken down between uploads to websites and to applic
ations.
Total bandwidth consumption for the selected period. The total downloads plus total uploads. The amount is com
pared to the average for the same period.
Trend - this graph shows the peaks and lows of actual bandwidth consumption compared to the average con
sumption for the same period. Move the cursor over the graph to display the amount of download and upload band
width consumed on the selected period.
The lower portion of the WebInsights Bandwidth dashboard is composed of two widgets:
The Days Above Average in Terms of Bandwdith Consumption widget compares current bandwidth usage with
the previous period averages. The period changes according to the filtering option selected.
The Top Users Consuming Bandwidth widget displays the users that consumed the most bandwidth.
IMPORTANT
If Anonymization is enabled, personal data (such as User Names and IPs) will be masked. For more information,
refer to Configuring Anonymization (page 52).
4.23 Working with Reports
GFI WebMonitor makes use of an in-built reporting engine that enables you to create reports without having to leave the
User Interface.
Use the reporting feature to create:
Department based reporting that can be scheduled and sent to the relevant department heads
Targeted and relevant reports based on inclusions and exclusions of users, categories and websites.
Need based reporting based on Browsing Activity / Bandwidth / Security and other needs
Scheduled reports distributed in various formats.
REPORT
CATEGORY
DESCRIPTION
All
All the reports from Activity, Bandwidth and Security are displayed in this area.
Bandwidth
Monitor bandwidth activity on your network. Use these reports to identify non-productive traffic, download trends
and usage patterns.
Activity
Use activity reports to gain insight into what sites users are visiting, what applications they are using and what content
is downloaded to your network.
Security
Spot any security problems to prevent attacks to your network. The security reports give you full visibility into results
of virus detections, hits to malicious websites and other security issues.
Starred
A list of frequently used reports. Select a report you want to mark as favorite. Click the star in top left corner of the
report tile.
GFI WebMonitor
4 Using GFI WebMonitor | 91
REPORT
CATEGORY
DESCRIPTION
Scheduled
Any reports scheduled to run at a future date are automatically added to this list.
Generated
Click Generated tab in the sidebar to display a list of previously generated reports.
To use one of the reports:
1. Go to Reports and select a report category from the left sidebar.
2. Click one of the report names to edit or click Generate to run the report.
4.23.1 Editing reports
All existing reports can be edited to change configured settings.
To edit a report:
1. Go to Reports.
2. From the left sidebar select a report category.
3. Click the report tile to edit and click the Edit icon
within the tile.
OPTION
DESCRIPTION
General
1. [Optional] Change the name of the report.
2. Provide a date range covered by the report.
3. Set the maximum number of records shown in the report (Default 1000).
Data
Select the filters that will be applied to the report. For each filter specify the elements to include or exclude:
Click Users/IPs to add users or IP addresses to include or exclude in the report.
Click Users Groups tab and add the users or groups to include or exclude in the report.
Click Websites tab and add the domains to include or exclude in the report.
Click Web Categories tab to add any of the pre-defined categories to include or exclude in the report
Click Applications tab to add the applications to include or exclude in the report
Click Policies tab to add the policies to include or exclude in the report
Schedule
1. Click the Scheduled switch to enable report scheduling.
NOTE
If the schedule is disabled, report is not automatically generated.
2. In the Runs area, select if report is going to be generated: Once, Daily, Weekly, Monthly
3. In the Run every field, define the interval in days when the report is generated.
4. In the Time to run field, specify at which time of day to execute the report.
5. Use the Repeat until option to select if you want the occurrence to end after a specified period. Select Date and
define the date, otherwise set the setting to Never (Default).
Output
Select the report output format and specify a location to save the report.
Distribution
[Optional] Add a recipient email address to send the document by email.
4. Click Save.
5. To run the report, click Generate.
4.23.2 Cloning reports
All existing reports can be cloned to create new custom reports.
To clone a report:
GFI WebMonitor
4 Using GFI WebMonitor | 92
1. Go to Reports and select one or more reports you want to clone.
2. Click Actions > Clone.
3. Change the name of the report and edit the report as required.
4.23.3 Removing reports
Cloned reports can be removed from the list of reports.
NOTE
GFI WebMonitor ships with a set of default reports that can be modified but cannot be deleted.
To remove:
o clone a report:
1. Go to Reports and select one or more reports.
2. Click Actions > Remove.
3. Click OK to confirm deletion.
4.24 Notification Center
Using the Log Alert element from within Policies, GFI WebMonitor lets you configure alerts based on specific usage
patterns, such as warnings bypassed or sites that have been blocked. Some examples include:
Monitoring alerts when a specific threshold is exceeded. Thresholds can be related to number of sites accessed,
blocked or the number of times a user bypassed warnings.
Alerts when bandwidth limit is exceeded. Limits can be set on the total bandwidth (download + upload traffic) con
sumed during a designated period, on download traffic only or on upload traffic only.
Access requests from users asking approval to visit blocked sites.
Alerts related to security issues. These include detection of cyber-attacks, virus detection, phishing campaigns and
potential threats from malware.
You can view a list of alerts in the Notifications Center. Click the notifications icon
following filters to sort and view the data:
OPTION
DESCRIPTION
Type
Indicates the type of the alert.
Date &
Time
The date and time of the alert.
Message
A description of why the alert was triggered.
Autorefresh
Disabled by default. Enable to periodically refresh the list of alerts.
Search
Key in search criteria and click the magnifying glass to search for specific alerts.
Warning
filter
Click to display only warning alerts.
GFI WebMonitor
in the toolbar and use the
4 Using GFI WebMonitor | 93
OPTION
DESCRIPTION
Request
filter
Click to view only requests for temporary access to websites. These requests are generated from polices that block web
site access. To approve access, select the request you want to approve and click
to grant temporary access to the
blocked website. If access is approved, a new temporary policy is created with top priority on the policies page. When
approving, the IT Admin can define when the temporary access will expire. This creates a time window when the user
can access the website. If no selection is made the default value of 24 hours is applied. The temporary policy is auto
matically deleted once it expires, unless the policy is edited.
To delete alerts, select the alerts you want to remove and click
GFI WebMonitor
.
4 Using GFI WebMonitor | 94
5 Troubleshooting and support
5.1 Introduction
This section explains how to resolve any issues encountered during installation of GFI WebMonitor. The main sources of
information available to solve these issues are:
This manual - most issues can be solved through the information in this section.
GFI Knowledge Base articles
Web forum
Contacting GFI Technical Support
5.2 GFI knowledge base
GFI maintains a comprehensive knowledge base repository, which includes answers to the most common problems. GFI
knowledge base always has the most up-to-date listing of technical support questions and patches. If the information in
this guide does not solve your problems, refer to knowledge base.
5.3 Web Forum
User to user technical support is available via the GFI Web Forum.
5.4 Request Technical Support
If none of the resources listed above enable you to solve your issues, contact the GFI Technical Support team by filling in
an online support request form or by phone.
Online: Fill out the Technical support form and follow the instructions on this page to submit your support request.
Phone: To obtain the correct technical support phone number for your region visit our website.
NOTE
Before contacting Technical Support, have your Customer ID available. Your Customer ID is the online account
number that is assigned to you when first registering your license keys in the GFI Customer Area.
We will answer your query within 24 hours or less, depending on your time zone.
5.5 Documentation
If this manual does not satisfy your expectations, or if you think that this documentation can be improved in any way, let
us know via email on: [email protected]
GFI WebMonitor
5 Troubleshooting and support | 95
6 Glossary
A
Access Control
A feature that allows or denies users access to resources, for example, Internet access.
Active Directory
A technology that provides a variety of network services, including LDAP-like directory services.
AD
Active Directory
Administrator
The person responsible for installing and configuring GFI WebMonitor.
Always Allowed List
A list that contains information about what should be allowed by GFI WebMonitor.
Always Blocked List
A list that contains information about what should be blocked by GFI WebMonitor.
Anti-virus
Software that detects viruses on a computer.
C
Cache
A location where GFI WebMonitor temporarily keeps downloaded files. This will speed up subsequent
requests for the same file as GFI WebMonitor would serve the file directly from the cache instead of down
loading it again.
CER
CER file format
CER file format
A certificate file format that contains the certificate data but not the private key.
Certificate Revocation List
A list issued by a Certification Authority listing HTTPS websites certificates that were revoked.
Chained Proxy
When client machines connect to more than one proxy server before accessing the requested des
tination.
Console
An interface that provides administration tools that enable the monitoring and management of Internet
traffic.
GFI WebMonitor
6 Glossary | 96
CRL
Certificate Revocation List
D
Dashboard
Enables the user to obtain graphical and statistical information related to GFI WebMonitor operations.
E
Expired Certificate
An expired certificate has an end date that is earlier than the date when the certificate is validated by GFI
WebMonitor.
F
File Transfer Protocol
A protocol used to transfer files between computers.
FTP
File Transfer Protocol.
G
Google Chrome
A web browser developed and distributed by Google.
GPO
Group Policy Objects.
Group Policy Objects
An Active Directory centralized management and configuration system that controls what users can and
cannot do on a computer network.
H
Hidden Downloads
Unwanted downloads from hidden applications (for example, trojans) or forgotten downloads initiated
by users.
HTTP
Hypertext Transfer Protocol.
HTTPS
Hypertext Transfer Protocol over Secure Socket Layer (SSL).
HyperText Transfer Protocol
A protocol used to transfer hypertext data between servers and Internet browsers.
GFI WebMonitor
6 Glossary | 97
HyperText Transfer Protocol over Secure Socket Layer (SSL)
A protocol used to securely transfer encrypted hypertext data between servers and Internet browsers. The
URL of a secure connection (SSL connection) starts with https: instead of http:.
I
Internet Browser
An application installed on a client machine that is used to access the Internet.
Internet Gateway
A computer that has both an internal and an external network card. Internet sharing is enabled, and cli
ent machines on the internal network use this computer to access the Internet.
L
LAN
Local Area Network.
LDAP
Lightweight Directory Access Protocol.
Lightweight Directory Access Protocol
A set of open protocols for accessing directory information such as email addresses and public keys.
Local Area Network
An internal network that connects machines in a small area.
M
Malware
Short for malicious software.Unwanted software designed to infect a computer such as a virus or a tro
jan.
Microsoft Forefront Threat Management Gateway
A Microsoft product that provides firewall and web proxy services. It also enables administrators to man
age Internet access through policies. It is the successor of the Microsoft ISA Server and is part of the
Microsoft Forefront line of business security software.
Microsoft Forefront TMG
Microsoft Forefront Threat Management Gateway
Microsoft Internet Explorer
A web browser developed and distributed by Microsoft Corporation.
Microsoft Internet Security and Acceleration Server
A Microsoft product that provides firewall and web proxy services. It also enables administrators to man
age Internet access through policies.
Microsoft ISA Server
Microsoft Internet Security and Acceleration Server.
GFI WebMonitor
6 Glossary | 98
Microsoft SQL Server
A Microsoft database management system used by GFI WebMonitor to store and retrieve data.
Microsoft Windows Live Messenger
An instant messaging application developed by Microsoft used by users to communicate on the Internet.
Mozilla Firefox
Mozilla Firefox is an open source Internet browser.
MSN
Microsoft Windows Live Messenger
N
Non-validated Certificate
An non-validated certificate has a start date that falls after the date when the certificate is validated by
GFI WebMonitor.
NT LAN Manager
A Microsoft network authentication protocol.
NTLM
NT LAN Manager.
P
Personal Information Exchange file format
A certificate file format that contains the certificate data and its public and private keys.
PFX
Personal Information Exchange file format.
Phishing
The act of collecting personal data such as credit card and bank account numbers by sending fake emails
which then direct users to sites asking for such information.
Port Blocking
The act of blocking or allowing traffic over specific ports through a router.
Proxy Server
A server or software application that receives requests from client machines and responds according to fil
tering policies configured in GFI WebMonitor.
Q
Quarantine
A temporary storage for unknown data that awaits approval from an administrator.
GFI WebMonitor
6 Glossary | 99
R
Revoked Certificate
A revoked certificate is a valid certificate that has been withdrawn before its expiry date (for example,
superseded by a newer certificate or lost/exposed private key).
S
Spyware
Unwanted software that publishes private information to an external source.
T
Traffic Forwarding
The act of forwarding internal/external network traffic to a specific server through a router.
U
Uniform Resource Locator
The address of a web page on the world wide web. It contains information about the location and the
protocol.
URL
Uniform Resource Locator.
User Agent
A client application that connects to the Internet and performs automatic actions.
V
Virus
Unwanted software that infects a computer.
W
WAN
Wide Area Network.
Web Proxy AutoDiscovery protocol
An Internet protocol used by browsers to automatically retrieve proxy settings from a WPAD data file.
Web traffic
The data sent and received by clients over the network to websites.
WebFilter Edition
A configurable database that allows site access according to specified site categories per user/group/IP
address and time.
GFI WebMonitor
6 Glossary | 100
WebGrade Database
A database in GFI WebMonitor, used to categorize sites.
WebSecurity Edition
WebSecurity contains multiple anti-virus engines to scan web traffic accessed and downloaded by the cli
ents.
Wide Area Network
An external network that connects machines in large areas.
WPAD
Web Proxy AutoDiscovery protocol.
GFI WebMonitor
6 Glossary | 101
7 Index
Microsoft Forefront TMG 10, 24, 29, 35
A
O
Advanced Settings 16-17, 20, 47-55
Online lookups 58, 60
Always Allowed 5, 67-69, 74, 77
Always Blocked 26, 67-68, 74
Anonymization 48, 52, 80, 82-85, 89-91
Anti-virus 48, 52-53, 58, 60
B
P
Phishing 5, 48, 52, 73-74, 79, 93
Port Blocking 8, 10, 12, 14, 29
Proxy Server 8, 12-13, 15, 17-18, 20, 25, 28-30, 34, 48, 55-57
R
Bandwidth 5, 27, 33, 48, 51, 54-55, 67, 70, 72-73, 75-76, 7880, 84-85, 87, 90-91, 93
Remote Access Control 16, 20, 33, 37, 48, 50
Authorization Rule 50
C
Windows Authentication 44-45, 48, 50-51
Cache 54-55
Chained Proxy 29, 34
Configuration 5, 7, 10-11, 16, 19-20, 25, 28-30, 33-35, 41, 43,
45-47, 49, 52, 56-58, 61, 63, 66
Reporting 7, 24, 43, 58, 82-83, 91
S
Security Policies
Console 8, 10, 19-20, 41, 57, 61
Security Engines 48, 52-53
Credentials 17, 28, 32-34, 37, 44-46, 50
Simple Proxy 7, 10, 12, 15-16, 28-29, 35
D
Snap-ins 10, 19, 57
Dashboard 34, 51-52, 82, 84-87, 89-90
Spyware 5
F
T
FTP 56-57
Technical Support 95
H
Traffic Forwarding 8, 10, 12-13, 15, 29
HTTP 10, 12-14, 16, 28-30, 33-34, 37, 52, 55-57
Troubleshooting 95
HTTPS Scanning 17, 28, 37-38, 40, 42
W
I
Web Categorization 86
Installation 7, 16, 20-22, 25, 27-28, 34, 43-46, 48-49, 53, 6163, 95
Web Forum 95
Integrated authentication 33, 37
WebGrade Database 9, 53
Internet Gateway 10-11, 29
Wildcards 55
Internet Policies
WPAD 11, 17, 25, 28-31, 35, 37, 48, 55, 57, 60
Web traffic 14, 34
Search Engine Policies 54
K
Knowledge Base 80, 95
L
License key 16, 28, 49, 61-62
Log on as a service rights 9
M
Malware 5, 52, 67-68, 73-74, 93
GFI WebMonitor
Index | 102
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement