GFI Product Manual

Administrator Guide
The information and content in this document is provided for informational purposes only and is
provided "as is" with no warranty of any kind, either express or implied, including but not limited to
the implied warranties of merchantability, fitness for a particular purpose, and non-infringement.
GFI Software is not liable for any damages, including any consequential damages, of any kind that
may result from the use of this document. The information is obtained from publicly available
sources. Though reasonable effort has been made to ensure the accuracy of the data provided, GFI
makes no claim, promise or guarantee about the completeness, accuracy, recency or adequacy of
information and is not responsible for misprints, out-of-date information, or errors. GFI makes no
warranty, express or implied, and assumes no legal liability or responsibility for the accuracy or
completeness of any information contained in this document.
If you believe there are any factual errors in this document, please contact us and we will review
your concerns as soon as practical.
All product and company names herein may be trademarks of their respective owners.
GFI WebMonitor is copyright of GFI SOFTWARE Ltd. - 1999-2011 GFI Software Ltd. All rights
reserved.
Document Version: 1.1.1
Last updated (month/day/year): 06/02/2012
Contents

1 Introduction 9
1.1 About This Guide 9
1.2 About GFI WebMonitor 9
1.3 How Does GFI WebMonitor Work? 10
1.4 GFI WebMonitor Services 12

2 Installing GFI WebMonitor 16

2.1 System Requirements 16
2.2 Deployment Scenarios 18
2.3 Installing GFI WebMonitor in Gateway Mode 21
2.4 Installing GFI WebMonitor in Simple Proxy Mode 23
2.5 Post Installation Actions 26

3 Achieving Results 38
3.1 Achieving Results with GFI WebMonitor - Protecting Your Network 38
3.2 Achieving Results with GFI WebMonitor - Maximize Bandwidth Availability 39
3.3 Achieving Results with GFI WebMonitor - Increase Productivity 40

4 Using the Dashboard 42

4.1 Overview of Internet Activity 42
4.2 Monitoring Bandwidth 46
4.3 Monitoring Activity 47
4.4 Monitoring Real-Time Traffic 49
4.5 Using Quarantine 51

5 Reporting 53
5.1 Starred Reports 53
5.2 Activity Reports 53
5.3 Bandwidth Reports 56

6 Configuring GFI WebMonitor 60

6.1 General Settings 60
6.2 Configuring Policies 69
6.3 Configuring Alerts 95
6.4 Proxy Settings 100

7 Troubleshooting and support 110

7.1 Introduction 110
7.2 GFI SkyNet 110
7.3 Web Forum 110
7.4 Request Technical Support 110
7.5 Documentation 110
7.6 Common Issues 111

8 Glossary 113

9 Appendix 1 119
 9.1 Assigning Log On As A Service Rights 119
9.2 Adding Items to the Cache Exclusion List 124
9.3 Adding Items to the HTTPS Scanning Exclusion List 125
9.4 Configuring Commonly Used Routers 126
9.5 Configuring Routing and Remote Access 144
9.6 Disabling Internet Connection Settings On Client Machines 144
9.7 Network Access Policy Configuration 150

10 Index 155
List of Figures

Screenshot 1: GFI WebMonitor Services 15

Screenshot 2: Installation: Access Permissions 21
Screenshot 3: Installation: Service Logon Information 22
Screenshot 4: Installation: Mail Settings 23
Screenshot 5: Installation: Access Permissions 24
Screenshot 6: Installation: Service Logon Information 25
Screenshot 7: Installation: Mail Settings 26
Screenshot 8: License key required 27
Screenshot 9: Active Directory GPO dialog 28
Screenshot 10: GPO Editor window 29
Screenshot 11: Proxy Settings dialog 29
Screenshot 12: Add/Remove Snap-ins window 30
Screenshot 13: Console Root domain window 31
Screenshot 14: GPO Editor window 31
Screenshot 15: Proxy Settings dialog 32
Screenshot 16: LAN Settings dialog 33
Screenshot 17: Mozilla Firefox: Options dialog 34
Screenshot 18: Mozilla Firefox: Connection Settings dialog 35
Screenshot 19: Google Chrome: Under the Hood tab 36
Screenshot 20: LAN Settings dialog 37
Screenshot 21: Dashboard Overview 43
Screenshot 22: Using the calendar to set period 44
Screenshot 23: Dashboard Overview statistical information 45
Screenshot 24: Monitoring bandwidth 46
Screenshot 25: Bandwidth statistical data 47
Screenshot 26: Activity Dashboard 48
Screenshot 27: Activity statistical data 49
Screenshot 28: Real-Time Traffic Dashboard, Bandwidth monitoring 50
Screenshot 29: Quarantine dashboard 52
Screenshot 30: Default activity report list 54
Screenshot 31: Editing an Activity report 55
Screenshot 32: Scheduling an activity report 56
Screenshot 33: Default bandwidth reports list 57
Screenshot 34: Editing an Bandwidth report 58
Screenshot 35: Scheduling a bandwidth report 59
Screenshot 36: Configuring Access Control 61
Screenshot 37: Configuring Auto-update 62
Screenshot 38: Configured database 63
Screenshot 39: Configuring Databases 64
Screenshot 40: Configuring administrative notifications 66
Screenshot 41: Configuring general options 67
Screenshot 42: Configuring Web Categorization 69
Screenshot 43: Creating a new Web Filtering policy 71
Screenshot 44: Enabling reputation filtering 72
Screenshot 45: Creating a new Web Browsing Quota Policy 73
Screenshot 46: Creating a new IM Policy 75
Screenshot 47: Configuring Streaming Media policy 1 77
Screenshot 48: Configuring Always Blocked list 80
Screenshot 49: Adding items to Always Allowed list 82
Screenshot 50: Configuring Temporary Allowed list 83
Screenshot 51: Configuring Default Virus Scanning Policy 85
Screenshot 52: Creating a new Security Policy 87
Screenshot 53: Configuring Security Engines 89
Screenshot 54: Configuring Kaspersky security engine 90
Screenshot 55: Configuring ThreatTrack notifications 91
Screenshot 56: New download policy 93
Screenshot 57: Configuring Monitoring alerts 96
Screenshot 58: Configuring Bandwidth alerts 97
Screenshot 59: Configuring Security alerts 99
Screenshot 60: Configuring general proxy settings 100
Screenshot 61: Configuring WPAD 101
Screenshot 62: HTTPS Proxy Scanning Settings 104
Screenshot 63: HTTPS Settings configuration wizard 106
Screenshot 64: Microsoft Windows Server: Local Security Policy window 120
Screenshot 65: Active Directory GPO dialog 121
Screenshot 66: GPO Editor window 122
Screenshot 67: Add/Remove Snap-ins window 123
Screenshot 68: Console Root domain window 123
Screenshot 69: Group Policy Management Editor window 124
Screenshot 70: DrayTek: General Setup view 128
Screenshot 71: DrayTek: Filter Setup view 128
Screenshot 72: DrayTek: Edit Filter Rule view (IP addresses smaller than the GFI WebMonitor proxy 129
machine IP address)
Screenshot 73: DrayTek: IP Address Edit view 130
Screenshot 74: DrayTek: Service Type Edit view 130
Screenshot 75: DrayTek: Edit Filter Rule view (IP addresses greater than the GFI WebMonitor proxy 131
machine IP address)
Screenshot 76: Linksys WRT54GL Wireless Router: Internet Access view 132
Screenshot 77: Linksys WRT54GL Wireless Router: List of PCs dialog 133
Screenshot 78: Netgear Wireless Router DG834GT: Outbound Services view 134
Screenshot 79: Netgear Wireless Router DG834GT: Outbound Services view 135
Screenshot 80: SonicWall: Address Objects view 136
Screenshot 81: SonicWall: Access Rules view 137
Screenshot 82: SonicWall: Services view and Add Service dialog 138
Screenshot 83: SonicWall: Edit Rule dialog 139
Screenshot 84: SonicWall: Edit Rule dialog 140
Screenshot 85: SonicWall: Automatic Proxy Forwarding view 141
Screenshot 86: Thompson Wireless Broadband Router TG585 v7: Firewall Settings view 142
Screenshot 87: Thompson Wireless Broadband Router TG585 v7: Firewall Rule view 142
Screenshot 88: Thompson Wireless Broadband Router TG585 v7: Firewall Rule view 143
Screenshot 89: Microsoft Windows Server 2003: Routing and Remote Access Server Setup Wizard dialog 144
Screenshot 90: Active Directory GPO dialog 145
Screenshot 91: GPO Editor window 146
Screenshot 92: Disable the Connection page Properties dialog 147
Screenshot 93: Add/Remove Snap-ins window 148
Screenshot 94: Console Root domain window 148
Screenshot 95: Group Policy Management Editor window 149
Screenshot 96: Disable the Connection page Properties dialog 149
Screenshot 97: Microsoft Windows XP: Local Security Settings tab 151
Screenshot 98: Active Directory GPO dialog 152
Screenshot 99: Add/Remove Snap-ins window 153
Screenshot 100: Console Root domain window 153
List of Tables

Table 1: Terms and conventions used in this manual 9

Table 2: Always Blocked/Always Allowed filtering actions 11
Table 3: GFI WebMonitor Windows Services 12
Table 4: Software requirements 16
Table 5: Hardware requirements 16
Table 6: Bandwidth dashboard options 46
Table 7: Bandwidth monitoring filtering options 47
Table 8: Activity dashboard options 48
Table 9: Activity monitoring filtering options 49
Table 10: Real-Time Traffic dashboard options 50
Table 11: Quarantine options 51
Table 12: Activity report criteria 55
Table 13: Activity report schedule options 56
Table 14: Activity report distribution options 56
Table 15: Back-end databases 62
Table 16: SQL Server Authentication method 65
Table 17: Configuring administrative notifications 66
Table 18: Kaspersky engine options 89
Table 19: Bandwidth alert trigger options 98
Table 20: Bandwidth alerts filtering options 98
Table 21: Security alerts trigger options 99
Table 22: WPAD options 102
Table 23: Authentication options 102
Table 24: HTTPS Certificate export file formats 107
Table 25: Common troubleshooting issues 111
1 Introduction
GFI WebMonitor is a comprehensive Internet usage monitoring solution that enables you to monitor
and filter Web browsing and file downloads in real-time. It also enables you to optimize bandwidth by
limiting access to streaming media, while enhancing network security with built-in tools that scan
traffic for viruses, trojans, spyware and phishing material.
It is the ideal solution to transparently and seamlessly exercise a substantial degree of control over
your network users’ browsing and downloading habits. At the same time, it enables you to ensure
legal liability and best practice initiatives without alienating network users.

1.1 About This Guide

The aim of this guide is to help System Administrators install, configure and run GFI WebMonitor with
minimum effort. It describes:
The various network environments that GFI WebMonitor can support
How to install GFI WebMonitor to monitor your environment
How to get GFI WebMonitor running on default settings
How to configure GFI WebMonitor to achieve results.
1.1.1 Terms Used in This Manual
The following terms are used in this manual:
1.1.2 Terms and conventions used in this manual
Table 1: Terms and conventions used in this manual
Term Description
Additional information and references essential for the operation of GFI WebMonitor.

Important notifications and cautions regarding potential issues that are commonly encountered.

> Step by step navigational instructions to access a specific function.

Bold text Items to select such as nodes, menu options or command buttons.
Italics text Parameters and values that you must replace with the applicable value, such as custom paths and fil-
enames.
Code Indicates text values to key in, such as commands and addresses.

For any technical terms and their definitions, refer to the Glossary section in this manual.

1.2 About GFI WebMonitor

GFI WebMonitor is available in three editions:
WebFilter Edition: Increases productivity with Web Filtering and Web Browsing policies. Helps to
optimize bandwidth use with Streaming Media policies and website categorization features. Addi-
tionally, Web Reputation Index and ThreatTrack help lower incidence of attacks and infringe-
ments.
WebSecurity Edition: Provides a high degree of web security using combined tools that help mit-
igate phishing, malware, trojans and virus attacks. This is achieved through the built-in download
control module and multiple anti-virus and anti-spyware engines.

GFI WebMonitor 1 Introduction | 9

 Unified Protection Edition: Provides all the features of the WebFilter Edition and the Web-
Security Edition in a single package.

1.3 How Does GFI WebMonitor Work?

Figure 1: How Does GFI WebMonitor Work?

Request initiation: User requests a webpage or a download from the Internet. Incoming traffic
generated by this request is forwarded to GFI WebMonitor.
Always Blocked/Always Allowed filtering: The internal GFI WebMonitor Always Blocked/Always
Allowed filtering mechanism analyzes user ID, IP address and requested URL, taking the following
actions:

GFI WebMonitor 1 Introduction | 10

Table 2: Always Blocked/Always Allowed filtering actions
ACTION DESCRIPTION
Blocks web traffic requests by adding users and/or IP addresses to the Always Blocked list, or
to access URLs in the Always Blocked list
Automatically allows web traffic by allowed users and/or IP addresses, or
requests
to access allowed URLs
Forwards web traffic requests (to by users and/or IP addresses that are neither in the Always Blocked list
the WebFiltering module) nor in the Always Allowed list
to access URLs that are neither in the Always Blocked list nor in the Always
Allowed list.

WebFilter module: Analyzes web traffic received from the Always Blocked/Always Allowed filtering
mechanism against a list of categories stored in WebGrade database. These categories are used to
classify and then filter web pages requested by users.
For more information about these categories, refer to Knowledge Base article:
http://kbase.gfi.com/showarticle.asp?id=KBID003165.
GFI WebMonitor can Block, Warn and Allow or Quarantine web traffic according to configured policies.
Quarantined web traffic can be manually approved or rejected by the administrators. Approved
quarantined URLs are moved in Temporary Allowed area; a mechanism used to approve access to a
site for a user or IP address for a temporary period.

NOTE
The WebFilter module is only available in the WebFilter Edition and the Unified
Protection Edition of GFI WebMonitor. In the WebSecurity Edition, web traffic is sent
directly from the Always Allowed/Always Blocked filtering mechanism to the
WebSecurity module.

WebSecurity module: Analyzes web traffic through the download control module and scans incoming
web traffic for viruses, spyware and other malware.
GFI WebMonitor can Block, Warn and Allow or Quarantine suspicious material according to configured
policies. Web traffic is also scanned for phishing material against a list of phishing sites stored in the
updatable database of phishing sites. Web traffic generated from a known phishing element is
rejected while approved web material is forwarded to the user.

NOTE
The WebSecurity module is only available in the WebSecurity Edition and Unified
Protection Edition of GFI WebMonitor. In the WebFilter Edition, WebSecurity processing
is not performed, and web traffic is forwarded on to the user.

IMPORTANT
Forwarding of approved web material by GFI WebMonitor to the user depends on the
network environment; that is, where GFI WebMonitor is installed.

GFI WebMonitor 1 Introduction | 11

1.3.1 Downloading GFI WebMonitor
GFI WebMonitor can be downloaded from: http://www.gfi.com/pages/webmon-selection-
download.asp.
1.3.2 Licensing Information
GFI WebMonitor counts either users or IP addresses for licensing purposes.

IMPORTANT
Unlicensed users are automatically allowed unrestricted and unfiltered access to the
Internet. The traffic generated by these clients will not be monitored.

For more information about licensing, refer to GFI Software Ltd. website at:
http://www.gfi.com/products/gfi-webmonitor/pricing/licensing
For more information on how GFI WebMonitor counts users for licensing purposes, refer to Knowledge
Base article:
http://kbase.gfi.com/showarticle.asp?id=KBID003528.
1.3.3 Upgrading
In order to upgrade GFI WebMonitor, obtain the latest version from
http://www.gfi.com/pages/webmon-selection-download.asp.

NOTE
The upgrade procedure is similar to the installation procedure.

NOTE
If installing a new version of GFI WebMonitor on a different infrastructure, it is
recommended to uninstall the previous version before installing the new one.

1.3.4 GFI WebMonitor Services

1.4 GFI WebMonitor Services

The table below lists Microsoft Windows services used by GFI WebMonitor.
Table 3: GFI WebMonitor Windows Services
SERVICE DESCRIPTION LOCATION AND NAME USER
NAME CREDENTIALS
GFI Proxy The GFI Proxy service is only created in the Standalone <drive>:\Program Files\GFI\W- Local System
Proxy Version of GFI WebMonitor. It is used as an agent serv- ebMonitor\GFiProxy.exe
ice for the Proxy server, ISAPI module and Web Filtering.

GFI WebMonitor 1 Introduction | 12

SERVICE DESCRIPTION LOCATION AND NAME USER
NAME CREDENTIALS
GFI Web- The GFI WebMonitor service is used in both the ISA/TMG <drive>:\Program Files\GFI\W- Administrator
Monitor version and the Standalone Proxy version as a worker ebMonitor\WMonSrv.exe
service. Its functionality includes:
Scanning downloads via AV scanning engines.
Managing content updates for the various GFI Web-
Monitor modules.
Sending notification emails to administrator and
users.
Provide services used to host admin UI.
Loading WebGrade database to memory

GFI WebMonitor 1 Introduction | 13

 SERVICE DESCRIPTION LOCATION AND NAME USER
NAME CREDENTIALS
GFI Web- The GFI WebMonitor Core Service is composed by the <drive>:\Program Files\GFI\W- Local System
Monitor following different components: ebMonitor
Core Serv- WebMon.Common - Common data structures and
ice algorithms
WebMon.Core - Starts/Stops the IIS express process,
Hosts the WCF services (AlertingService, Auto-
UpdateSettingsService, CategoryService, DataIm-
porterService, DataLayerService,
EngineStatusService, GeneralSettingsService, Licens-
ingService, NetworkService, PolicySettingsService,
ProxySettingsService, QuarantineService, Repor-
terService, ReportSettingsService, Web-
BrowsingService)
WebMon.ConfigManager - Handles the configurations
files (config.db & xml settings)
WebMon.Dal - Data persistence (FB & SQL Server) &
data maintenance
WebMon.DataAnonymizer - All data before going to
the UI si filtered through this module

WebMon.FilterComm - Used for communication with

the WebMonitor filter (e.g. reload of the settings,
real time traffic,…)
WebMon.MessageCollector - Reads the data from
MSMQ sends it to the Alerter and SearchTerms mod-
ules for processing. Uses a new MSMQ queue to stock
up to X requests or 1 min until they are send to the
database, MSMQ is transactional and if the db is tem-
porary offline no data will be lost

WebMon.Alerter - Processes data received from the

filter and triggers the alerts, also responsible for
sending email notifications generated by the core
service
WebMon.Net - Network related functionality (i.e.
enumeration of sql servers or users from domains)
WebMon.Reporter - Generates the reports for UI or
scheduled reports
WebMon.Scheduler - Schedules general purposes
tasks like database maintenance, or scheduled
reports
WebMon.SearchTerms - Processes the data received
from the filter and generates new events when a pat-
tern has been matched, the search terms are in
SearchTermsSettings.xml

To view status of GFI WebMonitor services:

1. Click Start > Run and key in “services.msc”

GFI WebMonitor 1 Introduction | 14

Screenshot 1: GFI WebMonitor Services

2. From the list of services displayed locate the following services:

GFI Proxy
GFI WebMonitor
GFI WebMonitor Core Service

GFI WebMonitor 1 Introduction | 15

2 Installing GFI WebMonitor
The following sections provide information for the successful deployment of GFI WebMonitor:
System Requirements
Deployment Scenarios
Post Installation Tasks

2.1 System Requirements

2.1.1 Software
Table 4: Software requirements
TYPE SOFTWARE REQUIREMENTS (x86 and x64)
Supported Operating Systems Microsoft Windows Server 2003 SP 2
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows XP SP3

Microsoft Windows Vista SP2

Microsoft Windows 7
Gateway and Simple Proxy Environments - Other Microsoft Internet Explorer 8 or later
required components
Microsoft.NET Framework 4.0
Microsoft Message Queuing Service (MSMQ)
IIS Express
Microsoft SQL Server Express 2005 or later

Microsoft SQL Server 2005 or later (for reporting pur-

poses)
Gateway Environment - Other required components Routing and Remote Access configuration on Microsoft
Windows Server 2003/2008

NOTE
The installation wizard checks that Microsoft .NET 4.0, MSMQ, Report Viewer, Windows
Image Component, .net Hotfix, Microsoft Visual C++ Redistributable and IIS Express are
installed. If not installed the wizard will guide you through the installation
automatically.

2.1.2 Hardware
Minimum hardware requirements depend on the GFI WebMonitor edition.
Table 5: Hardware requirements
EDITION HARDWARE REQUIREMENTS
WebFilter Edition Processor: 2.0 GHz
RAM: 1 GB (Recommended 4GB)
Hard disk: 2 GB of available disk space

GFI WebMonitor 2 Installing GFI WebMonitor | 16

 EDITION HARDWARE REQUIREMENTS
WebSecurity Edition Processor: 2.0 GHz
RAM: 1 GB (Recommended 4GB)
Hard disk: 10 GB of available disk space
Unified Protection Edition Processor: 2.0 GHz
RAM: 2 GB (Recommended 4GB)
Hard disk: 12 GB of available disk space

IMPORTANT
GFI WebMonitor requires 2 network interface cards when installing in Gateway Mode or
in an ISA/TMG environment. When installing in Simple Proxy mode only 1 network
interface card is required.

NOTE
Allocation of hard disk space depends on your environment. The size specified in the
requirements is the minimum required to install and use GFI WebMonitor. The
recommended size is between 150 and 250GB.

2.1.3 Simple Proxy Mode Pre-requisites

Before installing GFI WebMonitor on a Proxy server, the router/gateway must be configured to:
Block all outgoing HTTP/HTTPS traffic generated from the client machines
Allow outgoing HTTP/HTTPS traffic generated by GFI WebMonitor only
Allow Non-HTTP/HTTPS traffic generated from client machines.
In this environment, traffic forwarding can be used to forward HTTP/HTTPS traffic from the client
machines to GFI WebMonitor machine. For more information, refer to the Configuring Commonly Used
Routers section in this manual.

IMPORTANT
Ensure that the listening port (default 8080) is not blocked by your firewall. For more
information on how to enable firewall ports on Microsoft Windows Firewall, refer to
http://kbase.gfi.com/showarticle.asp?id=KBID003879

2.1.4 Gateway Mode Pre-requisites

Before installing GFI WebMonitor on an Internet Gateway Server, ensure that:
1. Client machines are configured to use the server as the default Internet gateway.
2. The server’s network cards are connected:
one to the internal network (LAN)
one to the external network (WAN)

GFI WebMonitor 2 Installing GFI WebMonitor | 17

3. Start Routing and Remote Access service if installing GFI WebMonitor on Microsoft Windows Server
2003 or Microsoft Windows Server 2008. For more information, refer to Configuring Routing and
Remote Access (page 144).

IMPORTANT
Ensure that the listening port (default 8080) is not blocked by your firewall. For more
information on how to enable firewall ports on Microsoft Windows Firewall, refer to
http://kbase.gfi.com/showarticle.asp?id=KBID003879

2.2 Deployment Scenarios

GFI WebMonitor can be deployed in three modes:
In an Internet Gateway Environment
In a Simple Proxy Environment
In a Microsoft ISA Server or Forefront TMG environment
Deployment depends on the network infrastructure and the network role of the machine where GFI
WebMonitor is to be installed. The following diagram helps you choose the correct GFI WebMonitor
installation mode to suit your environment.

Figure 2: Choosing your environment

2.2.1 Installing in an Internet Gateway Environment

Install GFI WebMonitor in gateway mode when you have:
a server configured with 2 network cards
Users are using this server as an Internet gateway to access the Internet
GFI WebMonitor is installed on this server
All inbound and outbound traffic passes through this server

GFI WebMonitor 2 Installing GFI WebMonitor | 18

Figure 3: GFI WebMonitor installed on a gateway machine

To install GFI WebMonitor on an Internet gateway, refer to the Installing in Gateway Mode chapter in
this manual.

2.2.2 Installing in a Simple Proxy Environment

Install GFI WebMonitor in Simple Proxy mode when:
users are using a router to connect to the Internet
GFI WebMonitor is installed within the local LAN
The router must be configured to block all traffic except traffic generated by GFI WebMonitor. This
can be achieved by using one of the following methods:
Port Blocking - blocking client requests and allowing GFI WebMonitor traffic
Traffic Forwarding - forwarding all traffic from the client to GFI WebMonitor machine

Port Blocking
The router must be configured to allow both HTTP/HTTPS traffic generated from GFI WebMonitor
machine and Non-HTTP/HTTPS traffic generated from client machines. In addition, it must also block
HTTP/HTTPS traffic generated from client machines.

NOTE
Client machines must be configured to use the GFI WebMonitor machine as the default
proxy server.

GFI WebMonitor 2 Installing GFI WebMonitor | 19

Figure 4: GFI WebMonitorinstalled on a proxy machine connected to a router supporting port blocking

2.2.3 Traffic Forwarding

The router/gateway must be configured to allow outgoing web traffic generated by GFI WebMonitor
only. In addition, it must forward client HTTP/HTTPS traffic to GFI WebMonitor.

Figure 5: GFI WebMonitor installed on a proxy machine connected to a router supporting traffic forwarding

To install GFI WebMonitor on a proxy server, refer to the Installing in Simple Proxy Mode chapter in
this manual.

GFI WebMonitor 2 Installing GFI WebMonitor | 20

2.3 Installing GFI WebMonitor in Gateway Mode
2.3.1 Introduction
This chapter provides you with information related to the installation of GFI WebMonitor on a
machine configured as an Internet Gateway.
2.3.2 Installation Procedure
Run the installer as a user with administrative privileges on the target machine.
1. Double click the GFI WebMonitor executable file.
2. The installer checks if required components are installed, and automatically installs missing
components.
3. Choose whether you want the installation wizard to search for a newer build of GFI WebMonitor on
the GFI website and click Next.
4. Read the licensing agreement. To proceed with the installation select I accept the terms in the
license agreement and click Next.

Screenshot 2: Installation: Access Permissions

5. Key in the user name or the IP address that will be used to access the web interface of GFI
WebMonitor and click Next.

NOTE
More than one user or machine can be specified. Separate entries with semicolons ‘;’

GFI WebMonitor 2 Installing GFI WebMonitor | 21

Screenshot 3: Installation: Service Logon Information

6. Key in the logon credentials of an account with administrative privileges and click Next.

NOTE
The user account must have Log on as a service rights; otherwise, rights are
automatically assigned. For more information, refer to Assigning Log On As A Service
Rights (page 119).

GFI WebMonitor 2 Installing GFI WebMonitor | 22

Screenshot 4: Installation: Mail Settings

7. Provide the SMTP mail server details and email address to which administrator notifications will be
sent.
Optionally click Verify Mail Settings to send a test email. Click Next.
8. Click Next to install in default location or click Change to change installation path.
9. Click Install to start the installation, and wait for the installation to complete.
10. Click Finish to finalize setup.
12. After the installation, GFI WebMonitor Configuration Wizard is launched automatically. This will
help you configure the server in Gateway mode.
13. In the welcome screen, click Next.
14. Select Gateway mode as your network environment and click Next.
15. In the Current Gateway Configuration screen, select the internal network card and click Next.
16. Click Finish to apply settings.

2.4 Installing GFI WebMonitor in Simple Proxy Mode

2.4.1 Introduction
This chapter provides you with information related to the installation of GFI WebMonitor on a
machine configured as a Proxy Server.
2.4.2 Installation Procedure
Run the installer as a user with administrative privileges on the target machine.
1. Double click the GFI WebMonitor executable file.
2. The installer checks if required components are installed, and automatically installs missing
components.

GFI WebMonitor 2 Installing GFI WebMonitor | 23

3. Choose whether you want the installation wizard to search for a newer build of GFI WebMonitor on
the GFI website and click Next.
4. Read the licensing agreement. To proceed with the installation select I accept the terms in the
license agreement and click Next.

Screenshot 5: Installation: Access Permissions

5. Key in the user name or the IP address that will be used to access the web interface of GFI
WebMonitor and click Next.

NOTE
More than one user or machine can be specified. Separate entries with semicolons ‘;’

GFI WebMonitor 2 Installing GFI WebMonitor | 24

Screenshot 6: Installation: Service Logon Information

6. Key in the logon credentials of an account with administrative privileges and click Next.

NOTE
The user account must have Log on as a service rights; otherwise, rights are
automatically assigned. For more information, refer to Assigning Log On As A Service
Rights (page 119).

GFI WebMonitor 2 Installing GFI WebMonitor | 25

Screenshot 7: Installation: Mail Settings

7. Provide the SMTP mail server details and email address to which administrator notifications will be
sent.
Optionally click Verify Mail Settings to send a test email. Click Next.
8. Click Next to install in default location or click Change to change installation path.
9. Click Install to start the installation, and wait for the installation to complete.
10. Click Finish to finalize setup.
12. After the installation, GFI WebMonitor Configuration Wizard is launched automatically. This will
help you configure the server in simple proxy mode.
13. In the welcome screen, click Next.
14. Select Simple proxy mode as your network environment and click Next.

NOTE
To view help on how to configure most commonly used routers, select the Click here
link. For more information, refer to Configuring Commonly Used Routers (page 126).

15. Click Finish to apply proxy settings.

2.5 Post Installation Actions

2.5.1 Launching GFI WebMonitor
There are 2 options for launching the GFI WebMonitor web console:
Option 1: click Start > All Programs > GFI WebMonitor > GFI WebMonitor Management Console.
Option 2: Key in the URL http://monitor.isa in a web browser on the same machine.

GFI WebMonitor 2 Installing GFI WebMonitor | 26

 NOTE
If using the GFI WebMonitor through the web browser interface on the same machine,
Internet Explorer must be configured to use a proxy server. For more information, refer
to Configuring Internet Browsers to Use a Proxy Server (page 32).

To launch GFI WebMonitor installation from machines of users and/or IP addresses that were allowed
access to the application during installation:
Key in the URL http://monitor.isa in a web browser from their machine. The Internet browser
must be configured to use specific proxy settings to enable this access.
2.5.2 Enter a Valid License Key
After GFI WebMonitor is installed, a valid license key is required to start monitoring traffic and
creating policies.

NOTE
If you are evaluating GFI WebMonitor, a 30 day unlimited evaluation key will be sent by
email after registering.

Screenshot 8: License key required

To enter your license key:

1. Click Enter license key...
2. Enter your license key in the available field.
3. Click Apply.

NOTE
For more information, refer to Updating License Manually (page 60).

GFI WebMonitor 2 Installing GFI WebMonitor | 27

2.5.3 Configuring GFI WebMonitor Machine as the Default Proxy Using GPO in Microsoft Windows
Server 2003
To configure all client machines to use GFI WebMonitor as a proxy server through Microsoft Windows
Server 2003 GPO:
1. On the Domain Controller, go to Start > Programs > Administrative Tools > Active Directory Users
and Computers.
2. Under the domain node, right-click the organizational unit where you wish to apply the group
policy and click Properties.

NOTE
To apply the group policy to all the computers on the domain, right-click on the domain
node directly and click Properties.

Screenshot 9: Active Directory GPO dialog

3. In the Domain Properties dialog, select Group Policy tab.

4. Select Default Domain Policy from the list and click Edit.

GFI WebMonitor 2 Installing GFI WebMonitor | 28

Screenshot 10: GPO Editor window

5. Expand User Configuration > Windows Settings > Internet Explorer Maintenance > Connection
and double-click Proxy Settings to open the Proxy Settings dialog.

Screenshot 11: Proxy Settings dialog

6. Check Enable proxy settings checkbox.

7. Uncheck Use the same proxy server for all addresses checkbox.
8. In the HTTP and FTP text boxes key in the proxy server IP address and the port used (Default
8080).
9. Click OK to apply changes.

GFI WebMonitor 2 Installing GFI WebMonitor | 29

10. Close all open windows.
2.5.4 Configuring GFI WebMonitor Machine as the Default Proxy Using GPO in Microsoft Windows
Server 2008
To configure the Proxy Settings on all client machines to use GFI WebMonitor as a proxy server
through Microsoft Windows Server 2008 GPO:
1. In command prompt, key inmmc.exe and press Enter.
2. In the Console Root window, navigate to File > Add/Remove Snap-in… to open the Add or Remove
Snap-ins window.

Screenshot 12: Add/Remove Snap-ins window

3. Select Group Policy Management from the Available snap-ins list, and click Add.
4. Click OK.

GFI WebMonitor 2 Installing GFI WebMonitor | 30

Screenshot 13: Console Root domain window

5. Expand Group Policy Management > Forest > Domains and <domain>, then select the
organizational unit where you wish to apply the group policy.

NOTE
To apply the group policy to all domain computers , select the domain node directly.

6. Right-click Default Domain Policy and click Edit to open the Group Policy Management Editor.

Screenshot 14: GPO Editor window

7. Expand User Configuration > Policies > Windows Settings > Internet Explorer Maintenance >
Connection and double-click Proxy Settings to open the Proxy Settings dialog.

GFI WebMonitor 2 Installing GFI WebMonitor | 31

Screenshot 15: Proxy Settings dialog

8. Check Enable proxy settings checkbox.

9. Uncheck Use the same proxy server for all addresses checkbox.
10. In the HTTP and FTP text boxes key in the proxy server IP address and the port used (Default
8080).
11. Click OK to apply changes
12. Close Proxy Settings dialog.
13. Close Group Policy Management Editor dialog and save the management console.

IMPORTANT
When using Active Directory, the administrator can disable the Internet connection
settings tab from the client machines. For more information, refer to Disabling Internet
Connection Settings On Client Machines (page 144).

2.5.5 Configuring Internet Browsers to Use a Proxy Server

You can manually configure each individual user machine to set the GFI WebMonitor machine as the
default proxy. This section shows how to configure proxy settings in the most commonly used Internet
browsers.

Microsoft Internet Explorer

1. Launch Microsoft Internet Explorer.
2. From the Tools menu, choose Internet Options and select the Connections tab.
3. Click LAN settings button.

GFI WebMonitor 2 Installing GFI WebMonitor | 32

Screenshot 16: LAN Settings dialog

4. Check Use a proxy server for your LAN checkbox.

NOTE
If WPAD is enabled in GFI WebMonitor, select Auto-detect proxy settings for this
network. For more information, refer to Configuring WPAD (page 101).

5. In the Address and Port text boxes, key in the proxy server name or IP address of the GFI
WebMonitor machine and the port used (Default 8080) .
6. Click OK to close LAN Settings dialog.
7. Click OK to close Internet Options dialog.

Mozilla Firefox
1. Launch Mozilla Firefox.
2. Click Firefox > Options > Options > Advanced tab > Network tab.

GFI WebMonitor 2 Installing GFI WebMonitor | 33

Screenshot 17: Mozilla Firefox: Options dialog

3. Click Settings button to open the Connection Settings dialog.

GFI WebMonitor 2 Installing GFI WebMonitor | 34

Screenshot 18: Mozilla Firefox: Connection Settings dialog

4. Select Manual proxy configuration.

5. Uncheck Use this proxy server for all protocols checkbox.
6. In the HTTP Proxy, FTP Proxy and related Port text boxes, key in the proxy server IP address and
the port used (Default 8080).

NOTE
If WPAD is enabled in GFI WebMonitor, select Auto-detect proxy settings for this
network. For more information, refer to Configuring WPAD (page 101).

7. Click OK to close Connection Settings dialog.

8. Click OK to close Options dialog.

Google Chrome
1. Launch Google Chrome.

2. Click and select Options.

3. In Options dialog, click Under the Hood tab.

GFI WebMonitor 2 Installing GFI WebMonitor | 35

Screenshot 19: Google Chrome: Under the Hood tab

4. Click Change proxy settings button to open Internet Properties dialog.

5. Select Connections tab.
6. Click LAN settings button.

GFI WebMonitor 2 Installing GFI WebMonitor | 36

Screenshot 20: LAN Settings dialog

7. Check Use a proxy server for your LAN checkbox.

8. In the Address and Port text boxes, key in the proxy server name or IP address and the port used
(Default 8080).

NOTE
If WPAD is enabled in GFI WebMonitor, select Auto-detect proxy settings for this
network. For more information, refer to Configuring WPAD (page 101).

9. Click OK to close LAN Settings dialog.

10. Click OK to close Internet Options dialog.

GFI WebMonitor 2 Installing GFI WebMonitor | 37

3 Achieving Results
Refer to the following sections to configure GFI WebMonitor and start achieving results:
Protect Your Network
Increase Productivity
Maximize Available Bandwidth

3.1 Achieving Results with GFI WebMonitor - Protecting Your Network

See the information below for information on how to proactively protect your network before it is
compromised.

WebFilter Edition
1. Block website categories in the Security group (such as Malware Sites, Phishing and Other Frauds,
Spyware and Adware, Bot Nets and Confirmed SPAM Sources).
Configure Web Filtering Polices

2. Block access to sites with low reputation (having a Reputation Index of 40 or less).
Configure Web Filtering Polices
Configure Always Blocked list
Configure Web Categorization

3. Block social engineering, phishing and online scams

Configure Internet Policies

4. Protect from Malware in

HTTPS traffic
Configure HTTPS Proxy Scanning
Settings

WebSecurity Edition
1. Block Known Malicious Websites and Phishing.
Configure ThreatTrack Configure Auto-update of all security
engines
Configuring Anti-Phishing in Security
Policies Configure Auto-update of all security
engines

2. Control and scan your downloads using multiple anti-virus engines.

Configure Downloads Policies
Configuring Security Policies

GFI WebMonitor 3 Achieving Results | 38

 3. Protect from Malware in
HTTPS traffic
Configure HTTPS Proxy Scanning
Settings

GFI also recommends to create an awareness policy with safe use guidelines for your
employees. For more information refer
to: http://www.gfi.com/whitepapers/acceptable_use_policy.pdf.

3.2 Achieving Results with GFI WebMonitor - Maximize Bandwidth Availability

Analyze your bandwidth activity and make informed decisions based on those results.

1. Deploy GFI WebMonitoron your network without any filtering policies. Use the inbuilt monitoring
and reporting tools to observe Internet usage and identify patterns that impact bandwidth opti-
mization. For example, identify excessive bandwidth usage or access to certain unwanted sites.
Create adequate policies based on the results obtained from these reports.
Generate Activity reports
Generate Bandwidth reports
Configure Internet Policies

2. Monitor and manage Internet connections in real-time to optimize band-

width.

Use the Bandwidth Dashboard

Use the Activity Dashboard
Terminate active connections from the Real-Time Traffic Dashboard

3. Manage website categories in the Bandwidth control group (such as Streaming Media, P2P, Online
Personal Storage).
Configure Web Filtering Polices

4. Block access to unwanted streaming applications such as YouTube and similar video sharing web sites.
Configure Streaming Media Policies

5. Block access to unwanted Instant Messaging applications (such as MSN, Google Talk, Yahoo Mes-
senger, Facebook Chat and Online Portals.
Configure Instant Messaging Policies

GFI WebMonitor 3 Achieving Results | 39

 6. Set bandwidth thresholds to limit access to specific web site categories, based on time or band-
width limits.
Configure Web Browsing Quota Policies

7. Use proxy caching to accelerate service requests and optimize bandwidth. This functionality
retrieves content saved from a previous client request.
Configure Cache Settings

GFI also recommends to create an awareness policy with safe use guidelines for your
employees. For more information refer
to: http://www.gfi.com/whitepapers/acceptable_use_policy.pdf.

3.3 Achieving Results with GFI WebMonitor - Increase Productivity

Configure options and measures and set up policies that filter web traffic with the aim of increasing
your workforce productivity.

1. Deploy GFI WebMonitoron your network without any filtering policies. Use the inbuilt monitoring
and reporting tools to observe Internet use and identify patterns that impact your organization's
productivity. Create adequate policies based on the results obtained from these reports.
Use the Bandwidth Dashboard

Use the Activity Dashboard

Generate Activity reports
Generate Bandwidth reports
Configure Internet Policies

2. Block website categories in the Productivity Loss and Potential Productivity Loss groups (such as
Social Network, Dating, Games and Pay to Surf).
Configure Web Filtering Polices

3. Block access to streaming appli-

cations.
Configure Streaming Media Policies

GFI WebMonitor 3 Achieving Results | 40

 4. Block access to Instant Messaging applications (such as MSN, Google Talk, Yahoo Messenger, Face-
book Chat and Online Portals.
Configure Instant Messaging Policies

5. Limit access to specific web site categories based on time or bandwidth

limits.
Configure Web Browsing Quota Policies

GFI also recommends to create an awareness policy with safe use guidelines for your
employees. For more information refer
to: http://www.gfi.com/whitepapers/acceptable_use_policy.pdf.

GFI WebMonitor 3 Achieving Results | 41

4 Using the Dashboard
The GFI WebMonitor Dashboard provides quick insight to activity on your network. Use the following
monitoring tools to identify potential problems:
Overview - provides a quick glance of current activity on the network, enabling you to identify net-
work usage trends and tasks that need to be carried out by the administrator.
Bandwidth - shows activity related to bandwidth consumption. Use the provided filters to spot
downloads or uploads that are affecting your network performance.
Activity - gives you insight on different types of activity during specific times of the day.
Real-Time Traffic - shows network traffic in real-time.
Quarantine - provides controls to authorize traffic that requires approval.

NOTE
If Anonymization is enabled, personal data (such as User Names and IPs) is masked. For
more information, refer to General Options (page 66).

4.1 Overview of Internet Activity

On launching GFI WebMonitor, the overview page is displayed by default.

GFI WebMonitor 4 Using the Dashboard | 42

Screenshot 21: Dashboard Overview

The page contains a graphical representation of Internet usage trends, such as:
The bandwidth consumption for the current day
Activity filtered by any configured policy
Information related to searches performed by users
Top categories and domains that are being accessed by users
Top users and policies

NOTE
By default, the data provided in the Overview page is for the current week. This filter
can be changed from the for period field in the top right corner of the screen.

GFI WebMonitor 4 Using the Dashboard | 43

Screenshot 22: Using the calendar to set period

The right hand side of the Overview page displays statistics related to Internet use, such as the total
number of Websites visited by all users, the number of infected files detected by GFI WebMonitor and
the number of websites blocked by a configured policy.

NOTE
If Alerts are configured, a notification appears in the Overview window, above Monitor
Status area. For information on how to configure Alerts refer to: Configuring Alerts.

GFI WebMonitor 4 Using the Dashboard | 44

Screenshot 23: Dashboard Overview statistical information

4.1.1 WebGrade Categorization

The Website Category Lookup area enables you to check the categorization of a URL and its
Reputation Index.
To check a website:

GFI WebMonitor 4 Using the Dashboard | 45

1. Type URL in the space provided.

2. Click icon.

NOTE
For more information, refer to Configuring Web Categorization (page 68).

4.2 Monitoring Bandwidth

The Bandwidth dashboard provides information related to traffic and user activity that affects
bandwidth consumption. Filter data according to the following:
Table 6: Bandwidth dashboard options
OPTION DESCRIPTION
All Bandwidth Shows download and upload traffic.
Download Only Displays only downloaded traffic.
Upload Only Displays only uploaded traffic.

Screenshot 24: Monitoring bandwidth

GFI WebMonitor 4 Using the Dashboard | 46

 NOTE
Use the View by: filter in the top right corner of the page to view data for a specific
date range.

The lower portion of the Bandwidth page provides a breakdown of the data monitored in the specified
period.

Screenshot 25: Bandwidth statistical data

Data is broken down as follows:

Table 7: Bandwidth monitoring filtering options
FILTER DESCRIPTION
Categories Select to view a list of categories and size of download for each category.
Websites A list of websites with respective download size. Data can be viewed by Domain or by Site using the pro-
vided controls.
Users A list of users and the total size of downloads for a specified period.
Even Log Provides a log of all the web requests that fall within the specified period, displaying:
Web Request - URL of request
Time - date and time of request
Download - size of download
User - User name
IP - IP address

IMPORTANT
If Anonymization is enabled, personal data (such as User Names and IPs) will be masked.
For more information, refer to General Options (page 66).

4.3 Monitoring Activity

The Activity dashboard provides information related to web requests and user activity for a specified
period. Filter data according to the following:

GFI WebMonitor 4 Using the Dashboard | 47

Table 8: Activity dashboard options
OPTION DESCRIPTION
All Activity Shows all web requests (filtered and unfiltered) made through GFI WebMonitor in the specified period.
Allowed Displays only traffic that has been allowed by GFI WebMonitor.
Only
Filtered Displays only traffic that has been blocked by configured policies.
Only
Searches Shows the activity related to searches performed by users.

NOTE
Use the View by: filter in the top right corner of the page to view data for a specific
date range.

Screenshot 26: Activity Dashboard

The lower portion of the Activity page provides a breakdown of the data monitored in the specified
period.

GFI WebMonitor 4 Using the Dashboard | 48

 NOTE
Surf Time is an approximate time calculated by timing access to web sites. Every time a
user accesses a website, 1 surf time minute will be added for that user. During this
minute, the user can access other web sites without adding to the surf time. When the 1
minute has passed, another minute will be added if the user is still browsing.

Screenshot 27: Activity statistical data

Data is broken down as follows:

Table 9: Activity monitoring filtering options
FILTER DESCRIPTION
Categories Select to view a list of categories with total Surf Time and number of Web Requests for each category.
Websites A list of websites with respective total Surf Time and number of Web Requests. Data can be viewed by
Domain or by Site using the provided controls.
Users A list of users and the total Surf Time and number of Web Requests for a specified period.
Event Log Provides a log of all the web requests that fall within the specified period, displaying:
Web Request - URL of request
Time - date and time of request
Download - size of download
User - User name
IP - IP address

IMPORTANT
If Anonymization is enabled, personal data (such as User Names and IPs) will be masked.
For more information, refer to General Options (page 66).

4.4 Monitoring Real-Time Traffic

The Real-Time Traffic dashboard enables you to monitor Internet usage in real-time.

GFI WebMonitor 4 Using the Dashboard | 49

 IMPORTANT
If Anonymization is enabled, personal data (such as User Names and IPs) will be masked.
For more information, refer to General Options (page 66).

To access the Real-Time Traffic dashboard:

1. Go to Dashboard > Real-Time Traffic.

Screenshot 28: Real-Time Traffic Dashboard, Bandwidth monitoring

2. Click one of the following tabs:

Table 10: Real-Time Traffic dashboard options
OPTION DESCRIPTION
Active Con- Provides information related to current active connections. Active connections can be terminated to
nections free up bandwidth. Additional filtering is available by:
Categories - Select to view a list of categories with total Web Requests and Bandwidth con-
sumption for each category.
Websites - A list of websites with respective total Web Requestsand Bandwidth consumption per
site. Data can be viewed by Domain or by Site using the provided controls.
Users - A list of users with total Web Requests and Bandwidth consumption per user.

GFI WebMonitor 4 Using the Dashboard | 50

 OPTION DESCRIPTION
Bandwidth A graph displays the current bandwidth consumption in MB. Additional information includes:
IP (User)
Url
Status
Downloaded
Uploaded
Activity Displays the number of current web requests
IP (User)
Url
Status
Downloaded
Uploaded

NOTE
For Bandwidth and Activity real-time traffic graph, set the Auto refresh interval at the
top right corner of the page. Default is set to 3.

4.5 Using Quarantine

The Quarantine area holds filtered content until the administrator reviews the item and decides what
action to take. Perform one of the following actions:
Table 11: Quarantine options
OPTION DESCRIPTION
Approve Approve a single item in the list.
Approve All Approve all items in the list.
Delete Delete a single item in the list.
Delete All Delete all items in the list.

The Quarantine list is populated following actions taken by pre-configured policies. The policy which
blocked the quarantined item will be listed under Policy Type, together with the user, details of the
request, date and time.
To approve or delete an item from the Quarantine list:
1. Go to Dashboard > Quarantine

GFI WebMonitor 4 Using the Dashboard | 51

Screenshot 29: Quarantine dashboard

2. Locate the item to approve or delete, and select the checkbox next to it.
3. Click Approve or Delete.
4. From the Approve Access Requests window, click Confirm.

GFI WebMonitor 4 Using the Dashboard | 52

5 Reporting
GFI WebMonitor makes use of an in-built reporting engine that enables you to create reports without
having to leave the GUI.
You can create reports based on inclusions and exclusions of users, categories and websites thus
making sure that reports are targeted and relevant.
Use the reporting engine to create:
Department based reporting which can be scheduled and sent to the relevant department heads
Reports which exclude certain data such as salesforce.com, and other websites or data which is
irrelevant
Reports which only include certain categories of websites. For example, generate productivity
loss reports where only Productivity Loss related categories are added to the report
Need based reporting based on Browsing Activity / Bandwidth / Security and other needs.
Scheduled reports distributed in various formats
The following sections will help you configure and run the following:
Activity Reports
Bandwidth Reports

5.1 Starred Reports

Click Reports to access Starred Reports and create a list of frequently used reports.

To add a report to the Starred Reports list:

1. Go to Reports > Bandwidth or Activity tab.

2. Click next to report name.

3. Starred reports will be marked with  .

5.2 Activity Reports

GFI WebMonitor offers a set of reports that help you monitor user activity on your network. You can
modify existing reports or add new ones customized to your requirements.
To use one of the above reports:

GFI WebMonitor 5 Reporting | 53

1. Go to Reports and select Activity tab.

Screenshot 30: Default activity report list

2. Click one of the report names to edit or click Run Report to generate the report.

NOTE
Every report can be exported to Excel, PDF or Word, and can also be sent to a printer.

See also:
Cloning a report
Editing Activity Report
5.2.1 Editing Activity Reports
To edit an activity report:
1. Go to Reports and select Activity tab.
2. Click report name to edit.

GFI WebMonitor 5 Reporting | 54

Screenshot 31: Editing an Activity report

3. [Optional] Change the name of the report.

4. In the Data area, select a Date Range from the drop down list.
5. Select the reporting criteria from one of the following:
Table 12: Activity report criteria
OPTION DESCRIPTION
All Activity Report captures all the activity generated on the network.
Allowed Only Report only displays activity allowed by GFI WebMonitor.
Filtered Only Report only displays filtered activity.

6. In the Record Limit area set the maximum number of records shown in the report. Default is set to
1000.
7. In the Include area:
a. Click Users tab and add the users to include or exclude in the report.
b. Click Categories tab to add the categories to include or exclude in the report
c. Click Websites tab and add the domains to include or exclude in the report.
d. Click Policies tab to add the policies to include or exclude in the report. You can add policies
by name, by the action these policies perform (Limited or Warned) or by policy type (Down-
load, Filter or Security).
8. Go to the Schedule tab and click ON to enable report scheduling.

NOTE
If the schedule is disabled, report is not automatically generated.

GFI WebMonitor 5 Reporting | 55

Screenshot 32: Scheduling an activity report

9. From the Runs area, select if report is going to be generated:

Table 13: Activity report schedule options
OPTION DESCRIPTION
Once Specify a date and time to generate the report one time.
Daily Specify number of days and time at which to generate the report.
Weekly Specify number of weeks, week days and time at which to generate the report
Monthly Select months, days and time for which to generate the report.

10. Go to Distribution tab and select one of the following options:

Table 14: Activity report distribution options
OPTION DESCRIPTION
Distribute Enable to save a PDF document in the path specified in the Folder Destination field. [Optional] In the
PDF Email Recipients field, add a recipient email address to send the document by email.
Distribute Enable to save a document in .XLS format in the path specified in the Folder Destination field. [Optional]
XLS In the Email Recipients field, add a recipient email address to send the document by email.
Distribute Enable to save a document in .DOC format in the path specified in the Folder Destination field. [Optional]
DOC In the Email Recipients field, add a recipient email address to send the document by email.

11. Click Save.

12. To generate the report, click Run report.

5.3 Bandwidth Reports

GFI WebMonitor offers a set of reports that help you monitor bandwidth activity on your network. You
can modify existing reports or add new ones customized to your requirements.
To use one of the above reports:
1. Go to Reports and select Bandwidth tab.

GFI WebMonitor 5 Reporting | 56

Screenshot 33: Default bandwidth reports list

2. Click one of the report names to edit or click Run Report to generate the report.

NOTE
Every report can be exported to Excel, PDF or Word, and can also be sent to a printer.

See also:
Cloning a report
Editing Bandwidth Report
5.3.1 Editing Bandwidth Reports
To edit an bandwidth report:
1. Go to Reports and select Bandwidth tab.
2. Click report name to edit.

GFI WebMonitor 5 Reporting | 57

Screenshot 34: Editing an Bandwidth report

3. [Optional] Change the name of the report if required.

4. In the Data tab, select a Date Range from the drop down list.
5. In the Report On area, select the reporting criteria from one of the following:
a. All Bandwidth - the report capture all the activity generated on the network
b. Download Only - report will only display activity allowed by GFI WebMonitor
c. Upload Only - report will display only filtered activity.
6. In the Record Limit area set the maximum number of records shown in the report. Default is set to
1000.
7. In the Include area:
a. Click the Users tab and add the users to include or exclude in the report.
b. Click the Categories tab to add the categories to include or exclude in the report
c. Click the Websites tab and add the websites to include or exclude in the report.
d. Click the Policies tab to add the policies to include or exclude in the report. You can add pol-
icies by name, by the action these policies perform (Limited or Warned) or by policy type
(Download, Filter or Security).
8. Go to the Schedule tab and click ON to enable report scheduling.

GFI WebMonitor 5 Reporting | 58

 NOTE
If the schedule is disabled the report will not be generated automatically.

Screenshot 35: Scheduling a bandwidth report

9. From the Runs area, select if the report is going to be generated:

a. Once - specify a date and time to generate the report one time
b. Daily - specify number of days and time at which to generate the report.
c. Weekly - specify number of weeks, week days and time at which to generate the report
d. Monthly - specify months, days and time at which to generate the report.
10. to start generating the report.
11. Go to Distribution tab.
12. Click Save.
5.3.2 Cloning Reports
All the default reports can be cloned to create new custom reports.
To clone a report:
1. Go to Reports and select Bandwidth or Activity tab.
2. Click Edit Report next to the report you want to clone.
3. Change the name of the report and click Clone Report.

GFI WebMonitor 5 Reporting | 59

 6 Configuring GFI WebMonitor
The following section assists in the configuration of the following:
General settings
1. Licensing
2. Access Control
3. Data Retention, Notification language and Anonymization
4. Auto-update of internal scanning engines
5. Web Categorization
6. Database settings
Policies
1. Security policies
2. Internet policies
3. Download control policies
4. Always Blocked list, Always Allowed list and Temporary Allowed configuration
Alerts
1. Monitoring, Bandwidth and Security alerts
Proxy Settings
1. General proxy settings
2. HTTPS Proxy scanning settings
3. Caching

6.1 General Settings

The following section will help you configure the following:
General settings
Licensing
Access Control
Data Retention, Notification language and Anonymization
Auto-update of internal scanning engines
Web Categorization
Database settings
6.1.1 Updating License Manually
To start using GFI WebMonitor, a valid license key must be activated.
To update product license key:
1. Go to Settings > General > Licensing
2. Click Update License and enter license key.

GFI WebMonitor 6 Configuring GFI WebMonitor | 60

3. Click Apply.

NOTE
To activate license key, an Internet connection must be available.

See Also:
Licensing Information.
Post-Installation Actions.
6.1.2 Access Control
The Access Control node enables you to list users and IP addresses with access to GFI WebMonitor.

IMPORTANT
Specified users are allowed access only if their username is authenticated.

To add a user or IP address to the access permissions list:

1. Go to Settings > General > Access Control.

Screenshot 36: Configuring Access Control

2. In the Grant access to field, specify the User or IP Address, to allow access to GFI WebMonitor
from his machine and click Add. Repeat for all required user(s) and/or IP(s).
3. Click Add to save settings.

NOTE

Select to delete a user or IP address from the Access Control list.

GFI WebMonitor 6 Configuring GFI WebMonitor | 61

6.1.3 Configuring Auto-Update
The Auto-Update page provides a centralized area where to configure auto-update settings for the
core components of GFI WebMonitor.

Screenshot 37: Configuring Auto-update

To enable or disable auto-update for the available components:

1. Go to Settings > General > Auto-Update.
2. Click ON or OFF to enable or disable the components as required.

NOTE
It is recommended that all auto-updates are enabled for maximum protection.

6.1.4 Configuring Databases

GFI WebMonitor supports two types of databases:
Table 15: Back-end databases
DATABASE DESCRIPTION
Firebird Database Firebird is the default database, configured automatically with the installation.
Microsoft SQL Database GFI WebMonitor supports both Microsoft SQL Express and Microsoft SQL server databases.

To view the currently configured database:

1. Go to Settings > General > Database.

GFI WebMonitor 6 Configuring GFI WebMonitor | 62

Screenshot 38: Configured database

To change the current database configuration refer to the following sections:

Configuring Firebird Database
Configuring Microsoft SQL Database

Configuring Firebird Database

During installation, GFI WebMonitor automatically installs a Firebird database that is used by the
application as the default database. The default path is: C:\Program
Files\GFI\WebMonitor\Data\WEBMON.FDB.
To change the default location of the Firebird database:
1. Go to C:\Program Files\GFI\WebMonitor\Data and copy the WEBMON.FDB file.
2. Save the copied file to the new location.
3. In GFI WebMonitor, go to Settings > General > Database.

GFI WebMonitor 6 Configuring GFI WebMonitor | 63

Screenshot 39: Configuring Databases

4. From Database Type, select Embedded.

5. In the Path field, change the path to the point to the new location.
6. Click Save.

NOTE
To create a new Firebird Database, enter a new database name in the following
format: <database name>.fdb

Configuring Microsoft SQL Database

GFI WebMonitor supports both Microsoft SQL Express and Microsoft SQL server databases.
To point GFI WebMonitor to use a previously created Microsoft SQL Server database:
1. In GFI WebMonitor, go to Settings > General > Database.
2. From Database Type, select SQL Server.

GFI WebMonitor 6 Configuring GFI WebMonitor | 64

3. In the SQL Server field, type the SQL Server instance name.
4. In the Authentication area, select one of the following:
Table 16: SQL Server Authentication method
OPTION DESCRIPTION
Windows Authen- Select this option to use Microsoft Windows credentials when connecting to your SQL Server.
tication
SQL Server Authen- If your SQL Server has been installed in SQL Server Authentication Mode, select this option and
tication provide Username and Password.

5. In the Database field, type the name of the database created in SQL.

IMPORTANT
Ensure that the database name entered is unique, otherwise you will overwrite the
existing database.

6. Click Save.

NOTE
You can create a new database from within GFI WebMonitor. To create a new database,
enter a new database name and click Save.

6.1.5 Configuring Notifications

To change the administrative notifications setup configured during installation:
1. Go to Settings > General > Notifications.

GFI WebMonitor 6 Configuring GFI WebMonitor | 65

Screenshot 40: Configuring administrative notifications

2. Change any of the following options:

Table 17: Configuring administrative notifications
OPTION DESCRIPTION
From email address Specify the email address from which notifications will be sent.
SMTP Server Enter the name or IP of the SMTP server.
SMTP Port Key in a port number.
Email addresses Enter recipient email addresses.

3. Click Save.
6.1.6 General Options
Use the Options tab to configure:
Data retention periods
Length of time to keep downloaded files in cache
Language used when displaying blocking notifications or warnings
Length of time to keep websites in Temporary Allowed list
Anonymization of personal data.

GFI WebMonitor 6 Configuring GFI WebMonitor | 66

Screenshot 41: Configuring general options

Data Retention
For optimization purposes, GFI WebMonitor enables you to specify the length of time that data
collected by GFI WebMonitor is retained by the application. Data is deleted after the specified period
expires.
To configure for how long to retain activity data:
1. Go to Settings > General > Options.
2. In the Retain data for field, key in the number of days.
3. Click Save .

NOTE
The default value is set to 365 days.

Downloaded Files Cached For

When Caching is enabled, GFI WebMonitor stores retrieved data in a local database so that future
requests for that same data are served faster. Use this option to set the length of time to keep this
data. For more information, refer to Configuring Caching Settings (page 108).

GFI WebMonitor 6 Configuring GFI WebMonitor | 67

Language
When GFI WebMonitor blocks user activity, a warning message is sent to the user, stating which policy
was breached. The language of these warning messages can be configured from a pre-defined list.
To change the language of warning messages, select a language from the drop down list and click
Save.

Temporary Allowed period

Use this option to control for how long GFI WebMonitor will keep websites in the Temporary Allowed
list of sites.

Anonymization
Anonymization enables masking private user data in accordance with European privacy and data
protection laws. If enabled, GFI WebMonitor:
Cloaks personal data (User name and IP) so that it can no longer be viewed from the Dashboard
or Monitoring Reports.
Enables a validation process requiring two passwords from two different users.
Masks any features in the User Interface that provide access to private user information.
To enable Anonymization:
1. Navigate to Settings > Options.
2. In the Anonymize area, click ON.
3. Enter the passwords for Responsible Person 1 and Responsible Person 2
4. Click Save .

NOTE
To disable Anonymization, click OFF and enter the required passwords.

6.1.7 Configuring Web Categorization

When GFI WebMonitor is installed, a database with a limited amount of categorized web sites is
installed. GFI WebMonitor updates this local database on activation.
Web categorization is a feature that connects to the Internet to look up URL's not found in the local
database. For more information on website categorization refer to the following whitepaper:
http://www.gfi.com/whitepapers/web-reputation-wp.pdf.

NOTE
This feature is enabled by default. To disable Web Categorization, click OFF next to
Online Lookup.

GFI WebMonitor 6 Configuring GFI WebMonitor | 68

 Screenshot 42: Configuring Web Categorization

The Web Categorization page also provides a lookup area where you can check a category for a
specific URL.
To look up a URL:
1. Enter a URL in the Lookup website field.
2. Click Check Category.

NOTE
This feature is also available on the Dashboard. For more information, refer to
Overview of Internet Activity (page 42).

6.2 Configuring Policies

Policies within GFI WebMonitor help you boost employee productivity while putting your mind at rest
about security breaches. These can be very costly to your business.
GFI WebMonitor lets you define web filtering and web security policies to help enforce an effective
Internet Usage Policy:
WebFilter Edition Policies - offering time, bandwidth and category based policies
1. Configuring Internet Policies
2. Configuring Always Blocked list
3. Configuring Always Allowed list
4. Configuring Temporary Allowed list
WebSecurity Edition Policies - to protect against viruses, spyware, phishing scams and
other malware
1. Configuring Security Policies
2. Configuring Download Policies

GFI WebMonitor 6 Configuring GFI WebMonitor | 69

6.2.1 WebFilter Edition Policies
WebFilter edition includes policies related to time and bandwidth based browsing control, website
categorization and URL filtering for increased productivity and security.
The following sections help you:
Configure Internet Policies
Configure Always Blocked list
Configure Always Allowed list
Configure Temporary Allowed list

Enabling or Disabling a Configured Policy

To enable or disable a policy:
1. Go to Settings > Policies > Internet Policies.
2. Click ON to enable or OFF to disable the desired policy.

Deleting a Policy
To delete a policy click the Delete icon next to the policy to delete.
6.2.2 Configuring Internet Policies
The following chapters guide you through the configuration of the following policies:
Web Filtering Policy - exercise control over web browsing habits that can effect security, pro-
ductivity, performance and legal issues.
Web Browsing Quota Policy - control how your users browse specific categories or sites based on
bandwidth or time thresholds.
Instant Messaging Policy - provide control over the use of instant messaging clients.
Streaming Media Policy - define policies that block various types of streaming media across all
websites.
Search Engine Policy - provides monitoring and control over user searching habits.

Web Filtering Policy

Web filtering policies enable you to exercise control over web browsing habits that can effect
security, productivity, performance and legal issues.
A Default Web Filtering Policy is enabled when GFI WebMonitor is installed. It is pre-configured to
apply to everyone and to allow web browsing of all categories. The default policy can be edited, but
cannot be disabled or deleted.

NOTE
Certain fields in the default policy cannot be edited. These include Policy Name and
Apply Policy To.

GFI WebMonitor 6 Configuring GFI WebMonitor | 70

 IMPORTANT
All added policies take priority over the default policy.

To add a Web Filtering Policy:

1. Go to Settings > Policies > Internet Policies.
2. In the Web Filtering Policies area, click Add Policy.

Screenshot 43: Creating a new Web Filtering policy

3. In the Policy Name field, type a policy name.

4. In the Filter area, select the categories to Allow, Block, Warn and Allow or Quarantine.

GFI WebMonitor 6 Configuring GFI WebMonitor | 71

5. [Optional] Click Show Advanced Filtering to add conditions that override actions specified in the
Filter area.
6. In the Exceptions area, use the Always block sites and Always allow sitesfields to key in specific
URL's of websites to include or exclude from policy.

Screenshot 44: Enabling reputation filtering

7. [Optional] In the Filter by Reputation area, click ON to enable filtering by reputation.

NOTE
Setting up a Reputation Index of 40 or below blocks websites categorized as
“Unknown”. When GFI WebMonitor is deployed, a local web categorization database is
installed with a limited amount of entries. URL's not found in the local database will be
automatically categorized as“Unknown”. Ensure that Online Lookup is enabled so that
GFI WebMonitor can access a store of over 280 million websites. For more information,
refer to Configuring Web Categorization (page 68).

8. In the Apply Policy To field, specify Users, Groups or IPsfor whom the new policy applies, and
clickAdd.

IMPORTANT
Proxy Authentication must be enabled, otherwise you will not be able to add Active
Directory users. For more information, refer to Configuring Authentication Method
(page 102).

9. [Optional] In the Notify Breacher area, click ONto enable notifications to send when a user
infringes policy. Provide the body text of the notification email in the available space.
10. [Optional] Use the Notify Administrators area to send notifications when the downloaded content
infringes this policy. Add the administrator’s email address and provide the body text of the
notification email.
11. In the Schedulearea specify the time period during which the new policy ise enforced.
12. Click Save.
See also:
Cloning a Policy

Web Browsing Quota Policy

Create a Web Browsing Quota Policy to control how your users browse specific categories or sites
based on bandwidth or time thresholds.
To create a new Web Browsing Quota Policy:
1. Go to Settings > Policies > Internet Policies.

GFI WebMonitor 6 Configuring GFI WebMonitor | 72

2. In the Web Browsing Quota Policy area, click Add Policy.

Screenshot 45: Creating a new Web Browsing Quota Policy

3. In the Policy Name field, type a policy name.

4. In the Limit By area specify:
a. If the threshold will be based on Bandwidth or Time
b. The duration in hours or minutes
c. If the duration is per day, week or month
5. In the Apply To area:
a. Select which categories or sites are effected by policy.
b. Add sites which are to be excluded from policy.
6. In the Apply Policy To field, specify Users, Groups or IPs for whom the new policy applies, then
click Add.

GFI WebMonitor 6 Configuring GFI WebMonitor | 73

 IMPORTANT
Proxy Authentication must be enabled, otherwise you will not be able to add Active
Directory users. For more information, refer to Configuring Authentication Method
(page 102).

7. [Optional] In the Notify Breacher area, click ON to enable notifications to send when a user
infringes this policy. Provide the body text of the notification email in the available space.
8. [Optional] Use the Notify Administrators area to send notifications when the downloaded content
infringes this policy. Add the administrator’s email address and provide the body text of the
notification email.
9. Click Save.

NOTE
To reset the Web Browsing Quota Policy, click the refresh icon from the Internet Policies
page.

See also:
Cloning a Policy

Instant Messaging Policy

Instant Messaging Policies (or IM) provide control over the use of instant messaging clients. If a policy
is breached, GFI WebMonitor uses the configured policy to determine what action to take.
The Instant Messaging Policy feature can allow or block access to the following clients:
MSN Messenger and Microsoft Windows Live Messenger
Gmail Chat/GTalk and
Yahoo! Messenger
Facebook Chat
Online instant messaging portals
A Default IM Policy is enabled when GFI WebMonitor is installed. It is pre-configured to allow instant
messaging access to everyone. The default policy can be edited, but cannot be disabled or deleted.

NOTE
Certain fields in the default policy cannot be edited. These include Policy Name and
Apply Policy To.

IMPORTANT
All added policies take priority over the default policy.

To create a new IM Policy:

GFI WebMonitor 6 Configuring GFI WebMonitor | 74

1. Go to Settings > Policies > Internet Policies.
2. In the Instant Messaging Policies area, click Add Policy.

Screenshot 46: Creating a new IM Policy

3. In the Policy Name field, type a policy name.

4. In the Filter area specify which instant messaging client to block or allow.
5. In the Apply Policy To field, specify Users, Groups or IPs for whom the new policy applies, then
click Add.

IMPORTANT
Proxy Authentication must be enabled, otherwise you will not be able to add Active
Directory users. For more information, refer to Configuring Authentication Method
(page 102).

NOTE
It is recommended that only one IM Control Policy is applied to a user, a group and/or IP
address. In cases where more than one IM Control Policy is applied to the same user,
group or IP, the top most policy takes priority over subsequent policies.

GFI WebMonitor 6 Configuring GFI WebMonitor | 75

6. [Optional] In the Notify Breacher area, click ON to enable notifications to send when a user
infringes this policy. Provide the body text of the notification email in the available space.
7. [Optional] Use the Notify Administrators area to send notifications when the downloaded content
infringes this policy. Add the administrator’s email address and provide the body text of the
notification email.
8. Click Save.
See also:
Cloning a Policy

Streaming Media Policy

Streaming Media Policies enable you to define policies that block various types of streaming media
across all websites. This conserves and optimizes bandwidth resources.
A Default Streaming Media Policy is enabled when GFI WebMonitor is installed. It is pre-configured to
allow streaming media access to everyone. The default policy can be edited, but cannot be disabled
or deleted.

NOTE
Certain fields in the default policy cannot be edited. These include Policy Name and
Apply Policy To.

IMPORTANT
All added policies take priority over the default policy.

To add a Streaming Media Policy:

1. Go to Settings > Policies > Internet Policies.
2. In the Streaming Media Policies area, click Add Policy.

GFI WebMonitor 6 Configuring GFI WebMonitor | 76

Screenshot 47: Configuring Streaming Media policy 1

3. In the Policy Name field, type a policy name.

4. In the Filter area, select the Streaming Media Categories, Streaming Applications and Generic
Site Streams to Allow or Block.
5. Use the Always block sites and Always allow sites fields to key in specific URL's of websites you
would like included or excluded from the policy.
6.In the Apply Policy To field, specify Users, Groups or IPs for whom the new policy applies, then
click Add.

GFI WebMonitor 6 Configuring GFI WebMonitor | 77

 IMPORTANT
Proxy Authentication must be enabled, otherwise you will not be able to add Active
Directory users. For more information, refer to Configuring Authentication Method
(page 102).

NOTE
When keying in a User, specify the username in the format domain\user.
When keying in a Client IP, you can use IP ranges (for example, “10.0.0.10-12”
includes these IP addresses: “10.0.0.10”, “10.0.0.11” and “10.0.0.12”).

7. [Optional] In the Notify Breacher area, click ON to enable notifications to send when a user
infringes this policy. Provide the body text of the notification email in the available space.
8. [Optional] Use the Notify Administrators area to send notifications when the downloaded content
infringes this policy. Add the administrator’s email address and provide the body text of the
notification email.
9. In the Filter On area specify the time period during which the new policy will be enforced.
10. Click Save.
See also:
Cloning a Policy

Search Engine Policy

GFI WebMonitor has two search engine policies that are disabled by default when the product is
installed.

Safe Search
Safe Searchis a feature supported by a number of search engines. If enabled, GFI WebMonitor
enforces filtering of explicit email and images from user searches.
Safe Search is compatible with the following search engines:
Google
Yahoo
Lycos
Bing

NOTE
The Safe Search feature is available in the GFI WebMonitor WebFilter Edition.

To enable Safe Search

1. Go to Settings > Internet Polices > Safe Search.
2. Click ON.

GFI WebMonitor 6 Configuring GFI WebMonitor | 78

Search Terms Monitoring
Search Terms Monitoring is a feature that monitors and logs terms used during searches. If enabled,
you will be able to monitor what your users are searching for in various search engines to get a better
insight on what users are using the web for.

To enable Search Terms Monitoring

1. Go to Settings > Internet Polices > Search Terms Monitoring.
2. Click ON.

To exclude users or IP addresses from monitoring:

1. Go to Settings > Internet Polices > Search Terms Monitoring.
2. Click Search Terms Monitoring.
3. Key in the User name or IP Address in the field provided and click Exclude.
See also:
Cloning a Policy
6.2.3 Configuring Always Blocked List
The Always Blockedlist is a list of sites, users and IP addresses that should always be blocked. The
Always Blocked list takes priority over all WebFilter and WebSecurity policies.

NOTE
If the items in the Always Blocked list are also added to the Always Allowed list,
priority is granted to the Always Allowed list and access is granted.

Adding Items to the Always Blocked list

To add an item to the Always Blocked list:
1. Go to Settings > Policies > Always Blocked.

GFI WebMonitor 6 Configuring GFI WebMonitor | 79

Screenshot 48: Configuring Always Blocked list

2. Select User, Site or IP and key in the value in the space provided.
3. Click Add.
4. Click Save.

NOTE
When keying in a User, specify the username in the format domain\user.
When keying in a Client IP, you can use IP ranges (for example, “10.0.0.10-12”
includes these IP addresses: “10.0.0.10”, “10.0.0.11” and “10.0.0.12”).

NOTE
When keying in a URL for a website you can use the wildcard character [*], for example:
Type *.com to allow or block all '.com' top-level domains
Type *.website.com to allow or block all sub-domains of 'website.com'

6.2.4 Deleting Items From the Always Blocked list

To delete an item from the Always Blocked list:
1. Go to Settings > Policies > Always Blocked.
2. Click the Delete icon next to the item to delete.
3. Click Save.

GFI WebMonitor 6 Configuring GFI WebMonitor | 80

6.2.5 Configuring Always Allowed List
The Always Allowed list is a list of sites, users and IP addresses that are automatically excluded from
all filtering policies configured in GFI WebMonitor. Besides the Always Allowed list, there is also a
Temporary Allowed list that is used to temporarily approve access to a site for a user or IP address.

IMPORTANT
In GFI WebMonitor, the Temporary Allowed list takes priority over the Always Allowed
list. Furthermore, both Always Allowed lists take priority over the Always Blocked list.
Therefore, if a site is listed in the Always Allowed or Temporary Allowed lists and that
same site is listed in the Always Blocked list, access to the site is allowed.

Pre-configured Items
By default, GFI WebMonitor includes a number of pre-configured sites in the Always Allowed list.
These include GFI Software Ltd websites to allow automatic updates to GFI WebMonitor and Microsoft
websites to allow automatic updates to Windows. Removing any of these sites may stop important
updates from being automatically effected.

GFI WebMonitor 6 Configuring GFI WebMonitor | 81

Adding Items to the Always Allowed List

Screenshot 49: Adding items to Always Allowed list

To add an item to the Always Allowed list:

1. Go to Settings > Policies > Always Allowed.
2. In the Grant To field, select User, Site or IP and key in the value in the space provided.
3. Click Add.
4. Click Save.

NOTE
When keying in a User, specify the username in the format domain\user.
When keying in a Client IP, you can use IP ranges (for example, “10.0.0.10-12”
includes these IP addresses: “10.0.0.10”, “10.0.0.11” and “10.0.0.12”).

GFI WebMonitor 6 Configuring GFI WebMonitor | 82

 NOTE
When keying in a URL for a website you can use the wildcard character [*], for example:
Type *.com to allow or block all '.com' top-level domains
Type *.website.com to allow or block all sub-domains of 'website.com'

Deleting Items From the Always Allowed List

To delete an item from the Always Allowed list:
1. Go to Settings > Policies > Always Allowed.
2. Click the Delete icon next to the item to delete.
3. Click Save.
6.2.6 Configuring Temporary Allowed List
The Temporary Allowed List is a list of URL's, users or IP addresses that are allowed to bypass all web
filtering polices for a specified amount of time. The list is populated either automatically with items
approved from quarantine or manually by adding specific entries.
To manually configure temporary access to sites, users or IP addresses:
1. Go to Settings > Policies > Temporary Allowed List.

Screenshot 50: Configuring Temporary Allowed list

2. In the Grant To field, select User or IP and key in the user or IP address to grant access to in the
space provided.
3. In the Access To field, type the URL of the website to grant access to.
4. In the Active until area, select the date and time during which the policy will be active.
5. Click Save.

Deleting Items From the Temporary Allowed list

To delete an item from the Temporary Allowed list:
1. Go to Settings > Policies > Temporary Allowed.
2. Click the Delete icon next to the item to delete.

GFI WebMonitor 6 Configuring GFI WebMonitor | 83

3. Click Save.
6.2.7 WebSecurity Edition Policies
WebSecurity edition includes download control, virus scanning through multiple anti-virus engines and
anti-phishing as well as control for most IM clients.
The following sections help you:
Configure Security Policies
Configure Download Policies
Configure Security Engines

Enabling or Disabling a Configured Policy

To enable or disable a policy:
1. Go to Settings > Policies > Security Policies.
2. Click ON to enable or OFF to disable the desired policy.

Deleting a Policy
To delete a policy click the Delete icon next to the policy to delete.
6.2.8 Configuring Security Policies
A default security policy is enabled when GFI WebMonitor is installed. It is pre-configured to apply to
every user on the domain and to allow web browsing of all categories. This policy is called Default
Virus Scanning Policy, and can be edited, but not disabled or deleted.

NOTE
Certain fields in the default policy cannot be edited. These include Policy Name and
Apply Policy To.

IMPORTANT
All added policies take priority over the default policy.

To edit the Default Virus Scanning Policy:

1. Go to Settings > Policies > Security Policies.
2. Under Configured Virus Scanning Policy, click Default Virus Scanning Policy.

GFI WebMonitor 6 Configuring GFI WebMonitor | 84

Screenshot 51: Configuring Default Virus Scanning Policy

3. In the Scan area, select the Content Types to Scan, Block, Warn and allow or Quarantine.
4. Select the virus scanning engines to use by switching the available engines On or Off as required.
5. [Optional] In the Notify Breacher area, click ON to enable notifications. You can also edit the
notification message in the Message to Policy Breacher window.
6. [Optional] In the Notify Administrators area, click ON to enable notifications. Specify an email
address in the available box and click Add. You can also edit the notification message in the Message
to Policy Breacher window.
7. Click Save.

GFI WebMonitor 6 Configuring GFI WebMonitor | 85

 IMPORTANT
You can add as many policies as required, however, the top most policy has precedence
over the ones below it.

IMPORTANT
Click Save before you navigate away from page.

See also:
Cloning a Policy
Adding a New Security Policy
6.2.9 Adding a New Security Policy
To add a new Security Policy:
1. Go to Settings > Policies > Security Policies.
2. Click Add Policy.

GFI WebMonitor 6 Configuring GFI WebMonitor | 86

Screenshot 52: Creating a new Security Policy

3. In the Policy Name field enter a name for the new policy.
4. In the Scan area, select which Content Types to Scan, Block, Warn and allow or Quarantine.
5. [Optional] To define custom content types, click Show Custom Content Types, then:
a. Click Add Content Type.
b. In the Content Type field, enter the string for the file type to add.

NOTE
This must be a MIME type, for example, if you want to add a content type for *.gif,
type: image/gif.

GFI WebMonitor 6 Configuring GFI WebMonitor | 87

 c. Enter a description.
d. Define the actions to take when the content type is downloaded.
e. Click OK.
6. Select the virus scanning engines to use by switching the available engines On or Off as required.
7. In the Apply Policy To field, specify Users, Groups or IPsfor whom the new policy applies, and
clickAdd.

IMPORTANT
Proxy Authentication must be enabled, otherwise you will not be able to add Active
Directory users. For more information, refer to Configuring Authentication Method
(page 102).

8. [Optional] In the Notify Breacher area, click ON to enable notifications. You can also edit the
notification message in the Message to Policy Breacher window.
9. [Optional] In the Notify Administrators area, click ON to enable notifications. Specify an email
address in the available box and click Add. You can also edit the notification message in the Message
to Policy Breacher window.
10. Click Save.

IMPORTANT
You can add as many policies as required, however the top most policy has precedence
over the ones below it.

IMPORTANT
Click Save before you navigate away from page.

See also:
Cloning a Policy
6.2.10 Configuring Security Engines
By default, all the Security Engines in GFI WebMonitor are enabled.
To turn off a security engine:
1. Go to Settings > Security Policies.

GFI WebMonitor 6 Configuring GFI WebMonitor | 88

Screenshot 53: Configuring Security Engines

2. In the Security Engines area, click OFF next to the engine you want to disable.
To perform additional configuration refer to the following sections:
Configuring Kaspersky
Configuring Anti Phishing
Configuring ThreatTrack
6.2.11 Configuring Kaspersky
The Kaspersky anti-virus scanning engine enables you to state whether the actions specified in the
Virus Scanning Policies should also be used when files are identified as:
Table 18: Kaspersky engine options
OPTION DESCRIPTION
Suspicious Files identified as suspicious.
Corrupted Files that cannot be scanned since the file format is corrupted, for example, corrupted CAB files.
Hidden Files that cannot be scanned since the contents are protected, for example, password protected ZIP files.

To configure Kaspersky:
1. Go to Settings > Policies > Security Policies.
2. Click Kaspersky.

GFI WebMonitor 6 Configuring GFI WebMonitor | 89

Screenshot 54: Configuring Kaspersky security engine

3. Next to Suspicious, click ON to enable scanning of files considered to be suspicious.

4. Next to Corrupted, click ON to enable scanning of corrupted files.
5. Next to Hidden, click ON to enable scanning of protected files.
6. Click Save.
6.2.12 Configuring Anti Phishing Notifications
You can set up notifications that inform users whenever GFI WebMonitor protects them from known
phishing sites.
To configure notifications:
1. Go to Settings > Policies > Security Policies.
2. Click Anti-Phishing.
3. Next to Notify Breacher, click ON to enable notifications to be sent to the person attempting to
access a known phishing site.
4. Next to Notify Administrators, click ON to enable notifications, then specify the email addresses of
the persons who need to be notified.
5. Click Save.
6.2.13 Configuring ThreatTrack
The ThreatTrack protection feature ensures that the latest malware and phishing threats are blocked
even when originating from compromised legitimate sites. If enabled, GFI WebMonitor automatically
blocks sites confirmed to be distributing malicious content or used for phishing purposes.
To configure ThreatTrack:
1. Go to Settings > Policies > Security Policies.
2. Click ThreatTrack.

GFI WebMonitor 6 Configuring GFI WebMonitor | 90

Screenshot 55: Configuring ThreatTrack notifications

3. Next to Notify Breacher, click ON to enable notifications to be sent to the person attempting to
access a known ThreatTrack site.
4. Next to Notify Administrators, click ON to enable notifications, then specify the email addresses of
the persons who need to be notified.
5. Click Save.
6.2.14 Configuring Download Policies
Download Policies enable you to manage file downloads based on file types. If a user tries to
download a file that triggers a Download Policy, GFI WebMonitor determines what action to take,
according to what you configured in that policy. This may be one of the following actions:
Allow file download
Quarantine downloaded file
Block file from being downloaded
A Default Download Policy is enabled when GFI WebMonitor is installed. It is pre-configured to apply
to everyone and to allow downloads of all file types. The default download policy can be edited, but
cannot be disabled or deleted.

GFI WebMonitor 6 Configuring GFI WebMonitor | 91

 NOTE
Certain fields in the default policy cannot be edited. These include Policy Name and
Apply Policy To.

IMPORTANT
All added policies take priority over the default policy.

NOTE
It is recommended that only one Download Policy is applied to a user, a group or IP
address. In cases where more than one Download Policy is applied to the same user,
group or IP, the top most policy takes priority over subsequent policies.

Enabling or Disabling a Download Policy

To enable or disable a Download Policy:
1. Go to Settings > Policies > Download Policies.
2. Click ON to enable or OFF to disable the policy.

Deleting a Download Control Policy

To delete a Download Control Policy click the Delete icon next to the policy to delete.
See also:
Cloning a Policy
Adding a New Download Policy
Editing an Existing Download Policy

Adding a New Download Policy

To add a Download Policy:
1. Go to Settings > Policies > Download Policies.

GFI WebMonitor 6 Configuring GFI WebMonitor | 92

Screenshot 56: New download policy

2. Click Add Policy.

3. In the Policy Name field, key in a Policy Name.
4. From the Filter area, select action to be taken for file types. Available options are:
Allow
Block
Quarantine

NOTE
Action can also be configured by clicking on a file type and setting the action from
theAction dialog. A description about each file type is also provided.

5. [Optional] To add custom file types not present in the pre-defined list, click Show Custom Content
Types, then click Add Content-typeto add new file types.

GFI WebMonitor 6 Configuring GFI WebMonitor | 93

6. In the Apply Policy To field, specify Users, Groups or IPsfor whom the new policy applies, and
clickAdd.

IMPORTANT
Proxy Authentication must be enabled, otherwise you will not be able to add Active
Directory users. For more information, refer to Configuring Authentication Method
(page 102).

NOTE
When keying in a User, specify the username in the format domain\user.
When keying in a Client IP, you can use IP ranges (for example, “10.0.0.10-12”
includes these IP addresses: “10.0.0.10”, “10.0.0.11” and “10.0.0.12”).

7. [Optional] In the Notify Breacher area, click ON to enable notifications to send when a user
infringes this policy. Provide the body text of the notification email in the available space.
8. [Optional] To send a notification to administrators when the downloaded content infringes this
policy, clickONin theNotify Administratorsarea. Add the administrator’s email address and provide
the body text of the notification email in the available space.
9. Click Save.
See also:
Cloning a Policy
Configuring Download Policies
Editing an Existing Download Policy

Editing an Existing Download Policy

To edit a Download Control Policy:
1. Go to Settings > Policies > Download Policies.
2. Click the policy name to edit.
3. Click Save.
See also:
Cloning a Policy
Configuring Download Policies
Adding a New Download Policy

Cloning a Policy
Existing WebFiltering and WebSecurity policies can be cloned to quickly create new polices which can
then be edited as required.
To clone a policy:
1. Go to Settings > Policies
2. Select Security Polices, Internet Policies or Download Policies.

GFI WebMonitor 6 Configuring GFI WebMonitor | 94

3. Click the policy name you want to edit.
4. Click Clone Policy.

NOTE
Default policies cannot be cloned.

6.3 Configuring Alerts

GFI WebMonitor lets you configure alerts based on specific usage patterns, such as warnings bypassed
or sites that have been blocked by configured policies. The following sections will help you configure
the following:
Configuring Monitoring Alerts
Configuring Bandwidth Alerts
Configuring Security Alerts
6.3.1 Configuring Monitoring Alerts
Monitoring Alerts can be set up to send notifications when specific policies are triggered off. For
example, if you have configured an Internet browsing policy that allows browsing Social Networks for
X hours, you may want to notify the user or management when this threshold is exceeded.
To configure monitoring alerts:
1. Go to Settings > Alerts > Monitoring Alerts.
2. Click Add Alert.

GFI WebMonitor 6 Configuring GFI WebMonitor | 95

Screenshot 57: Configuring Monitoring alerts

3. In the Alert Name filed, key in a name.

4. In the Trigger base on area, select a one of the following options:
Sites Accessed - the alert will be triggered if the total number of specified sites is exceeded
Blocks - selected users will be notified when the specified number of Blocks is exceeded
Warnings Bypassed - selected users will be notified when the specified number of bypassed warn-
ings is exceeded
5. In the Threshold area, specify a number that will trigger the alert if exceeded.
6. Specify the frequency that GFI WebMonitor checks against the specified threshold. Time intervals
can be set to:
Hour
Day
Week

GFI WebMonitor 6 Configuring GFI WebMonitor | 96

7. In the Apply to field, select a category from the available list and click Add.
8. In the Notify field, specify users or groups who need to be notified, then click Add.
9. In the Notify user field, Click ON and type the alert message in the Message to user field.
10. Click Save.
6.3.2 Configuring Bandwidth Alerts
To configure bandwidth alerts:
1. Go to Settings > Alerts > Bandwidth Alerts.
2. Click Add Alert.

Screenshot 58: Configuring Bandwidth alerts

3. In the Alert Name field, key in a name.

4. In the Trigger base on area, select a one of the following options:

GFI WebMonitor 6 Configuring GFI WebMonitor | 97

Table 19: Bandwidth alert trigger options
TRIGGER DESCRIPTION
Total Bandwidth Alert will be triggered if the total specified bandwidth is exceeded.
Downloads Selected users will be notified when the specified download limit is exceeded.
Uploads Selected users will be notified when the specified upload limit is exceeded.

5. In the Threshold area, specify the size of data in MB or GB that triggers the alert. Specify if this
amount is applicable per user or for all users on domain.
6. Specify the frequency that GFI WebMonitor checks against the specified threshold. Time intervals
can be set to:
Hour
Day
Week
7. In the Filter on options, select the type of filtering to use. These can be:
Table 20: Bandwidth alerts filtering options
FILTER DESCRIPTION
No Filter Select this option to make the alert available on all type of traffic.
Categories Select desired categories from a predefined list and click Add.
Content type Select desired content types from a predefined list and click Add.

8. In the Notify field, specify the users or groups to notify and click Add.
9. In the Notify user field, click ON and type the alert message in the Message to user field.
10. Click Save.
6.3.3 Configuring Security Alerts
To configure security alerts:
1. Go to Settings > Alerts > Security Alerts.
2. Click Add Alert.

GFI WebMonitor 6 Configuring GFI WebMonitor | 98

Screenshot 59: Configuring Security alerts

3. In the Alert Name filed, key in a name.

4. In the Trigger for area, select any of the following options:
Table 21: Security alerts trigger options
TRIGGER DESCRIPTION
Anti-Virus Alert will be triggered when the number of blocks made by the Anti-virus engine exceeds the
threshold specified in the next step.
Anti-Phishing Alert will be triggered when the number of blocks made by the Anti-phishing engine exceeds the
threshold specified in the next step.
ThreatTrack Alert will be triggered when the number of blocks made by the ThreatTrack engine exceeds the
threshold specified in the next step.

5. In the Threshold area, specify the total hits that will trigger the alert when exceeded. This setting
will apply for the selected security engines.
6. Specify the frequency that GFI WebMonitor checks against the specified threshold. Time intervals
can be set to:
Hour
Day
Week
7. In the Notify field, specify users or groups who need to be notified, then click Add.

GFI WebMonitor 6 Configuring GFI WebMonitor | 99

8. In the Notify user field, Click ON and type the alert message in the Message to user field.
9. Click Save.

6.4 Proxy Settings

When GFI WebMonitor is installed in Gateway or Simple Proxy mode, it acts as a proxy server that
filters client requests seeking resources from other servers.
When a client requests some service, such as a file, connection, web page, or other resource from a
different server, GFI WebMonitorevaluates the request according to the configured filtering rules. If
the request is allowed, GFI WebMonitor provides the resource by connecting to the relevant server
and requesting the service on behalf of the client.
Additionally, if caching is enabled, GFI WebMonitor saves responses from the remote server, and
returns subsequent requests for the same content directly without contacting the specified server.
The following sections will help you configure advanced proxy settings to enhance performance or
fine-tune GFI WebMonitor according to your organizational requirements:
General Proxy Settings
HTTPS Proxy Scanning Settings
Caching Settings
6.4.1 Configuring General Proxy Settings
The General Settings tab enables you to configure generic proxy related settings.

Screenshot 60: Configuring general proxy settings

The settings include:

GFI WebMonitor 6 Configuring GFI WebMonitor | 100

 Network Configuration - Listening for incoming user requests on a specific network card
Configuring WPAD - Configuring Web Proxy Auto-Discovery Protocol (WPAD) to enable client com-
puters to automatically detect GFI WebMonitor
Configuring Authentication Method - Configuring the proxy authentication method
Configuring Chained Proxy - Enabling Chained Proxy to forward web traffic received by the GFI
WebMonitor machine to another proxy
See also:
Network Access Policy Configuration
6.4.2 Network Configuration
GFI WebMonitor must be configured to listen for incoming HTTP and HTTPS requests on a specific
network card.

NOTE
The settings related to the network interface card can be configured through the GFI
WebMonitor Configuration Wizard. This wizard is launched automatically after installing
GFI WebMonitor in standalone proxy mode.

To configure GFI WebMonitor to listen for incoming HTTP and HTTPS requests:
1. Go to Settings > Proxy Settings > General.
2. From the Proxy Server area, specify the IP address of a specific network card listening to incoming
requests.
3. [Optional] Enable Listen to All for GFI WebMonitor to listen for incoming requests on multiple
network interface cards.
4. Click Save .
6.4.3 Configuring WPAD
The Web Proxy Auto Discovery (WPAD) Internet protocol enables client machines to automatically
retrieve proxy settings from a WPAD data file, stored on the same GFI WebMonitor machine. It is
useful when you want to configure roaming devices such as laptops and tablets to use a GFI
WebMonitor as the proxy server when they are in the office.
To enable WPAD:
1. Go to Settings > Proxy Settings > General.

Screenshot 61: Configuring WPAD

2. In the Use WPAD field, click ON to enable.

3. Select one of the following options:

GFI WebMonitor 6 Configuring GFI WebMonitor | 101

Table 22: WPAD options
OPTION DESCRIPTION
Publish the IP of the GFI WebMonitor proxy in WPAD Select to include theGFI WebMonitor IP address in the
WPAD.dat file.
Publish the host name of the GFI WebMonitor proxy Select to include theGFI WebMonitor host name in the
in WPAD WPAD.dat file.

4. Click Save.
See also:
Post Installation Actions
6.4.4 Configuring Authentication Method
The Proxy Authentication area enables you to configure the authentication method used by the
proxy. This determines how client machines are validated when accessing the Internet.

IMPORTANT
Proxy Authentication is disabled by default. If Authentication is not enabled, you will
not be able to create new polices for users or groups.

To configure user authentication method:

1. Go to Settings > Proxy Settings > General.
2. From the Proxy Authentication area, leave Proxy Authentication off if the user is not required to
provide login credentials when new Internet sessions are launched.
3. If proxy authentication is required, select one of the following options:
Table 23: Authentication options
OPTION DESCRIPTION
Basic authen- Select if user is required to provide login credentials when new Internet sessions are launched
tication
Integrated This option enables GFI WebMonitor proxy to authenticate users by using the client machines’ access
authentication control service. User is not prompted to provide login credentials when new Internet sessions are
launched. (Recommended)

NOTE
Integrated authentication option is disabled if the GFI WebMonitor machine
authenticates local users as Guest. The Guest only network access model, grants all
users the same level of access to system resources, and so GFI WebMonitor proxy will
not be able to differentiate between the different users using a client machine.

NOTE
On Microsoft Windows XP Pro machines that have never been joined to a Domain
Controller, this Local Security Setting policy is enabled by default.

GFI WebMonitor 6 Configuring GFI WebMonitor | 102

 NOTE
The Network access method can be configured manually on each machine or through
Active Directory GPO. For more information refer to chapter
NetworkAccessPolicyConfiguration.

4. [Optional] In the IP's that will bypass the authentication field, key in IP addresses to exclude from
proxy authentication.

NOTE
IP addresses specified in this field will not be prompted to provide login credentials
when new Internet sessions are launched, but will carry on to apply the applicable
policies.

5. Click Save.
6.4.5 Configuring Chained Proxy
Proxy Chaining is a method of connecting several proxy servers together to obtain greater anonymity.
These servers act together as one proxy server to process web requests.
Client machines can be configured to forward web traffic to the GFI WebMonitor server. Additionally,
the GFI WebMonitor server forwards the filtered traffic to a proxy server.
To configure GFI WebMonitor to forward web traffic to another proxy machine:
1. Go to Settings > Proxy Settings > General.
2. From the Chained Proxy area, click ON to enable GFI WebMonitor to route traffic to another proxy
server.
3. Key in the proxy server IP address in the Address text box and key in the chained proxy’s port
(default 8080) in the Port text box.
4. [Optional] If proxy authentication requires alternate credentials, click Alternative Credentials and
key in the required credentials in the Username and Password fields.

NOTE
If no credentials are keyed in, the default user credentials are used.

5. [Optional] Click Test Proxy Chaining to test the connection between GFI WebMonitor machine and
proxy server.
6. Click Save.
6.4.6 Configuring HTTPS Proxy Scanning Settings
HTTPS Scanning gives you visibility into secure surfing sessions that can threaten your network's
security. Malicious content may be included in sites visited or files downloaded over HTTPS. The
HTTPS filtering mechanism within GFI WebMonitor enables you to scan this traffic.

GFI WebMonitor 6 Configuring GFI WebMonitor | 103

 NOTE
If disabled, GFI WebMonitor enables users to browse HTTPS websites without decrypting
and inspecting their contents.

Screenshot 62: HTTPS Proxy Scanning Settings

To configure HTTPS Scanning settings manually:

1. Go to Settings > Proxy Settings > HTTPS.
2. In the HTTPS Scanning field, click ON.

IMPORTANT
Ensure that by enabling HTTPS Scanning, you are not violating any legal and compliance
regulations.

3. In the Display Warning field click ON to display a warning page to users before GFI WebMonitor
starts decrypting and inspecting HTTPS traffic .

GFI WebMonitor 6 Configuring GFI WebMonitor | 104

4. In the Block Non-Validated area, click ON to start blocking HTTPS websites with certificates not
yet validated.
5. In the Block Expired area, click ON to block pages that contain expired certificates.
6. To block websites with revoked certificates, click ON next to Block Revoked.
7. Click Save.
8. In the Current Certificate area, view relevant information of the currently used certificate.

NOTE
It is recommended that any HTTPS website that would be inappropriate for GFI
WebMonitor to decrypt and inspect is added to the HTTPS scanning exclusion list. For
more information refer to Adding Items to the HTTPS Scanning Exclusion List.

See also:
Creating a new HTTPS Scanning certificate
Import an existing HTTPS Scanning certificate
Export an HTTPS Scanning certificate
6.4.7 Configuring HTTPS Proxy Scanning Settings Using Wizard
The HTTPS Scanning Wizard is a guide to aid configuration of the following HTTPS Scanning settings:
HTTPS Scanning Warning page
Create or import certificate
Certificate checks
Export certificate

GFI WebMonitor 6 Configuring GFI WebMonitor | 105

Screenshot 63: HTTPS Settings configuration wizard

To configure HTTPS Scanning settings using the configuration wizard:

1. Go to Settings > Proxy Settings > HTTPS.
2. Click Launch Wizard.
3. Navigate through the wizard and configure the settings as required.
4. Click Finish to complete the HTTPS Scanning Wizard
For more information about each setting, see also:
Creating a new HTTPS Scanning certificate
Import an existing HTTPS Scanning certificate
Export an HTTPS Scanning certificate
6.4.8 Creating an HTTPS Scanning Certificate
After decrypting HTTPS websites, GFI WebMonitor can re-encrypt these websites for secure
transmission to the client browser. This is done by creating a new certificate in GFI WebMonitor or by
importing an existing certificate.

GFI WebMonitor 6 Configuring GFI WebMonitor | 106

 NOTE
When the certificate expires, browsing of HTTPS websites is not allowed. Renew, export
and deploy the certificate again to client computers.

To create a new certificate:

1. Go to Settings > Proxy Settings > HTTPS
2. Click Create Certificate.
3. In the Name field, type a name for the certificate.
4. Set the expiration date and click Create.
5. Click Save to confirm your changes.
See also:
Import an existing HTTPS Scanning certificate
Export an HTTPS Scanning certificate
Configuring HTTPS Proxy Scanning Settings
6.4.9 Import an HTTPS Scanning Certificate
To import an existing HTTPS Scanning certificate:
1. Go to Settings > Proxy Settings > HTTPS
2. Click Import Certificate.
3. Click Select... and locate the existing certificate.
4. Click Import.
5. Click Save.
See also:
Creating an HTTPS Scanning Certificate
Export an HTTPS Scanning certificate
Configuring HTTPS Proxy Scanning Settings
6.4.10 Export an HTTPS Scanning Certificate
A created or imported certificate can be exported from GFI WebMonitor in the following file formats:
Table 24: HTTPS Certificate export file formats
FILE FORMAT DESCRIPTION
Personal Information Contains the certificate data and its public and private keys. Required by GFI WebMonitor
Exchange file format proxy to re-encrypt inspected HTTPS traffic. Ideal for backing up the certificate and its keys.
(.pfx)
Certificate file format Contains the certificate data but not its private key. Ideal for deploying the certificate as a
(.cer) trusted certificate to the client computer.

GFI WebMonitor 6 Configuring GFI WebMonitor | 107

 NOTE
Keep the private key of the certificate safe to avoid unauthorized generation of trusted
certificates.

NOTE
It is recommended that when the certificate is not issued by a trusted Certificate
Authority, it is exported from GFI WebMonitor and deployed to the client computers as a
trusted certificate. For more information on how to deploy a certificate to clients’
computers, refer to: http://kbase.gfi.com/showarticle.asp?id=KBID003944

To export an existing certificate:

1. Go to Settings > Proxy Settings > HTTPS
2. Click Export as .cer or Export as .pfx as required.
3. Specify the destination path of the certificate.
4. Click Save.
See also:
Import an existing HTTPS Scanning certificate
Creating an HTTPS Scanning Certificate
Configuring HTTPS Proxy Scanning Settings
6.4.11 Configuring Caching Settings
If enabled, GFI WebMonitor caching transparently stores data so that future requests for that data
are served faster. Caching helps bandwidth optimization.

NOTE
GFI WebMonitor lets you specify the length of time to keep data from user requests in its
local database. For more information, refer to General Options (page 66).

NOTE
It is recommended that any website that is not required to be kept in GFI WebMonitor’s
cache, is added to the Cache exclusion list. For more information refer to: Adding Items
to the Cache Exclusion List.

To configure cache settings:

1. Go to Settings > Proxy Settings > Caching.
2. In the Enable Caching field, click ON.

GFI WebMonitor 6 Configuring GFI WebMonitor | 108

3. In the Caching Size Limit field, specify the amount of data to keep in cache in KB.
4. [Optional] In the Cache Path field, specify a location where to store temporary cached files .

NOTE
Ensure that the path exists and that the account under which GFI WebMonitor is running
has sufficient privileges. GFI WebMonitor will save to a default path if the path is either
invalid or unspecified.

5. Click Save.

NOTE
If no path is specified cache is stored in the GFI WebMonitor installation folder.

GFI WebMonitor 6 Configuring GFI WebMonitor | 109

7 Troubleshooting and support
7.1 Introduction
This chapter explains how to resolve any issues encountered during installation of GFI WebMonitor.
The main sources of information available to solve these issues are:
This manual - most issues can be solved through the information in this section.
GFI Knowledge Base articles
Web forum
Contacting GFI Technical Support

7.2 GFI SkyNet

GFI maintains a comprehensive knowledge base repository, which includes answers to the most
common problems. GFI SkyNet always has the most up-to-date listing of technical support questions
and patches. In case that the information in this guide does not solve your problems, next refer to GFI
SkyNet by visiting: http://kb.gfi.com/.

7.3 Web Forum

User to user technical support is available via the GFI web forum. Access the web forum by visiting:
http://forums.gfi.com/.

7.4 Request Technical Support

If none of the resources listed above enable you to solve your issues, contact the GFI Technical
Support team by filling in an online support request form or by phone.
Online: Fill out the support request form and follow the instructions on this page closely to sub-
mit your support request on: http://support.gfi.com/supportrequestform.asp
Phone: To obtain the correct technical support phone number for your region visit:
http://www.gfi.com/company/contact.htm

NOTE
Before contacting Technical Support, have your Customer ID available. Your Customer
ID is the online account number that is assigned to you when first registering your
license keys in the GFI Customer Area at: http://customers.gfi.com.

We will answer your query within 24 hours or less, depending on your time zone.

7.5 Documentation
If this manual does not satisfy your expectations, or if you think that this documentation can be
improved in any way, let us know via email on: [email protected].

GFI WebMonitor 7 Troubleshooting and support | 110

7.6 Common Issues
Table 25: Common troubleshooting issues
ISSUE ENCOUNTERED SOLUTION
Users are not able to browse After the installation, GFI WebMonitor proxy machine has to be configured to listen
and/or download from the Inter- for incoming user requests. For more information, refer to the Administration and
net after installing GFI Web- Configuration manual.
Monitor in Gateway or in Simple Next, Internet browsers on client machines have to be configured to use the GFI
Proxy mode. WebMonitor proxy machine as the default proxy. For more information, refer to Post
Installation Actions (page 26).
In the event that the users are still not able to browse and/or download from the
Internet, add an exception rule in the firewall on the GFI WebMonitor proxy
machine to allow incoming TCP traffic on port 8080. For more information on how to
enable firewall ports on Microsoft Windows Firewall, refer to
http://kbase.gfi.com/showarticle.asp?id=KBID003879
Client browsers are still retriev- Internet explorer may not refresh cached Internet settings so client browsers will
ing old proxy Internet settings retrieve old Internet settings. Refreshing settings is a manual process on each
although the browsers are con- client browser.
figured to automatically detect For more information, refer to the Refresh cached Internet Explorer settings
settings. section within the Miscellaneous chapter in GFI WebMonitor Getting Started Guide.
Or visit:
http://technet.microsoft.com/en-us/library/cc302643.aspx
Users are still required to authen- Integrated authentication will fail when GFI WebMonitor is installed on a Microsoft
ticate themselves manually Windows XP Pro machine that has never been joined to a Domain Controller and
when browsing, even when Inte- where the Network access setting is set to Guest only - local users authenticate as
grated authentication is used. Guest. For more information, refer to Network Access Policy Configuration (page
150)..

GFI WebMonitor 7 Troubleshooting and support | 111

ISSUE ENCOUNTERED SOLUTION
Users using Mozilla Firefox The server and the client machine will use NTLMv2 for authentication when:
browsers are repeatedly asked to GFI WebMonitor is installed on Microsoft Windows Server 2008 and LAN Manager
key in credentials after installing authentication security policy is defined as Send NTLMv2 response only
GFI WebMonitor in Gateway or in
Simple Proxy mode. and
The client machine LAN Manager is not defined (this is the default setting in
Microsoft Windows 7) NTLMv2 is not supported in Mozilla Firefox and the user‘s
browser will repeatedly ask for credentials.
To solve this issue do one of the following :
1. Navigate to Configuration > Proxy Settings.
2. In the Network Configuration area select the Use WPAD for network clients
checkbox.
3. Select Publish the host name of the GFI WebMonitor proxy in WPAD.
Or change authentication mechanism on either of the following:
On GFI WebMonitor server (Microsoft Windows Server 2008):
1. Navigate to Start > Administrative Tools > Local Security Policy.
2. Expand Local Policies > Security Options.
3. Right-click Network Security: LAN Manager authentication level from the right
panel and click Properties.
4. Select Local Security Setting tab in the Network Security: LAN Manager
authentication level Properties dialog.
5. Select Send LM & NTLM - use NTLMv2 session security if negotiated from the
Network security drop-down list.
6. Click Apply and OK.
7. Close Local Security Policy dialog.
8. Close all open windows.
Client machines (Microsoft Windows 7) using Active Directory GPO:
1. Navigate to Start > Control Panel > System and Security > Administrative Tools
> Local Security Policy.
2. Expand Local Policies > Security Options.
3. Right-click Network Security: LAN Manager authentication level from the right
panel and click Properties.
4. Select Local Security Setting tab in the Network Security: LAN Manager
authentication level Properties dialog.
5. Select Send LM & NTLM - use NTLMv2 session security if negotiated from the
Network security drop-down list.
6. Click Apply and OK.
7. Close Local Security Policy dialog.
8. Close all open windows.
For more information visit: http://kbase.gfi.com/showarticle.asp?id=KBID001782

GFI WebMonitor 7 Troubleshooting and support | 112

8 Glossary

A
Access Control
"A feature that allows or denies users access to resources, for example, Internet access."

Active Directory
"A technology that provides a variety of network services, including LDAP-like directory serv-
ices."

AD
See Active Directory

Administrator
The person responsible for installing and configuring GFI WebMonitor.

Always Allowed List

A list that contains information about what should be allowed by GFI WebMonitor.

Always Blocked List

A list that contains information about what should be blocked by GFI WebMonitor.

Anti-virus
Software that detects viruses on a computer.

B
Bandwidth
The maximum amount of data transferred over a medium. Typically measured in bits per sec-
ond.

C
Cache
A location where GFI WebMonitor temporarily keeps downloaded files. This will speed up sub-
sequent requests for the same file as GFI WebMonitor would serve the file directly from the
cache instead of downloading it again.

CER
See CER file format

CER file format

A certificate file format that contains the certificate data but not the private key.

Certificate Revocation List

A list issued by a Certification Authority listing HTTPS websites certificates that were
revoked.

GFI WebMonitor 8 Glossary | 113

 Chained Proxy
When client machines connect to more than one proxy server before accessing the requested
destination.

Console
An interface that provides administration tools that enable the monitoring and management
of Internet traffic.

CRL
See Certificate Revocation List

D
Dashboard
Enables the user to obtain graphical and statistical information related to GFI WebMonitor
operations.

E
Expired Certificate
An expired certificate has an end date that is earlier than the date when the certificate is val-
idated by GFI WebMonitor.

F
File Transfer Protocol
A protocol used to transfer files between computers.

FTP
See File Transfer Protocol.

G
Google Chrome
A web browser developed and distributed by Google.

GPO
See Group Policy Objects.

Group Policy Objects

An Active Directory centralized management and configuration system that controls what
users can and cannot do on a computer network.

H
Hidden Downloads
"Unwanted downloads from hidden applications (for example, trojans) or forgotten downloads
initiated by users."

GFI WebMonitor 8 Glossary | 114

 HTTP
See Hypertext Transfer Protocol.

HTTPS
See Hypertext Transfer Protocol over Secure Socket Layer (SSL).

HyperText Transfer Protocol

A protocol used to transfer hypertext data between servers and Internet browsers.

HyperText Transfer Protocol over Secure Socket Layer (SSL)

A protocol used to securely transfer encrypted hypertext data between servers and Internet
browsers. The URL of a secure connection (SSL connection) starts with https: instead of http:.

I
Internet Browser
An application installed on a client machine that is used to access the Internet.

Internet Gateway
"A computer that has both an internal and an external network card. Internet sharing is ena-
bled, and client machines on the internal network use this computer to access the Internet."

L
LAN
See Local Area Network.

LDAP
See Lightweight Directory Access Protocol.

Lightweight Directory Access Protocol

A set of open protocols for accessing directory information such as email addresses and public
keys.

Local Area Network

An internal network that connects machines in a small area.

M
Malware
Short for malicious software.Unwanted software designed to infect a computer such as a virus
or a trojan.

Microsoft Forefront Threat Management Gateway

A Microsoft product that provides firewall and web proxy services. It also enables admin-
istrators to manage Internet access through policies. It is the successor of the Microsoft ISA
Server and is part of the Microsoft Forefront line of business security software.

GFI WebMonitor 8 Glossary | 115

 Microsoft Forefront TMG
See Microsoft Forefront Threat Management Gateway

Microsoft Internet Explorer

A web browser developed and distributed by Microsoft Corporation.

Microsoft Internet Security and Acceleration Server

A Microsoft product that provides firewall and web proxy services. It also enables admin-
istrators to manage Internet access through policies.

Microsoft ISA Server

See Microsoft Internet Security and Acceleration Server.

Microsoft SQL Server

A Microsoft database management system used by GFI WebMonitor to store and retrieve data.

Microsoft Windows Live Messenger

An instant messaging application developed by Microsoft used by users to communicate on the
Internet.

Mozilla Firefox
Mozilla Firefox is an open source Internet browser.

MSN
See Microsoft Windows Live Messenger

N
Non-validated Certificate
An non-validated certificate has a start date that falls after the date when the certificate is
validated by GFI WebMonitor.

NT LAN Manager
A Microsoft network authentication protocol.

NTLM
See NT LAN Manager.

P
Personal Information Exchange file format
A certificate file format that contains the certificate data and its public and private keys.

PFX
See Personal Information Exchange file format.

Phishing
The act of collecting personal data such as credit card and bank account numbers by sending
fake emails which then direct users to sites asking for such information.

GFI WebMonitor 8 Glossary | 116

 Port Blocking
The act of blocking or allowing traffic over specific ports through a router.

Proxy Server
A server or software application that receives requests from client machines and responds
according to filtering policies configured in GFI WebMonitor.

Q
Quarantine
A temporary storage for unknown data that awaits approval from an administrator.

R
Revoked Certificate
"A revoked certificate is a valid certificate that has been withdrawn before its expiry date
(for example, superseded by a newer certificate or lost/exposed private key)."

S
Spyware
Unwanted software that publishes private information to an external source.

T
Traffic Forwarding
The act of forwarding internal/external network traffic to a specific server through a router.

U
Uniform Resource Locator
The address of a web page on the world wide web. It contains information about the location
and the protocol.

URL
See Uniform Resource Locator.

User Agent
A client application that connects to the Internet and performs automatic actions.

V
Virus
Unwanted software that infects a computer.

GFI WebMonitor 8 Glossary | 117

 W
WAN
See Wide Area Network.

Web Proxy AutoDiscovery protocol

An Internet protocol used by browsers to automatically retrieve proxy settings from a WPAD
data file.

Web traffic
The data sent and received by clients over the network to websites.

WebFilter Edition
A configurable database that allows site access according to specified site categories per
user/group/IP address and time.

WebGrade Database
"A database in GFI WebMonitor, used to categorize sites."

WebSecurity Edition
WebSecurity contains multiple anti-virus engines to scan web traffic accessed and downloaded
by the clients.

Wide Area Network

An external network that connects machines in large areas.

WPAD
See Web Proxy AutoDiscovery protocol.

GFI WebMonitor 8 Glossary | 118

9 Appendix 1
This section contains the following topics:
Assigning Log On As A Service Rights
Adding Items to the Cache Exclusion List
Adding Items to the HTTPS Scanning Exclusion List
Configuring Commonly Used Routers
Configuring Routing and Remote Access
Disabling Internet Connection Settings On Client Machines
Network Access Policy Configuration

9.1 Assigning Log On As A Service Rights

Logon rights control who is authorized to log on to a computer and how they can log on. Log on as a
service rights allow a security principal to log on as a service. Services can be configured to run under
the Local System, Local Service, or Network Service accounts, which have a built-in right to log on as
a service. Any service that runs under a separate user account must be assigned the right.
Manually assigning Log On As A Service Rights on Microsoft Windows XP/Vista/7
1. Navigate to Start > Control Panel > Administrative Tools > Local Security Policy.
2. Expand Security Settings > Local Policies > User Rights Assignment.
3. Right-click Log on as a service from the right panel and click Properties.
4. Select the Local Security Setting tab.
5. Click Add User or Group.
6. Key in the account name and click OK.
7. Click Apply and OK.
8. Close Local Security Settings dialog.
9. Close all open windows.
Manually assigning Log On As A Service Rights on a Server Machine
1. Navigate to Start > Programs > Administrative Tools > Local Security Policy.

GFI WebMonitor 9 Appendix 1 | 119

Screenshot 64: Microsoft Windows Server: Local Security Policy window

2. Expand Security Settings > Local Policies > User Rights Assignment.
3. Right-click Log on as a service from the right panel and click Properties.
4. Select the Local Security Setting tab.
5. Click Add User or Group button.
6. Key in the account name and click OK.
7. Click Apply and OK.
8. Close all open windows.
Assigning Log On As A Service Rights Using GPO in Microsoft Windows Server 2003
To assign Log on as service rights on clients’ machines through Microsoft Windows Server 2003 GPO:
1. Navigate to Start > Programs > Administrative Tools > Active Directory Users and Computers on
the DNS server.
2. Right-click the domain node and click Properties.

GFI WebMonitor 9 Appendix 1 | 120

Screenshot 65: Active Directory GPO dialog

3. Select Group Policy tab in the Domain Properties dialog.

4. Select Default Domain Policy from the list and click Edit

GFI WebMonitor 9 Appendix 1 | 121

Screenshot 66: GPO Editor window

5. Expand Computer Configuration > Windows Settings > Security Settings > Local Policies and click
User Rights Assignment.
6. Right-click Log on as a service from the right panel and click Properties.
7. Select the Security Policy Setting tab.
8. Check Define these policy settings checkbox
9. Click Add User or Group button.
10. Key in the account name and click OK.
11. Click Apply and OK.
12. Close all open windows.
Assigning Log On As A Service Rights Using GPO in Microsoft Windows Server 2008
To assign Log on as service rights on clients’ machines through Microsoft Windows Server 2008 GPO:
1. In the command prompt key in mmc.exe and press Enter.
2. In the Console Root window, navigate to File > Add/Remove Snap-in… to open the Add or Remove
Snap-ins window.

GFI WebMonitor 9 Appendix 1 | 122

Screenshot 67: Add/Remove Snap-ins window

3. Select Group Policy Management from the Available snap-ins list, and click Add.
4. Click OK.

Screenshot 68: Console Root domain window

5. Expand Group Policy Management > Forest > Domains and <domain>.
6. Right-click Default Domain Policy and click Edit to open the Group Policy Management Editor.

GFI WebMonitor 9 Appendix 1 | 123

Screenshot 69: Group Policy Management Editor window

7. Expand Computer Configuration > Policies > Windows Settings > Security Settings > Local
Policies and click User Rights Assignment.
8. Right-click Log on as a service from the right panel and click Properties.
9. Select the Security Policy Setting tab.
10. Check Define these policy settings checkbox
11. Click Add User or Group button.
12. Key in the account name and click OK.
13. Click Apply and OK.
14. Close all open windows.

9.2 Adding Items to the Cache Exclusion List

IMPORTANT
This information applies only to GFI WebMonitor Standalone Proxy Version.

When caching is enabled, content downloaded via HTTP is stored for future requests to the same
resource, reducing bandwidth consumption. To exclude sites from having their content cached, add
them to the Cache exclusion list as follows:
1. Open ..\WebMonitor\Interface\App_Data\ProxyConfig.xml

GFI WebMonitor 9 Appendix 1 | 124

2. Add the sites to exclude between the CacheWhiteList tag. For example:
<CacheWhiteList>
<string>monitor.isa</string>
<string>1.1.1.1</string>
<string>your_excluded_domain.com</string>
</CacheWhitelist>
3. Save file.

NOTE
Backup ProxyConfig.xml before making any changes.

NOTE
Changes are applied as soon as the file is saved.

NOTE
The following wildcards are supported:
* substitutes any number of characters in the string.
? substitutes a single character in the string.
# substitutes a single digit in the string.

9.3 Adding Items to the HTTPS Scanning Exclusion List

IMPORTANT
This information applies only to GFI WebMonitor Standalone Proxy Version.

When HTTPS inspection is enabled, by default this applies to all HTTPS sessions passing via the GFI
WebMonitor Proxy. Administrators may however wish to exclude some domains, users, or client IPs
from having their sessions inspected. This is achieved by adding them to the HTTPS scanning exclusion
list.
9.3.1 Excluding Domains
1. Open ..\WebMonitor\Interface\App_Data\ProxyConfig.xml
2. Remove <DomainsExceptedFromHTTPSInspection /> tag
3. Add the sites exclude between a DomainsExceptedFromHTTPSInspection tag. For example:
<DomainsExceptedFromHTTPSInspection>
<string>www.domain.com</string>
<string>*.domain.com</string>
</DomainsExceptedFromHTTPSInspection >

GFI WebMonitor 9 Appendix 1 | 125

4. Save file.
9.3.2 Excluding Users
1. Open ..\WebMonitor\Interface\App_Data\ProxyConfig.xml
2. Remove the <UsersExceptedFromHTTPSInspection /> tag
3. Add the sites to be excluded between a UsersExceptedFromHTTPSInspection tag, for
example:
<UsersExceptedFromHTTPSInspection>
<string>mydomain\user1</string>
<string>mydomain\user2</string>
</UsersExceptedFromHTTPSInspection>
4. Save file.
9.3.3 Excluding Client IPs
1. Open ..\WebMonitor\Interface\App_Data\ProxyConfig.xml
2. Remove the <UserIPsExceptedFromHTTPSInspection /> tag
3. Add the sites to be excluded between a UsersExceptedFromHTTPSInspection tag, for
example:
<UserIPsExceptedFromHTTPSInspection>
<string>10.0.0.11</string>
<string>10.0.0.23</string>
</UserIPsExceptedFromHTTPSInspection>
4. Save file.

NOTE
Backup ProxyConfig.xml before making any changes.

NOTE
Changes are applied as soon as the file is saved.

9.4 Configuring Commonly Used Routers

When installing GFI WebMonitor in Simple Proxy mode, the router must support port blocking or traffic
forwarding. This section contains information on how to configure some of the most commonly used
routers:
Cisco ADSL Router Cisco 878 (MPC8272)
DrayTek VIGOR 2820N ADSL2
Linksys WRT54GL Wireless Router
Netgear Wireless Router DG834GT
SonicWall NSA 2400

GFI WebMonitor 9 Appendix 1 | 126

 SonicWall TZ 180
Thomson Wireless Broadband Router TG585 v7
9.4.1 Cisco ADSL Router Cisco 878 (MPC8272)
The Cisco command console enables the administrator to manage the router. Port 80 is blocked by
executing an Access-list command.
The format of an access-list console command is:
access-list [Number] [Action] [Source] [Destination] [Port]
To deny access to port 80, key in the following command in the Cisco command console:
Access-list 100 deny any any eq 80
9.4.2 DrayTek VIGOR 2820N ADSL2
On DrayTek VIGOR 2820 series, port 80 is blocked for all machines except the machine acting as the
proxy. This is done by creating two firewall filter rules:
First rule blocks IP addresses smaller than the GFI WebMonitor proxy machine IP address (exclud-
ing the proxy machine’s IP address)
Second rule blocks IP addresses greater than the GFI WebMonitor proxy machine IP address
(excluding the proxy machine’s IP address)
By default the router, contains a pre-defined rule for NetBios DNS lookups. To view or configure the
firewall rules:
1. Open the web configuration page from an Internet browser.
2. Provide any credentials required.

GFI WebMonitor 9 Appendix 1 | 127

Screenshot 70: DrayTek: General Setup view

4. From the Start Filter Set drop-down lists of both Call Filter and Data Filter, select Set#1.
5. Click OK to save the changes
6. Select Firewall > Filter Setup menu. This page contains the collection of rules.

Screenshot 71: DrayTek: Filter Setup view

7. Select rule number 1 from the Set list to open the Edit Filter Set page.

GFI WebMonitor 9 Appendix 1 | 128

Screenshot 72: DrayTek: Edit Filter Rule view (IP addresses smaller than the GFI WebMonitor proxy machine IP address)

8. Double click the first rule (Block NetBios) to open the filter page.
9. In the filter page, click "1" to open the Filter Rule configuration
10. Key in a name, example “Block Range 1” in the Comments text box.
11. From the Direction drop-down list, select LAN->WAN.
12. Click Edit button of the Source IP field. This opens the IP Address Edit page.

GFI WebMonitor 9 Appendix 1 | 129

Screenshot 73: DrayTek: IP Address Edit view

13. From the Address Type drop-down list, select Range Address.
14. In the Start IP Address text box, key in the smallest IP address of the range of IP addresses
smaller than the GFI WebMonitor proxy machine IP address.
15. In the End IP Address text box, key in the largest IP address of the range of IP addresses smaller
than the GFI WebMonitor proxy machine IP address (excluding the proxy machine’s IP address).
16. Click OK to apply settings.
17. In the Edit Filter Rule page, click Edit button of the Service Type field.

Screenshot 74: DrayTek: Service Type Edit view

18. From the Service Type drop-down list, select User defined.
19. From the Protocol drop-down list, select TCP.
20. In the Source Port text boxes, key in “1” and “65535” respectively.
21. In the Destination Port text boxes, key in “80” and “80” respectively.

GFI WebMonitor 9 Appendix 1 | 130

22. Click OK to apply settings.
23. Repeat steps 1 to 22 to block IP addresses greater than the GFI WebMonitor proxy machine IP
address (excluding the proxy machine’s IP address).

Screenshot 75: DrayTek: Edit Filter Rule view (IP addresses greater than the GFI WebMonitor proxy machine IP address)

9.4.3 Linksys WRT54GL Wireless Router

On Linksys WRT54GL Wireless Router, ports are not blocked directly; they are blocked by creating
internet access restrictions. To create a restriction to block HTTP on port 80:
1. Open the web configuration page from an internet browser.
2. Provide any credentials required.

GFI WebMonitor 9 Appendix 1 | 131

Screenshot 76: Linksys WRT54GL Wireless Router: Internet Access view

3. From the router’s configuration web interface, click Access Restrictions tab > Internet Access.
4. From the Internet Access Policy drop-down list, select a number.
5. From the Status radio buttons, select Disable. (Select Enable to start blocking immediately).
6. In the Enter Policy Name text box, key in a name.
7. Click Edit List of PCs button.

GFI WebMonitor 9 Appendix 1 | 132

Screenshot 77: Linksys WRT54GL Wireless Router: List of PCs dialog

8. In IP Range 01 text boxes, key in the IP addresses of the range of IP addresses smaller than the GFI
WebMonitor proxy machine IP address (excluding the proxy machine’s IP address).
9. In IP Range 02 text boxes, key in the IP addresses of the range of IP addresses greater than the GFI
WebMonitor proxy machine IP address (excluding the proxy machine’s IP address).
10. Click Save Settings button.
11. From the PCs radio buttons, select Deny.
12. From the Blocked Services first drop-down list, select HTTP and key in “80” and “80”
respectively.
13. [Optional] Click Add/Edit Service to create or modify a service.
14. Click Save Settings.
9.4.4 Netgear Wireless Router DG834GT
On Netgear Wireless Router DG834GT, ports are blocked by creating firewall access rules. This
section describes how to:
Create a firewall access rule to allow Web (HTTP) traffic originating from GFI WebMonitor Proxy
machine
Create a firewall access rule to block all outgoing HTTP traffic

GFI WebMonitor 9 Appendix 1 | 133

Step 1: Creating a Firewall Access Rule to Allow HTTP Traffic From GFI WebMonitor Proxy
To create a firewall access rule to allow Web (HTTP) traffic originating from GFI WebMonitor Proxy
machine:
1. Open the web configuration page from an Internet browser.
2. Provide any credentials required.

Screenshot 78: Netgear Wireless Router DG834GT: Outbound Services view

3. From the router’s configuration web interface, click Firewall Rules > Outbound Services.
4. From the Service drop-down list, select HTTP (TCP80).
5. From the Action drop-down list, select ALLOW always.
6. From the LAN Users drop-down list, select Single address.
7. In the Start text box, key in the IP address of the GFI WebMonitor proxy machine
8. From the WAN Users drop-down list, select Any.
9. Click Apply to save settings.

Step 2: Creating a Firewall Access Rule to Block All Outgoing HTTP Traffic
To create a firewall access rule to block all Web (HTTP) traffic:
1. Open the web configuration page from an Internet browser.
2. Provide any credentials required.

GFI WebMonitor 9 Appendix 1 | 134

Screenshot 79: Netgear Wireless Router DG834GT: Outbound Services view

3. From the router’s configuration web interface, click Firewall Rules > Outbound Services.
4. From the Service drop-down list, select HTTP (TCP80).
5. From the Action drop-down list, select BLOCK always.
6. From the LAN Users drop-down list, select Any.
7. From the WAN Users drop-down list, select Any.
8. Click Apply to save settings.
9.4.5 SonicWall NSA 2400
On SonicWall NSA 2400 two steps are required to:
Define the external and internal network cards
Create traffic controlling firewall rules

Step 1: Defining Network Addresses

To define the external and internal network cards:
1. Open the web configuration page from an internet browser.
2. Provide any credentials required.

GFI WebMonitor 9 Appendix 1 | 135

Screenshot 80: SonicWall: Address Objects view

3. From the router’s configuration web interface, click Network > Address Objects
4. Click Add button to add a WAN connection
5. In the Address Detail column, key in the IP address of the external network card.
6. In the Type column, select Network.
7. In the Zone column, select WAN.
8. Click Add button to add a LAN connection
9. In the Address Detail column, key in the IP address of the internal network card.
10. In the Type column, select Host.
11. In the Zone column, select LAN.

Step 2: Creating Firewall Rules

To create traffic controlling firewall rules:
1. Open the web configuration page from an internet browser.
2. Provide any credentials required.

GFI WebMonitor 9 Appendix 1 | 136

Screenshot 81: SonicWall: Access Rules view

3. From the router’s configuration web interface, click Firewall > Access Rules.
4. Click Add button to add a new rule.
5. Repeat step 4 to create three rules with the following information:

ZONE PRIORITY SOURCE DESTINATION SERVICE ACTION

LAN>WAN 1 Proxy Any HTTP Allow
LAN>WAN 2 Proxy Any DNS Allow
LAN>WAN 3 Any Any Any Deny

9.4.6 SonicWall TZ 180

On SonicWall TZ 180, ports are blocked by creating firewall access rules.

Step 1: Creating a New Firewall Service for Port 80

To create a new firewall service for port 80:
1. Open the web configuration page from an internet browser.
2. Provide any credentials required.

GFI WebMonitor 9 Appendix 1 | 137

Screenshot 82: SonicWall: Services view and Add Service dialog

3. From the router’s configuration web interface, click Firewall > Services
4. Click Add to open the Add Service console.
5. Key in a name in the Name text box, for example “HTTP”.
6. In Port Range, key in 80-80.
7. From the Protocol drop-down list, select TCP.
8. Click OK.

Step 2: Blocking the New Service

To create a firewall access rule to block the newly created service:
1. Open the web configuration page from an Internet browser.
2. Provide any credentials required.
3. From the router's configuration web interface, click Firewall > Access Rules.
4. Click Add button to open the Add Rule console.

GFI WebMonitor 9 Appendix 1 | 138

Screenshot 83: SonicWall: Edit Rule dialog

5. Select the General tab.

6. From the Action radio buttons, select Deny.
7. From the Service drop-down list, select Web (HTTP).
8. In the Source row, select LAN from the Ethernet drop-down list, and key in “*” in Address Range
Begin text box.

NOTE
By selecting the wildcard “*”, all inbound network traffic and all IP ranges on port 80
are blocked.

9. In the Destination row, select WAN from the Ethernet drop-down list and key in “*” in Address
Range Begin text box.
10. [Optional] Select the Advanced tab to configure a time-based schedule.
11. Click OK button.

Step 3: Creating a Firewall Access Rule to Allow HTTP Traffic From GFI WebMonitor Proxy
To create a firewall access rule to allow Web (HTTP) traffic originating from GFI WebMonitor Proxy
machine:
1. Open the web configuration page from an Internet browser.

GFI WebMonitor 9 Appendix 1 | 139

2. Provide any credentials required.
3. From the router's configuration web interface, click Firewall > Access Rules.
4. Click Add button to open the Add Rule console.

Screenshot 84: SonicWall: Edit Rule dialog

5. Select the General tab.

6. From the Action radio buttons, select Allow.
7. From the Service drop-down list, select Web (HTTP).
8. In the Source row, select LAN from the Ethernet drop-down list, and key in the IP address of the
GFI WebMonitor proxy machine in Address Range Begin text box.
9. In the Destination row, select WAN from the Ethernet drop-down list and key in “*” in Address
Range Begin text box.
10. [Optional] Select the Advanced tab to configure a time-based schedule.
11. Click OK button.

Step 4: Traffic Forwarding to GFI WebMonitor Proxy

To forward network traffic through the GFI WebMonitor Proxy:
1. Open the web configuration page from an Internet browser.
2. Provide any credentials required.

GFI WebMonitor 9 Appendix 1 | 140

Screenshot 85: SonicWall: Automatic Proxy Forwarding view

3. From the router's configuration web interface, click Network > Web Proxy.
4. In the Proxy Web Server (name or IP address) text box, key in the IP address of the GFI
WebMonitor proxy machine
5. In the Proxy Web Server Port text box, key in the port used (Default 8080).
6. Click Apply button.
9.4.7 Thomson Wireless Broadband Router TG585 v7
On Thompson Wireless Broadband Router TG585 v7, ports are blocked by creating firewall access
rules. This section describes how to:
Create a firewall access rule to allow Web (HTTP) traffic originating from GFI WebMonitor Proxy
machine
Create a firewall access rule to block all outgoing HTTP traffic

Step 1: Creating a Firewall Access Rule to Allow HTTP Traffic From GFI WebMonitor Proxy
To create a firewall access rule to allow Web (HTTP) traffic originating from GFI WebMonitor Proxy
machine:
1. Open the web configuration page from an Internet browser.
2. Provide any credentials required.

GFI WebMonitor 9 Appendix 1 | 141

Screenshot 86: Thompson Wireless Broadband Router TG585 v7: Firewall Settings view

3. From the router’s configuration web interface, click Toolbox > Firewall.
4. From the Firewall Settings, select Configure.
5. Click Add button to add a new firewall rule.

Screenshot 87: Thompson Wireless Broadband Router TG585 v7: Firewall Rule view

6. Key in a name in the Name text box, for example “allow”.

7. Check Enabled checkbox.
8. From the Source Interface drop-down list, select lan.
9. To specify the IP address of the GFI WebMonitor proxy machine:

GFI WebMonitor 9 Appendix 1 | 142

» Option 1: From the Source Address drop-down list, select the IP address of the GFI WebMonitor
proxy machine.
» Option 2: In the User-Defined text box, key in the IP address of the GFI WebMonitor proxy machine
10. From the Destination Interface drop-down list, select Any.
11. From the Destination Address drop-down list, select Any.
12. From the Service drop-down list, select HTTP.
13. From the Action drop-down list, select Accept.
14. Click Apply to save settings.

Step 2: Creating a Firewall Access Rule to Block All Outgoing HTTP Traffic
To create a firewall access rule to block all Web (HTTP) traffic:
1. Open the web configuration page from an Internet browser.
2. Provide any credentials required.
3. From the router’s configuration web interface, click Toolbox > Firewall.
4. From the Firewall Settings, select Configure.
5. Click Add button to add a new firewall rule.

Screenshot 88: Thompson Wireless Broadband Router TG585 v7: Firewall Rule view

6. Key in a name in the Name text box, for example “BlockWWW”.

7. Check Enabled checkbox.
8. From the Source Interface drop-down list, select lan.
9. From the Source Address drop-down list, select Any.
10. From the Destination Interface drop-down list, select wan.
11. From the Destination Address drop-down list, select Any.
12. From the Service drop-down list, select HTTP.

GFI WebMonitor 9 Appendix 1 | 143

13. From the Action drop-down list, select Deny.
14. Click Apply to save settings.

9.5 Configuring Routing and Remote Access

When installing GFI WebMonitor in Gateway mode on a Microsoft Windows Server 2003 or Microsoft
Windows Server 2008, the Routing and Remote Access must be configured to use Network Address
Translation (NAT). This can be done by:
1. Navigate to Start > Programs > Administrative Tools > Routing and Remote Access.
2. Right-click <machine name> and select Configure and Enable Routing and Remote Access.
3. Click Next in the Routing and Remote Access Server Setup Wizard dialog.
4. Select Network address translation (NAT) and click Next.

Screenshot 89: Microsoft Windows Server 2003: Routing and Remote Access Server Setup Wizard dialog

5. Select Use this public interface to connect to the Internet.

6. Select the network card connected to the external network and click Next.
7. Click Finish.
To confirm that the Routing and Remote Access service is started:
1. From command prompt, key in services.msc
2. Check that the status of the Routing and Remote Access service is Started.

9.6 Disabling Internet Connection Settings On Client Machines

To prevent users from modifying Internet settings and thus bypassing GFI WebMonitor, the Internet
Connections settings tab can be disabled on client machines.
Disabling Internet Connections Page Using GPO in Microsoft Windows Server 2003

GFI WebMonitor 9 Appendix 1 | 144

Disabling Internet Connections Page Using GPO in Microsoft Windows Server 2008
9.6.1 Disabling Internet Connections Page Using GPO in Microsoft Windows Server 2003
To disable Connections settings on client machines through Microsoft Windows Server 2003 GPO:
1. Navigate to Start > Programs > Administrative Tools > Active Directory Users and Computers on
the DNS server.
2. Right-click the domain node and click Properties.

Screenshot 90: Active Directory GPO dialog

3. Select Group Policy tab in the Domain Properties dialog.

4. Select Default Domain Policy from the list and click Edit.

GFI WebMonitor 9 Appendix 1 | 145

Screenshot 91: GPO Editor window

5. Expand User Configuration > Administrative Templates > Windows Components > Internet
Explorer and click Internet Control Panel.
6. Right-click Disable the Connections page from the right panel and click Properties.

GFI WebMonitor 9 Appendix 1 | 146

Screenshot 92: Disable the Connection page Properties dialog

7. In the Setting tab, select Enabled.

NOTE
This policy prevents users from viewing and modifying connection and proxy settings
from their client machines.

8. Click Apply and OK.

9. Close all open windows.
9.6.2 Disabling Internet Connections Page Using GPO in Microsoft Windows Server 2008
To disable Connections settings on clients’ machines through Microsoft Windows Server 2008 GPO:
1. In the command prompt key in mmc.exe and press Enter.
2. In the Console Root window, navigate to File > Add/Remove Snap-in… to open the Add or Remove
Snap-ins window.

GFI WebMonitor 9 Appendix 1 | 147

Screenshot 93: Add/Remove Snap-ins window

3. Select Group Policy Management from the Available snap-ins list, and click Add.
4. Click OK.

Screenshot 94: Console Root domain window

5. Expand Group Policy Management > Forest > Domains and <domain>.
6. Right-click Default Domain Policy and click Edit to open the Group Policy Management Editor.

GFI WebMonitor 9 Appendix 1 | 148

Screenshot 95: Group Policy Management Editor window

7. Expand User Configuration > Policies > Administrative Templates > Windows Components >
Internet Explorer and click Internet Control Panel.
8. Right-click Disable the Connection page from the right panel and click Properties.

Screenshot 96: Disable the Connection page Properties dialog

9. In the Setting tab, select Enabled.

GFI WebMonitor 9 Appendix 1 | 149

 NOTE
This policy prevents users from viewing and modifying connection and proxy settings
from their client machines.

10. Click Apply and OK.

11. Close Group Policy Management Editor dialog and save the management console created.

9.7 Network Access Policy Configuration

In the Settings > Proxy Settings > General area, the Integrated authentication option is disabled on
machines where the Network access setting is set to Guest only - local users authenticate as Guest.
On a Microsoft Windows XP Pro machine that has never been joined to a Domain Controller, this
setting is set by default.
The Network access setting can be configured on each GFI WebMonitor machine:
Manually
For more information, refer to Manually Configuring Network Access (page 150).
Using Active Directory GPO
For more information, refer to Configuring Network Access Using GPO in Microsoft Windows
Server 2003 (page 151).
For more information, refer to Configuring Network Access Using GPO in Microsoft Windows
Server 2008 (page 152).
This information is also available in KBase article:
http://kbase.gfi.com/showarticle.asp?id=KBID003666
9.7.1 Manually Configuring Network Access
To manually configure Network access setting on a GFI WebMonitor machine :
1. Navigate to Start > Control Panel > Administrative Tools > Local Security Policy.
2. Expand Security Settings > Local Policies > Security Options.
3. Right-click Network access: Sharing and security model for local accounts from the right panel
and click Properties.

GFI WebMonitor 9 Appendix 1 | 150

Screenshot 97: Microsoft Windows XP: Local Security Settings tab

4. Select the Local Security Setting tab.

5. Select Classic - local users authenticate as themselves from the Network access drop-down list.
6. Click Apply and OK.
7. Close Local Security Settings dialog.
8. Close all open windows.
9.7.2 Configuring Network Access Using GPO in Microsoft Windows Server 2003
To configure Network access setting on GFI WebMonitor machines through Microsoft Windows Server
2003 GPO:
1. Navigate to Start > Programs > Administrative Tools > Active Directory Users and Computers on
the DNS server.
2. Right-click the domain node and click Properties.

GFI WebMonitor 9 Appendix 1 | 151

Screenshot 98: Active Directory GPO dialog

3. Select Group Policy tab in the Domain Properties dialog.

4. Select Default Domain Policy from the list and click Edit.
5. Expand Computer Configuration > Windows Settings > Security Settings > Local Policies and click
Security Options.
6. Right-click Network access: Sharing and security model for local accounts from the right panel
and click Properties.
7. In the Security Policy Setting tab, check Define this policy setting checkbox.
8. Select Classic - local users authenticate as themselves from the Network access drop-down list.
9. Click Apply and OK.
10. Close all open windows.
9.7.3 Configuring Network Access Using GPO in Microsoft Windows Server 2008
To configure Network access setting on GFI WebMonitor machines through Microsoft Windows Server
2008 GPO:
1. In the command prompt key in mmc.exe and press Enter.
2. In the Console Root window, navigate to File > Add/Remove Snap-in… to open the Add or Remove
Snap-ins window.

GFI WebMonitor 9 Appendix 1 | 152

Screenshot 99: Add/Remove Snap-ins window

3. Select Group Policy Management from the Available snap-ins list, and click Add.
4. Click OK.

Screenshot 100: Console Root domain window

5. Expand Group Policy Management > Forest > Domains and <domain>.
6. Right-click Default Domain Policy and click Edit to open the Group Policy Management Editor.

GFI WebMonitor 9 Appendix 1 | 153

7. Expand Computer Configuration > Policies > Windows Settings > Security Settings > Local
Policies and click Security Options.
8. Right-click Network access: Sharing and security model for local accounts from the right panel
and click Properties.
9. In the Security Policy Setting tab, check Define this policy setting checkbox.
10. Select Classic - local users authenticate as themselves from the Network access drop-down list.
11. Click Apply and OK.
12. Close Group Policy Management Editor dialog and save the management console created.

GFI WebMonitor 9 Appendix 1 | 154

10 Index

A
K
Access Control 60-61, 102
Knowledge Base 11-12, 110
Active Directory GPO 28, 103, 112, 121, 145, 150, 152
L
Anonymization 42, 47, 49-50, 60, 66
License key 27, 60
Anti-virus 38, 84, 89, 99
Linksys 126, 131
B
Log on as a service rights 119
Bandwidth 9, 38-40, 42-43, 46, 50, 53, 56-57, 59-60,
69-70, 72, 76, 95, 97, 108 M

C Malware 38, 90
Microsoft ISA Server 18
Cache 40, 66, 108, 119, 124
MSN 39, 41, 74
Chained Proxy 101, 103
Cisco ADSL Router Cisco 126-127 N
Configuration 16, 23, 26, 29, 31, 35, 60, 63, 70, 89, 101, Netgear Wireless Router 126, 133
105, 111, 119, 122, 127, 131, 134-135,
137, 141, 146, 149-150, 152, 154 P
Configuring GFI WebMonitor 28, 60 Phishing 9, 38, 89-90, 99
Console 26, 30, 122, 127, 138, 147, 152 Port Blocking 19
Credentials 22, 25, 65, 102-103, 112, 127, 131, 134- Proxy Server 12, 17, 19, 23, 27-28, 30, 32, 101
135, 137, 141
R
D
Reporting 16, 39-40, 53, 55, 58
Dashboard 39-40, 42-43, 46-47, 49, 51, 68-69
S
Download Control Policy 92, 94
DrayTek VIGOR 126-127 Safe Search 78
Simple Proxy 16, 18-19, 23, 100, 111, 126
F
Snap-ins 30, 122, 147, 152
FTP 29, 32
SonicWall 126, 135, 137
G
Spyware 11, 69
General Options 66
T
H
Technical Support 110
HTTP 17, 19, 29, 32, 35, 101, 124, 131, 133, 137-138, Thomson 127, 141
141
Traffic Forwarding 17, 19, 140
HTTPS Scanning 103, 105-107, 119, 125
Troubleshooting 110
I
U
IM Control Policy 75
Unified Protection Edition 10, 17
Installation 12, 16, 18, 21, 23, 26, 61-63, 65, 102, 109-
110 W
Integrated authentication 102, 111, 150 Web Forum 110
Internet Gateway 17-18, 21 Web traffic 11, 20, 40, 101, 103
WebFilter Edition 9, 16, 38, 69-70, 78

GFI WebMonitor Index | 155

 WebGrade Database 11, 13
WebSecurity Edition 9, 17, 38, 69, 84
Wildcards 125
WPAD 33, 101, 112

GFI WebMonitor Index | 156

USA, CANADA AND CENTRAL AND SOUTH AMERICA
15300 Weston Parkway, Suite 104 Cary, NC 27513, USA
Telephone: +1 (888) 243-4329
Fax: +1 (919) 379-3402
[email protected]

ENGLAND AND IRELAND

Magna House, 18-32 London Road, Staines, Middlesex, TW18 4BP, UK
Telephone: +44 (0) 870 770 5370
Fax: +44 (0) 870 770 5377
[email protected]

EUROPE, MIDDLE EAST AND AFRICA

GFI House, San Andrea Street, San Gwann, SGN 1612, Malta
Telephone: +356 2205 2000
Fax: +356 2138 2419
[email protected]

AUSTRALIA AND NEW ZEALAND

83 King William Road, Unley 5061, South Australia
Telephone: +61 8 8273 3000
Fax: +61 8 8273 3099
[email protected]