Windows XP SP2 Pop-up Blocker. 8e6 R3000, Enterprise Filter Authentication R3000
Below you will find brief information for Enterprise Filter R3000. This document provides instructions on setting up and configuring the R3000 for authentication on your network. It covers topics such as network setup, authentication protocols, configuring authentication servers, and testing authentication settings. The document also includes sections on troubleshooting and technical support.
Advertisement
Advertisement
A
PPENDIX
F O
VERRIDE
P
OP
-
UP
B
LOCKERS
Windows XP SP2 Pop-up Blocker
Set up pop-up blocking
There are two ways to enable the pop-up blocking feature in the IE browser.
Use the Internet Options dialog box
1. From the IE browser, go to the toolbar and select Tools >
Internet Options to open the Internet Options dialog box.
2. Click the Privacy tab:
242
Fig. F-7 Enable pop-up blocking
3. In the Pop-up Blocker frame, check “Block pop-ups”.
4. Click Apply and then click OK to close the dialog box.
8
E
6 T
ECHNOLOGIES
, R3000 E
NTERPRISE
F
ILTER
A
UTHENTICATION
U
SER
G
UIDE
A
PPENDIX
F O
VERRIDE
P
OP
-
UP
B
LOCKERS
Use the IE toolbar
In the IE browser, go to the toolbar and select Tools > Popup Blocker > Turn On Pop-up Blocker:
Fig. F-8 Toolbar setup
When you click Turn On Pop-up Blocker, this menu selection changes to Turn Off Pop-up Blocker and activates the
Pop-up Blocker Settings menu item.
You can toggle between the On and Off settings to enable or disable pop-up blocking.
Temporarily disable pop-up blocking
1. In the Options page (see Fig. F-1), enter your Username and Password.
2. Press and hold the Ctrl key on your keyboard while simultaneously clicking the Override button—this action opens the override account pop-up window.
8
E
6 T
ECHNOLOGIES
, R3000 E
NTERPRISE
F
ILTER
A
UTHENTICATION
U
SER
G
UIDE
243
A
PPENDIX
F O
VERRIDE
P
OP
-
UP
B
LOCKERS
Add override account to the white list
There are two ways to disable pop-up blocking for the override account and to add the override account to your white list.
Use the IE toolbar
1. With pop-up blocking enabled, go to the toolbar and select Tools > Pop-up Blocker > Pop-up Blocker Settings to open the Pop-up Blocker Settings dialog box:
244
Fig. F-9 Pop-up Blocker Settings
2. Enter the Address of Web site to allow, and click Add to include this address in the Allowed sites list box. Click
Close to close the dialog box. The override account
window has now been added to your white list.
3. In the Options page (see Fig. F-1), enter your Username and Password.
4. Click the Override button to open the override account pop-up window.
8
E
6 T
ECHNOLOGIES
, R3000 E
NTERPRISE
F
ILTER
A
UTHENTICATION
U
SER
G
UIDE
A
PPENDIX
F O
VERRIDE
P
OP
-
UP
B
LOCKERS
Use the Information Bar
With pop-up blocking enabled, the Information Bar can be set up and used for viewing information about blocked popups or allowing pop-ups from a specified site.
Set up the Information Bar
1. Go to the toolbar and select Tools > Pop-up Blocker >
Pop-up Blocker Settings to open the Pop-up Blocker
Settings dialog box (see Fig. F-9).
2. In the Notifications and Filter Level frame, click the checkbox for “Show Information Bar when a pop-up is blocked.”
3. Click Close to close the dialog box.
Access your override account
1. In the Options page (see Fig. F-1), enter your Username and Password.
2. Click the Override button. This action displays the following message in the Information Bar: “Pop-up blocked. To see this pop-up or additional options click here...”:
Fig. F-10 Information Bar showing blocked pop-up status
8
E
6 T
ECHNOLOGIES
, R3000 E
NTERPRISE
F
ILTER
A
UTHENTICATION
U
SER
G
UIDE
245
A
PPENDIX
F O
VERRIDE
P
OP
-
UP
B
LOCKERS
3. Click the Information Bar for settings options:
Fig. F-11 Information Bar menu options
4. Select Always Allow Pop-ups from This Site—this action opens the Allow pop-ups from this site? dialog box:
Fig. F-12 Allow pop-ups dialog box
5. Click Yes to add the override account to your white list and to close the dialog box.
NOTE: To view your white list, go to the Pop-up Blocker Settings dialog box (see Fig. F-9) and see the entries in the Allowed sites list box.
6. Go back to the Options page and click Override to open the override account window.
246
8
E
6 T
ECHNOLOGIES
, R3000 E
NTERPRISE
F
ILTER
A
UTHENTICATION
U
SER
G
UIDE
A
PPENDIX
G G
LOSSARY
A
PPENDIX
G
Glossary
This glossary includes definitions for terminology used in this user guide.
ADS - Active Directory Services is a Windows 2000 direc-
tory service that acts as the central authority for network security, by letting the operating system validate a user's identity and control his or her access to network resources.
attribute - A component of a group base or Distinguished
Name (DN) that has a type and value. Attribute types include "cn" for common name, "dc" for domain component, and “ou” for organizational unit.
authentication method - A way to validate users on a
network. Methods include SMB/NT (referred to as “NT” throughout this user guide) and LDAP.
authentication server - The domain controller on a
domain. This server is used for authenticating users on the network.
block setting - A setting assigned to a service port or library
category when creating a rule, or when setting up a filtering profile or the minimum filtering level. If an item is given a block setting, users will be denied access to it.
common name (cn) - An attribute type entered for a user-
name and group when using LDAP.
directory - This information source on a server contains attribute-based data relevant to a DN entry.
8
E
6 T
ECHNOLOGIES
, R3000 E
NTERPRISE
F
ILTER
A
UTHENTICATION
U
SER
G
UIDE
247
A
PPENDIX
G G
LOSSARY
directory service - Uses a directory on a server to auto-
mate administrative tasks for storing and managing objects on a network (such as users, passwords, and network resources users can access). ADS, DNS, and NDS (Novell
Directory Services) are types of directory services.
Distinguished Name (DN) - A string of “cn” and “dc”
attribute types comprised of the username and group name, domain name, and DNS suffix. For example:
“cn=admin_user, cn=admin, dc=yahoo, dc=com”. The “ou” attribute type also could be a part of the DN. For example:
“cn=Joe Smith, ou=users, ou=sales, dc=acme, dc=com”.
DNS - Domain Name Service is a distributed Internet direc-
tory service. DNS is used mostly for making translations between domain names and IP addresses.
domain - An entity on a network comprised of servers,
workstations, and peripherals.
domain component (dc) - An attribute type entered for a
domain name and DNS suffix when using LDAP.
domain controller - An authentication server that answers
logon requests from workstations in a Windows NT domain.
There are two types of domain controller servers: Primary
Domain Controller (PDC) and Backup Domain Controller
(BDC).
entry - A collection of attribute types that comprise a Distin-
guished Name (DN). Each attribute type of the Distinguished Name has a type and one or more values. These types are mnemonic strings, such as "cn" for common name, "dc" for domain component, or “ou” for organizational unit.
filter setting - A setting made for a service port. A service
port with a filter setting uses filter settings created for library categories (block or open settings) to determine whether users should be denied or allowed access to that port.
248
8
E
6 T
ECHNOLOGIES
, R3000 E
NTERPRISE
F
ILTER
A
UTHENTICATION
U
SER
G
UIDE
A
PPENDIX
G G
LOSSARY
firewall mode - An R3000 set up in the firewall mode will
filter all requests. If the request is appropriate, the original packet will pass unchanged. If the request is inappropriate, the original packet will be blocked from being routed through.
global administrator - An authorized administrator of the
network who maintains all aspects of the R3000, except for managing master IP groups and their members, and their associated filtering profiles. The global administrator configures the R3000, sets up master IP groups, and performs routine maintenance on the server.
group administrator - An authorized administrator of the
network who maintains a master IP group, setting up and managing members within that group. This administrator also adds and maintains customized library categories for the group.
group name - The name of a group set up for a domain on
an NT server. For example: “production” or “sales”.
invisible mode - An R3000 set up in the invisible mode will
filter all connections on the Ethernet between client PCs and the Internet, without stopping each IP packet on the same
Ethernet segment. The unit will only intercept a session if an inappropriate request was submitted by a client.
LDAP - One of two authentication method protocols used by
the R3000. Lightweight Directory Access Protocol (LDAP) is a directory service protocol based on entries (Distinguished
Names).
LDAP host - The LDAP domain name and DNS suffix. For
example: “yahoo.com” or “server.local”.
login (or logon) script - Consists of syntax that is used for
re-authenticating a user if the network connection between the user’s machine and the server is lost.
machine name - Pertains to the name of the user’s work-
station machine (computer).
8
E
6 T
ECHNOLOGIES
, R3000 E
NTERPRISE
F
ILTER
A
UTHENTICATION
U
SER
G
UIDE
249
A
PPENDIX
G G
LOSSARY
minimum filtering level - A set of library categories and
service ports defined at the global level to be blocked or opened. If the minimum filtering level is established, it is applied in conjunction with a user’s filtering profile. If a user does not belong to a group, or the user’s group does not have a filtering profile, the default (global) filtering profile is used, and the minimum filtering level does not apply to that user.
name resolution - A process that occurs when the R3000
attempts to resolve the IP address of the authentication server with the machine name of that server. This continuous and regulated automated procedure ensures the connection between the two servers is maintained.
net use - A command that is used for connecting a
computer to—or disconnecting a computer from—a shared resource, or displaying information about computer connections. The command also controls persistent net connections.
NetBIOS - Network Basic Input Output System is an appli-
cation programming interface (API) that augments the DOS
BIOS by adding special functions to local-area networks
(LANs). Almost all LANs for PCs are based on the NetBIOS.
NetBIOS relies on a message format called Server
Message Block (SMB).
NetBIOS name lookup - An authentication method used for
validating a client (machine) by its machine name.
Network Address Translation (NAT) - Allows a single real
IP address to be used by multiple PCs or servers. This is accomplished via a creative translation of inside “fake” IP addresses into outside real IP addresses.
open setting - A setting assigned to a service port or library
category when creating a rule, or when setting up a filtering profile or the minimum filtering level. If an item is given an open (pass) setting, users will have access to it.
250
8
E
6 T
ECHNOLOGIES
, R3000 E
NTERPRISE
F
ILTER
A
UTHENTICATION
U
SER
G
UIDE
A
PPENDIX
G G
LOSSARY
organizational unit (ou) - An attribute type that can be
entered in the LDAP Distinguished Name for a user group.
override account - An account created by the global group
administrator or the group administrator to give an authorized user the ability to access Internet content blocked at the global level or the group level.
PDC - A Primary Domain Controller functions as the authen-
tication server on a Windows NT domain. This server maintains the master copy of the directory database used for validating users.
profile string - The string of characters that define a
filtering profile. A profile string can consist of the following components: category codes, service port numbers, and redirect URL.
protocol - A type of format for transmitting data between
two devices. LDAP and SMB are types of authentication method protocols.
proxy server - An appliance or software that accesses the
Internet for the user’s client PC. When a client PC submits a request for a Web page, the proxy server accesses the page from the Internet and sends it to the client. A proxy server may be used for security reasons or in conjunciton with caching for bandwidth and performance reasons.
router mode - An R3000 set up in the router mode will act
as an Ethernet router, filtering IP packets as they pass from one card to another. While all original packets from client
PCs are allowed to pass, if the R3000 determines that a request is inappropriate, a block page is returned to the client to replace the actual requested Web page or service.
rule - A filtering component comprised of library categories
set up to be blocked or opened. Each rule created by the global administrator is assigned a number and a name that should be indicative of its theme. Rules are used when creating filtering profiles for entities on the network.
8
E
6 T
ECHNOLOGIES
, R3000 E
NTERPRISE
F
ILTER
A
UTHENTICATION
U
SER
G
UIDE
251
A
PPENDIX
G G
LOSSARY
search engine - A program that searches Web pages for
specified keywords and returns a list of the pages or services where the keywords were found.
service port - Service ports can be set up to blocked.
Examples of these ports include File Transfer Protocol
(FTP), Hyper Text Transfer Protocol (HTTP), Network News
Transfer Protocol (NNTP), Secured HTTP Transmission
(HTTPS), and Other ports such as Secure Shell (SSH).
SMB - One of two authentication method protocols used by
the R3000. Server Message Block is a “client/server, request/response” protocol.
sub-group - An entity of a master IP group with an associ-
ated member IP address, and filtering profile.
time-based profile - A user profile used by both the NT and
LDAP authentication methods to give a user a time limit on his/her Internet connection.
time profile - A customized filtering profile set up to be
effective at a specified time period for designated users.
tiers - Levels of authentication methods. Tier 1 uses net use
based authentication for NT or LDAP. Tier 2 uses timebased profiles for both the NT and LDAP authentication methods. Tier 3 uses persistent login connections for either the NT or LDAP authentication methods.
URL - An abbreviation for Uniform Resource Locator, the
global address of Web pages and other resources on the
Internet. A URL is comprised of two parts. The first part of the address specifies which protocol to use (such as "http").
The second part specifies the IP address or the domain name where the resource is located (such as
“203.15.47.23” or "8e6.com").
virtual IP address - The IP address used for communi-
cating with all users who log on the network.
252
8
E
6 T
ECHNOLOGIES
, R3000 E
NTERPRISE
F
ILTER
A
UTHENTICATION
U
SER
G
UIDE
A
PPENDIX
G G
LOSSARY
Web-based - An authentication method that uses time-
based profiles or persistent login connections.
white list - A list of approved library categories for a speci-
fied entity’s filtering profile.
8
E
6 T
ECHNOLOGIES
, R3000 E
NTERPRISE
F
ILTER
A
UTHENTICATION
U
SER
G
UIDE
253
A
PPENDIX
G G
LOSSARY
254
8
E
6 T
ECHNOLOGIES
, R3000 E
NTERPRISE
F
ILTER
A
UTHENTICATION
U
SER
G
UIDE
I
NDEX
Numerics
,
A
authentication
activate Web-based for Global Group 187
activated Web-based for IP group 175
net use based module diagram 25 net use based process 25
specifications and requirements 27
Authentication Form Customization 93
authentication method, definition 247
Authentication Request Form 87
,
,
8
E
6 T
ECHNOLOGIES
, R3000 E
NTERPRISE
F
ILTER
A
UTHENTICATION
U
SER
G
UIDE
255
I
NDEX
256
function in net use based process 25
Authentication Settings window 70
authentication solution
single user compatibility chart 53
Authentication SSL Certificate window 72
B
Backup Domain Controller (BDC) 248
backup server
Backup Server Configuration wizard 141
,
C
category
custom categories 17 library 17
Category Profile
Category tab
common name (cn), definition 247
8
E
6 T
ECHNOLOGIES
, R3000 E
NTERPRISE
F
ILTER
A
UTHENTICATION
U
SER
G
UIDE
I
NDEX
Create LDAP Domain dialog box 125
D
directory service, definition 248
Distinguished Name (DN)
domain
domain component (dc), definition 248 domain controller, definition 248
E
Enable/Disable Authentication window 64
,
F
filtering 211 category codes 211
8
E
6 T
ECHNOLOGIES
, R3000 E
NTERPRISE
F
ILTER
A
UTHENTICATION
U
SER
G
UIDE
257
I
NDEX
258
G
global administrator, definition 249
group
group administrator, definition 249 group name, definition 249
Group/Member Details window
H
I
individual IP member
8
E
6 T
ECHNOLOGIES
, R3000 E
NTERPRISE
F
ILTER
A
UTHENTICATION
U
SER
G
UIDE
I
NDEX
J
L
LDAP
Active Directory Service usage 35
domain diagram 11 domain groups 11
LDAP domain
LDAP User/Group Browser window 147
8
E
6 T
ECHNOLOGIES
, R3000 E
NTERPRISE
F
ILTER
A
UTHENTICATION
U
SER
G
UIDE
259
I
NDEX
260 log
login (or logon) script
M
Manually Add Group dialog box
Manually Add Member dialog box
methods
Microsoft Active Directory
,
N
name resolution
NAT
net use
NetBIOS
8
E
6 T
ECHNOLOGIES
, R3000 E
NTERPRISE
F
ILTER
A
UTHENTICATION
U
SER
G
UIDE
I
NDEX
Network Address Translation (NAT), definition 250
,
,
,
NT
domain diagram 10 domain groups 10
NT domain
NTLM authentication protocol 23
,
O
,
organizational unit (ou), definition 251
override account
Google Toolbar popup blocking 239
Mozilla Firefox popup blocking 241
Windows XP SP2 popup blocking 242
Yahoo! Toolbar popup blocking 237
8
E
6 T
ECHNOLOGIES
, R3000 E
NTERPRISE
F
ILTER
A
UTHENTICATION
U
SER
G
UIDE
261
I
NDEX
P
pop-up box/window, terminology 5
Primary Domain Controller (PDC) 248
profile string
protocol
proxy server
R
re-authentication
Redirect URL tab
requirements
rules
262
8
E
6 T
ECHNOLOGIES
, R3000 E
NTERPRISE
F
ILTER
A
UTHENTICATION
U
SER
G
UIDE
I
NDEX
S
Select Groups/Members from Domain window 110
Server Message Block (SMB), definition 252
session-based authentication (Tier 3) 23
Set Group Priority window
Single Sign-On
Novell eDirectory authentication 50
single sign-on authentication (Tier 1) 23
SMB
disable Signing requirements in Windows 2003 221
SMB/NT
obtain, export from LDAP server 226
sub-group
sub-topic
8
E
6 T
ECHNOLOGIES
, R3000 E
NTERPRISE
F
ILTER
A
UTHENTICATION
U
SER
G
UIDE
263
I
NDEX
264
T
Tier 1
net use based authentication 25
,
Tier 2
time-based, Web-based authentication 36
Tier 2, Tier 3
,
Tier 3 tiers
session-based, Web-based authentication 41
time profile
time-based authentication (Tier 2) 23
U
Upload User/Group Profile window
V
8
E
6 T
ECHNOLOGIES
, R3000 E
NTERPRISE
F
ILTER
A
UTHENTICATION
U
SER
G
UIDE
W
,
Web-based, definition 253 white list, definition 253
Windows 2003
I
NDEX
8
E
6 T
ECHNOLOGIES
, R3000 E
NTERPRISE
F
ILTER
A
UTHENTICATION
U
SER
G
UIDE
265
Download
Advertisement
Key features
Network authentication
Authentication protocols
Authentication server setup
Filtering profiles
Block page authentication
User and group management
SSL certificate management
Troubleshooting and support
Frequently asked questions
The R3000 supports various authentication protocols, including SMB, LDAP, and web-based authentication.
The configuration process involves specifying the server type, domain name, credentials, and other relevant settings within the R3000 Administrator Console.
Filtering profiles define rules to allow or deny access to specific websites and services based on user groups or individual users. You can create profiles in the Administrator Console, specifying various options such as allowed/blocked categories, ports, and redirect URLs.