Deploy GFI WebMonitor 2009

The standalone version of GFI WebMonitor can be deployed in two different configurations, including Simple Proxy mode, and Gateway mode.
Network Management - The ability to monitor and control user access to the Web is critical to today's management, and GFI software integrates a number of tools that can help users meet this bridge.
Released as a standalone proxy version operating on most network environments as a dedicated plug-in for companies that have deployed Microsoft ISA Server, GFI WebMonitor is a comprehensive access control tool, Web filtering, testing, and control with the policy that every organization has carefully considered before deploying.

Installation and configuration

The standalone version of GFI WebMonitor can be deployed in two different configurations, including Simple Proxy mode, and Gateway mode. Simple Proxy mode requires an Internet gateway device to support port blocking (configuring the device to block HTTP traffic originating from the workstation on the network while allowing initial HTTP traffic from the GFI WebMonitor system) or relaying configure (configure the device to allow external HTTP traffic from GFI WebMonitor system and to forward traffic from the workstation to the WebMonitor system). With Simple Proxy mode, GFI WebMonitor system only requires the use of a network interface card (NIC) and acts as a Proxy Server for workstations on the LAN.

In this article we will deploy GFI WebMonitor in Gateway mode, which requires the GFI WebMonitor system to use two NICs to be able to act as a private network gateway where clients connect to and An external network contains devices connected to the Internet. The system used in this example is running Windows Server 2008 R2 , and we will start by installing the Routing and Remote Access (RRAS) service , then configuring RRAS for Network Access Translation (NAT). . A NIC on the gateway server named SRV-GW is added to the private network 10.0.0.0/8 containing Windows 7 workstations; The remaining NIC is put into an external 172.16.0.0./16 network, which contains an Internet gateway device (a DSL router). When NAT is configured on the gateway system, confirm that the workstations on the 10.0.0.0 network can browse the Web by redirecting traffic through the gateway computer and then navigating through the DSL router.

Next we will install GFI WebMonitor on the gateway computer and keep the default settings. Ensure that the designated service account for GFI WebMonitor has the right to log on as a service user (login as a service), otherwise GFI WebMonitor and GFI Proxy services will not start. When the installation process is complete, the Configuration Wizard will launch to guide us to configure GFI WebMonitor, on this Wizard we will select the Gateway mode option as shown in Figure 1.

Deploy GFI WebMonitor 2009 Picture 1Deploy GFI WebMonitor 2009 Picture 1

Figure 1: Select Gateway mode configuration option.

The final page of this Wizard shows that GFI WebMonitor will receive HTTP traffic on 10.0.0.1 via port 8080 (Figure 2).

Deploy GFI WebMonitor 2009 Picture 2Deploy GFI WebMonitor 2009 Picture 2

Figure 2: Checking Web Proxy settings on the Gateway Server.

These settings are important because when GFI WebMonitor is installed on the gateway system, the private network clients will not be able to browse the Web if their Internet Explorer Proxy settings are not configured to use these. install this. Since I only use the Windows 7 workstation on a private network, we will manually configure IE Proxy settings by opening Internet Options from Control Panel, on the dialog that appears, click the Connections tab and click the LAN Settings button. (Figure 3).

Deploy GFI WebMonitor 2009 Picture 3Deploy GFI WebMonitor 2009 Picture 3

Figure 3: Configuring Web Proxy settings on the workstation.





For large environments, we can configure IE Proxy settings on Group Policy clients using the Proxy Settings policy node in User Configuration | Policies | Windows Settings | Internet Explorer Maintenance | Connection .

For each simple field, we can use Web Proxy Autodiscovery (WPAD) which is enabled by default in GFI WebMonitor.

One problem that may arise is that the client still cannot browse the Web even though their IE Proxy settings have been properly configured. This is due to the Advanced Security feature of Windows Firewall . To fix this problem, create a new port rule that allows TCP traffic to arrive on port 8080, then the clients will be able to browse the Web through the gateway system.

Web behavior monitoring and control

When GFI WebMonitor is installed and configured, the user interface of this application is very intuitive and easy to use. Figure 4 shows the GFI WebMonitor administrative console with the Dashboard selected. This section displays a graphical and graphical view of the Web behavior control, security, and filtering process on the Gateway Server. When selecting a node in the left panel, the information for this node will be displayed in the right panel of this Console.

Deploy GFI WebMonitor 2009 Picture 4Deploy GFI WebMonitor 2009 Picture 4

Figure 4: Node Dashboard in GFI WebMonitor Admin Console.

To test detailed monitoring statistics, select the Monitoring node (Figure 5). When selecting this node and its child nodes, we can access real-time HTTP connections from workstations on the network, check the list of recent connections, display statistics. use bandwidth, check frequently visited pages, .

Deploy GFI WebMonitor 2009 Picture 5Deploy GFI WebMonitor 2009 Picture 5

Figure 5: Web monitoring options.

For example, Figure 6 shows two workstations with IP address 10.0.0.100 and 10.0.0.101 currently downloading large files from the Internet. When you press the red X button of either machine, the download process will be stopped.

Deploy GFI WebMonitor 2009 Picture 6Deploy GFI WebMonitor 2009 Picture 6

Figure 6: Canceling data downloads over HTTP.





Another example, the Top Sites node within Bandwith Consumption lists 10 Web sites that are normally accessed by users via bandwidth (Figure 7). Note that Drudge Report , a new popular site, is one of the most used sites.

Deploy GFI WebMonitor 2009 Picture 7Deploy GFI WebMonitor 2009 Picture 7

Figure 7: Checking pages that are normally accessed through bandwidth.

The Drudge Report website is designed to be simple and clean, which means that the amount of 701.42KB bandwidth used by the statistics that the user used to access this page may be inaccurate, so we need to check one Another node is called Top Time Consumption to determine the amount of time that users use to access this page (Figure 8). However, the amount of time used is only relative.

Deploy GFI WebMonitor 2009 Picture 8Deploy GFI WebMonitor 2009 Picture 8

Figure 8: Checking the pages according to the amount of time users use.

Drudge is almost identical to the term surfing time. To check the number of users who have accessed and displayed additional details of this page, simply click on the www.drudgereport.com link.

Deploy GFI WebMonitor 2009 Picture 9Deploy GFI WebMonitor 2009 Picture 9

Figure 9: Access history of www.drudgereport.com page.

We can see that some users have access to this site. If only one user has accessed it, we can directly issue a warning to that user. In case there are many users to access, it is necessary to create a policy to prevent users from accessing this page. To create a blocking policy, first add a Blacklist entry, a feature of GFI WebMonitor, that allows users to block Web sites, users or IP addresses from being accessed without any concern. Which policy was previously configured. To create a Blacklist, select the Balcklist node in the navigation bar, select the Site from the drop-down list, then enter the URL of the page to block and click Add to add it. Done clicking the Save Settings button.

Deploy GFI WebMonitor 2009 Picture 10Deploy GFI WebMonitor 2009 Picture 10

Figure 10: Block page access with Blacklist feature.

After blocking, if a user on the network using Internet Explorer to access this page will see a message as shown in Figure 11.

Deploy GFI WebMonitor 2009 Picture 11Deploy GFI WebMonitor 2009 Picture 11

Figure 11: Message displayed when accessing the site is blocked.

Access sessions on this blocked page will be saved to the Activity Log .

Deploy GFI WebMonitor 2009 Picture 12Deploy GFI WebMonitor 2009 Picture 12

Figure 12: The Activity Log displays the blocked items.





In addition to creating block lists, we can also use GFI WebMonitor to create a list of allowed sites, users and IP addresses that are not related to previously configured policies. GFI WebMonitor allows creating two types of lists, including temporary and permanent. For example, we can use a temporary list to temporarily allow access to a specific page. Allow lists and block lists will override all policies that are configured with WebFilter and WebSecurity.

Use WebFilter

GFI WebMonitor's WebFilter tool gives users greater control over Internet access sessions of users, user groups and IP addresses on the network. WebFilter does this by combining Web filtering policies with WebGrade Database to store and deploy Web filtering policies and allows lookup of URLs that do not appear in this database in a large Internet database created by GFI. Figure 13 shows the Default Web Filter Policy that applies to all users at all times and gives access to all URL addresses.

Deploy GFI WebMonitor 2009 Picture 13Deploy GFI WebMonitor 2009 Picture 13

Figure 13: Default Web Filtering Policy.

If you need to create a Web filtering policy to block certain types of data, click the Add button and enter the name and description on the General tab of this new policy (Figure 14).

Deploy GFI WebMonitor 2009 Picture 14Deploy GFI WebMonitor 2009 Picture 14

Figure 14: Create a new Web filtering policy.

Note that the new policy above will apply at all times. One of WebFilter's remarkable features is that we can perform filtering over time by configuring policies to apply only to certain dates and times.

Next click on the Web Filtering tab and then select the data types you want to block.

Deploy GFI WebMonitor 2009 Picture 15Deploy GFI WebMonitor 2009 Picture 15

Figure 15: Block data.

The Exceptions tab allows you to add or remove specific pages.

Deploy GFI WebMonitor 2009 Picture 16Deploy GFI WebMonitor 2009 Picture 16

Figure 16: Add exception for policy.





The Applies To tab allows you to apply this policy to users, groups or computers (IP addresses). In this example, we will apply this policy to a user named Jacky (Figure 17).

Deploy GFI WebMonitor 2009 Picture 17Deploy GFI WebMonitor 2009 Picture 17

Figure 17: Apply policy to a specific user.

The Notifications tab allows GFI WebMonitor to use the SMTP server that we specified during the installation to notify the administrator when the user performs a policy that violates this policy.

Deploy GFI WebMonitor 2009 Picture 18Deploy GFI WebMonitor 2009 Picture 18

Figure 18: Notice is sent when the policy is violated.

Click the Save Settings button. When selecting the Filtering node again, we will see this new policy.

Deploy GFI WebMonitor 2009 Picture 19Deploy GFI WebMonitor 2009 Picture 19

Figure 19: New Web filtering policy.

Figure 20 shows the message that appears when Jacky accesses a page blocked by the Web filtering policy that we just created.

Deploy GFI WebMonitor 2009 Picture 20Deploy GFI WebMonitor 2009 Picture 20

Figure 20: Message displayed when violating the policy.

Use WebSecurity

The WebSecurity feature of GFI WebMonitor provides control and usage control limitations, such as load control, email communication, virus scanning, anti-forgery protection. WebSecurity integrates three popular antivirus applications, including Kaspersky, Norman and BitDefender.

Deploy GFI WebMonitor 2009 Picture 21Deploy GFI WebMonitor 2009 Picture 21

Figure 21: Integrated antivirus software in GFI WebMonitor's WebSecurity.





Next, we will look at WebSecurity method to help overcome a problem that administrators encounter, namely the ability to download files from the Web.

The Default Download Control Policy will apply to everyone at all times, and there are no restrictions on the types of files that users download.

Deploy GFI WebMonitor 2009 Picture 22Deploy GFI WebMonitor 2009 Picture 22

Figure 22: Default Download Control Policy.

To prevent network users from trimming an .exe file, open the Default Download Control Policy and select the Download tab as shown in Figure 23.

Deploy GFI WebMonitor 2009 Picture 23Deploy GFI WebMonitor 2009 Picture 23

Figure 23: File check list can be allowed / blocked / quarantined.

Note: If you only want to block certain users, groups or computers from downloading certain types of files, we need to create a new Download Control Policy and then configure this policy.

Next, click on the Executable item in this list and then select the Block And Quarantine option to prevent users from downloading executable files, and storing malicious downloads in quarantine for testing.

Deploy GFI WebMonitor 2009 Picture 24Deploy GFI WebMonitor 2009 Picture 24

Figure 24: Blocking and quarantining executable files.

Done clicking the Save Settings button to update the Default Download Control Policy . Then, when the user downloads the .exe file from the Web site, the message shown in Figure 25 appears.

Deploy GFI WebMonitor 2009 Picture 25Deploy GFI WebMonitor 2009 Picture 25

Figure 25: Message blocking loading executable file.

Using the Quarantine feature of GFI WebMonitor, we can view quarantined items and can choose to delete or allow downloads with these items.

Deploy GFI WebMonitor 2009 Picture 26Deploy GFI WebMonitor 2009 Picture 26

Figure 26: Check for isolated items.

Conclude

As we have seen, GFI WebMonitor is a powerful tool, easy to use, configure and install. We can deploy GFI WebMonitor in a workgroup or Active Directory environment. If you are using Microsoft SQL Server, you can also configure the Reporting feature of GFI WebMonitor to record statistics into an SQL database, so we can track what's going on. Network with Crystal Reports or some other analysis tools.
4.8 ★ | 4 Vote