en-US
search-icon

Enforced Client Policy and Reporting Server 2.3 Admin Guide

Content Filter

The Content Filter option is used to set up and customize the content filtering for CFC. If you have an environment with more than one firewall in it, you can manage the filtering at two levels: globally and on the firewall. By selecting the global node (the top node in the left pane) you can configure and make changes across all the firewalls in your environment. By selecting an individual node, or firewall, you can configure and make changes that apply only to that particular unit.

Topics:

Settings

To configure the Content Filter Settings, choose the global or firewall that you want to manage. (In this example a firewall has been selected.) On the Policies tab, select Content Filter > Settings.

Topics:

Enforcement Setting

When a client system running CFC is put on the network behind the firewall, you can opt to suspend CFC if Gateway CFS is active.

To configure Enforcement Settings:
1
Check the box if you want to Suspend CF Client when behind Firewall with active Gateway CFS.
2
Update the Firewall List/Client Distribution Group with the serial numbers of the firewalls traffic is being routed through.
 
* 
NOTE: The firewall listed can be edited in this section too. Enter serial Number in the text field and click on the Add icon. Click on the edit icon to update a serial number and save it. Click on the delete icon to delete a firewall from the list.
3
Select Update to save the Enforcement Settings or Reset to reload the prior settings.
 

Blocked Web Page Display

To select the Web page to display when blocking:

Choose to display the default Web page or customize your own Web page.

Leave the text field blank to use the default page.
Use the Preview button to see what the web page will look like.
Select Default Blocked Page to return back to using the default page.
Select Update to save any changes to the web page display settings or Reset to reload the prior settings.

CFS Settings

These settings are used when on the user system is protected by the firewall and CFC is suspended.

To select the CFS Settings:
1
Check the box to Enable HTTPS Content Filtering.

HTTPS Content Filtering is based on IP and hostname. While HTTP Content Filtering can perform redirects to enforce authentication or provide a block page HTTPS filtered pages will be silently blocked.

2
Check the box to Show a notification when HTTPS is blocked. If left unchecked, not notification is given.
3
Check the box to automatically Block Access to URL that is marked as forbidden.
4
Check the box to automatically Log Access to URL that is marked as forbidden.
5
Select Update to save any changes to the CFS settings or Reset to reload the prior settings.

Custom List

To configure the Content Filter Custom List, choose the global or node that you want to manage. (In this example a node has been selected.) On the Policies tab, select Content Filter > Custom List.

From the Content Filter > Custom List page, you can manage:

Allowed Domains—Allows user access to these domains with their Web browser.
Select Add New Allowed Domain to add a domain to the allowed list. You can add multiple domains at the same time; separate them with a semicolon (;).
Select Import... to select a text file of allowed domain names. Each domain name should appear on a separate line.
Click on the delete icon next to the domain name to delete it from the allowed list. You can also check the box next to one or more domain names and select Delete Allowed Domain(s).
Forbidden Domains—Forbids user access to domains with their Web browser.
Select Add New Forbidden Domain to add a domain to the forbidden list. You can add multiple domains at the same time; separate them with a semicolon (;).
Select Import... to select a text file of forbidden domain names. Each domain name should appear on a separate line.
Click on the delete icon next to the domain name to delete it from the forbidden list. You can also check the box next to one or more domain names and select Delete Forbidden Domain(s).
Keywords—Defines keywords used to offer protection against Web sites that have not explicitly been added to the Master Database or defined as allowed or forbidden site.
Select Add New Keyword to add a keyword to the list. You can add multiple keywords at the same time; separate them with a semicolon (;).
Select Import... to select a text file of keywords. Each keyword should appear on a separate line.
Click on the delete icon next to the keyword to delete it from the list. You can also check the box next to one or more keywords and select Delete Keyword(s).

Policies

The Content Filter > Polices page allows you to search for, add, and delete policies that block objectionable Web sites. To configure the Content Filter > Policies, choose the global or node that you want to manage. (In this example a node has been selected.) On the Policies tab, select Content Filter > Policies.

 
* 
NOTE: A default policy is provided called Default. This policy can be viewed and cloned, but cannot be deleted.

Topics:

Searching for Policies

The Policies page displays the policies that have been configured for CFC. As with many pages, the Policies page has a search function on it so you can easily find the specific policy you want or filter a long list to something smaller. The search is made on the Name field.

To search for a policy:
1
To specify what part of that field to match against, choose from the following:
Equals—The entire field must match the text you provide.
Starts with—The field must start with the text you provide.
Ends with—The field must end with the text you provide.
Contains—The field must contain the text you provide.
2
In the blank field, type in the text that you want to search for.
3
Click Search.
4
Click Clear to return the search fields to their default values and clear the text field.

Add/edit Policy

Adding and editing a policy are very similar, using the same policy setup window. Select the Add New Policy option to define your own policies for CFC users. Select a policy and click on the edit icon edit a policy.

To add a policy:
1
On the Policies tab, navigate to Content Filter> Policies.
2
At the bottom of the Policies list, click the Add New Policy link at the bottom of the page. The policies set up page displays.

3
On the Policy tab, enter the policy name in the Name field.
4
On the Categories tab, select the forbidden categories from the list provided. You can opt to select all categories by checking the Select All Categories box at the top of the page.
5
On the Settings tab set the following options:
 

Custom Global Settings

 

Source of Allowed Domains

Select None, Global or Per policy from the drop down list.

Source of Forbidden Domains

Select None, Global or Per policy from the drop down list.

Source of Keyword

Select None, Global or Per policy from the drop down list.

Safe Search Enforcement

 

Enable Safe Search Enforcement

Select to Enable Safe Search Enforcement.

YouTube for Schools

 

Enable YouTube for Schools

Select to Enable YouTube for Schools.

School ID

Enter your school ID. Note that the ID field is not active until YouTube for Schools is enabled.

Filter Forbidden URLs by time of day

 

Time of day drop down list

Select the time of day you want filtering enforced. Several options are provided to choose from. The default is Always on.

6
The Custom List tab create a list of Allowed Domains, Forbidden Domains or Keyword.

In the Content field add the domain name you want to allow or forbid, or add the keyword and click Add. You can also highlight or an entry in the list and choose Update to make changes or Remove to delete the entry. Select Remove all to delete all entries in that section.

7
Configure the setting on the Advanced tab. The following table provides more information on each of the settings.
 

Override Settings

 

Allow client to override forbidden websites

Check the box to enable this option.

 

Override Password

Enter a password that a user can enter to override the forbidden website. If the password field is left empty, the current password remains unchanged.

 

Use blank password

Check the box to enable this option. A blank is allowed for the Override Password field.

 

Override Duration

Input the length of time, in minutes, that the override is in effect.

Authorized Processes - Process Name

 

Enter Process Name

Type the process name in the text field and click on the add icon.

Any process (a.k.a application) that is installed in a non-privileged folder(s) is blocked by the CF Client. Only Users with admin privileges is allowed to install in a privileged folder. If you want to allow any such process that is installed in a non-privileged location then you have to specify the complete path (a path that can be specified with wild cards) to the process or the path to the folder that contains the process. When the policy is updated on the CF Client it will allow this process to run if it matches the path.

Authorized Processes - Certificate Subject Name

 

Enter Subject Cert Name

Type the subject certificate name in the text field and click on the add icon.

This is the string that appears in the CN= portion of a certificate’s subject field. The Certificate Subject Name must be specified exactly how it appears in the Name of the certificate.

8
Click on OK to save the policy.