Web Filtering Howto using Cisco ScanSafe

04 May, 2012

Web filtering on iNODE™ is a result of collaboration of with iNODE™ Proxy Server with Cisco's ScanSafe cloud service. In order to use it you are required to subscribe to ScanSafe service.

Please follow the following steps to enable web filtering.

After subscribing to ScanSafe suppose you will receive a provisioning email notification for the settings you should use on your Proxy Server. This email contains information on how to access Scansafe console (ScanCenter) as well as the settings for iNODE™ Proxy Server.

To configure Proxy Server for using Scansafe you have to add Scansafe service as a parent proxy. Please go to Configuration->Proxy Service->Proxy forwarding:

And complete parent proxy server field with the one you can find in provisioning email and parent proxy server port with the respective port on provisioning email.

Click on "Secure http requests will be forwarded" for https web filtering.

Then you should go on ScanCenter and define the IP of your iNODE™ Proxy in order to be recognized by ScanSafe and your web filtering policy. For more details please read below on respective sections.

That's all.

All Proxy requests will now be forwarded to Scansafe proxy servers. You can control web filtering using ScanCenter, the Scansafe service control panel.

Defining iNODE™ Proxy IP on ScanCenter

Login to ScanCenter:

Then go to Admin->Your Account ->Scanning IPs:

And define your Proxy Server Static IP with format : <IP>:<subnet mask>. For example if your IP is 193.22.x.y enter 193.22.x.y/255.255.255.255.

Then click on Submit.

Define Web Filtering Policy

By logging in to ScanCenter you can control all aspects of your web filtering policy and take reporting of the service.

To define your web filtering policy, go to Web filtering. A web filtering policy consisting of several policy rules. Each rule contains:

a priority by which the rules are scanned on policy from top down for every request,

a user of user group(Which),

a filter (What),

a time schedule to apply this rule(When)

and a respective policy to apply (Block, Allow, etc).

To define users on a rule you need to import user and groups on ScanCenter. In order to match user or user group you need to configure iNODE™ Proxy Server to send user information on every request to Scansafe by enabling proxy authentication (see "Enabling user based web filtering policies" section below).

To define your specific content filter, go to Web Filtering->Management->Filters

And create your filters or edit existing ones.

A filter contains a selection of several content categories and types. By defining a filter you can use it on you policy rules and apply them on specific user/group on specific time schedule.

Enabling user based web filtering policies

In order to configure user based web filtering policies you need to upload your users and groups on Scansafe and enable Proxy Server Authentication.

Step 1. Upload users on ScanCenter

As a first step, prepare your users csv file. This file should contain lines with 3 fields:

Group, username, email address

Then go to Admin->Management->Import User list on Scan Center and upload your csv file.

Step 2. Enable web transparent proxy

To enable proxy server user authentication, go to Configuration->Proxy Server->General Settings and check the Enable proxy authentication checkbox.

Important Note: Please note that in order to use proxy authentication you will not have to use web transparent proxy.

For additional details please contact your Reseller.