OST Administration Guide - Optenet Knowledge Base ::OKB

Transcription

OST
Administration Guide
© Copyright 2014 Optenet SA Ltd. All rights reserved.
No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by
any means without the written permission of OPTENET S.A., or its suppliers or affiliate companies.
Version History
Doc Version
Product
Date
Summary of Changes
v1b6
OST-6.4.300
19-06-2014
English Edits
v1b5
OST-6.4.300
13-06-2014
6.4.300 content added
v1b4
OST-6.4.200
17-03-2014
v1b3
OST-6.4.200
13-03-2014
v1b2
OST-6.4.110
14-11-2013
v1b1
OST-6.4.110
08-09-2013
v1b0
OST-6.4.104
13-06-2013
Table of Contents
OST...................................................................................................................... III
ADMINISTRATION GUIDE ................................................................................... III
Table of Contents ................................................................................................................................. v
Table of Figures .................................................................................................................................. ix
CHAPTER 1: INTRODUCING OST ...................................................................1-1
Using this manual .............................................................................................................................1-2
Glossary ..............................................................................................................................................1-3
Administration settings ....................................................................................................................1-5
CHAPTER 2: GENERAL ...................................................................................2-1
Status ..................................................................................................................................................2-2
Service web/wap .............................................................................................................................2-2
Service AdsFree ..............................................................................................................................2-3
Service Antiphishing ......................................................................................................................2-4
Service Antispam In .......................................................................................................................2-5
Service Antispam Out.....................................................................................................................2-6
Service Antivirus ............................................................................................................................2-7
Service Firewall ..............................................................................................................................2-8
Monitoring .........................................................................................................................................2-9
Traffic history .................................................................................................................................2-9
Cache status .................................................................................................................................. 2-10
Active connections....................................................................................................................... 2-11
General management .................................................................................................................... 2-11
Administrators .............................................................................................................................. 2-12
Schedule tasks .............................................................................................................................. 2-15
Backups ........................................................................................................................................ 2-17
Host & Process Control ............................................................................................................... 2-18
Host location ................................................................................................................................ 2-22
Filtering Log Configuration ........................................................................................................ 2-23
Events ........................................................................................................................................... 2-28
Alerts ............................................................................................................................................ 2-30
Password Control ......................................................................................................................... 2-32
External Servers ........................................................................................................................... 2-33
Account Management ................................................................................................................... 2-45
Provisioning ................................................................................................................................. 2-45
Client users ................................................................................................................................... 2-48
External Servers ........................................................................................................................... 2-50
Service Packages.......................................................................................................................... 2-51
Filtering Policies ............................................................................................................................ 2-55
WebSafe Personal Operation Guide
v
Policies ......................................................................................................................................... 2-57
Source & Destination................................................................................................................... 2-58
Schedules ...................................................................................................................................... 2-61
Advanced Configuration .............................................................................................................. 2-62
CHAPTER 3: WEB PROXY...............................................................................3-1
Filtering Policies ...............................................................................................................................3-2
Profiles ................................................................................................................................................3-8
Cache Settings .............................................................................................................................. 3-11
Authentication Settings ............................................................................................................... 3-16
PAC file ........................................................................................................................................ 3-16
CHAPTER 4: FTP PROXY ................................................................................4-1
Profiles ................................................................................................................................................4-4
Reports ...............................................................................................................................................4-6
Service Reports ...............................................................................................................................4-6
Monitor Reports ..............................................................................................................................4-8
CHAPTER 5: WEB/WAP ...................................................................................5-1
Profiles ................................................................................................................................................5-5
Category Management.................................................................................................................. 5-10
Black- & Whitelists........................................................................................................................ 5-13
Reports ............................................................................................................................................ 5-14
Service Reports ............................................................................................................................ 5-14
Monitor Reports ........................................................................................................................... 5-17
CHAPTER 6: ADSFREE ...................................................................................6-1
Profiles ................................................................................................................................................6-4
Reports ...............................................................................................................................................6-6
Service Reports ...............................................................................................................................6-6
Monitor Reports ..............................................................................................................................6-8
CHAPTER 7: AUTOMATIC NOTICES ..............................................................7-1
Profiles ................................................................................................................................................7-5
Reports ...............................................................................................................................................7-6
Service Reports ...............................................................................................................................7-7
Monitor Reports ..............................................................................................................................7-8
Advanced Configuration .................................................................................................................7-9
Redirection ......................................................................................................................................7-9
vi
Banners Insertion ......................................................................................................................... 7-10
Smart Banner................................................................................................................................ 7-11
CHAPTER 8: ANTI-PHISHING..........................................................................8-1
Profiles ................................................................................................................................................8-7
Black- & Whitelists...........................................................................................................................8-9
Quarantine ...................................................................................................................................... 8-10
Reports ............................................................................................................................................ 8-12
Service Reports ............................................................................................................................ 8-12
Monitor Reports ........................................................................................................................... 8-14
Advanced configuration................................................................................................................ 8-16
CHAPTER 9: ANTISPAM IN .............................................................................9-1
Profiles ................................................................................................................................................9-5
Black- & Whitelists........................................................................................................................ 9-10
Quarantine ...................................................................................................................................... 9-10
Reports ............................................................................................................................................ 9-11
Service Reports ............................................................................................................................ 9-11
Monitor Reports ........................................................................................................................... 9-13
Filter Settings ............................................................................................................................... 9-13
Security Settings .......................................................................................................................... 9-17
Notifications & Quarantine ......................................................................................................... 9-19
CHAPTER 10: ANTISPAM OUT .....................................................................10-1
Profiles ............................................................................................................................................. 10-5
Black- & Whitelists...................................................................................................................... 10-10
Quarantine .................................................................................................................................... 10-11
Reports .......................................................................................................................................... 10-11
Service Reports .......................................................................................................................... 10-11
Monitor Reports ......................................................................................................................... 10-13
Advanced Configuration ............................................................................................................ 10-13
Filter Settings ............................................................................................................................. 10-13
Security Settings ........................................................................................................................ 10-15
Notifications & Quarantine ....................................................................................................... 10-17
CHAPTER 11: ANTIVIRUS .............................................................................11-1
Profiles ............................................................................................................................................. 11-5
Quarantine ...................................................................................................................................... 11-5
Mail Quarantine ........................................................................................................................... 11-5
Reports ............................................................................................................................................ 11-7
vii
Service Reports ............................................................................................................................ 11-7
Monitor Reports ........................................................................................................................... 11-8
Advanced Configuration ............................................................................................................ 11-10
CHAPTER 12: FIREWALL ..............................................................................12-1
Profiles ............................................................................................................................................. 12-4
VoIP, IM & P2P ............................................................................................................................. 12-7
Custom Services ............................................................................................................................. 12-8
QoS & Bandwidh Management................................................................................................... 12-9
Routing ............................................................................................................................................ 12-9
Routing Policies ........................................................................................................................... 12-9
Static Routing Table .................................................................................................................. 12-10
Dynamic Routing Table ............................................................................................................ 12-11
Dynamic Routing Settings ........................................................................................................ 12-11
Reports .......................................................................................................................................... 12-14
Service Reports .......................................................................................................................... 12-14
Monitor Reports ......................................................................................................................... 12-16
CHAPTER 13: REPORTER.............................................................................13-1
Report Templates .......................................................................................................................... 13-1
Steps to execute a report .............................................................................................................. 13-6
Steps to execute a Report (Performance Reports) ..................................................................... 13-7
Report Results ............................................................................................................................ 13-10
Drill – Down Capabilities ......................................................................................................... 13-17
Exporting Reports ...................................................................................................................... 13-19
Programmed Reports .................................................................................................................. 13-20
CHAPTER 14: APPENDICES .........................................................................14-1
APPENDIX A: MONITORING MESSAGES DESCRIPTION ...........................14-2
Critical Events ................................................................................................................................ 14-2
Error Events ................................................................................................................................... 14-5
Warning Events ........................................................................................................................... 14-24
Informative Events ...................................................................................................................... 14-56
APPENDIX B: OST GENERAL CATEGORIES ............................................14-76
Importance of Categories within OST ..................................................................................... 14-76
Available Categories.................................................................................................................... 14-77
APPENDIX C: BORDER GATE PROTOCOL ...............................................14-82
viii
Table of Figures
Figure 2-1: General Section ..............................................................................................................2-1
Figure 2-2: Web/wap dashboard.......................................................................................................2-2
Figure 2-3: AdsFree dashboard ........................................................................................................2-3
Figure 2-4: Antiphishing dashboard .................................................................................................2-4
Figure 2-5: Antispam In dashboard ..................................................................................................2-5
Figure 2-6: Antispam Out dashboard ...............................................................................................2-6
Figure 2-7: Antivirus dashboard .......................................................................................................2-7
Figure 2-8: Firewall dashboard .........................................................................................................2-8
Figure 2-9: Traffic history widget ................................................................................................. 2-10
Figure 2-10: Cache status widget .................................................................................................. 2-10
Figure 2-11: Active connection widget ......................................................................................... 2-11
Figure 2-12: Administrators ........................................................................................................... 2-12
Figure 2-13: Administrators password change ............................................................................. 2-14
Figure 2-14: Schedule tasks ........................................................................................................... 2-15
Figure 2-15: Backups ..................................................................................................................... 2-17
Figure 2-16: Hosts & Process Control .......................................................................................... 2-18
Figure 2-17: Host information ....................................................................................................... 2-20
Figure 2-18: CPU information ....................................................................................................... 2-21
Figure 2-19: Memory usage information ..................................................................................... 2-21
Figure 2-20: Modules performance configuration........................................................................ 2-22
Figure 2-21: Host location ............................................................................................................. 2-22
Figure 2-22: Logs configuration .................................................................................................... 2-25
Figure 2-23: Events ........................................................................................................................ 2-28
Figure 2-24: Events parameters ..................................................................................................... 2-29
Figure 2-25: Predefined events with triggering conditions.......................................................... 2-30
Figure 2-26: Alerts ......................................................................................................................... 2-30
Figure 2-27: New alert ................................................................................................................... 2-31
Figure 2-28: Predefined events with triggering conditions.......................................................... 2-32
ix
Figure 2-29: Password security settings ........................................................................................ 2-32
Figure 2-30: External servers ......................................................................................................... 2-34
Figure 2-31: External server configuration ................................................................................... 2-36
Figure 2-32: SMTP cluster ............................................................................................................. 2-37
Figure 2-33: SMTP Server ............................................................................................................. 2-38
Figure 2-34: Proxy server .............................................................................................................. 2-39
Figure 2-35: LDAP Server ............................................................................................................. 2-40
Figure 2-36: Kerberos cluster ........................................................................................................ 2-42
Figure 2-37: Kerberos Server ........................................................................................................ 2-43
Figure 2-38: Provisioning customers ............................................................................................ 2-46
Figure 2-39: Client users ................................................................................................................ 2-48
Figure 2-40: Client external servers .............................................................................................. 2-50
Figure 2-41: Service Packages....................................................................................................... 2-51
Figure 2-42: Service details ........................................................................................................... 2-52
Figure 2-43: Creating packages of services .................................................................................. 2-54
Figure 2-44: Filtering policies ....................................................................................................... 2-58
Figure 2-45: Source&Destination .................................................................................................. 2-59
Figure 2-46: Schedules ................................................................................................................... 2-62
Figure 2-47: Advanced Configuration .......................................................................................... 2-63
Figure 3-1: Web Proxy Policies ........................................................................................................3-2
Figure 3-2: Web Proxy Policies: Status ...........................................................................................3-3
Figure 3-3: Web Proxy Policies: Source&Destination ...................................................................3-3
Figure 3-4: Web Proxy Policies: Action ..........................................................................................3-4
Figure 3-5: Web Proxy ssl-inspection: Invalid certificate ..............................................................3-7
Figure 3-6: Web Proxy Captive portal .............................................................................................3-8
Figure 3-7: Web Proxy Captive portal configuration ......................................................................3-8
Figure 3-8: Web Proxy Profiles ........................................................................................................3-9
Figure 3-9: Web Proxy Advanced Configuration......................................................................... 3-12
Figure 3-10: Web Proxy Authentication Settings......................................................................... 3-16
x
Figure 3-11: Web Proxy PAC File ................................................................................................ 3-17
Figure 4-1: FTP Proxy Policies ........................................................................................................4-1
Figure 4-2: FTP Proxy Policies: Status ............................................................................................4-2
Figure 4-3: FTP Proxy Policies: Source&Destination ....................................................................4-2
Figure 4-4: FTP Proxy Policies: Action ...........................................................................................4-3
Figure 4-5: FTP Proxy Profiles.........................................................................................................4-5
Figure 4-6: FTP Proxy Service Reports ...........................................................................................4-7
Figure 4-7: FTP Proxy Service Reports ...........................................................................................4-9
Figure 5-1: WEB/WAP Filtering policies ........................................................................................5-1
Figure 5-2: WEB/WAP Filtering policies: Status ...........................................................................5-2
Figure 5-3: WEB/WAP Filtering policies: Action ..........................................................................5-3
Figure 5-4: WEB/WAP Profiles .......................................................................................................5-6
Figure 5-5: WEB/WAP Profiles: Files .............................................................................................5-7
Figure 5-6: WEB/WAP Profiles: Time Limit ..................................................................................5-8
Figure 5-7: WEB/WAP Profiles: Advanced ....................................................................................5-9
Figure 5-8: WEB/WAP Category Management ........................................................................... 5-11
Figure 5-9: WEB/WAP Category Management: New Category................................................. 5-12
Figure 5-10: WEB/WAP Black- &Whitelists ............................................................................... 5-14
Figure 5-11: WEB/WAP Service Reports .................................................................................... 5-15
Figure 5-12: WEB/WAP Monitor Reports: Visualization ........................................................... 5-16
Figure 5-13: WEB/WAP Monitor Reports ................................................................................... 5-17
Figure 5-14: WEB/WAP Advanced configuration....................................................................... 5-18
Figure 6-1: AdsFree Filtering Policies .............................................................................................6-1
Figure 6-2: AdsFree Filtering Policies: Status.................................................................................6-2
Figure 6-3: AdsFree Filtering Policies: Actions ..............................................................................6-3
Figure 6-4: AdsFree Profiles .............................................................................................................6-5
Figure 6-5: AdsFree Service Reports ...............................................................................................6-7
Figure 6-6: AdsFree Monitor Reports ..............................................................................................6-8
Figure 7-1: Automatic Notices .........................................................................................................7-1
xi
Figure 7-2: Automatic Notices Policies: Status ...............................................................................7-2
Figure 7-3: Automatic Notices Policies: Actions ............................................................................7-3
Figure 7-4: Automatic Notices Profiles: Category ..........................................................................7-5
Figure 7-5: Automatic Notices Policies: Frequency .......................................................................7-6
Figure 7-6: Automatic Notices Service Reports ..............................................................................7-7
Figure 7-7: Automatic Notices Monitor Reports.............................................................................7-9
Figure 7-8: Automatic Notices Advanced Configuration: Redirection .........................................7-9
Figure 7-9: Automatic Notices Advanced Configuration: Redirection edition .......................... 7-10
Figure 7-10: Automatic Notices Advanced Configuration: Banners insertion .......................... 7-10
Figure 7-11: Automatic Notices Advanced Configuration: Banners edition ............................. 7-11
Figure 7-12: Automatic Notices Advanced Configuration: Smart Banners list ......................... 7-12
Figure 7-13: Automatic Notices Advanced Configuration: Smart Banners edition .................. 7-12
Figure 8-1: Antiphising .....................................................................................................................8-1
Figure 8-2: AntiPhishing Policies: Status ........................................................................................8-2
Figure 8-3: Antiphising Policies: Source&Destination...................................................................8-3
Figure 8-4: Antiphishing Policies: Web Actions .............................................................................8-4
Figure 8-5: Antiphishing Policies: Mail actions ..............................................................................8-5
Figure 8-6: Antiphising Profiles: Protocol .......................................................................................8-8
Figure 8-7: Antiphishing Black- &Whitelists ............................................................................... 8-10
Figure 8-8: AntiPhishing Quarantine ............................................................................................ 8-11
Figure 8-9: AntiPhishing Quarantine: Search ............................................................................... 8-11
Figure 8-10: AntiPhishing Service Reports .................................................................................. 8-13
Figure 8-11: AntiPhishing Monitor Reports ................................................................................. 8-15
Figure 8-12: AntiPhishing Advanced Configuration ................................................................... 8-16
Figure 9-1: Antispam.........................................................................................................................9-1
Figure 9-2: Antispam policies: status ...............................................................................................9-2
Figure 9-3: Antispam policies: Actions ...........................................................................................9-3
Figure 9-4: Antispam profiles: Protocols .........................................................................................9-5
Figure 9-5: Antispam profiles: Spam ...............................................................................................9-6
xii
Figure 9-6: Antispam profiles: Sender .............................................................................................9-7
Figure 9-7: Volumetry .......................................................................................................................9-8
Figure 9-8: Antispam profiles: Attachment .....................................................................................9-8
Figure 9-9: Antispam profiles: Advanced ........................................................................................9-9
Figure 9-10: Antispam Black- &Whitelists .................................................................................. 9-10
Figure 9-11: Antispam Service Reports ........................................................................................ 9-12
Figure 9-12: Antispam Monitor Reports ....................................................................................... 9-13
Figure 9-13: Antispam Advanced Configuration: Filter Settings ............................................... 9-14
Figure 9-14: Antispam Advanced Configuration: MTA DoS ..................................................... 9-17
Figure 9-15: Antispam Advanced Configuration: Security Settings........................................... 9-18
Figure 9-16: Antispam Advanced Configuration: Notifications & Quarantine ......................... 9-19
Figure 10-1: Antispam Out ............................................................................................................ 10-1
Figure 10-2: Antispam Out policies .............................................................................................. 10-2
Figure 10-3: Antispam Out policies: Actions ............................................................................... 10-3
Figure 10-4: Antispam Out profiles .............................................................................................. 10-5
Figure 10-5: Antispam Out profiles: Spam................................................................................... 10-6
Figure 10-6: Antispam Out profiles: Sender................................................................................. 10-7
Figure 10-7: Antispam Out profiles: Attachment ......................................................................... 10-8
Figure 10-8: Antispam Out profiles: Advanced ........................................................................... 10-9
Figure 10-9: Antispam Out Black- &Whitelists ......................................................................... 10-10
Figure 10-10: Antispam Out Service Reports............................................................................. 10-12
Figure 10-11: Antispam Out Monitor Reports ........................................................................... 10-13
Figure 10-12: Antispam Out Advanced Configuration: Filter Settings .................................... 10-14
Figure 10-13: Antispam Out Advanced Configuration: Security Settings ............................... 10-16
Figure 10-14: Antispam Out Advanced Conf.: Notifications&Quarantine .............................. 10-17
Figure 11-1: Antivirus .................................................................................................................... 11-1
Figure 11-2: Antivirus policies: Status.......................................................................................... 11-2
Figure 11-3: Antivirus policies: Web/WAP Actions ................................................................... 11-3
Figure 11-4: Antivirus policies: Mail Actions .............................................................................. 11-4
xiii
Figure 11-5: Antivirus profiles ...................................................................................................... 11-5
Figure 11-6: Antivirus quarantine ................................................................................................. 11-6
Figure 11-7: Antivirus Quarantine: Search ................................................................................... 11-6
Figure 11-8: Antivirus Reports ...................................................................................................... 11-8
Figure 11-9: Antivirus Monitor Reports ....................................................................................... 11-9
Figure 11-10: Antivirus Advanced Configuration ..................................................................... 11-10
Figure 12-1: Firewall ...................................................................................................................... 12-1
Figure 12-2: Firewall policies: Status ........................................................................................... 12-2
Figure 12-3: Firewall policies: Actions ......................................................................................... 12-3
Figure 12-4: Firewall profiles ........................................................................................................ 12-5
Figure 12-5: Firewall VoIP, IM and P2P ...................................................................................... 12-7
Figure 12-6: Firewall Custom Services ......................................................................................... 12-8
Figure 12-7: Firewall QoS Bandwidth Management ................................................................... 12-9
Figure 12-8: Routing Policies ...................................................................................................... 12-10
Figure 12-9: Firewall Static Routing Table ................................................................................ 12-10
Figure 12-10: Firewall new route ................................................................................................ 12-11
Figure 12-11: Firewall Dynamic Routing Table ........................................................................ 12-11
Figure 12-12: Firewall Dynamic Routing Settings .................................................................... 12-12
Figure 12-13: Firewall Edit Network .......................................................................................... 12-12
Figure 12-14: Firewall Edit Neighbor ......................................................................................... 12-13
Figure 12-15: Firewall Service Reports ...................................................................................... 12-14
Figure 12-16: Firewall Monitor Reports ..................................................................................... 12-16
Figure 13-1: Report Templates ...................................................................................................... 13-3
Figure 13-2: Report Details ........................................................................................................... 13-7
Figure 13-3: Performance Report .................................................................................................. 13-8
Figure 13-4: Report Table format................................................................................................ 13-11
Figure 13-5: Report Details ......................................................................................................... 13-12
Figure 13-6: Report Table format: Two level Grouping criteria ............................................... 13-13
Figure 13-7: Report Chart format (Columns) ............................................................................. 13-14
xiv
Figure 13-8: Report Chart format (Lines) ................................................................................... 13-15
Figure 13-9: Report Chart format (Pie chart) ............................................................................. 13-15
Figure 13-10: Report Chart format: Report criteria ................................................................... 13-16
Figure 13-11: Report Chart format: Two-level Grouping criteria............................................. 13-17
Figure 13-12: Report Drill-Down Capabilities ........................................................................... 13-18
Figure 13-13: Report chart conditions ........................................................................................ 13-19
Figure 13-14: Programmed Reports ............................................................................................ 13-20
Figure 13-15: Programmed report configuration........................................................................ 13-21
Figure 14-1: Categorization of URLs .......................................................................................... 14-76
xv
Chapter 1: Introducing OST
Optenet offers a security suite solution designed specifically for Internet Service
Providers (ISPs) and mobile operators: OST (OST). Its architecture is designed to
provide highly effective and efficient content filtering and security services with
scalability, fault tolerance, straightforward administration and high availability for the
operator’s users.
Currently, Optenet’s OST provides the following content filtering services to operators’
users:

Web/WAP Content Filtering: This service allows blocking
browsing sites within specific categories (such as pornography,
games, drugs, etc.), set up whitelists and blacklists of sites, prevent
certain file types from being downloaded, set schedules for rules in
order to define when access is available and establish time limits
on browsing.

Automatic Notices: This service allows operators to display
notifications to their clients by redirecting their navigation to a
given URL.

Antiphishing: Protection from potential and verified fraud sites
that try to obtain sensible user information simulating other
legitimate websites, including emails containing links to these
sites.

Antispam: Spam messages can be filtered using a range of spam
detection methods, as well as whitelists and blacklists that allow
spam to be deleted, rerouted to an external account, tagged or sent
to a quarantine fileserver.

Antivirus/Antispyware Engine: The antivirus engine provides
users with an automatic antivirus check when downloading files.
Moreover, it is possible to scan e-mails messages during the
download and, if a virus is detected, send them to quarantine, clean
them, tag them and/or remove the attachment from such messages.
Within the antivirus engine, OST allows users to protect sensitive
information so that any attempt to upload this information is
automatically blocked. Users can define a list of trusted sites.

Firewall: A virtualized firewall service for the end-user is available
with OST, allowing firewall functions for each user.

Messages/User alerts: OST enables operators to send specific
messages to end-users based on rules defined for each profile or
type of service.
1-1
All modules have an information reporter so that the end-user can see logs of activity
for any configured service.
Using this manual
This manual explains how to configure and use the OST product.
Status
3.2
Monitoring
3.3
General Management
3.4
Account Management
3.5
Filtering Policies
3.6
Advanced Configuration
4
Web Proxy
5
Web / WAP
5.1
Filtering Policies
5.2
Profiles
5.3
Category Management
5.4
Black- & Whitelists
5.6
6
AdsFree
7
Automatic Notices
8
Antiphishing
1-2
Categorization
Monitor Admin.
3.1
Categorization
Operator L2
General
Categorization
Operator L1
3
Content Service
Administrator
Administration settings
Customer Care
Manager
2
Categorization
Manager
Menu
Introduction
Monitor
Manager
1
Operations
Manager
This manual is aimed at several different audiences. The information is intended
primarily for network administrators responsible for OST. In the following table,
various reading paths are suggested.
8.3
Black- & Whitelists
9
Antispam In
9.3
Black- & Whitelists
10
Antispam Out
10.3
Black- & Whitelists
11
Antivirus
12
Firewall
13
Reporter
14.1
Report Templates
Categorization
Monitor Admin.
Categorization
Operator L2
Categorization
Operator L1
Content Service
Administrator
Customer Care
Manager
Categorization
Manager
Monitor
Manager
Operations
Manager
Menu
Appendices
A
B
Appendix A: Monitoring Messages
Description
Appendix B: OST General Categories
C
Appendix C: Border Gate Protocol
Glossary
Term
Descriptor
APS
AS
CCOTTA
CPU
DMZ
DNS
DoS
Enduser
FTP
GUI
Optenet Professional Services
Autonomous System
Carrier Class OPTENET Transparent Traffic Analyzer
Central Processing Unit
Demilitarized Zone
Domain Name System
Denial of Service
Operator’s customer
File Transfer Protocol
Graphic Unit Interfaces
1-3
1-4
Term
Descriptor
HTTP
IDS
IM
IPS
ISP
LDAP
MAC
MMS
MMSC
MSISDN
NTLM
OCP
OPM
ORA
ORT
OWS
P2P
POP
SMTP
SNMP
SSL
TCP
UDP
URL
UTM
VLAN
VoIP
WAP
WOLF
WML
OST
Hyper Text Transfer Protocol
Intrusion Detection System
Instant Messaging
Intrusion Protection System
Internet Service Provider
Lighweight Directory Access Protocol
Medium Access Control
Multimedia Messaging Service
Multimedia Messaging Service Center
Mobile Station Integrated Services Digital Network
NT LAN Management
OPTENET Communication Protocol
OPTENET Process Monitor
OPTENET Radius Accounting
OPTENET Reporting Tool
OPTENET Web Server
Peer to Peer
Post Office Protocol
Simple Mail Transfer Protocol
Simple Network Management Protocol
Secure Socket Layer
Transmission Control Protocol
User Datagram Protocol
Uniform Resource Locator
Unified Threat Management
Virtual LAN
Voice over IP
Wireless Application Protocol
Web-content Optenet Legal Filter
Wireless Markup Language
Web Safe Personal
Administration settings
To access the Administration GUI, open a browser and enter the IP and port where the
Web Server (WS) module is installed. The WS for administration of the ISP is typically
deployed in the DMZ and the WS for end-users in a public area of the network with a
Firewall in between.
OST includes by default a System Administrator type user (“user_sys/123456”), which
has the highest privileges for managing the system. To change them you must access the
“Administrators” section of the Administration Website of the ISP.
You are recommended to perform all administration tasks using the web interface. Once
OST is up and running, you can implement any operational changes through the web
administration interface.
The Administration GUI displays several top tabs, which correspond to the different
services together with a General tab for global settings. A specific menu is displayed on
the left when selecting each tab.
1-5
Chapter 2: General
This section provides information about the global settings of the solution and allows
for their modification. This section comprises of five sub-sections: Status, Monitoring,
General Management, Account Management, Filtering Policies and Advanced
Configuration.
Figure 2-1: General Section
2-1
Status
OST provides, as part of its Unified Thread Management (UTM) console, a dashboard
to monitor filtering activity and threats. This is the first screen shown when accessing
the Administrator GUI and it provides the status of the different available services and
working mode (On | Off | Monitor mode | Failure), enabling administrators to change
the status of any given service.

When a Service is set to [ON], all filtering policies associated to
the Service will be applied (whenever they match the filtering
criteria), and filtering activity will be logged.

When a Service is set to [Monitor], filtering policies will not be
applied (no blocking action is applied), although information is
registered in logs as though the policy had been applied. This
working mode is ideal to test “what would have happened if
defined policies were active).

When a Service is set to [OFF], filtering policies will not be
applied and no information will be registered on logs.
This screen also displays the general status of the hosts where the application has been
installed. This information is updated every 120 seconds.
Finally, a dashboard widget will be shown per Service, summarizing filtering behavior
during last 24 hours (only widgets related to licensed services are being shown). This
information will also be refreshed every 120 seconds.
Available widgets to monitor Service filtering are:
Service web/wap
Figure 2-2: Web/wap dashboard
2-2

Represented Time Frame: Last 24 hours

Upper left corner:
o
Table with summarized information about requests
managed by all web filtering services (Web / Wap,
Antivirus web, Antiphishing web):

Average Clients / hour.

Total Requests.

Total Blocks.

Max. Requests / hour.

Min. Requests / hour.

Average Requests / hour.
o
Lower left corner: Top 5 visited domains. There is a sixth
item (sector), [Others], representing the rest of blocked
domains.
o
Pie Chart: Top 5 blocked Webpages Categories.
o
Columns Chart: Breakdown of top 5 blocked categories
per hour.
Service AdsFree
Figure 2-3: AdsFree dashboard
2-3


Upper left corner:
o
Table with summarized information about blocked Ads:

Total number of blocked Ads

Max. Blocks / hour

Min. Blocks / hour

Average Blocks / hour
o
Lower left corner: Top 5 blocked domains
o
Pie Chart: Distribution of blocks by Ad Type (Banners,
Pop-ups, animated Gifs)
o
Columns Chart: Hourly breakdown of the same infomation
represented by the Pie chart.
Service Antiphishing
Figure 2-4: Antiphishing dashboard
2-4


Upper left corner:
o
Table with summarized information about blocked
phishing web sites and/or blocked phishing emails.

Total number of attacks

Max. Attacks / hour

Min. Attacks / hour

Average Attacks / hour
o
Lower left corner: Top 5 Phishing sites (most blocked
domains)
o
Pie Chart: Distribution of blocks by type (mail and Web)
o
Service Antispam In
Figure 2-5: Antispam In dashboard
2-5


Upper left corner:
o
Table with summarized information about blocked emails
by AntiSpam.in policies. That is, not considering those
emails blocked for AntiPhishing or Antivirus policies.

Average Clients / hour

Total number of Spam emails.

Max. Number of Spam emails / hour.

Min. number of Spam email / hour.

Average number of Spam emails / hour.
o
Lower left corner: Top 5 blocked Spammers (IPs).
o
Pie Chart: Mail blocked vs Delivered.
o
Service Antispam Out
Figure 2-6: Antispam Out dashboard
2-6

o
Upper left corner:
o
Table with summarized information about blocked emails
by AntiSpam.out policies (blocked outgoing emails).

Average Clients / hour

Total number of outgoing Spam emails.

Max. Number of outgoing Spam emails / hour.

Min. number of outgoing Spam email / hour.

Average number of outgoing Spam emails / hour.
o
Lower left corner: Top 5 blocked Spammers (IPs).
o
Pie Chart: Mail blocked vs Delivered.
o
Service Antivirus
Figure 2-7: Antivirus dashboard
2-7


Upper left corner:
o
Table with summarized information about blocked web
content and/or emails due to Antivirus policies.

Total number of detected viruses.

Max. Number of detected Viruses / hour.

Min. number of detected Viruses / hour.

Average number of detected Viruses / hour.
o
Lower left corner: Top 5 detected viruses.
o
Pie Chart: Distribution of blocks by type (mail and Web /
Wap)
o
Service Firewall
Figure 2-8: Firewall dashboard
2-8

Represented Time Frame: Last 24 hours.

Upper left corner:
o
Table with summarized information about blocked
requests by Firewall protection policies.

Average number of Clients / hour.

Total number of blocked Connections.

Max. Number of blocked Connections/ hour.

Min. number of blocked Connections / hour.

Average number of blocked Connections / hour.
o
Lower left corner: Top 5 blocked Services (protocols,
patterns …). There is a sixth item (sector), [Others],
representing the rest of blocked Services.
o
Pie Chart: Top 5 blocked protocols.
o
Monitoring
This section shows real time monitoring widgets oriented to verify traffic being
managed by OST appliances. These widgets are:

Traffic History.

Cache status

Active connections.
Traffic history
2-9
Figure 2-9: Traffic history widget

Purpose: Monitor traffic in kbps in Ethernet ports (Eths)

Multiple instances of this widget can be added (in order to monitor
different servers / Eths separately).

Widget configuration:
o
Time period to be taken into account: Last 60 minutes |
Last 24 hours | Last 30 Days
o
Server and list of Eths (and traffic direction) to be
monitored.
o
Refresh Rate: Slow | Medium | Fast. Refresh rate relative
to time period to be taken into account.
Traffic log is not active by default. If you plan to monitor traffic activity, remember to
activate traffic activity logging in section [General >> General Management >> Filtering
Log Configuration].
Cache status
Figure 2-10: Cache status widget
2-10

Purpose: Monitor Cache hits vs. Cache misses (only in proxy
deployment mode, with cache service active).

o
o
Active connections
Figure 2-11: Active connection widget

Purpose: Monitor number of active connections per CCOTTA
instance.

o
o
Servers and CCOTTA instances to be monitored.
o
General management
This section allows the root administrator to configure different general settings on the
system. It is possible to create and manage other administrator accounts, create or
modify scheduled actions for modules, backup system configuration and database files,
get hosts and modules information and carry on several actions on them, configure
alarms and alerts, etc. The left part of the screen will display a submenu for all these
options.
2-11
Administrators
Figure 2-12: Administrators
In this section, you can perform actions on the system administrators, e.g. add a new
administrator or change the status of an existing one. Only an administrator with the
highest level of permission can manage other administrators of the web interface. The
types of administrators that can be created by default are:
2-12

Quarantine Administrator: can manage the quarantine of the
customers. Search, delete and un block emails from the customers.

Customer Care Administrator: can manage customer accounts, and
edit their provisioned services.

Categorization Administrator: can manage categories and URL
classification.

Monitor Administrator: has access to the reporting tool.

Operations Administrator: can access all options.

Override Blocking Administrator: Virtual administrator whose
password can be used to access some restricted WebPages
(whenever a web/wap blocking policy has as action “block with
password override”).

User Group Manager: similar to monitor administrator but can
only create reports with data of associated users and/or groups.
This manager has to be associated to a set of LDAP users and
groups.

Content Service Administrator: can access General settings and
WOLF service options.

Categorization Operator L1: aimed at legal department users, this
type of administrator can manage the content of the custom legal
blacklists and categories

Categorization Operator L2: this is a restricted version of the
previous administrator type, which can only check how a URL is
categorized both in WOLF and Web/Wap filter.

Categorization Monitor Administrator: can create WOLF related
reports and access the content of custom categories to export their
content.

Read only administrator: can access all options but with read-only
permissions.
Note: Each type of administrator has access to different sections of the interface
depending on associated rights. These settings are highly dependent on the needs of each
Operator
2-13
Administrators can be created locally, using “Optenet’s Database”, or they can be read
from a LDAP. In the first case, when creating an administrator you must enter its user
name and password. On the other hand, if the administrator is created from a LDAP,
you just need to enter its user name and select the LDAP from where the password will
be read.
Administrators can change their password by editing their details. In this case, the
administrator will be requested to enter the current password. This only applies to
administrators created in Optenet’s Database.
Figure 2-13: Administrators password change
2-14
Schedule tasks
Figure 2-14: Schedule tasks
You can schedule maintenance tasks using the web administration interface. To do so,
click on the Scheduled Tasks option in the menu on the left-hand side. In this section,
you can schedule tasks globally, i.e. for all modules, or just for specific ones.
When you program a task at global level, all modules that can perform that kind of task
will execute it. When you program a task at module level (e.g. Web Filter), only the
selected type of module will execute it. You can also configure triggers, specific dates
and actions for the tasks. Actions can be a predefined function (e.g. CompactDatabase)
or specific shell commands that are executed as an action.
Example: an example of a scheduled task is the backup operation that Central Manager
executes periodically (by default every day at 01:00 am) to back up the information in its
database (clients, configuration files, etc.)
There is a different list of predefined functions for every given module. Some of them
will be scheduled by default:
2-15
Task scheduled by default:
Module
Task Name
Schedule
Purpose
UpdateAVBases
Daily, from 1:00 to 5:00 h Updates Antivirus Signatures.
ConfigBackup
Daily, from 1:00 to 5:00
h, retries every hour
CompactDatabase
Daily, from 1:00 to 3:00,
retries each 30 minutes
Central Manager
EndPoint Agent
EndPoint Agent
Daily, From 09:00 to
EndPointUpdateAVBases 11:00, retries each 30
minutes
Daily, from 14:00 to
EndPointAVScan
16:00, retries each 30
minutes
Makes a backup copy of the
configuration files.
Compacts all *.dat files (directory
“/database”).
Performs save and reload database
operations (administrators, users, etc.)
so that the .dat files are free of pending
[ADD] and [DELETE] operations.
Downloads to EndPoints, latest
versions of AV signatures
(incremental).
Executes the antivirus Scan in
EndPoints (all units).
Unscheduled task
Module
Task Name
Purpose
Reloads to memory the .conf configuration files, which could
have been modified externally.
Global (All
modules)
ReloadConfiguration
ConsolidateURLs
WebFilter
CompactDatabase
Warning: the configuration files may be reloaded by
the OST modules. Optenet does not recommend
scheduling this task. The configuration is reloaded by each
module when it is modified via web.
Consolidates the URL lists that WF initially loads and those
generated by traffic. It verifies the consistency of the list and if
there is an inconsistency, the cache list takes priority. It then
saves them to disk in their respective .crp files
Performs save and reload database operations so that the .dat
files used by WebFilter module are free of pending [ADD] and
[DELETE] operations.
Backups the following directories:
 Database directory.

Optenet’s lists

Custom Lists

Logs (directories ./log)
Backup
Central Manager
UpdateAVBases
DownloadCRPs
ResolveWolfUrls
2-16
Verifies the antivirus license and if it is valid, updates the lists
for the Antivirus module.
Downloads the complete .crp lists from the Optenet global
Servers (repository of categorized urls).
This is a WOLF specific task. Central Manager will resolve
through the DNS all domains associated to all URLs of the
legal lists (both Optenet’s and Custom’s), and will provide
CCOTTA with the list of resulting IP addresses through the
file listblackip.crp.
Note: You can also schedule a task that executes a user-defined shell command/script.
Backups
This section helps managing the backups created periodically by the Central Manager.
You can create backups (specifying the type of information to be backed up from the
Central Manager database), query the type of information and files contained in a
particular backup, and delete a backup.
OST makes backup copies of system files. OST can, for example, be programmed to
make a backup copy of any of the databases used by the system. Since it is the system
that makes the backup copy, the administrator can be sure that the backup copy is
consistent and uncorrupted.
Figure 2-15: Backups
Backup copies of the OST files can be made using the web administration interface. The
OST files that can be backed up are:
2-17

Configuration files: backup of all configuration data, including
modules configuration files, database of clients, filtering
configuration files and transactions.

Database files: backup of the database of clients.

Optenet lists: backup of Optenet’s URL, virus and spam signatures
lists.

Operator’s lists: backup of customer’s customized lists.

Logs: backup of log files.
Note: Optenet recommends performing the following backups:
1. a daily backup of the transaction files and the database;
2. a daily backup of the logs;
3. a monthly backup of the configuration files, client profiles and templates.
Note: The restore process is a very delicate operation. This is the reason why it is not
possible to carry out a restore operation through the interface. If you need to restore a
previously saved backup, please contact APS.
Host & Process Control
Figure 2-16: Hosts & Process Control
2-18
In this section, the status, module group and the available actions for modules in a host
are shown. Bear in mind that the Process Monitor module controls all other OST
modules. Therefore, if the administrator stops one of the modules using Linux
commands (kill), the Process Monitor will detect that the module is not responding,
raise an alarm and restart the module. This really depends on how the Process Monitor
is configured and what it is supposed to do in such an event. Hence, Optenet
recommends using the Web Administration interface to manage the modules and
processes of the OST architecture.
The available actions are:

Restart: terminates and completely restarts the module in a single
step.

Suspend: temporarily stops the module.

Resume: starts a suspended module.

Flush logs: forces the module to write the logs in the hard disk.

Reset counter: resets the counter of start attempts. When the
Process Monitor has made “N” attempts to start a module, this
module goes into Exhausted mode. The Process Monitor will not
attempt to start the module until the counter is reset.

Set Debug: enables debug mode.
Warning: Stopping the Central Manager or WebServer modules will prevent the web
interface from working.
By clicking on a host name, CPU, Memory or Hard Disk usage or in one of the module
names, a new window will be opened showing relevant information. Some examples are
shown below:
2-19
Figure 2-17: Host information
2-20
Figure 2-18: CPU information
Figure 2-19: Memory usage information
As shown in the image below, the performance of each module can be monitored. You
can set specific performance thresholds for each module. If these thresholds are
exceeded, an event will be triggered, which can be associated to an alert (see section
Alerts). Also, modules can be restarted automatically by ticking the corresponding
checkbox.
2-21
Figure 2-20: Modules performance configuration
Finally, if the SNMP service is enabled, the OST will respond to SNMP queries.
Host location
This screen displays a list of all hosts present in the installation and their physical
location if this has been defined. Hosts with the same physical location share the same
local Central Manager when the Extended Central Manager mode is in place. You can
define and modify hosts physical location. To do so, click the button in the location
column, enter the new location in the text box and click again to accept the changes.
You can also permanently delete a host from the installation by clicking delete on the
action column, or change the status from enable to disable by clicking the button on the
status column.
Figure 2-21: Host location
Warning: It is highly recommended to avoid changing these parameters. The “Delete”
action is irreversible and involves deleting both the host and the modules installed on it.
2-22
Filtering Log Configuration
Basic Concepts
This section explains the basic concepts to be taken into account when querying the
Reporter Module. There are two types of reports, depending on the data source type
being selected:

Monitor reports: these reports can query and consult raw logs
generated by the different filtering modules of the solution
(WebFilter, SMTPFilter, CCOTTA etc). They allow a complete
and detailed track of the traffic being processed by the solution.
o
Logs are stored in plain text, except some exceptions
where encryption is required for privacy purposes.
o
At service level it is possible to configure what to log:
nothing, all requests, only blocks, as indicated in each
filtering policy.
The administrator must adjust what has to be logged,
looking for a balance between performance, required disk
space and the type of reports needed.
For instance, if Firewall Service is configured to log all
requests, i.e. a record per connection, daily logs may have
a large size. Hence it could be more appropriate to log only
blocks or log as indicated in each filtering policy.
Such a configuration where accesses are not logged,
impacts the type of reports available. For example reports
based on accesses would have no sense, since no
information regarding allowed connections would have
been logged.

Service Reports: Report Modules periodically consolidate the logs
generated by the different filtering modules, and accumulate the
information in an optimized format in order to speed up the
execution of queries and provide the scalability required by ISPs,
MSPs and large enterprises. Service reports provide an intuitive
way to obtain summarized reports facilitating the analysis of
threats, customer’s behavior, policy enforcement etc.
o
Logs are stored in binary format, to improve performance.
o
Simultaneous accumulation in different time units.
It is possible to query the system and/or execute predefined reports, from two different
option menus:
2-23

Service Name >> Reports
>> Service Reports
>> Monitor Reports

Reporter >> Report Templates
The system can be queried in order to obtain information about the activity of any
filtering service:

Information to be calculated.

Grouping criteria (up to two levels).

Ordering criteria.

Filtering criteria.

Time Range to be considered.
The following table summarizes the information that can be calculated (these may vary
depending on the Service):
Calculated Field
Blocks
Accesses
Requests
Total
Size
Pages Viewed
2-24
Comments
Total number of blocked request (according to filtering policies
managed by a given service).
Total number of allowed request:
 Either by a filtering policy with “Bypass” as action
 Or those allowed by default since no blocking policy was
applied
Total number of requests (Blocked ones + Allowed ones)
Number of operations (redirections in AutoNotices Service,
Size of the Processed request measured in bytes.
Depending on the service it can represent:
 The size of processed mail (in case of mail filtering services)
 The size of t
Number of visited web pages (web/wap filtering service).
From the requests, the system estimates the number of pages that
users have been browsing (differentiating pages from embedded
resources).
Calculated Field
Comments
Navigation time in seconds (web/wap filtering service)
Navigation Time
URI
OST manages estimations when providing this information. It
is important to outline that Navigation time does not refer to the
time taken to download the objects but the time that a particular
user is browsing a particular resource (global navigation,
navigation classified as a given category etc).
Domain/Subdomains of the requested URLs
Log Configuration
Each module within OST can be linked to the Reporter so that the latter can request and
store information. You can select which log servers are associated to the Reporter at any
one time in the frame labeled Log Servers. You can do this by selecting the various
information sources. Unselected information sources will not log any filtering activity.
Figure 2-22: Logs configuration
2-25
It is also possible to activate the encryption of the communication from and to the
reporter modules and to activate the checksum integrity of the logs to prevent them
from being manipulated.
The bottom frame is used to configure each information source, also called log server.
First you can decide to log all requests, only blocked requests or as indicated in each
filtering policy.
Then you can set the number of days to keep detailed logs both in each module’s local
log directory and the reporter’s log directory.
Note: The reporting tool uses ONLY information previously stored in the reporter’s log
directory.
You can define the parameters that govern how Reporter accumulates and compresses
data for each module. The Reporter requests information from the modules and then
structures this data in order to process it efficiently. This information can increase in
volume significantly; therefore the Reporter includes a data collection system that
allows a considerable reduction of this data volume. The system works by gradually
summarizing data according to a series of selections. In this way a huge amount of disk
space is saved and calculations are performed extremely quickly, at the same time as
maintaining the ability to generate a great number of reports. The downside is that there
is a slight loss of precision in the data since it is accumulated over a period of time (a
complete hour, a complete day, etc.).
It is also possible to set how many days of data to keep in the files of data collected by
the hour, how many months of data in the files collected by the day, and how many
years of data in the files collected by the month.
Moreover, the administrator can indicate whether the files of a particular type should be
archived before they would otherwise be converted by transferring them to a file type of
lower granularity (data collected by the hour can be transferred to form part of a larger
file of data accumulated by the day). These backups can be made independently for
each type of file (hours, days, or months).
Default log configuration

2-26
Content Filter serice:
o
Detailed logs: 1 days
o
Days in hour: 7
o
Months in days: 1
o
Years in Months: 1






Antispam Filter:
o
o
Days in hour: 7
o
Months in days: 1
o
Years in Months: 1
Firewall: Only log if requested in the policy
o
o
Days in hour: 7
o
Months in days: 1
o
Years in Months: 1
AdsFree: Only log blocked actions
o
o
Days in hour: 7
o
Months in days: 1
o
Years in Months: 1
Autonotice:
o
o
Days in hour: 7
o
Months in days: 1
o
Years in Months: 1
WebProxy (only in UDM mode): Only log if requested in the policy
o
o
Days in hour: 7
o
Months in days: 1
o
Years in Months: 1
FTPProxy (only in UDM mode): Only log if requested in the policy
o
o
Days in hour: 7
o
Months in days: 1
2-27
o
Years in Months: 1
Note: Notice that by default [Traffic] log is not active. If you plan to monitor traffic
activity (dashboard module [General >> Monitoring >> Traffic History]) or execute
reports based on [Traffic] data source, then you should activate traffic activity logging in
this section.
Events
Figure 2-23: Events
When OST is working, information messages are generated after certain events. These
can help the administrator to detect a problem or an inappropriate configuration. In this
section you can see all the events of the system and their description. You can also
configure parameters of their behavior, for example:

The necessary number of occurrences over a period of time that an
event must occur before it is actually triggered.

The maximum and/or minimum threshold of an event, if
applicable.
OST Reporter classifies system events according to severity criteria:
2-28

Critical errors: These are for the most serious errors that can
occur in the system. They are produced when the system performs
actions that corrupt its functioning. They cause the reporting tool
to stop working, with no possibility of recovery.

Severe errors: Very serious errors that cause the reporting tool to
function incorrectly, meaning that the results it provides may be
unreliable. They can sometimes cause the reporting tool to stop.

Warnings: Notices to the system administrator concerning
situations that could potentially result in a severe error. They are
not in themselves especially serious but they can indicate that an
error is imminent or that non-vital operations have not been
executed successfully.

Information: These are informative messages about the
functioning of the system. They inform the administrator that
certain background-level operations have been completed
correctly.

Verbose: These are system troubleshooting messages that allow
the administrator to track a possible system problem more closely.
Normally they are deactivated. The storage of information in
Verbose mode uses up a large quantity of resources and reduces
application performance. For this reason, as a general rule it should
only be activated at the request of Optenet technical support.
Each message is identified by a code. This code is unique and each code has been
classified as one of the five types of messages described.
Figure 2-24: Events parameters
As a system administrator you can also define custom events. Custom events must have
a numerical ID with a value between 9000 and 9999 and a severity level (critical, error,
warning or info). Optionally, you can include an event description. Custom events are
the only events that can be associated to a filtering policy. In this case, when an event is
associated to a filtering policy, each time the policy is executed, the event will be
triggered.
Some predefined events enable the configuration of additional triggering conditions
(threshold of resources consumption reached, number of occurrences in a given period
of time etc). At the time of writing this manual, some of these events were:
2-29
Event ID
4551 to 4579
4586
Figure 2-25: Predefined events with triggering conditions
Alerts
In this section you can set, edit and delete alerts. Alerts can be triggered by a number of
events (see previous section).
Figure 2-26: Alerts
Press New to create and configure a new alert. In the first tab you can select the events
that will trigger the alert, while the second tab displays the actions available:
2-30

Record the event in the system log.

Record the event in the internal log.

Send the event information via SNMP trap.

Send the event information via e-mail.
Figure 2-27: New alert
Details about the types of messages generated by OST can be found in Appendix A.
Click Default Conf. button to define:
2-31

Logging/Notifications default configuration based on Event
severity

For email notifications, set the default values for mail subject,
sender and addressee.
Figure 2-28: Predefined events with triggering conditions
Password Control
This section allows to define the password security policies for the administrators.
Figure 2-29: Password security settings
2-32


Password policy: defines the number of simultaneous sessions allowed and the
login attempts allowed before locking the user in case of an incorrect password.
By default all the values are 0 (deactivated)
o
Number of Multiple sessions allowed
o
Incorrect Password Attempts Allowed
o
Lock Time Period (in seconds) in case of password locked.
o
Password History Check: defines the number of previous password to
check in case a password change is required
o
Minimum Password Period (in days)
o
Maximum Password Period (in days)
o
Password Must Change on first login. If this is selected, the
administrator password must be changed on the first login
Password Strength: defines the minimum password strength requirements.
Those passwords which do not honor these requirements will not be permitted.
By default all the parameters are 0 (deactivated) except for the minimum length
(6 characters):
o
Minimum Length of the password
o
Minimum lowercase letters
o
Minimum uppercase letters
o
Minimum numeric characters
o
Minimum symbols characters
o
Minimum number of numeric characters in the middle
o
Minimum number of symbol characters in the middle
o
Check sequential letters (like abc)
o
Check sequential numbers (like 567)
o
Check keyboard pattern used (like azerty, qwerty…)
o
Check sequence repeated (like abcabc or 123123)
o
Check sequence mirrored (like abccba or 123321)
External Servers
This screen allows you to create and manage connections to external servers. External
servers of the same type can be grouped in clusters.
2-33
Figure 2-30: External servers
The different types of server clusters you can define are:
2-34

Messaging clusters:
o

DNS clusters:
o


DNS: these servers will translate hostnames to IP
addresses.
PROXY clusters:
o

SMTP: these servers are used to send mail alerts (see
Alerts in this same section). If the solution is configured in
proxy mode with SMTP filtering, these will be the servers
that would receive filtered mails.
PROXY: you may define proxy servers to redirect traffic
and access the internet.
User identification/authentication clusters:
o
LDAP: define LDAP servers to be able to create user- and
group-based rules.
o
NTLM: use these servers if your authentication is based on
the well-known Microsoft authentication protocol.
o
Kerberos: use these servers if your authentication is based
on Kerberos authentication protocol.
o
DCAgent Server: these servers associate user name and
corresponding IP address, when a domain log in event is
detected.
SNMP clusters:
o
SNMP: SNMP trap alerts will be sent to this type of
servers.
Cluster Types based on their nature:

Round Robin of primary and secondary Servers:
o
The cluster
mechanisms.
o
Servers can operate in primary mode or Secondary mode.
o
Primary Servers offer load balancing. There must be at
least a primary server in the cluster.
o
Secondary Servers will not be used unless all primary
servers are down. In case of having several secondary
servers they will also offer redundancy.
provides
redundancy
and
balancing
2-35
o


Belonging to this type: DNS, SMTP, Proxy, LDAP,
NTLM
Round Robin of Primary Servers:
o
Similar to previous case, but due to the nature of the
service, it has no sense having secondary servers.
o
Belonging to this type: Kerberos
Multicast:
o
Notifications are being sent to ALL servers in the cluster.
o
Belonging to this type: SNMP
Figure 2-31: External server configuration
You can add servers to clusters and change their priority within the cluster. Servers can
operate in primary or secondary mode. Usually, two primary servers are defined for
load balancing purposes. Secondary servers are defined for redundancy purposes. The
operation in the two cases is detailed below:
2-36

Balancing: when an OST tries to establish a connection with a
cluster, it connects to the first primary server in the list (server A).
Only when a request to server A is not answered, the OST will
connect to the next available primary server (server B). Server B
will then be the default option unless it also fails to answer a
request. In this case, the OST will try to connect to the first
primary server again (server A).

Redundancy: when an OST tries to establish a connection with a
cluster, it connects to the first primary server in the list (server A).
Only when a request to server A is not answered, the OST will
connect to a secondary server (server B). Server B will then be the
default option during a limited period of time. Then the OST will
try to connect to the primary server again.
There must be at least one primary server per cluster.
SMTP Clusters and Servers:
Figure 2-32: SMTP cluster
The above screen is shown when a SMTP cluster is created. SMTP clusters are created
for two main purposes: send e-mails notifications (default cluster) and receive scanned
e-mails (only in proxy mode).
If the cluster is set as default, it will have a predefined name (SMTPDefault) and the
servers associated to this cluster will be used to send e-mail notifications and, if in
proxy mode, as the default e-mail receiver. If the solution is configured in proxy multidomain mode, you will be able to create several SMTP clusters and associate to each
one of them a number of mail domains. Scanned e-mails with a receiver belonging to a
domain associated to a cluster will be redirected to this cluster. Otherwise it will be
redirected to the default cluster.
Note: Mail domain association will only be shown in multi-proxy mode.
2-37
Figure 2-33: SMTP Server
To create a SMTP server within a cluster, you must define the following parameters:

Server name

Server IP address or domain

Listening port (default 25)

Status

Operation mode (primary or secondary)
DNS Clusters and Servers:
There can only be a global DNS cluster in the solution, which is called DNSDefault.
You may add as many DNS servers to this cluster as you like. All DNS servers are
operating in primary mode and have the following parameters:

Server name

Listening port (53 by default)


Status
Proxy Clusters and Servers:
Proxy clusters are created for two main purposes: configure a proxy to be used by the
solution to access the internet (default cluster) and allow for WebProxy policies where
the action is to chain a request to a parent or child proxy (see section WebProxy →
Filtering Policies in Chapter 4).
2-38
If the cluster is set as default, it will have a predefined name (ProxyDefault) and the
servers associated to this cluster will be used by the solution to access the internet in
order to download URL database, Antivirus signatures, Spam signatures and to check
the license.
Figure 2-34: Proxy server
To create a Proxy server within a cluster, you must define the following parameters:

Server name



User and Password (optional)

Status

LDAP Clusters and Servers:
The OST uses LDAP clusters to retrieve user names and passwords in order to
authenticate Administrators (as seen in section General Management → Administrators)
or to facilitate user/group based filtering policies (see section WebProxy→Filtering
Policies in Chapter 4).
2-39
Figure 2-35: LDAP Server
To create a LDAP server within a cluster, you must define the following parameters:
2-40

Server name


Choose whether or not you want to encrypt communications with
the LDAP.


Type of LDAP: W2K (default), iPlanet, Lotus

Status


Queries to be used to gather users and user groups.
o
By pressing Load Predefined Values button, default
queries will be generated. The field HA1 will be only
required in order to offer http Digest Access
Authentication.
o
The field HA1 will be required in case of using this LDAP
server to offer webproxy basic authentication policies of
the type http DIGEST.
Warning: In order to provide policies based on user groups, remember to give the SAME
NAME to the cluster that provides the authentication (NTLM, Kerberos or DCAgent),
and the cluster that provides information about groups (LDAP).
NTLM Clusters and Servers:
OST uses NTLM clusters for user/group authentication, facilitating user/group based
filtering policies (see section Web Proxy → Filtering Policies in Chapter 4).
Once the cluster is created, to create a NTLM server within the cluster, you must define
the following parameters:
2-41

Server name



Status

Kerberos Clusters and Servers:
Figure 2-36: Kerberos cluster
The above screen shows how a Kerberos cluster is created. Like NTLM clusters, OST
uses Kerberos clusters for user/group authentication, facilitating user/group based
filtering policies (see section Web Proxy → Filtering Policies in Chapter 4).
In case of a Kerberos cluster, some additional steps are required in order to register the
Service:
2-42

Manual operations:
o
Provide a name to the proxy-CCOTTAs in the DS
(Domain Server). This operation will be repeated as many
times as needed (as many times as CCOTTA instances are
installed).
o
Register the domain name as Service Server in the
KDC.AS (Kerberos authentication Server).

Edit the Cluster and click on [Register] button.

Ask a Service key. If key expires, indicate how often encryption
key will be renew automatically.
Figure 2-37: Kerberos Server
To create a Kerberos server within a cluster, you must define the following parameters:

Server name


DCAgent Clusters and Servers:
DCAgent clusters are mainly used to identify users/groups in bridge mode deployments.
Although they could also be used in proxy deployments, it is not recommended.
Servers associated to a DCAgent cluster have the following parameters:
2-43

Server name


DCAgent Clusters and Servers:
DCAgent clusters are mainly used to identify users/groups in bridge mode deployments.
Although they could also be used in proxy deployments, it is not recommended.
Servers associated to a DCAgent cluster have the following parameters:

Server name


Note: DCAgent clusters are not available by default. Set the
WebFilter.con#UseInternalAuthentication=True to activate this functionality.
variable
SNMP Clusters and Servers:
There can only be a global SNMP cluster in the solution, which is called SNMPDefault.
You may add as many SNMP servers to this cluster as you like. All SNMP servers are
operating in primary mode and have the following parameters:
2-44

Server name

Listening port (161 by default)


Status
Account Management
This section allows the administrator to provision clients with different services, as well
as to add managers and associate servers and authentication methods to each of them.
Provisioning
In this section the administrator can search for and delete existing clients, as well as add
new clients with their provisioned services and packages.
2-45
Figure 2-38: Provisioning customers
The frame on the left hand side of the screen allows the Administrator to search for,
delete and create new clients. On the right hand side frames, the Administrator can edit
the details of each client. More specifically, the Administrator can define:
2-46

Client’s details:
o
Client ID
o
Type of client: enterprise, residential or mobile.
Depending on the selection, the services available to the
client will vary. Enterprise services offer more
functionality to the clients, while Residential services offer
simplicity and ease of use.
o
Administrator’s ID and Password
o
E-mail address (optional)

Client Services: Services and service packages provisioned to the
client. This frame shows the available services and service
packages for the client and the provisioned ones (see section
Service Packages in Chapter 3 for more information on services
and packages).

Client domains: domains entered in this frame will be associated to
the client. If in proxy mode, all e-mails addressed to these domains
will be sent to the client’s SMTP server if available, and will be
affected by the filtering policies defined by this client. (see section
General Management →External Server and Account Management
→ External Servers for more information on external servers)

Client IP addresses and VLANs/MPLS: IP addresses and,
optionally, VLANs or MPLS associated to the client (only for
enterprise and residential clients)
Note: This screen is intended mainly for demonstration and control purposes. Massive
client provisioning, should be done using other procedures.
2-47
Client users
Figure 2-39: Client users
This section is used to search for and edit existing client users, as well as to add new
users with their password and, optionally, e-mail address.
The types of users that can be added are:
2-48

Client Administrator: this user can log in the client graphical
interface with full access to its configuration.

Account User: this user can only access his or her own quarantine.
That is, this type of users has sense if the license includes antivirus
mail and/or AntiSpam and/or AntiPhishing mail.

Proxy User: if in proxy mode, this user may use these credentials
to be authenticated (see Chapter 4: WebProxy for more
information on Authentication).

Quarantine Administrator: it can access the client’s quarantine.
Hence, this type of manager can see messages in quarantine from
all users belonging to this client.

Monitor Administrator: has access to the reporting tool.

User group Manager: similar to monitor administrator but can
only create reports with data of associated users and/or groups.
This manager has to be associated to a set of LDAP users and
groups.

Read only Administrator: can access all options but with readonly permissions.
The user types Account User and Quarantine Administrator, are only available when a
SMTPFilter.In service is provisioned to the client. Proxy User type, on the other hand,
is only available for Enterprise clients when the solution is installed in proxy mode.
2-49
External Servers
Figure 2-40: Client external servers
This screen allows you to create and manage external server connections associated to a
client. The different types of clusters and servers you can define are:

SMTP: If the solution is configured in proxy mode with SMTP
filtering, these will be the servers that would receive filtered mails
for this client.

LDAP: define LDAP servers to be able to create user- and groupbased rules.

DCAgent: these servers will associate users with their IP
addresses.

NTLM: use this server if your authentication is based on the wellknown Microsoft authentication protocol.

Kerberos: use these servers if your authentication is based on
Kerberos authentication protocol.
See section General Management→External Servers for more information on external
servers.
2-50
Note: External servers created in this screen are only accessible by the client to whom the
clusters are associated. Only the client (and not the ISP administrator) will be able to use
this clusters information to create sources and destinations.
Service Packages
Figure 2-41: Service Packages
You can define different services and service packages within OST. For instance, you
can create various standards of service to offer to clients (i.e. basic, premium, etc.) and
group them to form a package. By default, services are classified in three categories:
2-51

Premium: aimed at residential type clients with access to the Selfcare Portal (access to the filtering configuration GUI)

Basic: aimed at residential type clients without Access to the Selfcare Portal (filtering configuration is defined globally at ISP level)

Business: aimed at enterprise type clients with full access to the
Self-care Portal.

To create a new service, first select the service Group (Residential,
Enterprise and Mobile) and then define a service by clicking New
on the top left frame.
Figure 2-42: Service details
Then frame display above will be shown. The following parameters must be specified
for each service
2-52

Service type: This can be Antivirus, AdsFree, Firewall, Mail
Filter, SMTPFilter.In, SMTPFilter.Out, MMSFilter, IDS/IPS,
Auto.Notices or Web Filter.

Service name: A name for the new service.

Catalogue status: Only active services can be provisioned on the
Provisioning section.

IID: Internal service ID, a unique identification for the service
used internally. These are some of the identifiers already used:
o
o
Residential Services:

[ContentFilter–Premium]: WC

[ContentFilter–Basic]: WB

[AdsFree–Premium]: AC

[AdsFree-Basic]: AB

[Activation-Basic]: TB

[Antivirus-Premium]: V3

[Antivirus-Basic]: V2

[AntiPhishing-Basic]: PB

[AntiPhishing-Premium]: PC

[FireWall-Premium]: FC

[FireWall-Basic]: FB

[SMTPFilterIn-Premium]: IC

[SMTPFilterIn-Basic]: IB

[Reporter-Premium]: RC

[IDSIPS-Premium]: DC

[IDSIPS-Basic]: DB
Enterprise Services:

[ContentFilter–Business]: WE

[AdsFree–Business]: AE

[Activation-Business]: TE

[Antivirus-Business]: AE

[AntiPhishing-Business]:
2-53

[AntiPhishing-Premium]: PE

[FireWall-Business]: FE

[SMTPFilterIn-Premium]: IE

[Reporter-Premium]: RE

[IDSIPS-Premium]: DE

Own Profile: Select this option to allow clients to change their
configuration. Otherwise default filtering policies will be applied.

Profile Policies file: Location of the policies configuration
template file. These are the rules that will be assigned to customers
with this service. Once the template has been associated to client,
each customer can edited the filtering configuration from the
customer interface.
Note: The template defined in “Profile Policies files” cannot be edited through the
graphical interface.
After defining all services, you can group them in packages by clicking New on the top
right frame.
Figure 2-43: Creating packages of services
Services and packages cannot be deleted. However, you can declare them obsolete,
which will remove the selected service or package from the corresponding list in the
Provisioning section (see section Provisioning). This will not affect clients already
provisioned with these services or packages.
2-54
Filtering Policies
Filtering is based on traffic analysis and the application of the configured rules. Each
filtering rule will be known as a “Policy”, which comprises the following information:

Policy Status, that indicates whether it is active or not:
o
On: Policy is Active, so it is being evaluated and applied
(if all associated conditions are fulfilled).
o
Off: Inactive. The policy is not being evaluated nor
applied.

Whom does the policy apply? : Source and Destination for the
traffic to be analyzed.

What triggering conditions have to be fulfilled to apply the policy
(Policy Profile)?

When has the policy to be applied? (Time schedules).

How will the Solution react (action to be applied)?
The behavior of the filtering Services will be directly conditioned by the policies that
have been defined and the order in which they are displayed.
The Solution will use a system of priorities that avoids conflicts between policies (for
instance, different policies of a same Service, affecting a user that belongs to two
different user groups, performing different actions for each group).
Note: Policies defined at ISP level have higher priority than those defined at Client level.
In general terms, policies are evaluated/applied following the order that shown in the
screen with the list of policies. For each Service, the first policy that fulfills all the
conditions will be applied.
Despite the given order, the Solution can only ensure that this ordering will be
completely taken into account when evaluating policies of the same Service. For
instance, a Firewall policy or IDS/IPS policy will be applied sooner than a web/wap
policy, since the fulfillment of the conditions for their application will be detected at an
earlier stage. So, policies will be applied grouped in “layers” according to available
Services, as detailed below:
Order
1. Firewall policies.
2. In case of Web traffic:
a. Web/wap policies.
b. AdsFree policies.
2-55
Order
c. Antivirus web policies.
d. AutoNotices (notifications).
3. In case of mail traffic:
a. AntiSpam policies.
b. Antiphishing policies.
c. Antivirus Mail policies.
As described previously in this manual, the application of policies will be directly
conditioned by the state of the Services:

Service is Active: All active policies (related to that service) are
evaluated. If any of them fulfills completely the required
conditions, the configured action will be executed and the
application of the policy will be registered in the logs (enabling the
generation of activity reports). Activity will be registered
according to log settings for the service and/or applied policy.

Service is Inactive: Policies related to the Service will not be
evaluated (nor applied).

Service is in Monitor Mode: Policies related to the Service will
be evaluated but never applied. If the service and/or policy are
configured to log activity, the solution will log “what would have
happened” if the Service was active.
Some additional considerations:
2-56


Most policies are “terminal” for the service they belong to:
o
That is, once the first policy that fulfills all the conditions
is detected, the configured action is executed and the rest
of candidate policies (with a lower priority) discarded. For
instance, if the Access to Internet is blocked for a given
user, due to a rule that blocks pornography, it has no sense
to keep on evaluating other policies that block other
prohibited categories or URL patterns.
o
On the other hand, other policies might be “Cumulative”.
Even when a given policy is applied, other policies (for the
same service) can be evaluated and potentially also
applied.
The fact of applying a policy that enables explicitly the traffic (that
is, no blocking action is selected) does not mean that the policies
related to the rest of services are not evaluated/applied. For
example: there may exist an AntiSpam policy that considers as
non-Spam e-mails whose sender is included in a Spammers
Whitelist and in consequence the configured action is to deliver the
email. However, other Services’ policies will also be evaluated
potentially blocking the e-mail, like an antiphishing policy; and/or
an Antivirus policy.
Policies
This screen provides information regarding the defined filtering policies for the
provisioned services: Web, AdsFree, AutoNotices, Antiphishing, Antispam.In,
AntiSpam.Out, Antivirus and/or Firewall.
2-57
Figure 2-44: Filtering policies
The screen displays a table with the various policies and information on the source &
destination they apply to, the action to be performed, the filtering conditions and the
time when they will be applied.
In the bottom part of the screen, detailed information on a selected policy is displayed,
the source & destination to which it is applied, the action, the conditions for its
execution and the time period when it is applied.
From this screen, you can delete a policy, edit it or change its priority by altering its
position in the list using the arrows.
Source & Destination
In this screen you can create, edit and delete Sources & Destinations by specifying the
criteria that are used in the various services of the application to determine who each
policy is applied to.
If you are using a provisioning system like LDAP or Windows Domains, the system can
use the existing user accounts and groups. To update the information you should use the
"Refresh" button. For other types of groups, data must be entered manually.
2-58
Figure 2-45: Source&Destination
The application offers a wide range of criteria to use when creating a Source or
Destination:
2-59

Services: This criterion can be used to associate a policy to a
single service or a group of them. For example, you may want to
apply a more restricted access to clients that have the service
WebFilter-Default.

Users and User Groups: When a provisioning service is
integrated, i.e. LDAP, the system is able to obtain both existing
users and groups using the Refresh button on the Users/Groups tab.
Otherwise, when a provisioning service is not integrated for a
client, the administrator can only add users for this particular
client.

Clients: If a client is added to a target group, all users that belongs
to this client will be affected by the policies where the target group
is included.

Mail Domains and Mail Addresses: Using these two criteria you
can specify a single e-mail address or a whole domain.

MSISDN: This criterion can be used to define Target Groups
aimed at WAP and MMS filtering.

Module: This criterion allows the creation of a Target Group
containing an Optenet Module. This enables the capability of
defining specific policies that will affect traffic analyzed by a
particular instance of the solution.

IP, VLAN, and MAC: Use these criteria to specify a range of IP
addresses, names of hosts, VLAN’s identifiers, MAC addresses,
physical Interfaces or a Network.
Different criteria of Sources and Destinations are valid for each available service, as
explained in the following table:
Service
WebProxy
Both source and
destination.
WebFilter,
AdsFree,
AutoNotices
Only source
WOLF
2-60
Valid Conditions
Conditions based on:
 Clients (ISP administration)
 IPs or IP Ranges
 VLAN Ids
 MAC Addresses
 Provisioned Services (ISP administration)
 Users
 User Groups (in case an LDAP is available)
 Module instance
Service
Valid Conditions
Only source
 Users
 Module instance
 IPs or IP Ranges (Web, SMTP.in, SMTP.out)
 Users (Antivirus web)
 User Groups (web)
 Module Instance (web)
 Mail Domains (SMTP.in, POP, SMTP.out)
 Mail Addresses (SMTP.in, POP, SMTP.out)
 IPs or IP Ranges (Web, SMTP.in, SMTP.out)
 Users (web)
 Mail domains (SMTP.in, POP, SMTP.out)
 Mail Addresses (SMTP.in, POP, SMTP.out)
 Users
 User Groups
 Module Instance
 Mail Domains (SMTP.in, POP)
 Mail Addresses (SMTP.in, POP)
 Users
 User Groups
 Module Instance
 Mail domains
 Mail addresses
 VLAN Ids
 MAC Addresses
Antivirus
Both source and
destination
AntiPhishing
Both source and
destination.
AntiSpam.In
Only destination
AntiSpam.Out
Only source
Firewall
Both source and
destination
Schedules
In a similar manner, it is possible to define different time frames or schedules when
policies will be applied. Schedules can be defined by date, days of the week or
particular time ranges in hours and minutes.
2-61
Figure 2-46: Schedules
The schedule Always is defined by default, allowing the application of a policy in an
absolute time frame.
OST configuration can be edited using the web interface by clicking on the Advanced
Configuration option in the menu on the left. The following screenshot shows the
configuration page of the web administration interface.
2-62
Figure 2-47: Advanced Configuration
In this page, you can edit and modify the configuration files. The changes you make to
the OST configuration using the web interface are replicated in all modules.
The following options are available in the configuration section:

Configuration files: select the file you want to edit.

Nodes: displays the available nodes within the selected
configuration file.

Keys: shows the available keys for the selected node. When you
select a key, a new section opens where you can delete the selected
key or set new values.
Warning: Changes in these settings require a good understanding of the Solution and its
configuration parameters. If in doubt, please refrain to introduce any modification, as this
may prevent the Solution from a correct operation.
2-63
Chapter 3: Web Proxy
This section describes the configuration options for the Web Proxy services. This
section comprises of the following sub-sections: Filtering Policies, Profiles and
Advanced Configuration.
Note: This service will only be available if the Solution is deployed in UDM mode.
Web Proxy policies, unlike the ones available for other services, will not be oriented to
filter content, although they represent a vital piece for identifying and authenticating
users. They represent a means to gather information about user and user groups to be
used as criteria in other policies.
In general terms, Web Proxy policies will enable:

General Actions: Enabling the Access/ denying the Access to
requested URL.

Caching actions: Deciding whether caching or not specific
content.

Authentication: By creating Web Proxy policies (and
establishing priorities among this policies), it can be easily
defined how to authenticate users and the type of authentication
to be used:
o
No authentication required.
o
Basic authentication (using Optenet repository, LDAPs
etc)
o
NTLM authentication, Kerberos authentication.

Proxy Chaining: Proxy chaining policies can be established so
that traffic can be redirected to different proxies and, optionally,
add additional HTTP headers with the information of the
requester (user, IP etc), so that this information can be used by
external systems.

Gathering of information: Registering information about
user/IP who is executing the request, taking this information from
HTTP headers. This can be a useful way to identify the user who
is really executing the request when the original IP has been
NATed. An external software/hardware would include the
information about the real user, so that he or she can be filtered
according to the defined filtering policies.
3-1

ssl-inspection: Only available in UDM deployment mode. This
action allow to inspect https traffic using a man in the middle
implementation (refer to OST SSL Inspection doc for more
details).

Captive Portal authentication: Only available in UDM
deployment mode. To allow to create ISP rules to redirect the
clients to a captive portal for authentication. This policy applies
to all the clients even without the WebProxy service provisioned.
Filtering Policies
Figure 3-1: Web Proxy Policies
This screen displays similar information to the one described in previous section
Policies but with the difference that only Web Proxy policies are enabled (blue
background). In addition to edition and deletion of policies, this screen allows new Web
Proxy policies creation and priority modification. After deleting a policy or changing its
priority, you must click Accept to confirm the modifications.
3-2
Figure 3-2: Web Proxy Policies: Status
When creating or editing a policy, the Administrator will select five different
parameters:

Status: Select whether the policy is going to be on or off. This
option lets you create and edit a policy before activating it.

Source and Destination: The collective of users, groups, IP, etc.
that will be affected by the policy (see Chapter 1: Source &
Destination for more information on Source and Destination
definition). This service requires both source and destination.
Figure 3-3: Web Proxy Policies: Source&Destination
3-3
The parameters that can be used for this section are:
Service
WebProxy
Both source and
destination.

Valid Conditions
 VLAN Ids
 MAC Addresses
Profiles: The group of conditions that must be satisfied to apply
the policy (see next section for more information on Web Proxy
profiles)
Figure 3-4: Web Proxy Policies: Action
3-4

Actions: The action the policy will carry out. In this case the
possibilities are:
o
o
o
General Actions:

Bypass: it allows accessing the requested URL.

Deny access: it blocks the access to the requested
URL.
Authentication: use this action to force user
authentication. The available authentication methods are:

Not required: no authentication required.

Basic: user name and password will be using the
indicated repository:

Optenet_Db: Local (internal) repository of users.

A list with all LDAP clusters will be shown
(created as External Servers). Choose the cluster to
be used. In order to reinforce the security (in case
the LDAP servers enable this option), Digest
authentication can be used.

NTLM: user name and password will be read
from a Windows Domain server defined by the
administrator. A list of all NTLM clusters will be
shown (defined as External Servers). Select the
one to be used.

Kerberos v5: to use Kerberos authentication, do
not forget to register a Kerberos cluster (defined as
external Server) for the realm to be authenticated.
In this case, it is possible to select a fallback
authentication (by selecting the fallback check
box) so in case the browser doesn’t support
Kerberos authentication, NTLM authentication
will be requested to that browser.
HTTP/FTP Cache:

Cache: stores information on the cache directory
when the service is active (see Advanced
Configuration in Chapter 4)

Do not cache: avoids storing information even
when the service is active
3-5
Note: For a correct operation, the system time of all servers where the solution is
installed must be synchronized. Web servers return http headers with the request’s
expiration date. If the system time is incorrect this can cause the cache content to be
continuously invalid or even not become invalid when it should have expired.
o
o
Proxy Chaining:

Forward IP: adds the client’s IP address as a
header to the HTTP request. The name of the
HTTP header to be added must be typed.

Forward User: adds the user name as a header to
the HTTP request. The name of the HTTP header
to be added must be typed.

Establish direct connection: establishes direct
connection with external host avoiding chained
proxies.

Chain proxy: the request is redirected through
another proxy. You may also Forward IP or
Forward User information. In this case it is
required to have a Proxy server previously defined
(see section External Servers>Proxy cluster)
Gathering of Information: The policies with this type of
actions will enable to gather the IP and/or User from an
HTTP header, overwriting the requester IP (that can be
the one of a router, proxy, etc.). They will enable to store
this information so that it can be used by other policies of
other services that only have to be applied to a certain list
of users/IPs.


3-6
User Information: user name is read from an
HTTP header defined by the administrator. Type
the name of the header and the type of encoding:

Plain Text.

Base 64

HTTP
Authentication
(“username:realm:password”)
IP information: IP is read from an HTTP header
defined by the administrator. Type the name of the
header.

o
Client ID: The client ID is read from an HTTP
header defined by the administrator. Type the
name of the header. In this case the client will be
identify with this header instead of using the IP
address as usually.
ssl-inspection: activating this action will allow to
inspect all the https traffic. The solution is based on a
man in the middle implementation. This allow to block
any https URL (not only the hostname), analize the
content of the website, block files and detect virus.

Ignore certificate errors: If this option is
selected, invalid certificates will be bypassed. If
this option is not selected, invalid certificates
will show an HTTP Proxy error: SSL server
isn't valid: Invalid Common Name (Invalid
Common Name)
Figure 3-5: Web Proxy ssl-inspection: Invalid certificate

Captive portal authentication: if this option is selected, all the
clients (even if don’t have the WebProxy service provisioned) will
be redirected (when starting their navigation) to a Captive Portal
for authentication. The captive portal uses cookies for
atutentication. This cookies expire with the browser session and
have a two hours time to live. The captive portal is fully
customizable. By default this screen shows a “Use default profile”
to allow the clients with more than one user, to configure a default
profile.
3-7
Figure 3-6: Web Proxy Captive portal
The captive portal can be configured to use any web page by
configuring:
o
The captive portal URL
o
The secret shared key (to encrypt the cookie)
Figure 3-7: Web Proxy Captive portal configuration

Schedule: The frame of time when the policy will be activated (see
section General>Filtering Policies>Schedules for more information
on schedule definition)
Profiles
In this section it is possible to create, edit and delete the profiles used to define Web
Proxy policies. Each profile is comprised of a number of conditions such as Port,
Browser, HTTP Method, URL scheme, URL host and URL path.
3-8
Figure 3-8: Web Proxy Profiles
The top left frame lists the profiles that have been defined by the Administrator and
allows creating, deleting or editing a profile. On selection of one of these profiles, the
top right frame will display its details.
A Profile must be understood as a “Boolean expression” where conditions can be
entered in the different tabs (tabs group conditions based on their nature):

By default, conditions under a same tab are connected by [OR]
operators.

A checkbox [Necessary Condition] will enable to toggle between
[OR] and [AND] operators.

A checkbox [Inverse Condition] will enable to negate conditions.
Profiles are created and edited in the bottom frame, where it is possible to define the
following conditions:

Port: in a similar way, you can also define the source and
destination port of the request.
3-9



3-10
Browser Control: There is a set of browsers defined by default
but the user can define a custom browser based on the User Agent.
The default browsers defined are:
o
Firefox
o
Safari
o
Chrome
o
Opera
o
Internet Explorer
HTTP Method: the HTTP methods available are:
o
GET: The GET method means retrieve whatever
information (in the form of an entity) is identified by the
Request-URI.
o
POST: The POST method is used to request that the origin
server accept the entity enclosed in the request.
o
PUT: The PUT method requests that the enclosed entity be
stored under the supplied Request-URI.
o
HEAD: The HEAD method is identical to GET except that
the server MUST NOT return a message-body in the
response.
o
OPTIONS: The OPTIONS method represents a request for
information about the communication options available on
the request/response chain identified by the Request-URI.
o
CONNECT: This specification reserves the method name
CONNECT for use with a proxy that can dynamically
switch to being a tunnel. For example, SSL tunneling.
o
TRACE: The TRACE method is used to invoke a remote,
application-layer loop- back of the request message.
o
DELETE: The DELETE method requests that the origin
server delete the resource identified by the Request-URI.
o
OTHER
URL Scheme: selects the scheme or protocol that will apply to the
profile. The options are:
o
HTTP
o
FTP

URL Host: use this option to include URL hosts. You can use ‘*’
as a wildcard.
Example: “/webmail*.myCompany.*”

URL Path: use this option to include the string of the URL that
contains the path, including the query. You can use ‘*’ as a
wildcard.
Example:
If “MyPage.php” is entered:
The request of the following webpage would match the condition:
http://10.222.0.234/MyPage.php
Use this section to configure the advanced settings of the WebProxy service. It consists
of two subsections: Cache Settings and SSL & Authentication Settings.
Cache Settings
Cache Settings for HTTP and FTP objects.
3-11
Figure 3-9: Web Proxy Advanced Configuration
Cache Service features:


3-12
Independent cache service for HTTP and FTP objects. This
approach is more flexible than allocating HTTP and ftp objects in
a single cache since:
o
The HTTP and FTP cache Services
activated/deactivated independently.
can
be
o
It will be possible to establish separate settings.
o
There will be Independent maintenance processes to free
memory.
There will be a cache repository in RAM and another in disk.
HTTP Cache Settings:

Path: Directory where the cache repository will be located. By
default: “./httpcache”

Max. Cache Size:

o
Cache Size: Max. Cache size in disk (GB). By default: 10
GB.
o
Max. Cache Size in RAM: Maximum size of RAM
occupation by cached objects (in MB). By default: 256
MB.
Max. Size of HTTP objects to be cached:
o
Max. Size in RAM: Max. Size of an HTTP object to be
cached in RAM (in Kb). By default: 30 Kb.
o
Max. Size in Disk: Max. Size of an HTTP object to be
stored in disk (in Kb). By default: 2048 Kb.

Option “Remove proxy & cache HTTP headers”: If this checkbox
is marked, no header will be added to the served content related to
neither proxy nor cache management.

Option “Ignore no-cache Request Directive”: It will be possible to
configure whether to ignore or not the presence of the directive “no
cache” in the requests. Marking this option, a better performance
will be achieved.

Freshness revalidation for cached objects:
o
Based on HTTP directives received along with the HTTP
object being cached (proxy-revalidate/no-cache, expires,
max-age/s-max-age, last-modified …) or applying
heuristic calculations.
o
In case the directive “Last-modified” is received (and no
other directive related to time expiration is being received),
the cached object will be given a freshness value that
results from applying the following formula:
(Now – Last Modified date) * Factor
That is, it will be possible to configure the factor to
calculate the freshness of HTTP object based on the date
they were modified for the last time.
3-13
o
It will be possible to optionally overwrite the minimum
time and/or maximum time for an object to be cached
(despite the freshness value indicated by HTTP directives
or any other heuristic calculation).

Min. Cache Time: Indicate the minimum time
object will be allocated in cache (seconds |
minutes | hours | days).

Max. Cache Time: Indicate the maximum time
objects will be allocated in cache (seconds |
minutes | hours | days). By default, objects will be
allocated no longer than 7 days.
Let us see it with an example:
Let’s suppose that:
“Last Modification date” = Day D, 10:00:00 h
“Date the object was saved (cached)” = Day D, 11:00:00 h (difference = 3600 seconds)
If Factor = 1.0  the object if fresh/valid for another 3600 seconds (3600*1) since
11:00:00 h
If Factor = 0.1  the object is fresh/valid for another 360 seconds (3600*0.1) since
11:00:00
If the calculated value is lower than the one indicated by “Min. Cache Time” (and the
corresponding checkbox is marked)  the value configured as “Min. Cache Time” will
be taken.
If the calculated value is greater than the one indicated by “Max. Cache Time” (and the
corresponding checkbox is marked)  the value configured as “Max. Cache Time” will
be taken.
3-14
FTP Cache Settings:

Path: where the cache repository will be located. By default
“./ftpcache”

Max. Cache Size:


o
Cache Size: Max. Cache size in disk (GB). By default: 10
GB.
o
Max. Cache Size in RAM: Maximum size of RAM
occupation by cached objects (in MB). By default: 0 MB.
The goal is not caching FTP objects in RAM by default.
Max. Size of FTP objects to be cached:
o
Max. Size in RAM: Max. Size of a FTP object to be
cached in RAM (in Kb). By default: 0 Kb.
o
Max. Size in Disk: Max. Size of a FTP object to be stored
in disk (in Kb). By default: 102400 Kb.
Time to Live for all FTP cached objects:
o
Cached FTP objects will expire based on an only
parameter (TTL), common to all FTP objects. TTL may
come in minutes, hours, days.
o
By default: 1440 minutes.
Maintenance:

As it was outlined previously, there will be separate maintenance
processes for HTTP and FTP cache repositories.

It will be possible to configure a threshold of occupation. Once this
threshold is exceeded, oldest objects will be removed:
o
When an absolute occupation value is reached (in GB).
o
Or, when a % of occupation is reached (related to the
maximum reserved space for the repository).
o
By default: Free memory whenever a 95% of occupation is
reached (that is, whenever there only remains a 5% of free
space).
Empty the cache:

It will be possible to remove all objects from the cache (both in
memory and disk).
3-15

The emptying can be selective:
o
All objects (Empty FTP Cache and HTTP Cache).
o
Only HTTP Objects.
o
Only FTP Objects.
Authentication Settings
Figure 3-10: Web Proxy Authentication Settings
Use this section to configure the authentication functionalities. More specifically:

Indicate whether the solution has to obtain user group information
from external LDAP Servers, so that Source & Destinations based
on groups can be evaluated. Set the time-to-live (TTL) for the
information user / user groups to be cached in memory avoiding
unnecessary accesses to those LDAP Servers.

In case of providing LDAP HTTP
DIGEST Access
Authentication (Authentication policies based on basic
authentication of the type Digest Access), type a value for the TTL
of the Server query result (TTL of the authentication validity,
without requiring the re-typing of credentials). In case of receiving
two consecutive requests within that period, the counter will be
reset, extending the TTL of the Server query result.
PAC file
In this section it is possible to create the rules required to use a PAC file to configure
the proxy in the customers browser.
3-16
Figure 3-11: Web Proxy PAC File
It is possible to define exceptions to the use of proxy (exceptions to be covered by the
PAC File distributed) based on:

IP ranges.

requested urls patterns.
It is necessary to select the check box “Enable Clients to create exceptions” to allow to
the enterprise customers to define their own rules. Only the enterprise customers can
create their own rules.
The PAC file with the rules will be stored in the following URL:
ADMINISTRATOR_GUI_URL/public/PAC/getpacfile.htmopt
3-17
Chapter 4: FTP Proxy
This section describes the configuration options for the FTP Proxy services. This
section comprises of the following sub-sections: Filtering Policies, Profiles and Reports.
Note: This service will only be available if the Solution is deployed in UDM mode.
Filtering Policies
Figure 4-1: FTP Proxy Policies
This screen displays similar information to the one described in previous section
Policies but with the difference that only FTP Proxy policies are enabled (blue
background). In addition to edition and deletion of policies, this screen allows new FTP
Proxy policies creation and priority modification. After deleting a policy or changing its
priority, you must click Accept to confirm the modifications.
4-1
Figure 4-2: FTP Proxy Policies: Status
parameters:


definition). This service requires both source and destination.
Figure 4-3: FTP Proxy Policies: Source&Destination
4-2
Service
FTPProxy
Both source and
destination.

Valid Conditions
 VLAN Ids
 MAC Addresses
the policy (see next section for more information on FTP Proxy
profiles)
Figure 4-4: FTP Proxy Policies: Action
4-3

possibilities are:
o

General Actions:

Bypass: it allows accessing the requested FTP
resource.

Deny access: it blocks the access to the requested
FTP resource.
o
Log activity: selected by default. To enable to log the
activity of the FTP requests
o
Associate an event to this policy. If selected the text box it
is possible to select an event to be associated to this policy.
Schedule: The frame of time when the policy will be activated
(see section General>Filtering Policies>Schedules for more
information on schedule definition)
Profiles
In this section it is possible to create, edit and delete the profiles used to define FTP
Proxy policies. Each profile is comprised of a number of conditions such as FTP
command, FTP users, hosts and directories.
4-4
Figure 4-5: FTP Proxy Profiles
A Profile must be understood as a “Boolean expression” where conditions can be
entered in the different tabs (tabs group conditions based on their nature):

By default, conditions under a same tab are connected by [OR]
operators.

A checkbox [Necessary Condition] will enable to toggle between
[OR] and [AND] operators.

A checkbox [Inverse Condition] will enable to negate conditions.
4-5

FTP Command: the FTP Commands available are:
o
Read commands: ABOR, MDTM, PASV, STRU, ACCT,
MODE, PORT, SYST, CDUP, NLST, PWD, TYPE,
CWD, NOOP, REST, USER, HELP, SIZE, XCUP, LIST,
PASS, SMNT, XPWD
o
Write commands: ALLO, MKD, RNTO, STOU, APPE,
RMD, SITE, XMKD, DELE, RNFR, STOR, XRMD

FTP Users: it is possible to create a list of FTP that will apply to
the profile.

FTP Host: use this option to include URL hosts. You can use ‘*’
as a wildcard.
Example: “ftp*.myCompany.*”

FTP Directories: use this option to include the FTP directories to
include or exclude.
Reports
Service Reports
This section is used to configure the Webfilter service reports that will be requested.
Both the data that will make up a report and the report's format can be edited.
4-6

Type of report:
o
Accesses: The total number of requests that were allowed.
o
Blocks: The total number of requests that were blocked by
the filter.
o
Requests: The total number of requests, allowed and
blocked, that meet the conditions of the report.
Figure 4-6: FTP Proxy Service Reports
The report has several different criteria that allow the administrator to filter and create a
more specific report.
4-7

Groupings: The grouping criteria allow the administrator to set
the data field or attribute by which the values displayed in the
report will be grouped. Furthermore, the administrator can create a
sub-grouping of the group criteria. For example, the results can be
grouped by Days, and then further grouped by FTP Command. So,
in the report, the results are broken down by day, and within each
Day group, the results are sorted by FTP Command.

Selection Criteria: The report can have conditions that include or
exclude several parameters (shown in the Use selection criteria
section). Click on the checkbox to enable the frame on the right. In
this frame you can select different fields to include or not include.
Type in the parameter (e.g. Client ID of XXXX in or not in) and
these conditions will then appear in the main condition box.
You can also customize the report by:

Time Frame

Format: table, graph, line graph or pie chart

Order: ascending or descending order

Data computing: shows absolute or percentage figures.

Records to show
Once the report is generated, it can be exported to:

PDF

HTML

CSV
Monitor Reports
This section allows the administrator to create a detailed report on clients’ history.
These reports display the filtering statistics of clients’ activities.
The report can have conditions that include or exclude several parameters (shown in the
Use selection criteria section). Click on the checkbox to enable the frame on the right.
In this frame you can select different fields to include or not include. Type in the
parameter (e.g. Client ID of XXXX in or not in) and these conditions will then appear in
the main condition box.
4-8
Figure 4-7: FTP Proxy Service Reports
4-9
Chapter 5: WEB/WAP
This service allows blocking browsing sites within specific categories (such as
pornography, games, drugs, etc.), set up whitelists and blacklists of sites, prevent certain
file types from being downloaded, set schedules for rules in order to define when access
is available and establish time limits on browsing.
This section describes the configuration options for the Web/WAP filtering services.
This section comprises of the following sub-sections: Filtering Policies, Profiles,
Category Management, Black- & Whitelists, Reports and Advanced Configuration.
Filtering Policies
Figure 5-1: WEB/WAP Filtering policies
This screen displays similar information to the one described in Chapter 1: Filtering
Policies but with the difference that only Web/WAP policies are enabled (blue
background). In addition to edition and deletion of policies, this screen allows new
Web/WAP policies creation and priority modification. After deleting a policy or
changing its priority, you must click Accept to confirm the modifications.
5-1
Figure 5-2: WEB/WAP Filtering policies: Status
parameters:


definition) The parameters that can be used for this section are:
Service
WebFilter
Only source
5-2
Valid Conditions
 Users
 Module instance

the policy (see next section for more information on Web/WAP
profiles)
Figure 5-3: WEB/WAP Filtering policies: Action
5-3

possibilities are:
o
Block: it blocks the access to the requested URL and
displays a blocking page.
o
Block with Password override: Blocks the access to the
requested URL by showing a blocking page that enables
the typing of a password. Select the Administrator’s
password to be used. By default “Any client administrator”
is configured.
o
Block with this URL: it blocks the access to the requested
URL and displays a blocking page specific for this rule.
o
o

In case of external URL: type http:// at the
beginning of the URL.

In case of internal URL: the required format
would
be:
“<Server_Name>@<Path_To_Blocking_Page>”
SSL Inspection and Digital Certificates validation (only
available if SSL inspection is selected in the profile, see
Chapter 6: Profiles): In case an invalid digital certificate is
found, the action to be performed must be selected:

Block access

Bypass

Ask User
Bypass: it allows accessing the requested URL.

(see Chapter 1: Schedule for more information on schedule
definition)

If the Log activity option is checked, policy execution will be
logged (see Chapter 1: Advanced Configuration for more
information on logging capabilities). In a similar way, if the policy
is associated to an event, each time the policy is executed an event
will be triggered, which could be also associated to an alarm (see
Chapter 1: Events and Chapter 1: Alerts for more information on
Events and Alerts)
There are two global Web/Wap filtering policies defined by default:
5-4

WebWapWL: This policy allows access to all URLs included in
the Whitelist (see Chapter 6: Black -&Whitelists). This will apply
to all Web/Wap filter services as long as this policy has the higher
priority.

WebWapBL: This policy denies access to all URLs included in
the Blacklist (see Chapter 6: Black -&Whitelists). This will apply
to all Web/Wap filter services as long as this policy has the higher
priority.
There are also two Web/Wap filtering policies that affect clients provisioned with the
Basic ContentFilter service:

AvoidViolence: This policy blocks access to URLs contained in
the following categories: anorexia and bulimia, bombs, drugs,
racism and sects.

DenyPorn: This policy blocks access to URLs contained in the
following categories: pornography, sexuality and models.
Profiles
In this section it is possible to create, edit and delete the profiles used to define
Web/WAP policies. Each profile is comprised of a number of conditions based on:

Web Categories.

File types and (optionally) restrictions for their size.

Exceptions:
o
List of URL to be included (even if they don’t belong in
the list of selected categories).
o
List of URLs to be excluded (even if they belong in the
list of selected categories).

Time Limit: Navigation quota.

Other advanced conditions (such as the verification of digital
certificates etc).
5-5
Figure 5-4: WEB/WAP Profiles
5-6

Categories: this section lists the content categories to include in
the profile. A category is a set comprising web pages related to a
specific type of content. These sets can be created using lists of
URL addresses, semantic URL analyzers, and content analyzers.
Click on ‘Include URLs not categorized’ to create a profile that
affects all URLs that are not included in any category.

Files: Use this option to select which file types will be affected
by this profile. This selection can affect files in all URLs or only
the ones selected on the categories or included/excluded URLs
sections.
Figure 5-5: WEB/WAP Profiles: Files
Note: If the Solution is deployed in proxy mode, it will also be possible to indicate a limit
in the size of selected file types.

Included URLs: Use this option to include URLs in the profile.
URLs added to this list will always satisfy the condition
regardless of whether it has been included in a category. It is
possible to include a website with regular expressions in the
section Regular Expression of Included URLs:
Example:
http://www.website.com/*
http://www.website.com/*/images
To include several URLs, each one of them must be entered on a new line.
5-7

Excluded URLs: Use this option to exclude URLs from the
profile. URLs added to this list will be considered an exception,
and will never satisfy the condition regardless of whether they
have been included in a category.

Temporal Exception: Use this option to set a period of time
when the policy will not be applied. This criterion can be used to
define navigation quotas.
Figure 5-6: WEB/WAP Profiles: Time Limit
Note: Temporal exceptions policies are calculated by user or IP address. If a user or IP
address is affected by more than one policy with a temporal exception, all policies will
contribute to the time counter.
5-8

HTTP Method; This option allows to configure a profile
depending on the method used in HTTP protocol: GET, POST,
PUT, HEAD, OPTIONS, CONNECT, TRACE or DELETE.

Advanced: Use this option in order to establish the following
advanced trigger conditions:
Figure 5-7: WEB/WAP Profiles: Advanced

Verify persistent requests to prohibited pages: Each time a
given user (or IP, depending on Solution settings) is blocked by a
WebFilter policy, his blocking counter is being incremented. It
will be possible to create additional WebFilter policies that take
into account this users/IPs that are frequently blocked, and
restrict them the access to the web for a given period of time.
Note: This option is disabled at ISP Administration level.
5-9

Verify Digital Certificates: The activation of this checkbox
would produce an SSL inspection to check the validity of the
digital certificates (in case of https pages). Activating this policy,
the https content will be inspected using a man in the middle
implementation (refer to OST SSL Inspection doc for more info).
This option is only supported in UDM deployment mode.
It will enable the creation of special WebFilter policies to react
whenever an invalid certificate is found:
o
Allowing the access to the requested page
o
Blocking the access to the requested page. The user will
see a block page denying the access to a web site with an
invalid certificate
o
Asking the user what to do. The user will see a block web
page asking the user if wants to access to a web site with
an invalid certificate.
Note: Currently, the verification of Digital Certificates and the creation of policies based
on the detection of invalid certificates is only available in UDM deployment mode.
By default there are five Web/Wap profiles defined:

Distractions: This profile includes the categories: art, banners,
blogs, chat, dating, forum, gambling, games, instant messaging,
leisure, logos and ringtones, models, P2P servers, personal
websites, pornography, portals, press, sexuality, shopping, sports
and travel.

Porn: This profile includes the categories: models, pornography
and sexuality.

Violence: This profile includes the categories: anorexia and
bulimia, bombs, racism and sects.

WebWapWL: This profile includes the category Whitelist and
cannot be deleted or edited.

WebWapBL: This profile includes the category Blacklist and
cannot be deleted or edited.
Category Management
In this section you can create new categories, add URLs and query which categories
URLs belong to.
5-10
Figure 5-8: WEB/WAP Category Management
A category is a set that groups together World Wide Web files. These sets can be
created using URL lists and content and URL analyzers. There are three types of
category:

Content categories: These classify the World Wide Web by
content (e.g. pornography, sport, press), which can be allowed or
blocked according to the filtering rules set up.

Search engine category: For URLs that are part of a search
engine category, multilingual content analysis is not used to
establish their content categories.

Redirector category: This is for URLs that redirect or convert to
other URLs. If a URL is in the redirector category, it is treated like
the URL to which it redirects or converts.
A category can have more than one type. Likewise, a URL can belong to more than one
category.
Each category is defined by two URL lists: Yes and No. The Yes list contains all the
addresses that are considered as belonging to a certain category, and the No list contains
those that are considered as NOT belonging.
5-11
In the categories section you can select the following options:

New: Creates a new user category.

Edit: Edits a user category.

Delete: Deletes a user category. OPTENET categories cannot be
deleted.

Export: Exports the content of the selected user category.
OPTENET Categories cannot be exported.
If you click on “New” you can create a Custom Category. If you click on “Advanced”
button, you can specify the type of the category (content, search and/or redirect)
Figure 5-9: WEB/WAP Category Management: New Category
You can specify whether an individual page does or does not belong to a category by
entering a complete URL, for example:
http://www.dangerousplace.com/index.htm
You can specify an entire website by placing an asterisk (*) at the end, for example:
http://www.dangerousplace.com/*
You can also use the asterisk as a wild card at the beginning and in the middle of an
URL. In this way, you can specify that all the hosts of an organization belong to a
certain category, for example:
http://*.dangerousplace.com*
With regard to Redirection type categories, you can add URL extraction patterns, for
example:
5-12
http://www.google.com/search?q=cache:*:#+
where ‘#’ indicates the point where the URL that the browser is being redirected to
appears. The asterisk can be used for URLs belonging to the Redirection type category
as well.
Bear in mind that Optenet uses URLs without the protocol (e.g. http, https).
So, if you enter “http://www.example.com” in Pornography, the following URLs will
be categorized under Pornography:
http://www.example.com
https://www.example.com
ftp://www.example.com
In the frame Search categories an URL belongs to, the administrator can check the
different categories an URL belongs and does not belong to. This can be done for a
specific client or for Optenet’s categories. It is also possible to contribute with a certain
URL that the Administrator considers that should be included in the default categories
by clicking to the button “Contribute”.
Note: Categories created at ISP Administration level will NOT be available at client
level.
Black- & Whitelists
This screen offers a quick access to the content of Whitelist and Blacklist categories.
Here you can edit the content of both lists.
5-13
Figure 5-10: WEB/WAP Black- &Whitelists
It is important to note that the inclusion of an URL in these lists does not imply
necessarily that the URL will be always accessed or blocked. Although these two lists
are associated with two special profiles (see Chapter 6: Profiles) that cannot be
modified, the same does not apply to the filtering policies that make use of these
profiles. Therefore the behavior of these two categories depends on the Filtering Policy
strategy.
Reports
Service Reports
This section is used to configure the Webfilter service reports that will be requested.
5-14

Type of report:
o
Accesses: The total number of requests that were allowed.
o
the filter.
o
Requests: The total number of requests, allowed and
o
Browsing Time: Based on requests, an estimate of the time
that users have been browsing. Bear in mind that browsing
time does not refer to the time it takes to download items,
rather it is the time that a user browses a resource (either a
website or a type of content). This parameter is exclusive
to the “Content Filter”, or Web mode.
o
Number of Page Views.
Figure 5-11: WEB/WAP Service Reports
5-15

grouped by Days, and then further grouped by File Type. So, in the
report, the results are broken down by day, and within each Day
group, the results are sorted by File Type.


Time Frame




Records to show
Figure 5-12: WEB/WAP Monitor Reports: Visualization
5-16

PDF

HTML

CSV
Monitor Reports
Figure 5-13: WEB/WAP Monitor Reports
5-17
Figure 5-14: WEB/WAP Advanced configuration
This section is used to select the various advanced filtering and blocking parameters:
5-18

Filter configuration: Select whether SafeSearch is enabled. If this
option is activated, search engines will operate with the SafeSearch
option enabled, ignoring the user settings.

Web blocking configuration: It is possible to configure the
blocking page to be displayed whenever a policy with blocking
action is applied different from the default one. It is necessary to
select one of response codes:
o
200 OK: In this case it is possible to configure:

Blocking Page URL: Type the URL address to be
used:

In case of external URL: type http:// at
the beginning of the URL.

In case of internal URL. Required format::
“<Server_Name>@<Path>”.

Static text to be shown

HTML Code: Write the HTML code to be used as
blocking page.
o
302 Found - Request has been moved temporarly
o
307 Moved - Request has been moved temporarly
o
404 Not Found
o
500 Internal Server Error
It is possible to configure a Blocking Page URL for any of
this response:



HTTPS Blocking configuration: It is necessary to select one of
response codes:
o
200 OK - Request has succeeded. In this case
o
o
404 Not Found
o
500 Internal Server Error
o
502 Bad Gateway
5-19
It is possible to configure a Blockin Page URL for any of
this response:



WAP blocking configuration: Equivalent to the previous one but
with the following response codes:
o
200 OK - Request has succeeded
o
o
307 Moved - Request has been moved temporarly
o
404 Not Found
It is possible to configure a Blockin Page URL for any of
this response:


Clicking on Preview button it is possible to check the new blocking web page.
5-20
Chapter 6: AdsFree
This section describes the configuration options for the AdsFree filtering services. This
section comprises of the following sub-sections: Filtering Policies, Profiles, Reports and
Advanced Configuration.
Filtering Policies
Figure 6-1: AdsFree Filtering Policies
´
Policies but with the difference that only AdsFree policies are enabled (blue
AdsFree policies creation and priority modification. After deleting a policy or changing
its priority, you must click Accept to confirm the modifications.
6-1
Figure 6-2: AdsFree Filtering Policies: Status
parameters:


Service
AdsFree
Only source
6-2
Valid Conditions
 Users
 Module instance

the policy (see next section for more information on AdsFree
profiles)
Figure 6-3: AdsFree Filtering Policies: Actions
6-3


possibilities are:
o
Block all pop-ups: it blocks all pop-up windows coming
from the requested URLs.
o
Block only ads pop-ups: it blocks advertising pop-up
windows coming from the requested URLs.
o
Freeze gifs animation: it avoids gif animation to be
displayed.
o
Hide banners: this action substitutes banners on selected
URLs with empty spaces.
(see Chapter 1: Schedules for more information on schedule
definition)
If the Log activity option is checked, policy execution will be logged (see Chapter 1:
Filtering Log Configuration for more information on logging capabilities). In a similar
way, if the policy is associated to an event, each time the policy is executed an event
will be triggered, which could be also associated to an alarm (see Chapter 1: Events and
Chapter 1: Alerts for more information on Events and Alerts)
Profiles
In this section it is possible to create, edit and delete the profiles used to define AdsFree
policies. Each profile is comprised of a number of conditions which could be categories,
included and excluded URLs.
6-4
Figure 6-4: AdsFree Profiles

the profile. A category is a set comprising web pages related to a
specific type of content. These sets can be created using lists of
URL addresses, semantic URL analyzers, and content analyzers.
Click on ‘Include URLs not categorized’ to create a profile that
affects all URLs that are not included in any category.

Included URLs: Use this option to include URLs in the profile.
URLs added to this list will always satisfy the condition regardless
of whether it has been included in a category. It is possible to
include a website with regular expressions in the section Regular
Expression of Included URLs:
6-5
Example:
http://www.website.com/*
http://www.website.com/*/images

Excluded URLs: Use this option to exclude URLs from the
profile. URLs added to this list will be considered an exception,
The relationship between the different conditions is:
(Categories OR Included URLs) AND NOT Excluded URLs
Reports
Service Reports
This section is used to configure the AdsFree service reports that will be requested. Both
the data that will make up a report and the report's format can be edited.
6-6

Type of report:
o
the filter.
Figure 6-5: AdsFree Service Reports

grouped by Days, and then further grouped by File Type. So, in the
report, the results are broken down by day, and within each Day
group, the results are sorted by File Type.

6-7

Time Frame




Records to show

PDF

HTML

CSV
Monitor Reports
Figure 6-6: AdsFree Monitor Reports
6-8
Chapter 7: Automatic Notices
This service allows operators to display notifications to their clients by redirecting their
navigation to a given URL.
This section describes the configuration options for the Automatic Notices service. This
service allows ISPs to display notifications to their clients by redirecting their
navigation to a given URL. This section comprises of the following sub-sections:
Filtering Policies, Profiles and Reports.
Filtering Policies
Figure 7-1: Automatic Notices
Policies but with the difference that only Automatic Notices policies are enabled (blue
Automatic Notices policies creation and priority modification. After deleting a policy or
7-1
Figure 7-2: Automatic Notices Policies: Status
parameters:

Status: Select whether the policy is going to be enabled. This

that will be affected by the policy (see Chapter 1:
Source&Destination for more information on Source and
Destination definition) The parameters that can be used for this
section are:
Service
AutoNotices
Only source
7-2
Valid Conditions
 Users
 Module instance

the policy (see next section for more information on Automatic
Notices profiles)
Figure 7-3: Automatic Notices Policies: Actions
7-3


Actions: The action the policy will carry out. In this case there is
only one possibility:
o
Redirection to: you can select here a list of URLs to be
redirected to. These lists should be defined previously in
Advanced Configuration. In this case, if the conditions are
met, the navigation is redirected to an URL from the list.
o
Banners inserction: you can select here a list of banners
to be inserted in a web page. These lists should be defined
previously in Advanced Configuration. In this case, if the
conditions are met, a banner will be inserted in the web
page that the user is visiting with the configuration defined
in “Advanced Configuration”.
o
Smart banners: you can select here a list of smart banners
to be inserted in the web page. These lists should be
defined previously in Advanced Configuration. In this
case, if the conditions are met, the java script of the banner
will be inserted in the web page that the user is visiting
with the configuration defined in “Advanced
Configuration”.
(see section Schedules in Chapter 1 for more information on
schedule definition)
If the Log activity option is checked, policy execution will be logged (see section
Filtering Log Configuration in Chapter 1 for more information on logging capabilities).
In a similar way, if the policy is associated to an event, each time the policy is executed
an event will be triggered, which could be also associated to an alarm (see sections
Events in Chapter 1 and Alerts in Chapter 1 for more information on Events and Alerts)
When a user request is redirected, the following parameters are added to the redirection
URL:

Original URL: URL requested by the user.

Client IP: IP address from where the user made the request.

Client: client ID the user belongs to.

IID: identificator of service modality.
The format of the request sent to the redirected URL is as follows:
7-4
http://<redirection_url>/?Params=[original_url]|[client_ip]|[cli
ent]|[iid]
Profiles
Automatic Notices policies. Each profile is comprised of a number of conditions such as
categories, included URLs and excluded URLs.
Figure 7-4: Automatic Notices Profiles: Category
7-5

the profile.

Hosts Included: Use this option to include Hosts in the profile.
Hosts added to this list will always satisfy the condition regardless
of whether it has been included in a category. It is possible to ad a
hosts with regular expression in the Regular expressions section of
included hosts:
Example:
www.website.com/*
www.website.com/*/images

Hosts Excluded: Use this option to exclude Hosts from the
profile. Hosts added to this list will be considered an exception,
Figure 7-5: Automatic Notices Policies: Frequency

Frequency: Use this option to define how often the notice will be
shown.
Reports
7-6
Service Reports
Figure 7-6: Automatic Notices Service Reports
This section is used to configure the Automatic Notices service reports that will be
requested. Both the data that will make up a report and the report's format can be edited.
The following parameters can be configured:

Report type: Total

Grouping options: Events can be grouped by two criteria
according to the fields chosen in the Log Configuration section.

Selection criteria: It is possible to apply filters to some fields so
that only records that meet certain user-defined conditions are
included. As with the grouping criteria, they depend on the work
mode that is being used. They are usually the same as in the
previous section.
7-7

Timeframe: Date range of the report.

Format: The report can be displayed in table format, or as a bar
graph, pie chart or line graph.

Order: The results of the query can be stored in descending order.

Calculation method: The data can be calculated as absolute totals
or as percentages.

Records to Show: Total number of records that will be displayed
in the report.

PDF

HTML

CSV
Monitor Reports
This section allows the administrator to create a detailed report on notices history.
7-8
Figure 7-7: Automatic Notices Monitor Reports
Redirection
Figure 7-8: Automatic Notices Advanced Configuration: Redirection
7-9
In this section it is possible to create, edit and delete the lists of URLs that will be used
in the redirect action.
Figure 7-9: Automatic Notices Advanced Configuration: Redirection edition
Each list has to include the list of URLs and the redirection algorithm:

Radom redirection (URLs can be repeated)

Radom redirection without repetition
Banners Insertion
Figure 7-10: Automatic Notices Advanced Configuration: Banners insertion
7-10
In this section it is possible to create, edit and delete the lists of Banners that will be use
in the Banners insertion action.
Figure 7-11: Automatic Notices Advanced Configuration: Banners edition
Each banner list has to include:

The list of URLs where the banner is located

The position of the banner in the web page

The width of the banner ir % or pixels

The banner insertion algorithm:
o
o
Smart Banner
7-11
Figure 7-12: Automatic Notices Advanced Configuration: Smart Banners list
In this section it is possible to create, edit and delete the lists of Smart Banners that will
be use in the Smart Banners insertion action:
Figure 7-13: Automatic Notices Advanced Configuration: Smart Banners
edition
Each smart banner has to include:
7-12

The URLs (static image, javascript code…) where the smart
banner is located when is closed

The position size of the smart banner when is closed

The URLs (static image, javascript code…) where the smart
banner is located when is opened

The position size of the smart banner when is opened

The banner insertion algorithm:
o
o
7-13
Chapter 8: Anti-phishing
This service offers protection from potential and verified fraud sites that try to obtain
sensible user information simulating other legitimate websites, including emails
containing links to these sites.
This section describes the configuration options for the Antiphishing service. This
section comprises of the following sub-sections: Filtering Policies, Profiles, Black- &
Whitelists, Quarantine and Reports.
Filtering Policies
Figure 8-1: Antiphising
Policies but with the difference that only AntiPhishing policies are enabled (blue
Antiphishing policies creation and priority modification. After deleting a policy or
The main table displays the various policies and information on the source &
destination they apply to, the action to be performed, the filtering conditions and the
time when they will be applied.
8-1
In the bottom part of the screen, you can view detailed information on a selected policy,
the source & destination to which it is applied, the action, the conditions for its
execution and the time period during which it is applied.
From this screen, you can delete a policy, edit it or change its priority by altering its
position in the list using the arrows.
To edit or create a policy, click on “Edit” or “New”. This activates the editing box, from
which the various criteria can be adjusted.
Figure 8-2: AntiPhishing Policies: Status
parameters:
8-2

Figure 8-3: Antiphising Policies: Source&Destination

definition)
AntiPhishing policies require the definition of both the origin and destination
(in order to determine the direction of the traffic to be filtered):
o
If a specific origin is chosen (an origin different from
“All”), destination will be set automatically to “All”. That
is, a policy to filter outgoing traffic is being created (web
requests or outgoing email). This decision will limit so, the
list of available profiles to be associated to the policy.
o
If a specific destination is chosen (a destination different
from “All”), origin will be set automatically to “All”. That
is, a policy to filter incoming traffic is being created
(incoming email). This decision will limit so, the list of
available profiles to be associated to the policy.
8-3
Service
Valid Conditions
AntiPhishing
Both source and
destination.
 IPs or IP Ranges (Web, Smtp.in, Smtp.out)
 Users (web)
 Mail domains (smtp.in, POP, Smtp.out)
 Mail Addresses (smtp.in, pop, smtp.out)

the policy (see next section for more information on Antiphishing
profiles)

possibilities depend on the Protocol of the Profile selected:
o
Web/Wap:
Figure 8-4: Antiphishing Policies: Web Actions
8-4
o

Block with standard blocking page: it blocks the
access to the requested URL and displays a
blocking page.

Block with this URL: it blocks the access to the
requested URL and displays a blocking page
specific for this rule.

Bypass: it allows accessing the requested URL
and registers the event on the logs.
Mail:
Figure 8-5: Antiphishing Policies: Mail actions
8-5


Delete: discards the message.

Bypass: lets the message reach its destination.

Quarantine: sends the message to quarantine.

Tag message: adds a label to the message as a
prefix in the subject, replacing the subject, in the
message’s body or replaces the message with the
label and adds the message as attachment. Tagging
a message can be a “stand-alone” action or
complementary to send the email to quarantine,
redirect or copy it to an email address.

Redirect: diverts the message to a new e-mail
address. Only available when the associated
profile does not include POP filtering.

Copy to: delivers the message to the original
addressee and sends a copy to a new e-mail
address. Only available when the associated
profile does not include POP filtering.
By default there are six Antiphishing policies defined:
8-6

AntiPhiWebWL: This policy allows access to all URLs included
in the Whitelist (see Black & White Lists in this Chapter). This
will apply to all Antiphishing filter services as long as this policy
has the higher priority.

AntiPhiWebBL: This policy denies access to all URLs included
in the Blacklist (see Black & White Lists in this Chapter). This

AntiPhiMailWL: This policy allows access to all Mails included
in the Whitelist (see Black & White Lists in this Chapter). This

AntiPhiMailBL: This policy denies access to all Mails included in
the Blacklist (see Black & White Lists in this Chapter). This will
apply to all Antiphishing filter services as long as this policy has
the higher priority.

BlockMailAttack: This policy apply only to Basic customers. The
policy denies access to all Mails included in a verified list of
Phising.

BlockWebAttack: This policy apply only to Basic customers. The
policy denies access to all Web sites included in a verified list of
Phising.
Profiles
Antiphishing policies. Each profile is comprised of a number of conditions such as
Protocol, Threat and Advanced criteria.
8-7
Figure 8-6: Antiphising Profiles: Protocol
The top left frame lists the profiles that have been already defined and allows creating,
deleting or editing a profile. On selection of one of these profiles, the top right frame
will display its details.

Protocol: You can select whether this profile will apply to Web,
incoming or outgoing mail. In case of choosing incoming email, it
will be possible to select POP, SMTP or both. Take into account
that if POP filtering is required, “Copy to” and “Redirect To” will
not be available as actions of the associated policy.

Threat: Use this option to select the threat type.

o
Verified Phishing Sources: URLs categorized as phishing
in Optenet databases.
o
Suspicious Phishing Sources: URLs categorized as
potential phishing sources by content analysis.
o
Pharming (only for web Protocol): Activate antipharming
capabilities.
Advanced: This condition allows you to create profiles based on
the content of the black- & whitelists.
The relationship between the different conditions of a Profile is:
8-8
Protocol AND (Thread OR Advanced)
By default there six Antiphishing profiles defined:

PhishingMailBL: This profile includes the conditions protocol
“Mail In” and “If in Blacklist” and cannot be deleted or edited.

PhishingMailWL: This profile includes the conditions protocol
“Mail In” and “If in Whitelist” and cannot be deleted or edited.

PhishingWebBL: This profile includes the conditions protocol
“Web/Wap” and “If in Blacklist” and cannot be deleted or edited.

PhishingWebWL: This profile includes the conditions protocol
“Web/Wap” and “If in Whitelist” and cannot be deleted or edited.

VerifMailPhish: This profile includes the condition protocol
“Mail In” and the threads of Verified phishing .

VerifWebPhish: This profile includes the condition protocol
“Mail In” and the threads of Verified phishing sources.
Black- & Whitelists
This screen offers a quick access to the content of Whitelist and Blacklist categories.
Here you can edit the content of both lists.
8-9
Figure 8-7: Antiphishing Black- &Whitelists
Note that these lists must be associated to a policy in order to define their functionality.
Use the “Filtering Policies” section for this purpose."
Quarantine
The Quarantine module is used to store, display and unblock the messages that have
been identified as phishing, and sent to Quarantine by the filtering policies.
8-10
Figure 8-8: AntiPhishing Quarantine
Available operations over selected e-mails are:

Unblock: Selected emails are delivered.

Delete: Selected emails are removed.

Forward: Selected emails are sent to a delivery list (a new
window is being shown in order to indicate that list). Emails are
not removed from quarantine.
Figure 8-9: AntiPhishing Quarantine: Search
It is also possible to search messages using various selection criteria.
8-11

Time frame: Date range the messages were sent.

Sender: EXACT Search. Valid formats:
o
name@domain
o
ip@domain
o
@domain  All emails for that domain will be returned.

Receiver: like Sender with exact search in the same formats

Subject: Type a substring to be found anywhere as part of the
subject.
Also indicate the number of Records to show (per page) and the order criteria:

By Sender or

By Subject or

By Date Sent
Reports
Service Reports
This section is used to configure the Antiphishing service reports that will be requested.
8-12
Figure 8-10: AntiPhishing Service Reports
8-13

Report type: Options are different for web and mail data sources:
o
Accesses: The total number of requests/messages that
were allowed.
o
Blocks: The total number of requests/messages blocked by
the filter.
o
Requests: The total number of requests/messages, allowed
or blocked, that meet the conditions of the report.

Traffic (only Web): Amount of data transferred during a request.

Size (only Mail): Size of messages received.


Grouping options: Events can be grouped by two criteria
according to the fields chosen in the Log Configuration section.

included. As with the grouping criteria, they depend on the work
mode that is being used. They are usually the same as in the
previous section.

Format: The report can be displayed in table format, or as a bar
graph, pie chart or line graph.

in the report.

Order: The results of the query can be stored in descending order.

Calculation method: The data can be calculated as absolute totals
or as percentages.
Once the report has been generated, it can be exported in PDF format.
Monitor Reports
This section is used to configure the monitoring reports that will be requested. Both the
data that will make up a report and the report's format can be edited. It provides detailed
information on activity, not the numerical/statistical results of the previous section.
8-14
Figure 8-11: AntiPhishing Monitor Reports

included.


in the report.
parameter (e.g. Source IP of XXXX in or not in) and these conditions will then appear
in the main condition box.
8-15
Advanced configuration
Figure 8-12: AntiPhishing Advanced Configuration
In this section it is possible to select a list of categories that should be considered as nophishing URLs. By default, the categories consider as no-phishing are:
8-16

Government

Financial Institutions

Webmail

Pay Per surf

Economy
Chapter 9: Antispam In
This service offers incoming mail filtering capabilities. Spam messages can be filtered
using a range of spam detection methods, as well as whitelists and blacklists that allow
spam to be deleted, rerouted to an external account, tagged or sent to a quarantine
fileserver.
This section describes the configuration options for the Incoming Antispam
(Antispam.IN) filtering service. This service can analyze and filter SMTP and POP emails. This section comprises of the following sub-sections: Filtering Policies, Profiles,
Black- & Whitelists, Quarantine, Reports and Advanced Configuration.
Filtering Policies
Figure 9-1: Antispam
Policies but with the difference that only Incoming Antispam policies are enabled (blue
Incoming Antispam policies creation and priority modification.
9-1
Figure 9-2: Antispam policies: status
parameters:


definition) Antispam.In policies require only the selection of the
Destination of the e-mails to be filtered. The parameters that can be
used for this section are:
Service
AntiSpam.In
Only destination

9-2
Valid Conditions
 Users
 User Groups
 Module Instance
 Mail Domains (smtp.in, POP)
 Mail Addresses (smtp.in, pop)
the policy (see the following section for more information on
Incoming Antispam profiles)
Figure 9-3: Antispam policies: Actions

possibilities are:
o
o
o
o
Tag message: adds a label to the message as a prefix in the
subject, replacing the subject, in the message’s body or
replaces the message with the label and adds the message
as attachment. Tagging a message can be a “stand-alone”
action or complementary to send the email to quarantine,
redirect or copy it to an email address.
o
Redirect: diverts the message to a new e-mail address.
This action is only available for SMTP profiles. If the
profile selected includes POP protocol, this action won’t
be available.
9-3

o
Copy to: delivers the message to the original addressee
and sends a copy to a new e-mail address. This action is
only available for SMTP profiles. If the profile selected
includes POP protocol, this action won’t be available.
o
Add to blocked IPs during a period of minutes. In this
case all the emails from the IP blocked will be blocked for
a period of time.
o
Remove from blocked IPs. Remove the IP from the list of
blocked IPs. This means that from that moment, the email
sent from that IP will arrive to its destination. You may
choose to apply this policy only during client connection
and/or to terminate the action of the last policy to be
executed
Schedule: The frame of time when the policy will be activated (see
section Schedules in Chapter 1 for more information on schedule
definition)
There are two global Incoming Antispam filtering policies defined by default:

AntispamInWL: This policy allows access to all e-mails from
addresses or domains included in the Whitelist (see section
Black&Whitelists in Chapter 10). This will apply to all Incoming
Antispam filter services as long as this policy has the higher
priority.

AntispamInBL: This policy blocks all e-mails from addresses or
domains included in the Blacklist (see section Black&Whitelists in
Chapter 10). This will apply to all Incoming Antispam filter
services as long as this policy has the higher priority.
There is also a filtering policy that affects clients provisioned with the Basic
Antispam.In service:

BlockSpam: This policy tags spam e-mails with the string
“**SPAM**” as a subject prefix.
9-4
Profiles
Incoming Antispam policies. Each profile is comprised of a number of conditions such
as protocol, spam, sender, addressee, attachment or advanced.
Figure 9-4: Antispam profiles: Protocols

Protocol: You can select whether this profile will apply to SMTP
e-mails, POP e-mails or both of them.
Note: POP protocol will not be available if the solution is deployed in proxy mode.
9-5
Figure 9-5: Antispam profiles: Spam

Spam: Here you can select the conditions that an e-mail must have
to be considered spam. These could be:
o
Spam detection: activates the spam detection methods
specified in the Filter Settings section (see section
Advanced Configuration in Chapter 10).
o
Keyword analysis: activates the search for specific
keywords in the e-mail.
o
Header key analysis: similar to keyword analysis, but in
this case it searches for a specific value on a defined
header key.
o
Empty mail: if you activate this option, mails that have no
body and no subject will be considered spam.
Note: Header key names are case insensitive, but header key values are case sensitive.
9-6
Figure 9-6: Antispam profiles: Sender


Sender: In this condition you can define e-mail senders by:
o
IP Range: Select a range of IPs by completing the From
and To fields or a single IP by completing only the From
field.
o
Address or domain: It is possible to select a single e-mail
address or a whole domain. You can also decide whether
to check these addresses or domains in the envelope or the
header of the e-mail: fields MAIL FROM (not applicable to
POP) or From respectively.
Addressee: In this condition you can define e-mail receivers by
address or domain. It is possible to select a single e-mail address or
a whole domain. You can also decide whether to check these
addresses or domains in the envelope or the header of the e-mail:
fields RCPT TO (not applicable to POP) or To respectively.
9-7
Figure 9-7: Volumetry

Volumetry: This condition defines the limit of mails, spam,
viruses or connections to be considered in a defined period of time.
Figure 9-8: Antispam profiles: Attachment
9-8

Attachment: Use this option to select which file types will be
affected by this profile.
Figure 9-9: Antispam profiles: Advanced

the content of the black- & whitelists (see section
Black&Whitelists in Chapter 10).
The relationship between the different conditions may be:
Protocol AND (Spam OR Senders OR Receivers OR Attachments OR
Advanced)
or:
Protocol AND (Spam AND Senders AND Receivers AND Attachments AND
Advanced)
By default there are three Incoming Antispam profiles defined:
o
ASInWL: This profile includes the condition “If in
Whitelist” and cannot be deleted or edited (see section
Black&Whitelists in Chapter 10 for information on
Incoming Antispam Whitelist).
o
ASInBL: This profile includes the condition “If in
Blacklist” and cannot be deleted or edited (see section
Black&Whitelists in Chapter 10 for information on
Incoming Antispam Blacklist).
o
Spam: This profile includes the condition “Spam
detection” from the tab Spam and affects all protocols
(POP and SMTP).
9-9
Black- & Whitelists
Here you can edit the content of Whitelist and Blacklist categories for Incoming
Antispam.
Figure 9-10: Antispam Black- &Whitelists
It is important to note that the inclusion of an e-mail address or domain in these lists
does not imply necessarily that they will be always allowed or blocked. Although these
two lists are associated with two special profiles (see section Profiles in Chapter 10) that
cannot be modified, the same does not apply to the filtering policies that make use of
these profiles. Therefore the behavior of these two categories depends on the Filtering
Policy strategy.
Quarantine
been identified as spam, and sent to Quarantine by the filtering policies.
The functionality is identical to that described for AntiPhishing Quarantine (Section
Quarantine in Chapter 9).
9-10
Reports
Service Reports
This section allows you to set the preferences for creating reports about the messages
received and/or sent by clients, indicating whether or not these messages were
considered spam. You can set various parameters to create the desired report:

Type:
o
Accesses: The total number of messages that were
allowed.
o
Blocks: The total number of messages that were blocked
by the filter.
o
Requests: The total number of messages, allowed and
o
Size: Size of messages received.
9-11

grouped by Sender, and then further grouped by Subject. So, in the
report, the results are broken down by sender, and within each
sender group, the results are sorted by subject.

Conditions: The report can have conditions that include or
Figure 9-11: Antispam Service Reports
9-12

Time Frame



Number of records

Monitor Reports
Figure 9-12: Antispam Monitor Reports
Filter Settings
In this screen you can decide the settings of the spam filter behavior.
9-13
Figure 9-13: Antispam Advanced Configuration: Filter Settings
9-14
In Filter Behavior, you can activate various spam detection methods. These methods
will be used when activating the Spam Detection checkbox in the profile as described in
section Profiles in Chapter 10.
The detailed list of available techniques is:
Technique
Description
Spammers Lists
Internal list of known spammers distributed by Optenet (Email accounts)
The URLs embedded in the email will be categorized:
 Hyperlinks href, img, src.

Text that starts with http://

All found URLs will be categorized (using the Categorized URLs repository
associated to the distribution).

It is verified if the URL category is one of the categories configured by the user to
be used along with this technique::
Operative:
URL Lists
URL Analysis
URL Content Analysis

By default, “Pornography” and “Spammer Ads” categories are activated.

The Administrator is able to select any other category provided by Optenet
(By clicking the button [Add Others], a new section will appear to select
the categories to be considered).
“URD” – URL Semantic Analysis.
Content Analysis is being applied to the text of the URLs embedded in the Email. Content Dictionaries
oriented mostly to pornography detection.
URAC – URL Content Analysis
URL page is being gathered (GET) in order to analyze its content. That is Content Analysis is being performed
(AC), using dictionary mostly oriented to detect categories such as:
 Pornography

Gambling

Models
AC – Message content Analysis
Message Content
Analysis
The text included in the body of the email will be analyzed to determine if it is spam or not. A Bayesian
classification is being used to calculate a dictionary of pair (Word/prefix, weight). The content analyzer is
being trained against dictionaries oriented to detect mostly categories such as:
 Pornography

Banners

Gambling
General Spammers IP
Lists
LNI – Optenet Reputation Database
All IPs included in the email (except those belonging to customer internal networks) are being checked against
Optenet reputation database
SPF
SPF – Falsified Address detection.
It is being verified if the IP that sends the email is an authorized IP to do it in the name of the domain that
represents
9-15
Technique
Description
MD5 – Optenet Digital Signature Verification.
Content Hash
Optenet distributes a database of signatures that enables the detection of attached files to Spam emails.
Cannot be applied to POP filtering!!
The goal of this technique is avoiding the arrival of Spam to the MTA.
GreyListing
If any antispam technique considers a given email as spam, an error code is returned. If a legitimate MTA is on
the other side, the email will be resent after a given period of time.
Local Reputation List
LRL – Contextual Reputation database: Oriented to reduce the number of false positives. To determine if a
received email has to be considered as spam, the “history” of the sender is being studied.
Domain Keys
The owner of a given domain generates one or more Key pairs (public/private) for that domain.
DKIM
Those Domain Public Keys are published in the DNS. The server for outgoing mail has a private key to sign
messages, so that each email includes the signature as part of the header.
DNSBL – Spammer Catalog
DNSBL
DNSBL (domain Name System BlackList), also known as DNS Blacklists, are lists to block spam. The
technique is based in converting IPs in domain names, enabling easy searches in black lists. If the administrator
of a given black list receives a spam email from a given domain, the server will be included in the black list.
VIP – Shared verification of known spam digital signatures.
Vipul's Razor is a checksum-based, distributed, collaborative, spam-detection-and-filtering network.
Detection is done with statistical and randomized signatures that efficiently spot mutating spam content.
Vipul’s Razor
Vipul’s Razor Technique consists of calculating hashes over paragraphs included in Emails and contrasts them
with Vipul’s network.
Outgoing TCP 2703 port must be opened at the firewall, so that the technique can be applied correctly.
You can also define the maximum size of messages accepted by the solution. Messages
over this size will be automatically discarded. Finally, it is possible to specify the
maximum size of a spam message. This means that any message bigger than this size
will NOT be analyzed with these spam detection methods.
Warning: Changes on the default Filter Behavior settings may lead to a reduction in the
effectiveness of the filter and/or an increase in the rate of false positives.
MTA DoS configuration prevents from Denial of Service attack to the MTA by:
9-16

Limiting the maximum number of concurrent connections

Number of connections that can be queued (in case the maximum
number of concurrent connections is reached). Rest of connection
will be rejected.

Maximum number of concurrent connection from a single IP

Directory Harvest Attack Prevention (DHAP) to prevent from
requesting for invalid receivers from a single IP.
o
In case the limit is reached, the IP address will be added to
a blocking list. These IPs will be blocked for one hour.
o
The administrator can search from an IP in the list and can
unblock it
Figure 9-14: Antispam Advanced Configuration: MTA DoS
Security Settings
This section allows setting the incoming anti-relay capabilities of the system.
9-17
Figure 9-15: Antispam Advanced Configuration: Security Settings
This screen enables the following configuration:
9-18

Enable the SMTP [VERIFY] command:
o

If the [VERIFY] command is not enabled, all [VERIFY]
requests sent to the Mail Server will be rejected.
Activate/Deactivate the SMTP anti-relay capabilities:
o
In case of activating the anti-relay capabilities, you must
indicate the allowed IP ranges and domains (that can use
the MTA as a relay):

IP Ranges: IP addresses of those external users
that are allowed to use the mail server as a relay,
i.e. can send e-mails from the server.

Authenticated Domains: Authenticated Domains
indicates which domains belong to the Mail Server
(domains that are accepted as destination for
incoming e-mails).

By adding an asterisk ‘*’ to the list, all e-mails
will be accepted. On the other hand, if this field is
left blank, all e-mails will be rejected.
Notifications & Quarantine
Figure 9-16: Antispam Advanced Configuration: Notifications & Quarantine
This screen defines the time to live of files in quarantine and whether unblocked
quarantine messages are added to the Incoming Antispam Whitelist. You can also
enable the option of sending notifications to users when they have new messages in the
quarantine.
The default notification message is:
From: SenderQuarentine
To: User
Subject: Quarantine New mail notification
9-19
Mailbox <$MAILBOX$> have $N_MESSAGES$ new mail(s) on Quarantine,
received since $DATE$.\n" Quarantine access: $URL$
Some of these values can be customized:

o
Use the field “Sender e-mail address” in the screen above
to change this value
o
Default value: <module_name>@<host_IP>
o
Example: [email protected]

User: receiver of the e-mail in quarantine.

Subject:

9-20
SenderQuarantine:
o
Can be modified from “General – Advanced
Configuration” editing the file “Quarantine.conf”, and
modifying the key “Setup > Messages > MailSubject”
o
Default value: “Quarantine New mail notification”
Message:
o
Cab be modified from “General – Advanced
Configuration” editing the file “Quarantine.conf” and
modifying the key “Setup > Messages > MailBody”
o
Default value: "Mailbox <$MAILBOX$> have
$N_MESSAGES$ new mail(s) on Quarantine, received
since $DATE$.\n" Quarantine access: $URL$"
o
Allowed tags:

$MAILBOX$: user’s mail box.

$N_MESSAGES$: number of user’s quarantined
messages.

$DATE$: date from last update.

$URL$: link to quarantine.
Chapter 10: Antispam Out
This service offers outgoing mail filtering capabilities. Spam messages can be filtered
using a range of spam detection methods, as well as whitelists and blacklists that allow
spam to be deleted, rerouted to an external account, tagged or sent to a quarantine
fileserver.
This section describes the configuration options for the Outgoing Antispam (AS.OUT)
filtering service. This service can analyze and filter SMTP e-mails. This section
comprises of the following sub-sections: Filtering Policies, Profiles, Black- &
Whitelists, Quarantine, Reports and Advanced Configuration.
Filtering Policies
Figure 10-1: Antispam Out
Policies but with the difference that only Outgoing Antispam policies are enabled (blue
Outgoing Antispam policies creation and priority modification.
10-1
Figure 10-2: Antispam Out policies
parameters:


that will be affected by the policy (see see Chapter 1: Source &
definition) Antispam.Out policies require only the selection of the
Source of the e-mails to be filtered. The parameters that can be
used for this section are:
Service
AntiSpam.Out
Only source
10-2
Valid Conditions
 Users
 User Groups
 Module Instance
 Mail domains
 Mail addresses

Outgoing Antispam profiles)
Figure 10-3: Antispam Out policies: Actions
10-3


possibilities are:
o
o
o
o
Redirect: diverts the message to a new e-mail address.
o
Copy to: delivers the message to the original addressee
and sends a copy to a new e-mail address.
o
Tag message: adds a label to the message as a prefix in
the subject, replacing the subject, in the message’s body or
replaces the message with the label and adds the message
as attachment.
o
Add sender to compromised IP/Client list: this action
does not affect directly the received e-mail. It adds the
sender’s IP address and Client Id to a list of potentially
compromised IP/Clients. This list can then be included in a
profile and then be used in a new policy to define a global
action on compromised IP/Clients.
o
Remove sender from compromised IP/Client list: this
action does not affect directly the received e-mail. It
removes the sender’s IP address and Client Id from the list
of potentially compromised IP/Clients.
o
Reject: this action rejects outgoing e-mails and sends an
error code to the original sender. There are two possible
error codes:

Permanent: “553 Message refused”

Temporal: “452 Error sending message. Please try
again later”
By default there are five Outgoing Antispam filtering policies defined:
10-4

AntispamOutWL: This policy allows access to all e-mails from
addresses or domains included in the Whitelist (see section
Black&Whitelists in Chapter 10). This will apply to all Outgoing
Antispam filter services as long as this policy has the higher
priority.

AntispamOutBL: This policy blocks all e-mails from addresses or
domains included in the Blacklist (see section Black&Whitelists in
Chapter 10). This will apply to all Outgoing Antispam filter
services as long as this policy has the higher priority.

DenySpam: This policy blocks e-mails that are considered spam
and are sent from compromised IP addresses.

RemComproIP: This policy removes IP addresses from the
compromised IP list when the ratio of spam e-mails sent by the IP
address is lower than a given threshold.

AddComproIP: This policy adds IP addresses to the compromised
IP list when the ratio of spam e-mails sent by the IP address is
higher than a given threshold.
Profiles
Outgoing Antispam policies. Each profile is comprised of a number of conditions such
as spam, sender, addressee, attachment or advanced.
Figure 10-4: Antispam Out profiles
10-5
Figure 10-5: Antispam Out profiles: Spam

10-6
Spam: Here you can select the conditions that an e-mail must meet
in order to be considered as spam. These could be:
o
Spam received (detected using any of the spam
techniques). Activates the spam detection methods
specified in the Filter Settings section (see Advanced
Configuration in this Chapter)
o
Compromised IP address: matches if the the sender IP
address has been included in the compromised list.
o
In both cases, you must indicate how to estimate the
number of emails that are being sent, avoiding the need of
waiting for a whole minute for the triggering conditions to
be fulfilled: Fast Response, Normal Response, and Slow
Response.
o
Keyword analysis: activates the search for specific
keywords in the e-mail.
o
Header key analysis: similar to keyword analysis, but in
this case it searches for a specific value on a defined
header key.
o
Empty mail: if you activate this option, mails that have no
body and no subject will be considered spam.
Note: Header key names are case insensitive, but header key values are case sensitive.
Figure 10-6: Antispam Out profiles: Sender

Sender: In this condition you can define e-mail senders by:
o
IP Range: Select a range of IPs by completing the From
and To fields or a single IP by completing only the From
field.
10-7

o
Address or domain: It is possible to select a single e-mail
address or a whole domain. You can also decide whether
to check these addresses or domains in the envelope or the
header of the e-mail (fields MAIL FROM or From
respectively)
o
Sender included in the Compromised Clients/IP list:
Selects all IP addresses that have been included in the
Compromised list.
o
Sender not included in the Compromised Clients/IP
list: Selects all IP addresses that have NOT been included
in the Compromised list.
Addressee: In this condition you can define e-mail receivers by
address or domain. It is possible to select a single e-mail address
or a whole domain. You can also decide whether to check these
addresses or domains in the envelope or the header of the e-mail
(fields RCPT TO or To respectively) and if it is an illicit
connection to the port 25.
Figure 10-7: Antispam Out profiles: Attachment

10-8
Attachment: Use this option to select which file types will be
affected by this profile.

Volume analysis: this option measures the number of messages
from any IP address. You may set an upper and lower threshold
based on total mails or spam mails based on:
o
Total number of emails / minute or
o
Number of Spam Email / minute
Figure 10-8: Antispam Out profiles: Advanced

the content of the black- & whitelists (see Black&Whitelists in this
Chapter).
The relationship between the different conditions may be:
Protocol AND (Spam OR Senders OR Receivers OR Attachments OR
Advanced)
or:
Protocol AND (Spam AND Senders AND Receivers AND Attachments AND
Advanced)
By default there are five Outgoing Antispam profiles defined:
10-9

ASOutWL: This profile includes the condition “If in Whitelist”
and cannot be deleted or edited (see Black & White Lists in this
Chapter).

ASOutBL: This profile includes the condition “If in Blacklist” and
cannot be deleted or edited (see Black & White Lists in this
Chapter).

HighVolumeSpam: This profile includes the condition upper
threshold of spam an IP address has to exceed.

LowVolumeSpam: This profile includes the condition lower
threshold of spam an IP address should not exceed.

RegularSpammer: This profile includes the condition Spam from
a compromised IP address.
Black- & Whitelists
Here you can edit the content of Whitelist and Blacklist categories for Outgoing
Antispam.
Figure 10-9: Antispam Out Black- &Whitelists
10-10
It is important to note that the inclusion of an e-mail address or domain in these lists
does not imply necessarily that they will be always allowed or blocked. Although these
two lists are associated with two special profiles (see section Profiles in this Chapter)
that cannot be modified, the same does not apply to the filtering policies that make use
of these profiles. Therefore the behavior of these two categories depends on the
Filtering Policy strategy.
Quarantine
The functionality is identical to that described for AntiPhishing Quarantine (Section
Quarantine in Chapter 9).
Reports
Service Reports
This section allows you to set the preferences for creating reports about the messages
received and/or sent by clients, indicating whether or not these messages were
considered spam. You can set various parameters to create the desired report:


Type:
o
Accesses: The total number of messages that were
allowed.
o
Blocks: The total number of messages that were blocked
by the filter.
o
Requests: The total number of messages, allowed and
Size: Size of messages sent received.
10-11

grouped by Sender, and then further grouped by Subject. So, in the
report, the results are broken down by sender, and within each
sender group, the results are sorted by subject.

Figure 10-10: Antispam Out Service Reports
10-12

Time Frame



Number of records

Monitor Reports
Figure 10-11: Antispam Out Monitor Reports
Filter Settings
In this screen you can decide the settings of the spam filter behavior and manage the
Compromised Clients/IPs list.
10-13
Figure 10-12: Antispam Out Advanced Configuration: Filter Settings
10-14
In Filter Behavior, you can activate various spam detection methods. These methods
will be used when activating the Spam Detection checkbox in the profile as described in
section Profiles in this Chapter. For more information on these detection methods, see
the description on the Antispam In section Filter Settings.
You can also define the maximum size of messages accepted by the solution. Messages
over this size will be automatically discarded. Finally, it is possible to specify the
maximum size of a spam message. This means that any message bigger than this size
will NOT be analyzed with these spam detection methods.
Warning: Changes on the default Filter Behavior settings may lead to a reduction in the
effectiveness of the filter and/or an increase in the rate of false positives.
It is also displayed all IPs that have been included in the Compromised IP list (due to
the action of a policy), allowing to empty the list or remove a selected IP address.
As in case of Antispam In, it is also possible con configure MTA DoS techniques to
prevents from Denial of Service attacks (see Filter Settings in Antispam In Chapter for
form information)
Security Settings
This section allows setting the outgoing anti-relay capabilities of the system.
10-15
Figure 10-13: Antispam Out Advanced Configuration: Security Settings
This screen enables the following configuration:
10-16

Enable the SMTP [VERIFY] command: If the [VERIFY]
command is not enabled, all [VERIFY] requests sent to the Mail
Server will be rejected.

Activate/Deactivate the SMTP anti-relay capabilities:
o
In case of activating the anti-relay capabilities, you must
indicate the allowed IP ranges and domains (that can use
the MTA as a relay):

IP Ranges: IP addresses of those external users
that are allowed to use the mail server as a relay,
i.e. can send e-mails from the server.

Authenticated Domains: Authenticated Domains
indicates which domains belong to the Mail Server
(domains that are accepted as destination for
incoming e-mails).

By adding an asterisk ‘*’ to the list, all e-mails
will be accepted. On the other hand, if this field is
left blank, all e-mails will be rejected.
Notifications & Quarantine
Figure 10-14: Antispam Out Advanced Conf.: Notifications&Quarantine
This screen defines the time to live of files in quarantine and whether unblocked
quarantine messages are added to the Outgoing Antispam Whitelist.
You can also enable the option of sending notifications to users when they have new
messages in the quarantine.
10-17
Chapter 11: Antivirus
The antivirus engine provides users with an automatic antivirus check when
downloading files. It is also possible to scan mail messages during the download and, if
a virus is detected, send them to quarantine, clean them and/or tag them.
This section describes the configuration options for the Antivirus service. This service
allows you to define filtering policies to manage virus threats for Web/WAP and
Antispam traffic. This section comprises of following sub-sections: Filtering Policies,
Profiles, Quarantine, Reports and Advanced Configuration.
Filtering Policies
Figure 11-1: Antivirus
Policies but with the difference that only Antivirus policies are enabled (blue
Antivirus policies creation and priority modification.
11-1
Figure 11-2: Antivirus policies: Status
parameters:


Service
Antivirus
Both source and
destination
11-2
Valid Conditions
 IPs or IP Ranges (Web, Smtp.in, Smtp.out)
 Users (Antivirus web)
 Mail Domains (smtp.in, POP, Smtp.out)
Mail Addresses (smtp.in, pop, smtp.out)

Antivirus profiles)

possibilities depend on the Protocol of the Profile selected:
Figure 11-3: Antivirus policies: Web/WAP Actions
o
Web/WAP:

Block: blocks the download of the requested file.

Bypass: allows the download of the requested file,
despite of being infected.
.
11-3
Figure 11-4: Antivirus policies: Mail Actions
o

Mail:


Block: blocks the message, deleting it completely.

Bypass: ignores the presence of a virus and
delivers the message to the original addressee.

Tag Message: adds a label to the message as a
prefix in the subject, replacing the subject, in the
message’s body or replaces the message with the
label and adds the message as attachment.
11-4
Profiles
In this section it is possible to create, edit and delete the profiles used to define Antivirus
policies. A profile is comprised of a single condition: its protocol.
Figure 11-5: Antivirus profiles
protocol.
Quarantine
Mail Quarantine
The Quarantine module is used to store, display and unblock the messages that are
infected with virus, and sent to Quarantine by the filtering policies.
11-5
Figure 11-6: Antivirus quarantine
Available operations over selected e-mails are:

Unblock: Selected emails are delivered.

Delete: Selected emails are removed.
Figure 11-7: Antivirus Quarantine: Search
It is also possible to search messages using various selection criteria.
11-6

Time frame: Date range the messages were sent.

Sender: EXACT Search. Valid formats:
o
name@domain
o
ip@domain
o
@domain  All emails for that domain will be returned.

Subject: Type a substring to be found anywhere as part of the
subject.

Also indicate the number of Records to show (per page) and the
order criteria:
o
By Sender or
o
By Receiver or
o
By Subject or
o
By Date Sent
Reports
Service Reports
This section allows you to set the preferences for creating reports about the viruses
detected in clients’ systems. You can set various parameters to create the desired report
depending on the service they are referring to. If the Reporter is using Web/Wap filter
data, the parameters to configure are the same as the ones described in Chapter 6:
Web/WAP Reports. On the other hand if the Reporter is using Antispam logs, then the
parameters are as described in Chapter 10: Antispam In Reports.
11-7
Figure 11-8: Antivirus Reports
Monitor Reports
11-8
Figure 11-9: Antivirus Monitor Reports
11-9
Figure 11-10: Antivirus Advanced Configuration
In this section you can design mail footers and notification messages for several
situations:

The attachment of an e-mail has been scanned and is safe to open.

The attachment of an e-mail is infected and is not safe to open.

Notification for the sender of an infected MMS message that has
not been delivered.
Apart from the content of the notification messages, you can also specify how often
users will receive notifications of deleted or quarantined messages.
11-10
Chapter 12: Firewall
This section describes the configuration options for the Firewall service. This service
allows you to define filtering policies to manage traffic based on bandwidth, protocols
and ports. This section comprises of the following sub-sections: Filtering Policies,
Profiles, VoIP, IM & P2p, Custom Services, QoS & Bandwidth Mgmt, Routing and
Reports.
Filtering Policies
Figure 12-1: Firewall
This screen displays similar information to the one described in in Chapter 1: Filtering
Policies but with the difference that only Firewall policies are enabled (blue
Firewall policies creation and priority modification.
12-1
Figure 12-2: Firewall policies: Status
parameters:


Service
Firewall
Both source and
destination
12-2
Valid Conditions
 VLAN Ids
 MAC Addresses

Firewall profiles)
Figure 12-3: Firewall policies: Actions
12-3


possibilities are:
o
Bypass: allows the connection.
o
Drop: drops the connection.
o
Reject: rejects the connection.
o
Bandwidth Management: sets a limit to the connection
rate for a given IP or Client.
o
QoS (Quality of Service): tags packets to prioritize traffic
with the criteria: Best Effort, Class 1-4 and Express
Forwarding.
o
Route to: this action will only be available in Router
deployment mode. Establishes a route for this particular
type of traffic by setting the following parameters:

Outgoing Interface: the interface used to route
the traffic

Gateway: the gateway that should be accessed

Metric: a value that will set the global routing
priority of the rule
Profiles
In this section it is possible to create, edit and delete the profiles used to define Firewall
policies. Each profile is comprised of a condition: services.
12-4
Figure 12-4: Firewall profiles
12-5

12-6
Services: It is possible to select from a range of services:
o
Web: HTTP, HTTPS
o
File Transfer: FTP, Gopher, WAIS, TFTP, UUCP
o
E-mail:

Applications: Lotus Notes, Microsoft HTTPMail

Protocols: SMTP, IMAP, POP3
o
P2P: Gnutella (Morpheus, LimeWare…), FastTrack
(Kazaa, iMesh…), Edonkey (Emule),Hotline Connect,
BitTorrent, WinMX, Ares, DirectConnect, Qnext,
Hamachi, FolderShare, ClubBox, BoxCloud, Pando,
Damaka, Giga Tribe, Onshare, Zultrax, VUZE
o
Streaming: Windows Media, RTSP Qtime, RealPlayer…,
iTunes, SHOUTcast, JetCast, Google Video, PeerCast,
AOL Radio, Raudio (PNA), VDOLive
o
Instant Messaging: MSN Messenger, Yahoo! Messenger,
AIM ,ICQ, Google Talk, Gmail Chat, Jabber, MIRC,
Tencent QQ, Gadu-Gadu, Camfrog, Paltalk, Eyeball Chat,
Wengo, Netease Popo, NateOn, Neos, Meetro, My Space
IM
o
VoIP:

Applications: Skype, NetMeeting, Talk

Protocols: SIP, SCCP, H323, MGCP
o
Chat: IRC
o
News Group: NNTP
o
Anonymizer: Hopster, GhostSurf, Google Web
Accelerator, Tor, RealTunnel, JAP, Your Freedom,
Toonel, SocksOnline, TotalRC
o
Remote Desktop:

Applications:
Telnet,
Rlogin,
Syslog,
PCAnywhere, VNC, Terminal Services, LogMeIn,
MyIVO, SoonR, WinRemotePC, Winframe, XWindows

Protocols: PPTP, L2TP, GRE, SSH, ONC-RPC,
REXEC, RSH, Winframe
o
Database: SQL Net
o
Network Services:

Applications: Daytime, Timestamp, Ping, Finger,
Ident, Open Windows, NFS

Protocols: SOCKS 5, LDAP,
SMB/Samba, LPR, SNMP
NTP,
NFS,
o
Games: Second Life, Quake
o
Others: Protocols: TCP, UDP, ICMP, BGP, OSPF, RIP,
AH, DHCP, DNS, ESP, IKE
o
Custom defined: It is also possible to block protocols
defined by the administrator (see Custom Services section
in this Chapter).
Note: When selecting an application, the solution may automatically select one or more
protocols used by this application. This could imply the selection of more applications.
VoIP, IM & P2P
This screen is the same as Profiles screen but with only the following protocols:

VoIP

Instant Messaging

P2P
Figure 12-5: Firewall VoIP, IM and P2P
12-7
Custom Services
Use this screen to define your own services. The top left frame displays the services that
you have already created. The top right frame shows the details of any selected service.
You can edit or create a new service by clicking on Edit or New.
You can create a service by defining a number of parameters. First assign a Name to
identify the new service. You can then define the range of ports and type of protocol
used by the service. This is useful when the service uses always the same ports.
Otherwise, if the service changes the port used by communication, you may use the
advanced options to define patterns that could identify a packet as belonging to a given
service.
Warning: The creation of pattern based services may lead to over-blocking.
Figure 12-6: Firewall Custom Services
12-8
QoS & Bandwidh Management
Figure 12-7: Firewall QoS Bandwidth Management
This screen gives an overview of the Bandwidth Management and QoS policies in
place. In addition to edition and deletion of policies, this screen allows new Firewall
policies creation and priority modification. For more information, review Filtering
Policies in this Chapter.
Routing
Note: This section will only be available when the Solution is installed in router mode.
Routing Policies
This screen displays all static routing policies in place. In addition to edition and
deletion of policies, this screen allows new routing policies creation and priority
modification.
12-9
Figure 12-8: Routing Policies
Static Routing Table
In this screen you can create, edit and delete static routes. These routes will govern
incoming traffic and will also be propagated to BGP neighbors.
Figure 12-9: Firewall Static Routing Table
12-10
When creating or editing a policy, the following frame is shown:
Figure 12-10: Firewall new route
As shown in the image, to set a new routing rule, you must enter a route name,
destination network, gateway, interface and metric.
Dynamic Routing Table
Figure 12-11: Firewall Dynamic Routing Table
This table lists the routes learned through dynamic routing protocols.
Dynamic Routing Settings
BGP: In this section it is possible to configure the Border Gate Protocol (BGP).
12-11
Figure 12-12: Firewall Dynamic Routing Settings
You can configure the following parameters:

Status: Enable or disable the service with this option.

BGP Identifier: the IP address with which the BGP router is
identified, that is, the IP address the neighboring routers will
connect to using BGP.

BGP Local AS (Autonomous System) ID: the ID number of the
autonomous system that the BGP belongs to.

Interfaces: the
communication.
interfaces
that
will
be
used
for
BGP
Figure 12-13: Firewall Edit Network
In the Neighbors box, you can add, edit or delete neighboring routers. When you click
on New or Edit the following box will be displayed:
12-12
Figure 12-14: Firewall Edit Neighbor
Here you can configure the following parameters for each neighbor:

Status: use this option to temporarily remove a router from BGP
conversation.

Neighbor name: Set an internal name, which will only be used to
identify the router being configured in the GUI and in the
CCOTTA logs.

Neighbor IP address: IP address of the router that will
communicate with CCOTTA/BGP. Its MAC must be reachable
from the interface configured in the Interfaces field.

Neighbor AS ID: ID number of the autonomous system that the
neighboring router being configured belongs to.

TCP port (Default: 179): enables a port other than 179 to be used
for communication with neighboring routers.

BGP HoldTime (Recommended: 180): sets the HoldTime
(IMPORTANT: bear in mind that keepalive messages will be set to
1/3 of this value).

BGP-Update Origin Attribute (Recommended: 0): sets the
source attribute. CCOTTA/BGP does not apply logic to this value;
it will only form the packet with the value set here.

BGP-Update Local Pref Attribute (Recommended: 255):
metric of the IPs to be published.
the
12-13

Community: this combo is used to configure the propagation
attribute, commonly used to avoid loops.
Reports
Service Reports
This section allows you to set the preferences for creating reports about the connections
requested by clients, indicating whether or not these connections were allowed or
blocked. You can set various parameters to create the desired report:

Accesses: The total number of connections that were allowed.

Blocks: The total number of connections that were blocked by the
filter.

Requests: The total number of connections, allowed and blocked,
that meet the conditions of the report.
Figure 12-15: Firewall Service Reports
12-14

grouped by Source IP, and then further grouped by Protocol. So,
in the report, the results are broken down by Source IP, and within
each Source IP group, the results are sorted by Protocol.

12-15

Time Frame



Number of records

Monitor Reports
Figure 12-16: Firewall Monitor Reports
12-16
Chapter 13: Reporter
The OST incorporates a report-generating tool capable of showing all data related to
requests analyzed and registered by the OST according to the configuration set by the
administrator.
These are the main features of the tool:

It does not rely on any external database platform, so no costly
database management system such as Oracle or MS SqlServer is
required.

It is based on a log and index compacting system, which performs
searches on all available data quickly and efficiently, taking up
minimum disk space.

The system for defining the reports to be generated, based on
configurable templates, is highly intuitive and flexible, allowing a
large variety of different reports to be generated easily.

It can be scheduled to generate reports automatically at any time,
freeing the administrator to continue with other tasks.

It can be installed on the same machine as the filter or on an
independent machine, thus preventing report generation from
influencing the performance of the filter.

The report tool can receive information from one or several local
or remote filters.
Report Templates
Optenet’s OST provides a list of templates to be used in the generation of the most
common reports.
Those templates are organized in groups or families:
13-1
13-2

Global Use Reports: General purpose reports.

Monitoring reports: Reports oriented to monitor the correct
activity of the Solution (warnings, informative messages, errors etc
raised by the different modules included as part of the Solution).

Web Filter Reports: Reports related to Web/wap filtering service
(when available).

AntiSpam.In Reports: Reports related to incoming AntiSpam
filtering Service (when available)

AntiSpam.out Reports: Reports related to outgoing AntiSpam
filtering Service (when available)

Antivirus Reports: Reports related to Antivirus filtering service
(web and/or mail, when available).

Application Manager Reports: Reports related to Firewall
protection service (when available).

Automatic Notices Reports: Reports related to AutoNotices
redirection service (when available)

AntiPhishing Reports: Reports related to Antiphishing filtering
Service (web and/or mail, when available).

Auditing: Reports for monitoring and control the use of the OST
interface.

Favorite Reports: this family groups all those templates / queries
being saved by administrator for future use.
Figure 13-1: Report Templates
The generation of reports provided by OST will be based on:

Execution of pre-defined templates (commonly-used queries,
provided as part of the solution).

Execution of guided queries (selecting the type of information to
be calculated, grouping criteria, filtering criteria, time period etc).
These queries can be saved as user templates for future use.

Both, predefined templates and user-defined templates can be
scheduled to be executed periodically (and optionally emailed to a
distribution list).
See Programmed Reports Section.

Repositories to be used:
o
By default, current repositories are being used.
o
It will be possible to specify an alternative path (for
instance, enabling the use of old repositories moved as a
backup to a different location – a different server and/or
disk-).
The information stored as a report template (or basic information required to execute an
individual query) must be the following:
13-3
Concept
Comments
Report Type
Report type to be obtained:

Monitor report (using raw logs). Detailed log activity will be shown.

Accumulated Reports: Using accumulated repositories (enabling the use of grouping criteria, summarized
information etc).
Data Source Selection
Report From: Combo Box where the data source must be selected.
Queries will be oriented to a given Service, having each service (usually) an only dedicated Data Source.
Select any of the following data sources:

Internal

In order to execute queries related to verify the correct functioning of the Solution.

Content Filter.

Service web/wap (web filtering activity)

Antivirus Web

Service Antivirus (antivirus web filtering activity)

Antivirus Mail

Service Antivirus (antivirus mail filtering activity)

SMTPFilter In

Service AntiSpam.in (incoming AntiSpam filtering activity)

SMTPFilter Out

Service AntiSpam.in (outgoing AntiSpam filtering activity)

AntiPhishing Web.

Service AntiPhishing (web phishing filtering activity).

AntiPhishing Mail

Service AntiPhishing (mail phishing filtering activity).

Firewall

Service Firewall (Firewall filtering activity).

FTP Proxy

Service FTP Proxy (FTP filtering activity).

AutoNotices

Service AutoNotices (Redirections due to AutoNotices policies).

AdsFree

Service Adsfree (ads and banners blocked due to filtering policies)

Performance

Reports related to Solution performance

Traffic

Reports related to download and upload traffic by Client, IP etc.

Logons

Reports related to Logons/Logout in the solution

Master Entities

Reports related to changes in the Master Entities (Policies, Profiles, Source&Destination and
Schedules)

User Management

Reports related to users (new, edit, delete users)

BGP

Reports related to BGP
Calculated Field
Only available in reports using accumulated repositories:
Depending on selected Data Source, a Combo Box (Type) will be fulfilled with available calculated fields:

Data Computing
See complete list of available calculated fields per data Source later in this document.
Combo “Data Computing”: Select how the calculated field has to be shown:

Totals
13-4
Concept
Comments

Time Period
Group Criteria
Ratio
Select any of the following time periods to be considered:

Predefined time periods:

Today: From Today 00:00 h - Now

Yesterday : From Yesterday 00:00 h – Yesterday 23:59

Last Week  Previous week (natural week):

Monday 00:00h – Sunday 23:59h

If [Sunday] is being configured as first day of the week: Sunday 00:00h – Sat 23:59

Last Month  Previous month (natural month)

Previous Month, Day 1, 0:00 h – Previous Month, Last day, 23:59

Custom Dates: The user will be able to establish a free range of dates:

From Date (dd/mm/yyyy hh:mm)

To Date (dd/mm/yyyy hh:mm)
Criteria to be used to group information. Available fields will depend on selected data source and the type of information
to be calculated.

See complete list of available fields to be used as grouping criteria per Data Source, later in this document.
Example: Blocks (web/wap Service), grouped by Web Category.
This would show a report grouping the number of blocks due to porn pages, press, Social Networks etc.
Subgroup Criteria
It will be possible to establish a second level to group calculated information. Restrictions:

Results Order
Format (table or chart
type)
Records to Show
Grouping criteria (grouping field) and subgrouping criteria (subgrouping field) cannot be the same.
Example: Blocks (web/wap Service), grouped by Day and subgrouped by Web Category
This would show a report grouping the number of blocks by day, and within each day, by Category.

Ascending | Descending.
It will be possible to select the format to represent the information

Table
or

Chart

Pie Chart

Columns

Lines
Number of results to be shown in the report (top n records / groups):
The number will vary depending on the representation type.

For tables  10 | 20 | 50 | 100 | 200 | 500 | 1000 | 2000 | 5000 records

For charts  10 | 20 | 50
Advanced filtering
criteria
Optionally, additional conditions can be established to limit the universe to be considered.



The available fields to be used to set additional conditions will vary depending on selected data source
Occasionally they can also vary depending on the selected field to be calculated (Combo Box “Type”).
See complete list of available fields to be used as filtering conditions later in this document.
It will be possible to establish more than a value for a given filtering field (comma separated values).
It will be possible to deny any given condition.
13-5
Steps to execute a report


Using a Template:
o
Select a report template from the treeview on the left.
o
The template will be loaded on the different controls on
the right.
o
Change any required value (time range, grouping criteria
etc).
o
Change the default representation format if required (chart
type etc).
o
Click on [View] button. The report will be shown on a
separate browser window.
Specifying a query from scratch:
o
13-6
Select the type of report:

Check [Monitor] for detailed reports based on raw
logs.

Keep
it
unchecked
(default)
accumulated/summarized reports.
for
o
Select Data Source (Combo Box [Report From:])
o
Select the field to be calculated (Combo Box [Type :]).
o
Select Grouping criteria (Combo Box [Grouped by:])
o
Select Subgrouping criteria (Combo Box [Subgrouped by
:]). Optional.
o
Select Format, table or chart type (Combo Box [Format :]).
o
Select Data Computing Type, totals or ratio (Combo Box
[Data Computing :]).
o
Select the number of records / items to be considered
(Combo Box [Max.Records to show :]).
o
Check “Use Selection Criteria” if any additional condition
has to be established to restrict the results. A new section
will be shown enabling the introduction of values for
selection fields.
o
Click on [View] button to execute the query. The report
will be shown on a separate browser window.
o
Feel free to save the template for future (by clicking on
[Save] button). In case of new template, a template name
must be entered.
Figure 13-2: Report Details
Steps to execute a Report (Performance Reports)
OST stores counters related to appliance CPU use, Memory Use and Traffic managed
by the different filtering modules / appliances where they are installed, enabling a fine
tuning of the deployed architecture.
13-7
Figure 13-3: Performance Report
In case “Performance” is selected as data source:
13-8


Combo Box “Type” (available calculated fields) will be refreshed
with the following values:
o
CPU: (% CPU usage).
o
Memory: (% Memory usage)
o
Traffic: (Traffic in bytes managed by the different
appliances/eths)
Depending on selected value, some other restrictions can be
established (in order to define queries with different levels of
granularity):
o
% CPU and % Memory usage:
o
Granularity 1: Appliance (all appliances or a given
appliance).
o

Granularity 2: Module (all filtering modules or a
given filtering module).

Granularity 3: If a given filtering module has been
selected: All module instances or a given instance.
Traffic:

Granularity 1: Appliance (all appliances or a given
appliance).

Granularity 2: Adapter/Eths (all eths or a given
eth).
If CPU or Memory is being selected, two extra combos are shown
in order to establish additional conditions to optionally select a
host (appliance) and/or Module (filtering module)
o


If case a specific filtering module is selected, an additional
combo will be shown so that the selection of a given
filtering module instance can be established.
If Traffic is being selected, two extra combos are shown in order to
establish additional conditions to optionally select a host
(appliance) and/or adapter (eth):
As a summary, this is the table of possible queries to be executed:
Calculated field Host
Module
% CPU | % Memory
All
All
Module instance
-
Comments
Global % CPU or % Memory usage,
grouped by specified grouping criteria
(Hours, days, host, module, module
type)
13-9
Calculated field Host
Module
% CPU | % Memory
<Module Name>
% CPU | % Memory
% CPU | % Memory
All
All
Module instance
-
Global % CPU or % Memory used by
that filtering module, grouped by
specified grouping criteria (Hours,
days, host, module instance)
<Module Name> < Module Instance Name>
-
Comments
Example: %CPU used by WebFilter
Module.
that filtering module instance, grouped
by specified grouping criteria (Hours,
days, host, module instance)
Example: %CPU used by instance
WF01 of WebFilter Module.
all filtering modules running on
selected appliance grouped by
specified grouping criteria (Hours,
days, Module type, module instance)
< appliance
Name>
All
Calculated field
Host
Adapter
Comments
Traffic
All
All
<Appliance
Name>
<Appliance
Name>
All
Traffic managed by all appliances, all eths, grouped by selected
grouping criteria (Hours, days, host, adapter)
Traffic managed by selected appliance, all eths, grouped by selected
grouping criteria (Hours, days, adapter)
Traffic managed by selected eth of selected appliance, grouped by
selected grouping criteria (Hours, days)
Etc
<Ethx>
Etc
Report Results
Once a report template is selected and executed (or a query is executed) a new browser
window is opened showing the results of the report. Cases:
13-10
Report. Table Format. Single Grouping criteria
Figure 13-4: Report Table format
The following columns will be shown as part of the table:

Field indicated as grouping criteria (Category in previous
example).

Selected Calculated field (Blocks in previous example).
o
Format: Will vary depending on field type:

Blocks, Accesses, Requests: Numeric values

Navigation Time: Time in seconds. Information
will be formatted to “d days, hh:mm:ss”

Size, Upload Bytes, Download bytes etc: Size in
bytes. Information will be formatted to Kb, MB or
GB according to represented value.
Note: Notice that each summarized record has an associated button, that grants the access
to the detailed raw records (detailed information) that contributed to that given calculated
record
13-11
Figure 13-5: Report Details
Reports. Table Format. Two-level Grouping criteria
In case a subgrouping criterion has been established, tabular information is being shown
in this other format:
13-12
Figure 13-6: Report Table format: Two level Grouping criteria
The report is similar to the one previously described (the one with an only field as
grouping criteria). This report includes the following differences:
13-13

First column: Fields indicated as grouping/Subgrouping criterion
(Category/Uri in previous example).

For each grouped item:
o
A record is being shown indicating its name and
cardinality.
o
A record for each combination (<Grouped item value>,
<Subgrouped item value>).
Previous example would be the result of requesting a Content filter (web/wap service),
grouped by Web page Category and subgrouped by Uri.
Report in Chart Format (Columns). Single Grouping criteria
Figure 13-7: Report Chart format (Columns)

Grouping criteria is being shown as chart title (“Group Criteria:
Category” in previous example).

X Axis: Values taken by the field indicated as grouping criteria.

Y Axis: Cardinality.
In case any literal has been truncated (might occur for long values), move the mouse
over the chart items and a tooltip will be shown with the complete value and cardinality:
13-14

On the right of the chart, same information is being summarized in
table format.
Report in Chart Format (Lines). Single Grouping criteria
Figure 13-8: Report Chart format (Lines)

Identical to Columns Chart described previously, using this time a
lines chart as format.
Report in Chart Format (Pie Chart). Single Grouping criteria
Figure 13-9: Report Chart format (Pie chart)
13-15

Pie chart representation

Each sector shows the % that represents

To improve legibility, no other values are printed over chart
sectors, being all required information shown in the table on the
right.
Report in Chart Format. Two-level Grouping criteria

Similar to the ones described previously.

Different charts are being displayed:
o
A chart with summarized information (Level 1 – Grouped
by field)
o
For each level 1 value:

A chart with its distribution broken down by
(Level 2 – Subgrouped by field) values.
Example: Blocks (AntiSpam.in filter), grouped by Days and Recipient:
Figure 13-10: Report Chart format: Report criteria
13-16
Figure 13-11: Report Chart format: Two-level Grouping criteria
Drill – Down Capabilities
Drill-down reports are a powerful tool that enables the user to move from summary
information to a deeper and detailed level of information. That is, interactively select
some item from a summary and display the data that contributed to that item, broken
down by some extra parameter.
Each iteration restricts more and more the universe being studied so drill-down reports
are specially designed to perform occasional researches.
For example, it will be possible to request the top blocked web categories during the last
seven days, and later going deeper and segment any category by other criteria (IP of the
requester, applied blocking policy, URIs etc).
13-17
Warning: Drill down operations can only be applied in case no subgrouping conditions
have been established
In order to execute a drill-down report, follow these steps:

Type a query or select a report template (remember not to select
any field as subgrouping criteria).

Select a Chart Format (columns or Lines or Pie)

Press [View] button to generate the report. First representation of
the chart will be shown.

Whenever you right-click on an item on the chart, a popup menu
will be shown to enable the establishment of additional criteria to
restrict the universe of the report. Obviously, the fields listed to
establish additional criteria will depend on the selected data
source.
Figure 13-12: Report Drill-Down Capabilities
13-18

Each time a new segmentation criteria is chosen (from the pop-up
menu), the chart will be refreshed, splitting the selected item
according to the new segmentation criteria. Notice that:
o
The contextual menu includes an additional entry
[Detailed logs] that provides access to the tabular detailed
information taken from raw logs.
o
A table on the right of the chart displays the list of
conditions applied so far:
Figure 13-13: Report chart conditions
In this example, information was initially grouped by
Webpage category and Char 1 was shown:


First segmentation: “WebMail” Category item was
selected, and on the contextual menu, a
segmentation by Client ID was requested  Chart
2 was shown.

Second segmentation: Client “123” was selected,
and on the contextual menu, a segmentation by
File Type was requested  Chart 3 was shown.

Third segmentation: “Zip” File type item was
selected, and on the contextual menu, a
segmentation by any other criteria was requested
 Chart 4 was shown
To navigate back to any previous segmentation situation, you just
need to uncheck the latest segmentation condition on the list, and
previous chart will be reloaded.
Exporting Reports
OST enables the exportation of reports to any of the following formats:
13-19

PDF (table reports only)

CSV (table reports only)

HTML (table and chart reports)
Programmed Reports
OST enables the scheduling of any report template (System predefined templates and/or
user-defined standard templates). Scheduled reports can be sent (Via e-mail) to a
distribution list (configured for each report).
Figure 13-14: Programmed Reports
Available report templates are displayed in the upper list. Notice the column that
indicates if the generation of periodical reports (using the template) has been scheduled
or not.
In order to Schedule a report (or update any parameter of the scheduling) follow these
steps:

13-20
Select a report template from the list. Click on [Schedule] button.
Notice that in case the report already had been scheduled,
scheduling parameters will be shown.
Figure 13-15: Programmed report configuration
Sections:
13-21

Report Details:
o


Type the date and hour when the report has to be executed
for the first time.
Scheduled Information. Choose the criteria to be used for
periodical execution:
o
Execute only once
o
Daily execution
o
Weekly execution (a given day of the week)
o
Monthly execution (a given day of the month)
Mail Receivers.
o
The address of the sender
o
The addressees for the emails with the scheduled
executions of the report.
At the bottom of the screen there is a list of previous executions of the chosen report.
Any previous execution can be selected, so that the report can be reopened.
In order to unschedule a given report (stop its programmed execution), select it from the
upper list and click on [Unschedule] button.
13-22
Chapter 14: Appendices
14-1
Appendix A: Monitoring Messages
Description
This section describes the warning, serious error and alarm/critical error messages that
OST may use to prompt the administrator. The message code is shown together with a
brief description. The description is a pattern than can contain “%s” strings that will be
replaced by a string when a module generates a message. It can also contain “%d”
strings that will be replaced by a number.
Critical Events
1
Unable to load %s. Exiting program
This error is produced when an Operation module cannot load a critical resource. Without it, the program
must exit. The parameter is the critical resource name. Check that this resource exists and that the module
has rights to access it.
Modules: All
2
Unable to reload %s. Exiting program.
This error is produced when an Operation module cannot reload a critical resource. Without it, the program
must exit. The parameter is the critical resource name. Check that this resource exists and that the module
has rights to access it.
Modules: LIB, PM, AS, WF, RD
3
Unable to start %s. Exiting program.
This error is produced when an Operation module cannot start some critical subprocesses (e.g. threads).
Without them, the program must exit. Check that the server has enough resources (disk space, RAM,
available socket descriptors).
Modeules: All
4
Unable to start up MFC's. Exiting program
This error is produced when an Operation module cannot start MFC´s library. Without these objects,
windows sockets do not work and the program must exit. Only for Windows OS.
Modules: WF
5
Thread %s throws an exception that cannot be caught.
This error is produced when a thread launches an exception the program does not catch. An uncaught
exception is a critical error. The parameter is the name or the number of the thread.
Modules: WF
6
Unable to get install directory. Exiting program.
This error is produced when an Operation module cannot ask for its install directory. Without this
parameter, the program does not work properly and must exit.
14-2
Modules: PM, CM, WF, RM
7
Unable to check program license. Exiting program
This error is produced when an Operation module cannot check its license against remote license servers.
Modules: CT, CM, AS, WF, RM
8
Invalid SOAP Port: %d. Exiting program.
Some Operation modules need a SOAP communication channel. This error appears when the configured
port cannot be used or it is busy. The parameter is the port number. Check that no other application is using
that port or change the port number in the configuration files.
Modules: CT
9
%s signal received. %s
This error appears when an external signal is received by the program. The first parameter is the signal
received and the second is the description of that signal.
Modules: CT, CM
10
Unable to set %s service %s. Exiting program.
The process cannot run as a service due to some reason (access denied, invalid name, invalid parameter,
service already exist…)
Only in case of PC-Windows version.
Modules: PM, WS
11
Unable to get %s port. Exiting program.
This error appears when the configured server port cannot be used or is busy, for example. The parameter is
the port number or the interface name that uses that port. Check that no other application is using that port
or change the port number in the configuration files.
Modules: AS
12
Unable to get %s. Exiting program
This error is produced when an Operation module cannot reload a critical resource (a parameter, a
configuration value, etc.). Without it, the program must exit. The parameter is the critical resource name.
Modules: WF
13
Wrong transaction. Please restart the program.
Only in case of PC-Windows version.
Modules: QR
14
Unable to treat unhandled exception. Exiting program.
Error during module starts when the module cannot create the service and the exception cannot be handled.
Modules: AS, PM
15
Unable to restore last backup: %s. Exiting program
This error appears when a backup operation fails. The program must exit. The parameter is the backup file
name. Check this backup file exists and that the module has rights to access it.
Deprecated
14-3
16
Invalid OPTENET License %s, the Internet connection may be cut, please contact %s to renew it!
This error appears when there is no internet connection to check the license or when the solution is not
configured as a ISP or Enterprise solution
Modules: WF, CM
17
Invalid OPTENET License %s, Optenet products will not work, please contact %s to renew it!
This error appears when the License Check failed for more than 180 times.
Modules: CM
18
OPTENET License %s warning, %s, please contact %s to renew it!
This error appears when the License Check fails.
Modules: CM
19
Unable to create %s. Exiting program
CCOTTA module cannot create the number of files descriptors (256)
Modules: CT
20
%s is too old. %s must be updated. Exiting program
Deprecated
21
%s consolidation error
Deprecated
22
Master doesn't respond to heartbeats. Backup activated.
Deprecated
23
FATAL: no OptenetWebFilter running. Do /etc/init.d/optenetOF restart ( or equivalent). If not working,
check OptenetWebFilter's log.
Deprecated
24
Interface %s is just used by the operating system. Exiting program.
Appears when CCOTTA cannot use the network interface to start up the bridge because it is already in use.
Modules: CT
25
The bridge %s is using more than one CCOTTA's interfaces. Exiting program.
This error appears when there is more than one bridge with the same network interface configured. To solve
this, review CCOTTA configuration and use a different network interface for each bridge.
Modules: CT
26
%1 No Servers are available
Deprecated
27
%1 There are no configured Servers
Deprecated
28
%1 There are no configured Primary Servers
Deprecated
14-4
29
Module health check failed: cavium bypass triggered at %s
Modules: CT
30
Thread %1 stalled for %2 milliseconds
Modules: CT
31
Processing %s queue is full for the last %d seconds
Modules: CT
32
This module is not compatible with %s. Exiting program
Modules: CT
Error Events
501
Cannot open %s file
This error appears when the program cannot open a file. This event stops the program working properly. The
parameter is the file name. Check this file exists and the module has rights to access it.
Modules: CT, CM, AS, QR, RD, RM
502
Cannot close %s file
This error appears when the program cannot close a file. This event stops the program working properly. The
parameter is the file name. Check this file exists and the module has rights to write it.
Modules: AS
503
Cannot create %s file.
This error appears when the program cannot create a new file. This event stops the program working
properly. The parameter is the file name. Check this file exists and the module has rights to create it.
Modules: CM
504
Cannot load %s file
This error appears when the program cannot load a file. This event stops the program working properly. The
parameter is the file name. Check this file exists and the module has rights to read it.
Modules: CM, AS, WF
505
Cannot read at %s file
This error appears when the program cannot read a file. This event stops the program working properly. The
parameter is the file name. Check this file exists and the module has rights to read it.
Modules: CT, AS, QR, RD
506
Cannot write at %s file
This error appears when the program cannot write in a file. This event stops the program working properly.
The parameter is the file name. Check this file exists and the module has rights to write it.
Modules: CT, CM, AS, RD
507
Bad content in %s file
14-5
This error appears when the program expects different content from a file. This event stops the program
working properly. The parameter is the file name. Check that this file exists, the module has rights to read it
and it is not corrupt.
Modules: CM, AS,
508
Unable to find %s file
This error appears when the program cannot find a file on the disk. This event stops the program working
properly. The parameter is the file name. Check this file exists and the module has rights to read it
Modules: PM
509
Cannot parse line at %s file correctly. Ignoring data.
This error appears when the program cannot understand a line in a file. The program will ignore the line, but
it can stop the program working properly. The parameter is the file name. Check file content and syntax of
the line.
Deprecated
510
Cannot parse line at %s file correctly. Bad field: %s.
This error appears when the program cannot understand a line in a file because it contains an incorrect field.
The program will ignore the line, but it can stop the program working properly. The first parameter is the file
name and the second is the bad field data name. Check file content and syntax of the field in the line.
Deprecated
511
Cannot save data correctly at %s file
This error appears when the program cannot save data in a file. It can stop the program working properly.
The parameter is th e file name. Check this file exists and the module has rights to write it.
Modules: AS
512
Cannot reload %s file
This error appears when the program cannot reload data from a file. It can stop the program working
properly. The parameter is the file name. Check this file exists and the module has rights to read it.
Deprecated
513
Error appending line in %s file, line: %s.
This error appears when the module cannot add a line to a file used for caching results (LDAP users for CM or
antispam analysis results for AS for instance)
Modules: CM, AS
514
Corrupted line: [%s] %s, in file %s.
This error appears when the module cannot read a line from a caching file (LDAP users for CM or antispam
analysis results for AS for instance). This line from the file will be ignored.
Moduels: CM, AS
515
Bad line length in %s file, line: %s.
This error appears when the module read a line from a caching file which is shorter than it should be. This
line from the file will be ignored.
Modules: CM, AS
516
14-6
Bad key in %s file, line: %s.
This error appears when the key read from a caching file which is not properly written (it should be Hex digit
key). This line from the file will be ignored.
Modules: CM, AS
517
Bad key or line length in %s file, line: %s.
This error appears when the key read from a caching file which is as long as it should be (32). This line from
the file will be ignored.
Modules: CM, AS
518
Bad line length reading timestamp in %s file, line: %s.
This error appears when the module cannot read a timestamp from a caching file. This line from the file will
be ignored.
Modules: CM, AS
519
Couldn't open file (%s) for writing.
This error appears when the module cannot open the caching file for writing.
Modules: CM, AS
520
Error encoding file (%s) for writing.
This error appears when writing the caching file, the line to write cannot be enconded.
Modules: CM, AS
521
Error renaming file (%s) to (%s).
This error appears when the caching file cannot be renamed
Modules: CM, AS
522
Cannot truncate %s file in %s bytes
Deprecated
523
Cannot get %s file size
Deprecated
524
Cannot erase file %s: %s
Deprecated
525
Path size %s is higher than max allowed %s
Deprecated
526
Error on stat(%s):%s.
Deprecated
527
Cannot open %s directory. Check filesystem and permissions
Deprecated
528
Memory pool: malloc required of size %s but ChunkSize=%s
Deprecated
14-7
529
Memory pool: no free one
Deprecated
530
Very unclear case, surely due to previous crash, or shortage of electricity : %s%s
Deprecated
531
Memory pool: bad alloc(%s):%s
Deprecated
532
Failed to consolidate database %s into %s.
This appears when there is an error while calculating the accumulated data for one log.
Modules: RM
533
Failed to add %s - %s to memory database.
Deprecated
534
Failed to add record to dynamic database '%s'.
This appears when there is an error while trying to add new records to the accumulated data for one log.
Modules: RM
535
Failed to add record to table %s of memory database.
Deprecated
536
Failed to add value '%s' to dynamic database '%s'.
This appears when there is an error while trying to add a new value to the accumulated data for one log.
Modules: RM
537
Failed to accumulate backup database %s into %s.
This appears when there is an error while trying to accumulate the backup database.
Modules: RM
538
Failed to create dynamic database %s.
This appears when trying to create a new database of accumulated data.
Modules: RM
539
Failed to create static database %s.
This appears when trying to create a new static database of accumulated data.
Modules: RM
540
Failed to check integrity of just accumulated database %s.
This appears when trying to open an accumulated database.
Modules: RM
541
Failed to dump accumulation to static database %s.
This appears when trying add new register to the accumulated database
14-8
Modules: RM
542
Failed to dump static database %s.
This appears when trying add new register to the database
Modules: RM
543
Failed to flush dynamic database %s.
If it wasn’t posible to flush the dynamic database
Modules: RM
544
Failed to get %s value cursor from database %s.
Fails if it was not posible to get the cursor from a database while creating a report
Modules: RM
545
Failed to get next %s value from database %s.
Fails if it was not posible to get a value from a database while creating a report
Modules: RM
546
Failed to get next record from table %s from database %s.
Fails if it was not posible to get the next record cursor from a database while creating a report
Modules: RM
547
Failed to get table %s record cursor from database %s.
Fails if it was not posible to get the cursor from a table from a database while creating a report
Modules: RM
548
Failed to open static database %s.
It was not possible to open a static BBDD
Modules: RM
549
Failed to populate navigation times from %s into %s.
This error appears when the record was accumulated in a superior unit
Modules: RM
550
Failed to move accumulated database from %s to %s.
This error appears when it was not posible to move the accumulated record from one database to another
Modules: RM
551
Failed to rebuild dynamic database %s from detail file.
This error appears when it was not possible to create again the dynamic database from the detailed logs
Modules: RM
552
Hour change failed, workmode %s not found.
This error appears when it was not possible to read the workmode to change the hour
14-9
Modules: RM
553
Failed to set core limit.
This error appears during the startup of the module if it was not posible to set the core limit. If it’s
configured Exit on limit error, the module will exit
Modules: RM
554
Failed to set file limit.
This error appears during the startup of the module if it was not posible to set the file limit. If it’s configured
Exit on limit error, the module will exit
Modules: RM
555
Error performing migration
This error appears if there is an error during a migration from an old database to the current one.
Modules: RM
556
Failed to migrate database %s, unknown work mode %s.
This error appears if there is an error during a migration from an old database to the current due to one
work mode
Modules: RM
557
Failed to create table %s migrating database %s.
This error appears if there is an error during a migration from an old database to the current one while
creating a table.
Modules: RM
558
Failed to add value %s to value table %s migrating database %s.
adding a value to a table in the new BBDD.
Modules: RM
559
Failed to add record to table %s migrating database %s.
adding a record.
Modules: RM
560
Failed to read programmed report instance %s.
This error appears if there is an error reading the programmed report instance (it was not possible to open
the file)
Modules: RM
561
Failed to load programmed report instance %s.
This error appears if there is an error loading the programmed report instance
Modules: RM
562
Failed to create programmed report instance %s.
This error appears if there is an error creating the programmed report instance
14-10
Modules: RM
563
Failed to save programmed report instance %s.
This error appears if there is an error writing the programmed report instance
Modules: RM
564
Failed to open programmed report instance %s.
This error appears if there is an error open the programmed report instance
Modules: RM
565
Failed to migrate file %s.
This error appears if there is an error migrating a file to the current format
Modules: RM
566
Failed to copy detail file %s.
This error appears in a migration, if there is an error copying a deailed file from the old database.
Modules: RM
567
Failed to move detail file %s.
This error appears in a migration, if there is an error moving a deailed file from the old database.
Modules: RM
568
Failed to sort database %s in %s.
This error appears if the database is not sorted.
Modules: RM
569
Failed to upgrade: Unknown work mode %s.
This error appears if it’s not posible to know the work modes while starting an upgrade
Modules: RM
570
Error performing upgrade.
This error appears whe it was not possible to upgrade the database
Modules: RM
571
Failed to upgrade database %s, backup file %s already exists.
This error appears while trying to upgrade a database and the backup file already exist
Modules: RM
572
Failed to open database %s.
This error appears while trying to upgrade a database and it was not posible to open the database
Modules: RM
573
Failed to create database %s.
This error appears while trying to upgrade a database and it was not posible to create a database.
14-11
Modules: RM
574
Failed to upgrade database %s.
This error appears while trying to upgrade a database and it was not posible to upgrade one database.
Modules: RM
575
Failed to upgrade detailed log %s, backup file %s already exists.
This error appears while trying to upgrade a database and it was not possible to upgrade dauled log because
the backup file already exist.
Modules: RM
576
Failed to open detailed log %s.
This error appears while trying to upgrade a database and it was not posible to open the detailed log file.
Modules: RM
577
Failed to create detailed log %s.
This error appears while trying to upgrade a database and it was not possible to create the new detailed log
file.
Modules: RM
1001
Cannot create socket %d
This error appears when the program cannot create a communication socket. It can stop the program
working properly. The parameter is the socket number. Check that no other application is using that port or
change the port number in the configuration files.
Modules: CT, AS, RD
1002
Cannot create socket listening at %d port.
This error appears when the program cannot create a communication socket listening at a port. It can stop
the program working properly. The parameter is the port number. Check that no other application is using
that port or change the port number in the configuration files.
Modules: CT
1003
Cannot connect at socket %d.
This error appears when the program cannot connect with a communication socket. It can stop the program
working properly. The parameter is the socket number. Check that the socket is listening and that the
module can access it (no firewall).
Deprecated
1004
Cannot accept communication with socket %d
This error appears when the program cannot accept a communication with a socket. It can stop the program
working properly. The parameter is the socket number.
Deprecated
1005
%s RPC service not available.
Deprecated
1006
Cannot listen at socket %d
This error appears when the program cannot listen at a communication socket. It can stop the program
14-12
working properly. The parameter is the socket number.
Modules: AS, WF
1007
Cannot read at socket %d
This error appears when the program cannot read at a communication socket. It can stop the program
working properly. The parameter is the socket number. Check that the other end has not closed the socket
before the communication has been completed.
Deprecated
1008
Cannot read at socket %d. Socket exception %s
This error appears when the program cannot read at a communication socket. It can stop the program
working properly. The first parameter is the socket number and the second is the description of the socket
error.
Deprecated
1009
Cannot write at socket %d
This error appears when the program cannot write at a communication socket. It can stop the program
working properly. The parameter is the socket number. Check that the other end has not closed the socket
before the communication has been completed.
Modules: WF
1010
Error binding at socket %d
This error appears when the program cannot bind with a communication socket. It can stop the program
working properly. The parameter is the socket number. Check that no other application is using that port or
change the port number in the configuration files.
Modules: CT, AS, WF
1011
%s request is ill formed at server %s
This error appears when the program finds ill-formed requests for a server. It can stop the program working
properly. The first parameter is the request name and the second is the server name that receives the
request. Check that the protocol syntax used by the other end is correct.
Modules: QR
1012
Unexpected response received from server. %s
This error appears when the program receives an unexpected response from a server. It can stop the
program working properly. The parameter is the server name that responds.
Modules: PM, QR
1013
%s server bad configure
This error appears if using the old license control when trying to send an email informing about License
expiration and in the SMT server returns a Warning message (between 200 and 400)
Modules: CM
1014
setsockopt() failed. %s
This error appears when trying to modify the options of a socket reused in ICAP server of the WF module
Modules: WF
1015
Cannot enable address reuse at socket %d
14-13
This error appears when the program cannot activate the socket address reuse flag. The parameter is the
number of the specified socket.
Deprecated
1016
Unable to get %d port
Deprecated
1017
Cannot establish communication with %s server.
This error appears when the program cannot establish communication with a server. It can stop the program
working properly. The parameter is the server name. Check that the specified server is up and running and
that it can be accessed from this server.
Modules: CT, CM, AS, WF, RD
1018
Cannot disable Nagle's algorithm at socket %d
This error appears when the program cannot disable the Nagle’s algorithm at a socket. This algorithm
reduces the bandwidth used. The parameter is the number of the specified socket.
Deprecated
1019
RpcServerUseProtseq() failed. %s
Unable to listen to TCP/IP protocol using RPC. Check that the RPC service is running.
Modules: WF
1020
RpcEpRegister() failed. %s
Unable to register to RPC server. Check that the RPC service is running
Modules: WF
1021
RpcServerInqBindings() failed. %s
Unable to register interface and binding endpoints with the endpoint mapper. Check that the RPC service is
running
Modules: WF
1022
RpcServerListen() failed. %s
Unable to listen RPC requests. Check that the RPC service is running
Modules: WF
1023
RpcServerRegisterAuthInfo() failed. %s
Unable to register authentication service. Check that the RPC service is running
Modules: WF
1024
RpcServerRegisterIf() failed. %s
Unable to register RPC server. Check that the RPC service is running.
Modules: WF
1025
fcntl F_GETFL error
Unable to get information about the socket descriptor.
Modules: AS, WF
14-14
1026
fcntl F_SETFL error
Unable to set socket descriptor information.
Modules: AD, WF
1027
Cannot make socket %d non-blocking.
Deprecated
1028
Communication error with %s server %s
This error appears when the program has an error during communication with a server. It can stop the
program working properly. The first parameter is the server type and the second is its name. Check that the
specified server is up and running and can be accessed from this server.
Modules: CT, CM
1029
IPv6 is not supporting for SNMPv1. You must use as a minimum SNMPv2
1030
%s email discarded for client %s: %s
1501
Cannot create %s thread
This error appears when the program cannot create a thread. It can stop the program working properly. The
parameter is the thread number. Check that the server has enough resources (disk space, RAM, available
socket descriptors).
Modules: CT
1502
Cannot create %s threadpool.
This error appears when the program cannot create a threadpool. It can stop the program working properly.
The parameter is the thread number. Check that the server has enough resources (disk space, RAM,
available socket descriptors).
Modules: CT, RM, WS
1503
Cannot init %s thread
This error appears when the program cannot initialize a single thread. It can stop the program working
properly. The parameter is the thread number.
Deprecated
1504
Cannot start %s thread.
This error appears when the program cannot start a single thread. It can stop the program working properly.
The parameter is the thread number.
Modules: CM
1505
Cannot get stack size at %s thread
This error appears when the program cannot get the stack size of a thread. It can stop the program working
properly. The parameter is the thread number.
Deprecated
1506
Cannot set stack size at %s thread
This error appears when the program cannot change the stack size of a thread. It can stop the program
working properly. The parameter is the thread number.
Deprecated
14-15
1507
Cannot find a free thread to handle web request. Not processed.
Deprecated
1508
Cannot get enough memory for %s
This error appears when the program cannot allocate enough memory for an internal variable. It can stop
the program working properly. The parameter is the variable name. Check that the server has enough
resources (disk space, RAM).
Modules: CT, AS, WF
1509
Cannot format %s to %s data types.
Deprecated
1510
Cannot load LDAP settings: server <%s> ill formed at file %s
Deprecated
1511
Thread %s throws an exception that cannot be caught.
This error is produced when a thread launches an exception the program does not catch. It can stop the
program working properly but it does not exit. The parameter is the thread name or number.
Modules: PM
1512
Connection dropped because all thread are busy.
This error appears when the program cannot get a free thread for a connection. The connection will be
dropped. It can stop the program working properly.
Modules: AS
1513
Error querying LDAP: %s
Deprecated
1514
Out of memory.
Deprecated
1515
Threadpool %s timeout expired. Connection refused.
Deprecated
1516
Cannot create threads
This error appears when the program cannot create one or more required threads. It can stop the program
working properly.
Modules: WF
1517
Cannot renew Kerberos certificate %s :%s
Modules: CM
1518
Interface %s not optimized: error retriving interface driver
Modules: CT
1519
Interface %s not fully optimized: error configuring IRQ %s affinity
Modules: CT
1520
14-16
Interface %s not fully optimized: the number of RSS queues doesn't match the number of threads
Modules: CT
2001
Unable to create %s
This error appears when the program cannot create an object (process, internal structure, etc.). It can stop
the program working properly. The parameter is the object name.
Modules: PM, CM, CT, AS, QR
2002
Unable to find %s
This error appears when the program cannot find an object (process, internal struct, etc.). It can stop the
program working properly. The parameter is the object name.
Modules: PM, CM, AS
2003
Unable to kill %s
This error appears when the program cannot kill a process or subprocess. It can stop the program working
properly. The parameter is the process name. Check the module has rights to perform this operation.
Modules: PM
2004
Unable to launch %s
This error appears when the program cannot launch a subprocess. It can stop the program working properly.
The parameter is the subprocess name. Check the module has rights to perform this operation.
Modules: PM
2005
Unable to load %s
This error appears when the program cannot load an object (process, internal struct, datafile, etc.). It can
stop the program working properly. The parameter is the object name.
Modules: PM, CT, CM, AS, WF
2006
Unable to reload %s
This error appears when the program cannot reload an object (process, internal struct, datafile, etc.). It can
stop the program working properly. The parameter is the object name.
Modules: PM, CM, AS, WF
2007
Unable to open %s
This error appears when the program cannot open a disk cache.
Modules: AS
2008
Unable to start %s
This error appears when the program cannot start a subprocess. It can stop the program working properly.
The parameter is the subprocess name.
Modules: PM, AS, WF, WS
2009
Unable to set %s
This error appears when the program cannot set the value of an object. This error appears when the
program cannot load an object (process, internal struct, datafile, etc.). It can stop the program working
properly. The parameter is the object name.
Modules: AS
14-17
2010
Unable to decode analyzer %s file
Deprecated
2011
Cannot start %s service
Deprecated
2012
Cannot create %s service
This error appears when an Optenet module cannot create a system service (TCP, UDP, etc.). The parameter
is the name of the service. Only for Windows OS.
Modules: WF
2013
Bad number of parameter received by %s function
This error appears when a function in the program receives a bad number of parameters. The parameter is
the function name.
Deprecated
2014
Bad parameter received by %s function
This error appears when a function in the program receives a parameter that the function does not expect.
The para meter is the function name.
Modules: AS
2015
Cannot accumulate log data from %s server.
Deprecated
2016
Unable to continue %s
Modules: PM
2017
License %s has expired, please contact %s to renew
Deprecated
2018
LsaEnumerateTrustedDomains failed. %s
Deprecated
2019
OpenPolicy Failed. %s
Deprecated
2020
OpenSCManager failed. %s
Deprecated
2021
OpenService failed. %s
Deprecated
2022
Parameter too long for string buffer
Deprecated
2023
Registering sig handler: %s
Unable to register this signal handle. The process could not capture it.
Modules: WF
14-18
2024
%s service failed. %s
This error appears when the service in the SOAP call is not the correct one.
Modules: CM
2025
RegisterServiceCtrlHandler failed %s
Unable to register the service in the Service Control Manager
Modules: PM, WF, QR, WS
2026
SetServiceStatus failed. %s
The service could not report its status to the Service Control Manager.
2027
StartServiceCtrlDispatcher failed. %s
Unable to start the service control dispatcher due to reported error.
2028
DeleteService failed. %s
Unable to delete this service.
Deprecated
2029
Cannot load filter <%s> settings: ill formed at file %s
Deprecated
2030
Cannot load quarantine <%s> settings: ill formed at file %s
Deprecated
2031
Cannot load reporter <%s> settings: ill formed at file %s
Deprecated
2032
%s server isn't configured.
Deprecated
2033
Cannot start synchronization server: %s
Deprecated
2034
Cannot get line from file while loading %s
Deprecated
2035
Cannot read mail from disk: %s
This error appears when it was not possible to read one mail from disk
Modules: QR
2036
Unable to reload %s. %s
Deprecated
2037
Unable to register %s service for %s client.
14-19
Deprecated
2038
Flush-Fail to create the crash file.
This error appears when it was not posible to flush the messages for debugging to a debug file log.
Modules: QR, RD
2039
Unable to send mail through server %s. %s
This error appears when it was not possible to send an unblocked email using the SMTP server cofigured
Modules: QR
2040
Cannot get mail message from %s user
Deprecated
2041
License %s error: %s. %s.
This error is produced when an Operation module could not check its license. The first parameter is the
description of the error produced. The second one is the action of the module that reported the message
(e.g. connection closed).
Deprecated
2042
License %s exceeded. %s.
This error is produced when an Operation module tries to check its license and its limits are exceeded. The
parameter is the description of the error produced.
Deprecated
2043
Unable to register %s
This error appears when an Operation module cannot register some services (TCP, UDP, etc.) in the system.
The parameter is the name of the service. Only for Windows OS.
Modules: WF
2044
Cannot bind params at Soap request %s
This error appears when the parameters received in a SOAP communication do not match with the Soap
request specification. It causes the requests to be discarded. The parameter is the request name.
Modules: RM
2045
Error code %s received at Soap Request %s
This error appears when a Soap request made by the program is answered by the server with an error code.
The first parameter is the error code and the second is the request name.
Modules: RM
2046
Error: Unable to restore backup: %s
This error appears when the program cannot restore a backup. It can stop the program working properly.
The parameter is a test explaining the error produced during the restoration.
Deprecated
2047
Error starting event buffer thread for the module: %s
Deprecated
2048
14-20
Error loading configuration for the module: %s
Deprecated
2049
Error allocating event buffer for the module: %s
Deprecated
2050
Overwriting event buffer for the module: %s
Deprecated
2051
Error inserting event (priority [%s], count [%s]) for the module: %s
This error appears when the module cannot add an event for one module
Modules: CM
2052
Previous error allocating event buffer for the module: %s
This error appears when the module cannot allocate memory for the event
Modules: CM
2053
Stopping %s module because %s
Only for BGP mode. This error appears when there was a reloading while running and failed stop everything
or in case of manual stop of the BGP mode
Modules: CT
2054
Cannot start %s module because %s
Only applies to BGP deployment mode when it was not possible to start the BGP thread.
Modules: CT
2055
Cannot add sender to White List: %s
This error appears when the module was not able to add the sender to a white list after unblocking the
email.
Modules: QR
2056
Central Manager %s is asking for transactions with a state that this CM cannot assure it will get all changes
that have been made from that state %s
If this happens, check the connectivity between the modules and their transactions states. Execute a setup,
clean database and profiles.
Modules: CM
2057
Unable to finalize %s Antivirus
Deprecated
2058
Error scanning for viruses
Deprecated
2059
Unable to load the %s Antivirus database
14-21
Deprecated
2060
Unable to initialize the %s Antivirus engine
Deprecated
2061
%s Antivirus Shared Memory initialization failed
Deprecated
2062
Unable to load the %s' Antivirus' dll
Deprecated
2063
Unable to initialize %s Antivirus
This error appears when the module cannot load one AV engine
Modules: AS
2064
Unable to update the %s antivirus database
This error appears when the module cannot download the AV updates file from the Central Manager
Modules: AS
2065
Parameter %s does not exist
This error appears when the arguments in a DKIM sign (AS module) or in the License (CM) are not OK
Modules: CM, AS
2066
Parameter %s has an invalid value
This error appears when the module if the DKIM sign has a bad prívate key
Modules: AS
2067
Error deleting resolved host: %s
Deprecated
2068
Timeout to remove element = [%s]
Deprecated
2069
Communication error while sending responset to TdE %s
Deprecated
2070
ResDir does not have a MANAGER classname instance defined to communicate with.
Deprecated
2071
14-22
Unable to read Global.conf configuration file from declared Manager.
Deprecated
2072
Unable to read Local Configuration file from declared Manager.
Deprecated
2073
Unable to read OWS identifier from Local.conf file.
Deprecated
2074
External tool %s failed. See log %s. Additional info: %s
Deprecated
2075
No users analysed in directories of Directories.conf. Please check config and filesystems. Reattempting
soon to read data.
Deprecated
2076
%1 No Primary Servers are available.
Deprecated
2077
%4:%2 Server has not been responding for a long time.%5
Deprecated
2078
Antivirus module couldn't load. %s
Deprecated
2079
Antivirus inactive. No analysis done.
Deprecated
2080
Unable to update antivirus.
Deprecated
2081
Unable to start antivirus file monitor.
Deprecated
2082
Unable to perform software upgrade %s
Deprecated
2083
The number of clients has reached an intolerable not permitted amount for your license. The correct
operation of the system is not guaranteed.
Modules: CM
2084
The license control key has been tampered with. The correct operation of the system isn't guaranteed any
longer.
14-23
Modules: CM
2085
Module %s is asking for transactions with a state that this CM cannot assure it will get all changes that
have been made from that state %s
This happens if there has been a rotation
in the transaction file and the module is asking for old
transactions.
Modules: CM
Warning Events
3001
Cannot open %s file
This warning appears when the program cannot open a file. If this event occurs repeatedly, the program may
stop working properly. The parameter is the file name.
Modules: AS, RM
3002
Cannot close %s file
This warning appears when the program cannot close a file. If this event occurs repeatedly, the program may
Modules: RM
3003
Cannot create %s file.
This warning appears when the program cannot create a file. If this event occurs repeatedly, the program
may stop working properly. The parameter is the file name.
Modules: AS, WF
3004
Cannot delete %s file
This warning appears when the program cannot delete a file. If this event occurs repeatedly, the program
Modules: RD, RM
3005
Cannot load %s file
This warning appears when the program cannot load a file. If this event occurs repeatedly, the program may
Modules: CT, WF
3006
Cannot move %s file
This warning appears when the program cannot move a file. If this event occurs repeatedly, the program
14-24
Modules: RM
3007
Cannot rename %s file
This warning appears when the program cannot rename a file. If this event occurs repeatedly, the program
Modules: AS
3008
Cannot read at %s file
Deprecated
3009
Cannot write at %s file
This warning appears when the program cannot write in a file. If this event occurs repeatedly, the program
Modules: CM, AS, WF, RM
3010
Unable to find %s file
This warning appears when the program cannot find a file on the disk. If this event occurs repeatedly, the
program may stop working properly. The parameter is the file name.
Modules: PM, AS
3011
Carriage-return linefeed not found at %s file
Deprecated
3012
Blank line close at %s file
Deprecated
3013
Permission denied to %s file
Deprecated
3014
Cannot parse %s file's line correctly.
This warning appears when the program cannot parse a line in a file. If this event occurs repeatedly, the
program may stop working properly. The parameter is the file name.
Modules: CM, RM
3015
Access to %s file must be exclusive
Deprecated
3016
Bad content for %s file.
This warning appears when the content of a file is different to what the program expects. If this event occurs
repeatedly, the program may stop working properly. The parameter is the file name.
Modules: AS
3017
Cannot open %s directory
Deprecated
14-25
3018
Cannot close %s directory
Deprecated
3019
Cannot create %s directory
Deprecated
3020
Cannot delete %s directory
Deprecated
3021
Cannot move %s directory
Deprecated
3022
Cannot rename %s directory
Deprecated
3023
Cannot read at %s directory
Deprecated
3024
Cannot write at %s directory
Deprecated
3025
Unable to find %s directory
Deprecated
3026
Not a valid directory
Deprecated
3027
Cannot get list of files at %s directory
Deprecated
3028
Access violation. %s
Deprecated
3029
%s signal received.
This warning appears when the program receives an external signal from the OS or from another program.
The parameter is the signal type (SIGTERM, SIGINT, etc.)
Modules: CM
3030
Cannot load %s or %s
This warning is produced when an Operation module tries to load two related resources (e.g. two files) and
one or both of them cannot be loaded. The parameters are the names of the resources.
Modules: WF
3031
Unable to reload database
This warning is produced when a Filtering Module cannot reload the database used during traffic analysis.
The filtering module will use the old database.
Modules: WF
3032
14-26
Exception %s raised in communication with %s
This warning is produced when an exception is thrown by an Operation module during a communication.
The first parameter is the name or the type of exception thrown. The second one is the name of the server
to which the module was connected.
Modules: CM
3033
Cannot read %s in file %s
This warning is produced when an Operation module cannot read an argument from a file. The first
parameter is the name of the missing argument and the second is the name of the file.
Modules: WF
3034
Unacceptable configuration in %s. Discarding changes
Deprecated
3035
Cannot get %s groups from %s. Warning: %s
This warning is produced when a filtering module cannot get user groups in a LDAP server. The first
parameter is the name of the group, the second is the name of the LDAP server and the third is the received
warning message.
Modules: CM, WS
3036
Unable to create process %s
This warning appears when an Operation module cannot create a subprocess. If this event occurs
repeatedly, the program may stop working properly. The parameter is the subprocess name.
Modules: PM, WF
3037
Wrong group_membership_query for user %s from %s.
The LDAP query for searching user groups (first %s) in LDAP server (second %s) is wrong. Please check LDAP
configuration parameters, especially GroupMembershipQuery parameter.
Modules: CM, WS
3038
Wrong user_membership_query for user %s from %s.
The LDAP query for searching user groups (first %s) in LDAP server (second %s) is wrong. Please check LDAP
configuration parameters, especially the UserMembershipQuery parameter.
Modules: CM, WS
3039
Wrong nested group_membership_query for user %s from %s.
The LDAP query for searching nested groups of user groups (first %s) in LDAP server (second %s) is wrong.
Please check LDAP configuration parameters, especially the GroupMembershipQuery parameter.
Modules: CM, WS
3040
Discarding URL %s in Heritrix' job %s
This warning appears when the URL to insert is not well formed
Modules: WF
3041
mywrite: warning in %s. Exiting.
This warning appears when the module cannot write the translated html line to the language desired
Modules: WF
14-27
3042
Unable to start %s
This warning appears when the program cannot start a non-critical subprocess. The parameter is the
subprocess name
Modules: PM
3043
Cannot open %s process
This warning appears when the program cannot open a non-critical subprocess. The parameter is the
subprocess name.
Modules: PM
3044
Unable to set value into %s registry key.
Deprecated
3045
Unable to read %s flag from %s
Deprecated
3046
fcntl F_GETFL warning
Unable to get information about the socket descriptor.
Modules: WF
3047
fcntl F_SETFL warning
Unable to set information of socket descriptor.
Modules: WF
3048
Warning thread: %s
This warning appears when a module cannot perform an operation in a thread. The parameter is the
description of the operation
Modules: WF
3049
Threadpool incomplete. %d threads created.
This warning appears when the program cannot finish creating a threadpool. The parameter is the number
of threads already created.
Modules: WF
3050
Warning %s in LDAP %s
This warning appears when a module receives an error while working with the LDAP server. The first
parameter is the description of the error and the second is the name of the LDAP server.
Modules: CM, WS
3051
Warning %s in LDAP %s. DN: %s
This warning appears when a module receives an error while working with LDAP server with DN. The first
parameter is the description of the error, the second is the name of LDAP server and the third is the name of
the DN
Modules: CM, WS
3052
License %s warning. %s.
This warning is produced when an Operation module receives a warning during its license check. The
14-28
parameter is the description of the received warning (license period expired, too many users, etc.).
Modules: CM
3053
glob() error
This warning appears when the glob method does not work properly. Glob is used in Linux systems to find all
the entries in a directory. If glob’s search fails, some internal processes will not be executed.
Modules: PM, CT, CM, WF, QR, RM, WS
3054
Unable to read line
This warning appears when an Operation module cannot read a line of the transaction state file.
Modules: CM, WF,
3055
Cannot contact URL database server %s. Warning: %s
This warning appears when a Filtering Module cannot contact the URL database server (the URL database is
used by the filterin g module to find out if it should allow or deny a request). The first parameter is the name
of the server. The second one is the description of the warning.
Check the connecivity between the module and the CentralManager
Modules: WF
3056
Receiving URL database. Warning: %s
Deprecated
3057
Unable to receive URL database. Warning: %s
Deprecated
3058
Warning in request: %s
This warning appears when an Operation module detects a problem in a request made to it. The parameter
is the description of the problem (bad arguments, message too long, etc).
Modules: PM, CT, CM, WF, WS
3059
Unable to continue manager
Only when running the WebFilter under Windows. This warning appears when the WebFilter tryes to start
up a WebServer but it’s not possible to creat the main thread.
Modules: WF
3060
%s content exceeds 16 KB
Only in ICAP deployment mode. This warning appears when a Filtering Module receives a RESPMOD ICAP
preview message that exceeds 16KB. The message will be dropped.
Modules:WF
3061
Processing error
Deprecated
3062
Error in configuration: %s
In case the file is not compulsory for running properly, the process will continue considering the file as
empty. If the file is required, a critical alarm will appear and process will be restarted. Check the file and do a
setup of the module.
14-29
Modules: CM
3063
IP address: [%s]. Warning: %s
Only un Proxy deployment mode. This warning appears when an Operation module finds something wrong
with an IP address. The first parameter is the bad IP address. The second one is the description of the
problem (bad format, too long, etc.).
Modules: WF
3064
Username: [%s]. Warning: %s
This warning appears when an Operation module finds something wrong with a user name. The first
parameter is the bad user name. The second one is the description of the problem (bad format, too long,
etc.).
Modules: WF
3065
Unable to connect to transaction server.
This warning appears when an Operation module cannot connect with the transaction server. This server is
used by the module to receive all new updates.
Modules: AS, WF
3066
Unable to write url database.
This warning appears when a Filtering Module cannot write the URL database received from a server. The
filtering module will use the old URL database.
Check space disk and write permissions
Modules: WF
3067
Error getting update package.
Deprecated
3068
Error unpacking updates package. %s
This warning appears when a Filtering Module cannot understand an update package for its URL database.
The parameter is the description of the problem at the package
Modules: AS, WF
3069
Line %s cannot be accumulated. %s field missing.
Deprecated
3070
Line %s cannot be accumulated. Error while parsing.
Deprecated
3071
Unable to find %s configuration key.
This warning appears when a configuration key does not appear in the configuration files. The parameter is
the key name.
Modules: CT, RM
3072
Line %s cannot be computed. %s field missing.
Deprecated
3073
14-30
Report Query ill formed. No %s Specified.
Modules: RM
3074
Unable to seek end of file %s
Deprecated
3075
Unable to seek begin of file %s
Deprecated
3076
Unable to seek start point of file %s
Deprecated
3077
Unable to insert %d message in message exception list
Deprecated
3078
Socket accept error
This warning appears when the WebFilter runs a WebServer but there is a socket accept exception.
Modules: WF
3079
Cannot check user %s from %s.
This warning appears when a module is unable to validate a user in an LDAP server. The first parameter is
the user name and the second is the name of the LDAP server.
Modules: CM, WS
3080
Line %s cannot be computed. Error while parsing.
This warning appears when there is an error parsing a log line received from a module
Modules: RM
3081
Event buffer length for the module [%s]: %s
This warning appears when the module is writing more than 50% of the buffer size for repeated times
Modules: CM
3082
Too many lines discarded while processing log file %s
Deprecated
3083
Discarded programmed report %s wrong parameters in file %s
This warning appears when the Reporter.conf file has a wrong parameter in the programmed report.
Modules: RM
3084
Unable to truncate %s file in %s bytes
14-31
This warning appears when the WebFilter tries to read the “redir.html” file but its length is bigger than a
specified value
Modules: WF
3085
External tool %s failed. See in log %s. Additional info: %s
Deprecated
3086
inconsistency in internal computing: %s
Deprecated
3087
Accumulated file %s has an invalid name.
This warning appears when the accumulated file name is properly formed
Modules: RM
3088
Failed to open database %s to process report.
This warning appears when it is not possible to open a database to process a report
Modules: RM
3089
Failed to execute report '%s' with id '%s'.
This warning appears when the Repport cannot execute the report specified
Modules: RM
3090
Failed to load report result file '%s'.
This warning appears when the Repport module cannot load a file with the results
Modules: RM
3091
Failed to create report instance based on '%s'.
This warning appears when the Reporter module cannot create a report instance
Modules: RM
3092
Failed to create report instance based on '%s' for client '%s'.
This warning appears when the Reporter module cannot create a repport instance a certain client
Modules: RM
3093
Failed to execute report '%s' with id '%s' for client '%s'.
This warning appears when the Repoter module cannot execute a report from a client
Modules: RM
3094
14-32
Failed to send mail for programmed report '%s' to receivers '%s'.
This warning appears when the Repoter module cannot send an email for a programmed report to a set of
reveivers
Modules: RM
3095
Failed to send mail for programmed report '%s' for client '%s' to receivers '%s'.
This warning appears when the Repoter module cannet send an email for a client programmed report
Modules: RM
3096
Failed to execute programmed report '%s'.
This warning appears when the Repoter module cannot execute a programmed report
Modules: RM
3097
Failed to execute programmed report '%s' for client '%s'.
This warning appears when the Repoter module cannot execute a programmed repport for a client
Modules: RM
3098
Programmed report %s does not have a known legacy format, skipping migration.
This warning appears when the Repoter module cannor migrate a programmed report (old format) because
it has an unknown format.
Modules: RM
3099
Scripting engine exception '%s' executing script '%s' from configuration file '%s'.
Modules: RM, WS
3100
Cannot execute script %s, scripting engine has not been configured.
This warning appears when the module cannot execute a script because it is not configured
Modules: RM, WS
3101
Ignoring workmode %s found at %s because it is not present in the current configuration.
This warning appears when the Repoter module ignores a workmode because it is nor present in the current
configuration
Modules: RM
3102
The number of clients created has surpassed the permitted amount for your license.
Deprecated
3103
The number of clients is still far above the permitted amount for your license. The correct operation of the
system might still be affected.
Deprecated
14-33
3501
Cannot create socket %d
Deprecated
3502
Cannot create socket listening at %d port.
Deprecated
3503
Cannot accept at socket %d
Deprecated
3504
Cannot bind at socket %d. Rebinding.
Deprecated
3505
Cannot connect at socket %d.
Deprecated
3506
Cannot read at socket %d
Deprecated
3507
Cannot write at socket %d
This warning appears when it is not possible to write some data in a socket
Modules: LIB
3508
Socket %d timeout expired
Deprecated
3509
Suspicious socket %d write 0 bytes.
This warning appears when the program writes 0 bytes at a socket. If this event occurs repeatedly, the
program may stop working properly. The parameter is the socket number.
Modules: WF
3510
Cannot establish communication with %s. %s.
This warning appears when the program cannot establish communication with a server. The first parameter
is the server name and the second is the connection error description.
Modules: CM, QR, RD, RM
3511
Request %s to %s ill formed.
This warning appears when the program finds an ill-formed request for a specific server. The request will be
discarded by the program. The first parameter is the request name and the second is the server name that
receives the request.
Modules: QR, WS
14-34
3512
Request %s to %s is unknown
This warning appears when the program finds an unknown request for a specific server. The request will be
discarded by the program. The first parameter is the request name and the second is the server name which
receives the request.
Modules: AS, RD
3513
Request %s to %s is missing
Deprecated
3514
Request %s is too long.
Deprecated
3515
Request %s is too short.
Deprecated
3516
Response %s from %s ill formed.
This warning appears when there is an error in the CM response because it is illformed for GetUser SOAP
Modules: CT
3517
Response %s from %s is unknown
This warning appears when there is an unknown answer in the response for downloading the logs from a
module to the repoter
Modules: RM
3518
Response %s from %s is missing
This warning appears when there is a missing parameter in the license check or while trying to update the
software (update only available in OSE solution)
Modules: CT, CM
3519
Response %s is too long.
Deprecated
3520
Response %s is too short.
Deprecated
3521
Response from %s server has been ignored.
This warning appears when there is no response from a server.
Modules: CM
14-35
3522
Response %s from %s server unexpected.
This warning appears when the answer to a call has wrong number of parameters, or the type is not the
expected.
Modules: CT, CM, WF, QR, RM
3523
Cannot parse %s response correctly.
This warning appears when the answer to a call cannot be parsed properly because there are missing
parameters
Modules: CM, AS, QR, RD, RM
3524
Command %s to %s ill formed.
Deprecated
3525
Command %s to %s is unknown
Deprecated
3526
Command %s to %s is missing
Modules: PM
3527
Too few parameters for command %s
Deprecated
3528
Command %s is too long.
Deprecated
3529
Command %s is too short.
Deprecated
3530
Reply %s from %s ill formed.
Deprecated
3531
Reply %s from %s is unknown
Deprecated
3532
Cannot listen at socket %d
Deprecated
3533
Reply %s from %s is missing
Deprecated
3534
14-36
Too few parameters for reply %s
This warning appears there is no response or is empty.
Modules: CM
3535
Reply %s is too long.
Deprecated
3536
Reply %s is too short.
Deprecated
3537
Reply from %s server has been ignored.
Deprecated
3538
Cannot send packet %s
Deprecated
3539
Cannot receive the packet's body %s
Deprecated
3540
Cannot receive the packet's header: %s
Deprecated
3541
Bad packet length (%d)
Deprecated
3542
Connection to %s server lost before receiving a complete bod
Deprecated
3543
Connection to %s server lost before the end of the transaction
This warning appears whe the connection with a server was down before the end of the communication
Modules: LIB
3544
Connection closed by server %s.
This warning appears when the connection to a server was closed without response
Modules: QR
3545
Communication to %s undefined
Deprecated
3546
Parameter %s not found
Deprecated
14-37
3547
Cannot get event from %s server: %s
Deprecated
3548
Received event from unknown %s server %s
Deprecated
3549
ICAP modify_respmod not implemented
Deprecated
3550
ICAP preview_reqmod not implemented
Applies only to ICAP deployment mode
Modules: CM
3551
Received RESPMOD without body
RESPMOD ICAP message dropped because it has no body.
Modules: WF
3552
Received ICAP_REQMOD with preview without body
Deprecated
3553
%s ldap_search_s failed. %s
This warning appears if the CM cannot find an LDAP.
Modules: CM
3554
%s ldap_simplebind failed. %s
Deprecated
3555
%s field cannot exist for ICAP 1.0
Deprecated
3556
%s NetGetDCName cannot be found. %s
Deprecated
3557
%s NetGetDCName failed. %s
Deprecated
3558
%s NetGetDCName get an invalid name. %s
Deprecated
3559
14-38
Cannot get groups from %s. Error: %s
This warning appears when an Operation module is unable to get groups from the LDAP server. The first
parameter is the user name and the second is the warning message received.
Modules: WS
3560
Cannot get users from %s. Error: %s
This warning appears when an Operation module is unable to get users from the LDAP server. The first
parameter is the name of the LDAP server and the second is the warning message.
Modules: CM, WS
3561
%s NetQueryDisplayInformation failed. %s
Deprecated
3562
%s NetUserGetGroups cannot get groups. %s
Deprecated
3563
%s NetUserGetGroups failed. %s
Deprecated
3564
%s size exceeds %s
Deprecated
3565
Cannot delete %s server %s: it doesn't exist
Deprecated
3566
Cannot add %s server %s
This warning appears when the program must add a server to a list of servers of the same type (e.g. log
servers, quarantine servers) and it cannot be inserted. The first parameter is the type of server and the
second is its name.
Modules: CM
3567
Cannot modify %s server %s
Deprecated
3568
Cannot get new logons from DCAgent %s
This warning appears when a module is unable to get the last logged on users in Windows Domains
controlled by the DCAgent. The parameter is the name of the DCAgent
Modules: CM
3569
Cannot get new logs from filter %s
This warning appears when the module request is too long
14-39
Modules: CM
3570
Cannot get host by name: %s.
Deprecated
3571
Connection TCP closed (partial chunk)!
Deprecated
3572
Cannot read pipe from process %s
Deprecated
3573
Error number communication.
Deprecated
3574
No group received from %s
Deprecated
3575
No user received from %s
Deprecated
3576
Received event Registration for %s server.
Deprecated
3577
Received event Deregistration for %s server but not exists %s
Deprecated
3578
Received %s update package damage. %s
This warning appears when an Operation module receives a damaged update package. The first parameter is
the type of package (the resource must be updated) and the second is the description of the problem at the
package.
Modules: WF
3579
Received a corrupted notification from %s
Deprecated
3580
TCP/IP error in SMTP client. %s.
This warning appears when the Radius module cannot write in the SMTP socket due to several reasons
Modules: RD
3581
Authentication error in server %s
This warning appears when the authentication fails with the QSyncClient
14-40
Modules: QR
3582
Response doesn't begin with %s protocol signature
This warning appears when the program receives a response from a server that does not begin with the
correct protocol start. The response will be discarded by the program. The parameter is the protocol name.
Modules: LIB
3583
Illegal %s protocol version
This warning appears when the program receives a response from a server using an unexpected version of
the protocol. The response will be discarded by the program. The parameter is the protocol name.
Modules: LIB, RD
3584
Response doesn't have a complete %s protocol header
This warning appears when the program receives a response from a server with an incomplete protocol
header. The response will be discarded by the program. The parameter is the protocol name.
Modules: LIB
3585
Response length doesn't match with declared length in %s protocol header.
This warning appears when the program receives a response from a server whose length does not match the
length declared inside the protocol header. The response will be discarded by the program. The parameter is
the protocol name.
Modules: LIB
3586
Request %s received from an unauthenticated %s server
This warning appears when received a SendMail request from an unauthenticated quarantine node
Modules: QR
3587
Cannot read communication channel with %s. %s.
Deprecated
3588
Cannot write communication channel with %s. %s.
Deprecated
3589
Bad sequence of commands at %s server
Deprecated
3590
Cannot load %s log workmode
Deprecated
3591
Cannot reload %s log workmode. Work mode hasn't been modified.
This warning appears when it was not possible to load a workmode.
Modules: RM
14-41
3592
Cannot get remote file %s from CentralManager module
This warning appears when an Operation module cannot get a file from the Central Manager. Normally the
file is a configuration file that must be reloaded. The parameter is the name of the remote file.
Modules: AS, WF
3593
Parameter %s has an invalid value
Only in BGP deployment mode. This warning appears when the parameter read from the config file (for BGP
configuration) has not a valid value
Modules: CT
3594
Cannot get machine identifier
Deprecated
3595
Dropped radius event due to bad ip %d
Deprecated
3596
Cannot contact Icap Service %s reason %s
Deprecated
3597
%s has exceeded its used sockets limit (%s) to reach at: %s
Modules: PM
3598
%s has recovered its used sockets limit (%s) to reach at: %s
Modules: PM
3599
%s was killed to exceed its used sockets limit (%s) to reach at: %s
Modules: PM
3600
%s has exceeded its used pipes limit (%s) to reach at: %s
Modules: PM
3601
%s has recovered its used pipes limit (%s) to reach at: %s
Modules: PM
3602
%s was killed to exceed its used pipes limit (%s) to reach at: %s
Modules: PM
3603
%s has exceeded its used files limit (%s) to reach at: %s
Modules: PM
3604
%s has recovered its used files limit (%s) to reach at: %s
Modules: PM
3605
%s was killed to exceed its used files limit (%s) to reach at: %s
Modules: PM
3606
Cannot close socket %d: %s
Deprecated
14-42
3607
NTLM authentication limit exceeded: %s
-
This warning appears when using NTLM authentication and:
The Server response with error: Too many userids
There is an NTLM authentication limit exceeded
Back to normal limit
Modules: CT
3608
NTLM authentication back to normal: %s
Deprecated
3609
Cache|MaxFileDescriptors limit %d reached
This warning appears when the cache service has reached the maximum file descriptors configured
Modules: CT
3610
Cache|MaxFileDescriptors back to normal
This warning appears when the cache service returned to less than maximum file descriptors configured
Modules: CT
3611
Cannot send %s email for client %s: %s
3612
Failed to send SMS for programmed report '%s' for client '%s' to receiver '%s'.
This warning appears when it was not possible to send an SMS with the programmed report of a client
Modules: RM
3613
Failed to send SMS for programmed report '%s' to receiver '%s'.
This warning appears when it was not possible to send an SMS with the programmed report
Modules: RM
3614
Failed to send SMSs for programmed report '%s' for client '%s'. Wrong parameters in programmed report
configuration.
This warning appears when it was not possible to send an SMS with the programmed report of a client
because there are a wrong parameter in the configuration
Modules: RM
3615
Failed to send SMSs for programmed report '%s'. Wrong parameters in programmed report configuration.
This warning appears when it was not possible to send an SMS with the programmed report of because
there are a wrong parameter in the configuration
Modules: RM
3616
Could not send SMS to receiver '%s'.
This warning appears when it was not possible to send an SMS
Modules: RM
4001
Cannot get enough memory for %s
Problems for allocating memory, the process will continue running successfully. Check the Memory
available.
14-43
Modules: CM, AS, WF
4002
There isn't enough free space in disk
This warning appears when the program cannot find the necessary space to write some information on the
disk. If this event occurs repeatedly, the program may stop working properly.
Modules: AS, QR
4003
Cannot set default thread attributes: %s
This warning appears when the default thread settings cannot be set. The parameter is the problem
description.
Modules: PM, LIB
4004
Cannot get default thread stack size: %s
This warning appears when the default thread stack size cannot be set. The parameter is the problem
description
Modules: PM, LIB
4005
Cannot change default thread stack size: %s
This warning appears when the default thread stack size cannot be changed. The parameter is the problem
description.
Modules: LIB
4006
A detached thread shouldn't be deleted
Deprecated
4007
Cannot find free socket thread to handle requests from port %d. Not processed.
This warning appears when the program does not have any free threads to receive an external request from
a port. The requests will not be processed by the program. The parameter is the number of the specified
port.
Modules: PM, CM, WF, RM, WS
4008
Thread pool empty for 60 seconds. Connection rejected.
Deprecated
4009
Cannot convert chunk size (%d)
Deprecated
4010
Bad signature at %s
This warning appears when the Anstispam module finds some errors reading the antispam database for
categories, content analisys, md5…
Modules: AS
4011
Cannot create %s thread
This warning appears when an Operation module cannot create a thread that listens to requests from a
service. The parameter is the name of the service.
Modules: WF
4501
14-44
Unable to get OPTENET running mode. Running ICAP mode
Deprecated
4502
Unable to load %s file. Using default settings.
Deprecated
4503
Unable to send license %s expired message.
Deprecated
4504
Unable to start %s .Port busy. Waiting up to 5 minutes.
This warning appears when the port is busy and cannot start the service.
Modules: PM, WF, RM, WS
4505
Webserver's user trying to gain access to forbidden path %s.
Deprecated
4506
%s server not found. Using 127.0.0.1.
Deprecated
4507
Unable to get %d port. Using default
Deprecated
4508
Timer wait not found. Using %d.
Deprecated
4509
Cannot update %s
Deprecated
4510
Quarantine %s disabled: %s
-
This warning appears when the quarantine has been disable because of:
storage path is too long
Cannot seek in file
Cannot get file size
Cannot repair broken file
Cannot open the file
Cannot alloc enougth memory
Modules: AS
4511
Quarantine node %s doesn't have the correct password
This warning appears when quarantine node doesn’t have the correct password
Modules: QR
4512
Quarantine node %s isn't configured
Deprecated
4513
Quarantine node authenticated as %s requests a second authentication
This warning appears when the Quarantine was already authenticated and request for a second
authentication
Modules: QR
14-45
4514
Filter node %s doesn't have the correct user/password
Deprecated
4515
Filter node %s isn't configured
Deprecated
4516
Filter node %s isn't configured
Deprecated
4517
User not found for client %s
Deprecated
4518
Client %s not found for email account
Deprecated
4519
Client %s not found in provision
This warning appears when the client was not provisioned while trying to remove the client
Modules: CM
4520
Received invalid service type %s
This warning appears when there is service to remove is not valid while trying to remove the service from
the client
Modules: CM
4521
Cannot get initial count number for client %s
This warning appears when there is an error trying to get the initial contract units of a client
Modules: CM
4522
Client %s not found in modification provision
This warning appears when trying to modify a client provision but the service type requested is not valid
Modules: CM
4523
Received invalid operation type %s
This warning appears when trying to execute an invalid operation
Modules: CM
4524
Received invalid number of operations: %d
This warning appears when trying to execute an invalid number of operations
Modules: CM
4525
Received invalid creation type %s
This warning appears when trying to provision and antispam client with an invalid type
Modules: CM
4526
Received duplicated message %s
This warning appears when trying to execute a duplicated order
14-46
Modules: CM
4527
Provisioning message %s not found
This warning appears when there is not consistent info in the historic file of provisioning orders
Modules: CM
4528
Provisioning message %s not hoped
This warning appears when trying provisioning an order with the same identifier but similar type (not the
same)
Modules: CM
4529
Provisioning %s message %s not found
This warning appears when trying to execute an order to remove not found
Modules: CM
4530
Cannot download dictionary.
This warning appears when cannot download the content dictionary for WebFilter or Antispam Filter
Modules: CM
4531
Duplicated key %s loading language %s file
Deprecated
4532
Unable to parse line loading language %s file
Deprecated
4533
%s server %s isn't configured.
This warning appears when the configuration the server is not OK (Listening port, IP Address,…)
Modules: AS
4534
Unable to save %s file. Changes will be lost.
This warning appears when it was not possible to save the new key requested for Kerberos to the
Global.conf file. This change won’t arrive to the modules.
Modules: CM
4535
Unable to load quarantined mail. %s
Modules: QR
4536
Bad unblock code to quarantined mail.
Modules: QR
4537
Connection with server %s but it must be with server %s
Modules: QR
4538
Http error while calling %s Soap service.
Modules: LIB, PM
4539
The load is too high in %s server.
14-47
Modules: LIB
4540
%d module disabled. License is off.
Deprecated
4541
Message %s too long
Deprecated
4542
%s data too long
Modules: RM
4543
Unable to get %d port. Out of range.
Deprecated
4544
Parameter %s out of range. Using %s value
This warning appears when the program receives a parameter that is out of range. The program will use a
default value. The first parameter is the name of the bad parameter and the second is the default value
used.
Modules: PM, CT, CM, AS, WF, QR, RM
4545
Cannot load authentication cache. %s
Deprecated
4546
Cannot download %s succesfully. %s
This warning appears when the program cannot download the file with the updated transactions.
Modules: CT, CM, AS
4547
Cannot scan for viruses current request: %s
This warning appears when the programm cannot scan for viruses because The egine is not initialized
Modules: WF
4548
Warning: Code %s received at Soap Request %s
This warning appears when there is an error in the SOAP received. The message includes the error message
receive and the SOAP call that fails.
Modules: WF
4549
Unable to process %s request. %s
This error appears when it was not posible to process the request. The message includes a description with
the reason why this was not possible.
Modules: CT, RD
4550
Ip %s was already in use by client %s now it is associated to client %s
This warning message appears when a current IP address that was asociated to one client now is associated
to another client.
Modules: CM
4551
Over Number of failures while trying to contact Central Manager
This warning appears when it was not possible to contact with the Central Manager for a numer of times.
14-48
Modules: PM, AS
4552
CCOTTA Under % WAP/Mobile Web requests
Deprecated
4553
CCOTTA Over % WAP/Mobile Web requests
Deprecated
4554
CCOTTA Under Mobile Web URL request per second
Deprecated
4555
CCOTTA Over Mobile Web URL request per second
Deprecated
4556
CCOTTA Over Number of lost frames
Deprecated
4557
CCOTTA Under URL request per second
Deprecated
4558
CCOTTA Over URL request per second
Deprecated
4559
CCOTTA Under WAP URL request per second
Deprecated
4560
CCOTTA Over WAP URL request per second
Deprecated
4561
CentralManager Under Number of available threads for SOAP requests: %s
This warning appears when the Central Manager is running out of threads to answer all the SOAP requests.
Check the following parameter: MaxNumberOfTransactions
Modules: CM
4562
CentralManager Over Number of failures contacting database: %s
This warning appears when there were an over number of failed attemps to comunicate with provision DB
Modules: CM
4563
CentralManager Over Number of failures contacting IWF database server: %s
This warning appears when there were an over number of failed attemps to comunicate with IWF Server
Modules: CM
4564
CentralManager Over Number of times core data was missing in Authentication cache: %s
This warning appears when the MSISDN username is not found in WF cache, so WF asks to CM for the user
Modules: CM
4565
CentralManager Over Number of wrong user authentication warnings: %s
This warning appears when there was an over number of user login (operator/administrator) invalid
14-49
Modules: CM
4566
CentralManager Over Number of requests for user info: %s
This warning appets when there was a client is not found in cache for IP assignment
Modules: CM
4567
CentralManager Over Number of authenticated users in cache: %s
This warning appears when there was an over number of validated users in cache
Modules: CM
4568
CentralManager Over Time between updates from the IWF server: %s
This warning appears when there was an over time between updates from the IWF
Modules: CM
4569
Reporter Over % Log server requests erroneous / processed
Deprecated
4570
Reporter Over Total log size
Deprecated
4571
WebFilter Under % of mobile web pages blocked
Deprecated
4572
WebFilter Over % of mobile web pages blocked
Deprecated
4573
WebFilter Under % of total pages blocked
Deprecated
4574
WebFilter Over % of total pages blocked
Deprecated
4575
WebFilter Under % of wap pages blocked
Deprecated
4576
WebFilter Over % of wap pages blocked
Deprecated
4577
WebFilter Under Number of available threads for HTTP requests
Deprecated
4578
WebFilter Under Number of available threads for ICAP requests
Deprecated
4579
WebFilter Under Number of available threads for WAP requests
Deprecated
4580
14-50
ProcessMonitor Under Time between a module going down
Deprecated
4581
Warning in configuration: %s
This warning appears when there is a wrong value in one key read from a configuration file. Check the file
and the parameter mentioned
Modules: PM, CT
4582
%s is running.
This warning appears to notify that the process mentioned is running
Modules: PM
4583
%s is not running.
This warning appears to notify that the process mentioned is not running
Modules: PM
4584
%s is responding.
This warning appears to notify that the process mentioned is running and responding (normal operation)
Modules: PM
4585
%s is not responding.
This warning appears to notify that the process mentioned is not responding. In this case, the PM will stop
the process and restart again.
Modules: PM
4586
Machine has exceeded its used CPU limit (%s %%) to reach at: %s %%
This warning appears to notify that CPU has exceeded the configured limit.
Modules: PM
4587
Machine has less than its free Memory limit (%s MB) to reach at: %s MB
This warning appears to notify that free Memory is less than the configured limit.
Modules: PM
4588
Machine has less than its free Disk limit (%s MB) to reach at: %s MB (file system %s)
This warning appears to notify that free Disk is less than the configured limit.
Modules: PM
4589
%s has exceeded its CPU limit (%s %%) to reach at: %s %%
This warning appears to notify that the module specified has exceeded the CPU limit configured. This is a
limit for warning. There is another limit that cannot superate the module. If the module superates this
second limit, it’ll be killed and another message will be sent (see message 4590)
Modules: PM
4590
%s was killed to exceed its CPU limit (%s %%) to reach at: %s %%
This warning appears to notify that the module specified was killed because it has exceeded the CPU limit
configured.
14-51
Modules: PM
4591
%s has exceeded its Memory limit (%s MB) to reach at: %s MB
This warning appears to notify that the module specified has exceeded the Memory limit configured. This is
a limit for warning. There is another limit that cannot superate the module. If the module superates this
second limit, it’ll be killed and another message will be sent (see message 4592)
Modules: PM
4592
%s was killed to exceed its Memory limit (%s MB) to reach at: %s MB
This warning appears to notify that the module specified was killed because it has exceeded the Memory
limit configured.
Modules: PM
4593
%s has exceeded its Virtual Memory limit (%s MB) to reach at: %s MB
This warning appears to notify that the module specified has exceeded the Virtual Memory limit configured.
This is a limit for warning. There is another limit that cannot superate the module. If the module superates
this second limit, it’ll be killed and another message will be sent (see message 4594)
Modules: PM
4594
%s was killed to exceed its Virtual Memory limit (%s MB) to reach at: %s MB
This warning appears to notify that the module specified was killed because it has exceeded the Virtual
Memory limit configured.
Modules: PM
4595
Machine has recovered its used CPU limit (%s %%) to reach at: %s %%
This warning appears to notify that the CPU is again under the limit configured.
Modules: PM
4596
Machine has recovered its free Memory limit (%s MB) to reach at: %s MB
This warning appears to notify that the free Memory is again more than the limit configured.
Modules: PM
4597
Machine has recovered its free Disk limit (%s MB) to reach at: %s MB (file system %s)
This warning appears to notify that the free Disk is again under the limit configured.
Modules: PM
4598
%s has recovered its CPU limit (%s %%) to reach at: %s %%
This warning appears to notify that the module specified is again under the CPU limit configured.
Modules: PM
4599
%s has recovered its Memory limit (%s MB) to reach at: %s MB
This warning appears to notify that the module specified is again under the Memory limit configured.
Modules: PM
4600
%s has recovered its Virtual Memory limit (%s MB) to reach at: %s MB
This warning appears to notify that the module specified is again under the Virtual Memory limit configured.
14-52
Modules: PM
4601
Maximum number of %s connections reached. Please, raise %s
Check the file and the parameter mentionned
Modules: CT
4602
%s filter is rejecting connections. Transparent proxy bypassed.
Deprecated
4603
Line corrupted in file %s. Checksum: %s. Line %s
Check space disk and write permissions
Modules: LIB, CM, AS, WF
4604
%s request data error. Return code [%s]: %s.
This message appears when Radius is receiving Event of no provisionning clients
Modules: RD
4605
Module %s is asking for transactions with a state that CM cannot assume it will get all changes that have
been made from that state %s
This warning appears when the Central Manager has rotated the transaction file and the modules are asking
for old transaction.
Modules: CM
4606
CCOTTA Over FTP URL request per second
Deprecated
4607
CCOTTA Under HTTPS URL request per second
Deprecated
4608
CCOTTA Over HTTPS URL request per second
Deprecated
4609
CCOTTA Under FTP URL request per second
Deprecated
4610
Performance Warn: %s. See note %s
This warning appears when the number of connection that the module are handling are near the limit
configured (AS) or the MS Domain Server requires message signing. Read the note indicated.
Modules. PM, CT, AS
4611
Unable to execute transaction %s
Deprecated
4612
Cannot parse received Id %s
Deprecated
4613
Cannot insert transaction in response
14-53
Deprecated
4614
Cannot parse received transaction %s
Deprecated
4615
Cannot insert received transaction %s in memory
Deprecated
4616
Unhandled exception in %s servant: %s
This warning appears when there was an exception in the module. The message indicates the error and the
process that sends the exception.
Modules: LIB, AS
4617
Unhandled exception in %s servant
This warning appears when there was an undefined exception in the module. The message indicates the
error and the process that sends the exception.
Modules: LIB, AS
4618
Over the memory fragment threshold %d
Deprecated
4619
Soap Call: Authentication Not accepted by AllowedRequests
Deprecated
4620
Response error %s : %s : %s
Deprecated
4621
no_blocking_write:: %s
Deprecated
4622
Exiting in emergency, without doing all users, it is because there are only %d seconds left before end of
allowed range of execution (file Programation.conf)
Deprecated
4623
Machine has more reception errors than its limit (%s) to reach at: %s (NIC %s)
This warning appears to notify that there are more receptions errors than the limit configured.
Modules: PM
4624
Machine has recovered its reception errors limit (%s) to reach at: %s (NIC %s)
This warning appears to notify that has recover from the limit configured of receptions errors (this is the
antitrap of 4623)
Modules: PM
4625
Machine has more transmission errors than its limit (%s) to reach at: %s (NIC %s)
This warning appears to notify that there are more transimssion errors than the limit configured.
Modules: PM
4626
14-54
Machine has recovered its transmission errors limit (%s) to reach at: %s (NIC %s)
This warning appears to notify that has recover from the limit configured of transmission errors (this is the
antitrap of 4625)
Modules: PM
4627
Filesystem has not pass SMART Health test (%s) to reach: %s (filesystem %s)
This warning appears to notify that the filesystem has not passed the SMART Health test indicated.
Modules: PM
4628
Filesystem has passed SMART Health test (%s) to reach: %s (filesystem %s)
This warning appears to notify that the filesystem has passed the SMART Health test indicated.
Modules: PM
4629
Line %s discarded in workmode %s, database feeder database has not been initialized.
Modules: RM
4630
Line %s discarded in workmode %s, database feeder mapping has not been initialized.
Modules: RM
4631
Line %s discarded in workmode %s, database feeder record buffer has not been initialized.
Modules: RM
4632
No suitable record table found in static database %s to feed memory database table %s.
Deprecated
4633
Interface %s is just used by the bridge %s.
Modules: CT
4634
Failed to export results for programmed report '%s' to the file '%s' for client '%s'.
Modules: RM
4635
Failed to export results for programmed report '%s' to the file '%s'.
Modules: RM
4636
Couldn't send file to ftp server '%s:%s' with the user '%s'.
Modules: RM
4637
Couldn't copy file to destination '%s'.
Modules: RM
4638
Couldn't sent mail to receivers '%s'.
Modules: RM
4639
Couldn't process task in '%s'. %d attempts left.
Modules: RM
4640
%4:%2 Server is not Responding. %5
Deprecated
4641
DNS resolution errors, %s
14-55
Modules: CM
4642
None DNS domain could be resolved
This warning appears when the module was not able to resolve the DNS. Please check the DNS conf at O.S:
/etc/resolv.conf
Modules: CM
4643
Analysis cancelled, ScanId %d.
Deprecated
4644
Update cancelled.
Deprecated
4645
Cannot send snmp trap %d
This warning appears if the module was not able to send a SNMP trap.
Modules: PM
4646
%s Discarded Jumbo frames at interface %s, maximun packet size %s
Discarded
4647
Interface %s not optimized: unsupported OS driver %s
This warning appears when CCOTTA module doesn’t know the interface driver. If this happens CCOTTA
cannot optimize it so will work without any optimization
Modules: CT
4648
Interface %s not optimized: the OS doesn't support receive side scaling queues
This warning appears if the interface driver doesn’t support for optimization. If this happens CCOTTA cannot
optimize it so will work without any optimization.
Modules: CT
4649
Error resolving %s from whitelist: %s
4650
No IP address found for whitelist domain: %s
4651
Interface %s not fully optimized: the number of RSS queues doesn't match the number of threads
This warning appears if the interface driver is not properly configured. Please, review the driver
configuration.
Modules: CT
Informative Events
5001
%s license is off.
Deprecated
5002
%s server started. Waiting for up to connections.
Deprecated
14-56
5003
%s shutdown completed.
Deprecated
5004
%s closed.
Deprecated
5005
%s configuration loaded successfully.
Modules: PM
5006
%s configuration updated successfully.
Deprecated
5007
%s created successfully.
This info message appears when the item described in the message (DKIM signature, Disk cache,
Provisionning report…) was createf successfully.
Modules: PM, CM, AS, WS
5008
%s default configuration loaded.
Deprecated
5009
%s finished.
This info message appears when the indicated action (Kerberos key reneval, Antivirus update, URLs
resolution, database crp update, database consolidation…) was finished.
Modules: CM, AS, WF, QR
5010
%s started successfully.
This info message appears when the indicated action (Module, URL resolution, Disk cache, database
update… ) started succesfully
Modules: PM, CT, CM, AS, WF, QR, RD, RM
5011
%s was killed.
This info message appears to inform that the process indicated was killed
Modules: PM
5012
%s was stopped
This info message appears when the module is stopped. After that, the module exist.
Modules: AS, WF, QR, RM, WS
5013
Connection to %s server %s established
This info message appears when the module has established connection with the server indicated
Modules: CT, QR
5014
Connection to %s server %s finished
This info message appears when the module losted the connection with the server indicated
Modules: CT, QR, RM
5015
Connection to %s server %s restored
14-57
This info message appears when the module was able to restire a connection with the server indicated
Modules: CM, AS, WF, QR, RM
5016
Loaded all the messages from filter %s
This info message appears when the module has loaded all the mails from the filter indicated.
Modules: QR
5017
New %s server connection defined:%s
This info message appears when there is a new connection to the Quarantine server
Modules: QR
5018
%s server %s updated successfully
Deprecated
5019
%s server listening at %s.
Deprecated
5020
user/groups from ip successfully
Deprecated
5021
%s loaded
This info message appears when the module has loaded the info indicated in the message (client info, user
info, client package, configuration file…)
Modules: CT, CM, AS, QR
5022
License %s checked successfully.
Deprecated
5023
Commutation %s server
Deprecated
5024
%s reloaded successfully.
This info message appears when the module has reloaded the lists
Modules: AS, WF
5025
%s removed from disk.
This info message appears when the module remove from disk a client (because of timeout expiration (CM),
the stale messages from quarantine file (AS) or the stale indexes (QR)
Modules: CM, AS, QR
5026
Exception captured. %s
Deprecated
5027
Created thread for %s successfully
Deprecated
14-58
5028
Created threadpool for %s successfully
Deprecated
5029
%s loaded successfully
This info message appears when the module has loaded the lists successfully (AS), or the Antivirus Engine
(WF) or another list indicated in the message.
Modules: AS, WF
5030
%s contacted successfully
This info message appears when the module has contacted successfully with the URL database server.
Modules: WF
5031
%s was stopped
This info message appears when the module was stopped
Modules: PM, CT, WF
5032
Closing ICAP server
Only in ICAP deployment mode. This info message appears when the module close the I server.
Modules: WF
5033
Exiting %s. All owned threads destroyed
This info message appears when the module is going to exit and close all the threads.
Modules: WF
5034
Starting Consolidation.
This info message appears when the module has started a database consolidation
Modules: WF
5035
Consolidation terminated.
This info message appears when the module has finished the database consolidation
Modules: WF
5036
ADMIN-ACTION: %s
This info message appears when the module has a request to the compress file log
Modules: WF
5037
SOAP request: %s
14-59
This info message appears when the module receives a SOAP request for exiting. The module will exist.
Modules: CM, WF
5038
%s already running.
This info message appears to notify that there is already running the URLs resolution, upgrade of the
software (only enterprise solution) or provisioning report,
Modules: CM
5039
Process %s has to wait for other processes to be started.
Deprecated
5040
Process %s suspended
This info message appears when CT cannot connet with the filter to send the traffic (ping action fails).
Modules: CT
5041
Process %s resumed
This info message appears when CT reconnet with the filter to send the traffic (ping action fails).
Modules: CT
5042
Process suspension for more than 8 minutes detected for %s
Deprecated
5043
Process %s has PID=%s
Deprecated
5044
Process %s is set to EXHAUSTED MODE. Maximum number of retries to be started within allowed seconds
reached.
Deprecated
5045
Starting %s accumulation
The reporter module has started to accumulate the data specified
Modules: RM
5046
%s accumulation terminated.
The reporter module has finished to accumulate the data specified
Modules: RM
5047
%s index load is up to date.
The module is loading the info requested (detailed or accumulated logs) or if the list is already updated
14-60
Modules: CM, RM
5048
Received transaction for SMS: %s
This info message appears when the CM has received a transaction for sending SMS with the parameters to
send
Modules: CM
5050
SMS successfully sent: %s
This info message appears when the CM has sent the SMS successfully
Modules: CM
5051
No transactions.
This info message appears when the Unified Server has no transactions to the CM.
Modules: CM
5052
%s successfully updated.
This info message appears when it was updated the AV in the module
Modules: CM, AS, WF
5053
Couldn't download list: %s
This info message appears when it was not possible to download the list indicated in the message
Modules: CM, AS, WF
5054
Possible error in file's integrity: %s
This info message appears when there could be an integrity error in the list updated.
Modules: CM, AS
5055
File %s has been successfully downloaded.
This info message appears when the module has downloadad the list indicated in the message
Modules: CM, AS, WF
5056
UnblockingRequest: %s
This info message appears when the module receives an unblocking request from the user.
Modules: CM
5057
%s removed from memory.
Deprecated
14-61
5058
Some packets lost
Deprecated
5059
%s has been detected.
This info message appears when the module detect a custom kernel
Modules: CT
5060
%s actual version is %s
This info message appears to show the current version of the module
Modules: CT
5061
%s download in progress.
This info message appears when the module is currently downloading the Antivirus database or the list
database
Modules: CM
5062
SMS not sent: %s
This info message appears when it was not possible to send the SMS
Modules: CM
5063
Packet processing time avg=%sus max=%sus
This info message appears to inform about the average and the maximum time of package processing
Modules: CT
5064
DNS lookup time avg=%sus max=%sus
This info message appears to inform about the average and the maximum time of DNS lookup
Modules: CT
5065
Key %s is obsolete, use %s instead.
Deprecated
5066
There were lost %s packet(s) at interface %s
This info message appears to inform that there were some packet loses in the indicated interface. This loses
could be due to High traffic volume (CCOTTA cannot process the traffic)
Modules: CT
5067
Before: %s
This message appears to:
14-62
-
Indicate the accumulated activation requests
Accumulated SMS requests
Compacting the database
Before starting a process
Modules: CM
5068
After: %s
This message appears to:
-
Indicate the accumulated activation requests
Accumulated SMS requests
Compacting the database
After finishing a process
Modules: CM
5069
%d%% Filtered
This message appears to indicate the porc filtered
Modules: WF
5070
Transaction not processed: %s
This message appears to indicate that the transaction indicated was not precessed
Modules: CM, AS
5071
Statistics dump: %s
This message appears to present statistics about the cps received, cps sent…
Modules: RD
5072
%s Antivirus initialized
Deprecated
5073
%s Antivirus finalized
Deprecated
5074
Invalid connection to %s server
This message appears to indicate that it was not possible to connect to the license server or to the proxy to
check the license
Modules: CM
5075
Cannot parse %s response correctly.
Only for the Enterprise solution. This message appears during the software update to indicate that it was not
possible to check the status of the installation update when asking to the OSSInstaller
14-63
Modules: CM
5076
File %s has been requested by %s
This message appears to indicate the file that was requested by SOAP call
Modules: CM
5077
%s checked
Only for the Enterprise solution. This message appears to indicate that there are no newer version to update
Modules: CM
5078
File %s has not changed at %s server. Download not needed
Deprecated
5079
%s consolidation successfully
Deprecated
5080
Master restored, backup deactivated.
Deprecated
5081
Icap Service %s contacted successfully
Deprecated
5082
Bad DatosAdicionales parameter type, a RECORD with two element is requiered.
Deprecated
5083
Bad parameter type datosAdicionales->OCTO_NU_ADMINS = %s
Deprecated
5084
Add lstOperaciones -> %s = %s
Deprecated
5085
AdditionalData->OCTO_NU_ADMINS = %s
Deprecated
5086
AdditionalData->NUM_OCURRENCIAS = %s
Deprecated
5087
AdditionalData->DIRECCION_CORREO_1 = %s
Deprecated
5088
14-64
AdditionalData->TIPO_CREACION = %s
Deprecated
5089
Add codServicio-> %s = %s
Deprecated
5090
AdditionalData->USER_ID_COL = %s
Deprecated
5091
Add Units Provision-> %s = %s
Deprecated
5092
AdditionalData->OPERACIONES(0) = %s
Deprecated
5093
AdditionalData->OPERACIONES(1) = %s
Deprecated
5094
AdditionalData->Equipos(0) = %s
Deprecated
5095
AdditionalData->Equipos(1) = %s
Deprecated
5096
AdditionalData->Cantidades(0) = %d
Deprecated
5097
AdditionalData->Cantidades(1) = %d
Deprecated
5098
Sending response (%d) to AXIS-TdE initial request
Deprecated
5099
Result sent to Central Manger ERR = %d
Deprecated
5100
External Execute
Deprecated
5101
Getting response from AXIS
Deprecated
14-65
5102
Not connected ... retrying connection with AXIS
Deprecated
5103
Conection refused with AXIS
Deprecated
5104
Receiving response from AXIS
Deprecated
5105
Issue arise due to: %s - %s
Deprecated
5106
Data Received from AXIS -> MENS_NO_MENSA = %s, MENS_NU_MENSA = %s, MENS_IN_TIPMEN = %s
Deprecated
5107
Error in %s
This message appears to indicate a general error described in the message:
“IP notification address max retries exceeded”
“BGP FSM neighbor state – event”
Modules: CT
5108
Request data – assigned
Deprecated
5109
Complementary data – assigned
Deprecated
5110
Processing values of: -%s-.
Deprecated
5111
Sending request to Central Manager
Deprecated
5112
Communication error with Central Manager
Deprecated
5113
Response sent to AXIS-TdE
Deprecated
5114
14-66
Issue creation AXIS-TdE
Deprecated
5115
MARCADO request sent to AXIS-TdE
Deprecated
5116
##########
Deprecated
5117
-Cumplimentation- Error TdE:\r\nOrderNumber=%s, %s:%s, without -Cumplimentation-:
Deprecated
5118
Central Manager requests issue creation %s
Deprecated
5119
SendError issue creation AXIS-TdE
Deprecated
5120
Issue creation finished ok AXIS-TdE
Deprecated
5121
Communication error with AXIS-TdE
Deprecated
5122
Provisioning finished
Deprecated
5123
SOAP Request: Stop service.
Deprecated
5124
SOAP Request: Start service.
Deprecated
5125
SOAP Request: Deleting cache.
Deprecated
5126
SOAP Request: Reload configuration file.
Deprecated
5127
SOAP Request: Exit.
Deprecated
5128
ITR: %s
Deprecated
5129
HTMOPT ReadFile - File not found: %s <--Deprecated
5130
Error OWS: ReplaceAddressInStack not possible
Deprecated
14-67
5131
TemplateFile: %s
Deprecated
5132
ERROR: Template: %s, Error count = %s
Deprecated
5133
HTTPCleanRequest = %s
Deprecated
5134
HTTPRequestAuth = %s
Deprecated
5135
OWS Version %s (build date - %s) for WINDOWS XP,NT,2000
Deprecated
5136
OWS Version %s (build date - %s) for LINUX Red Hat 9.x
Deprecated
5137
Timeout in Request (Now-Time From Request)=%s
Deprecated
5138
Number of available threads PORT(%s) = %s
Deprecated
5139
%d Threads created.
Deprecated
5140
AXIS Request: %s
Deprecated
5141
Manager Request to complete PROVISION:%s
Deprecated
5142
Received an undefined provision result: %d
Deprecated
5143
ATLAS: servicioSincrono received.
Deprecated
5144
SincronousService NOT authenticated.
Deprecated
5145
SincronousService authenticated.
Deprecated
5146
Parameter interpretation begin.
Deprecated
5147
14-68
RequestData->NumeroOrden = %s
Deprecated
5148
RequestData->tipoJalon = %s
Deprecated
5149
RequestData->codInt1Uo = %s
Deprecated
5150
RequestData->codInt2Uo = %s
Deprecated
5151
RequestData->intCentro = %s
Deprecated
5152
RequestData->intLocalizacion = %s
Deprecated
5153
RequestData->secuenciaActuacion = %s
Deprecated
5154
RequestData->versionActuacion = %s
Deprecated
5155
RequestData->unidadOperativa = %s
Deprecated
5156
RequestData->grupoOperativo = %s
Deprecated
5157
Page not found, path relative to ROOT = %s
Deprecated
5158
%s Packet Lost events happened at interface %s Total Packet Lost %s
Deprecated
5159
Information about configuration: %s
-
This message appears to indicate:
The number of dynamic packet allocated and the total used
Info about the use of ssl (if using ssl acceleration, ssl engine, if there is an error in the engine, if its cavium engine…)
Modules: CT
5160
Unknown file %s
Deprecated
5161
Report event: %s
-
Only for BGP deployment mode. This message appears to indicate info about the status of BGP:
BGP WF communication is established
BGP Default GW is reachable
14-69
-
Default GW reachability has been lost
Modules: CT
5162
Unclear case, surely due to previous crash, or shortage of electricity : %s%s. Can cope with it.
Deprecated
5163
%s alive
Deprecated
5164
Executting ssl accelaration %s
Deprecated
5165
%s errors writting a packet at interface %s maximun packet size %s
This message appears to indicate that there were errors writing a packet. Indecates the interfaces and the
maximum packet size
Modules: CT
5166
Accumulation dumped to static database %s.
This message appears to indicate that the accumulation calculated has been saved in the database
Modules: RM
5167
Database %s consolidated into %s.
This message appears to indicate the database that was consolidated and the destination path
Modules: RM
5168
Removed old database %s.
This message appears to indicate the database that has been removed
Modules: RM
5169
Removed temporal database %s.
This message appears to indicate that it was remove a temporal database
Modules: RM
5170
Temporal database %s is not corrupted, moving to its final destination and removing old fragments.
This message appears to indicate after a fall of the module, that the temporal database used before the fall
is OK so that the Reporter process it to a final destination
Modules: RM
5171
Database fragment %s removed.
This message appears to indicate after a fall of the module that the fragments detected could not be used so
they are removed
Modules: RM
5172
Database %s backed up to %s.
This message appears to indicate the indicated database was backed up
Modules: RM
14-70
5173
Backup accumulation result dumped to %s.
This message appears to indicate that the accumulated results were saved in a destination path
Modules: RM
5174
Dynamic database %s rebuilt from detail file.
This message appears to indicate that the database is built with the data from a detail file
Modules: RM
5175
Started consistency check of '%s'.
This message appears to indicate that the repoter is checkinf the consistency of the indicated database
Modules: RM
5176
Finished consistency check of '%s'.
This message appears to indicate that the consistency check has finished
Modules: RM
5177
Executed report '%s' with id '%s'.
This message appears to indicate that the reporter is executing a defined report.
This message appears to indicate Modules: RM
5178
Executed report '%s' with id '%s' for client '%s'.
This message appears to indicate the reporter is executing a defined report for a certain client
Modules: RM
5179
Executed programmed report '%s'.
This message appears to indicate the reporter is executing a programmed report
Modules: RM
5180
Executed programmed report '%s' for client '%s'.
This message appears to indicate the reporter is executing a programmed report for a certain client
Modules: RM
5181
Static database %s dumped.
This message appears to indicate the static database was dumped
Modules: RM
5182
Starting accumulation on database '%s'.
This message appears to indicate the reporter is starting the accumulation on a certain database
Modules: RM
5183
Enlisting '%s' to be accumulated over '%s'.
This message appears to indicate that the indicated database was enlisted to be accoumlated
Modules: RM
14-71
5184
Database %s moved to %s.
This message appears to indicate that the database indicated was moved to another path
Modules: RM
5185
Starting migration
This message appears to indicate that the reported has started a new migration
Modules: RM
5186
Migration completed
This message appears to indicate that the migration was completed
Modules: RM
5187
Migrating databases
This message appears to indicate that the reporter is migrating all the databases
Modules: RM
5188
Migrating database %s
This message appears to indicate the database that the reporter is migrating
Modules: RM
5189
Migrating programmed report instances
This message appears to indicate it is migragint programmed report to the current version
Modules: RM
5190
Migrating programmed report instance %s
This message appears to indicate the programmed report that is currently migrating
Modules: RM
5191
Migrating file %s.
This message appears to indicate the file that the reporter is currently migrating
Modules: RM
5192
Migrating detail %s (copy).
This message appears to indicate the detail file that is migrating to another copy
Modules: RM
5193
Migrating detail %s (move).
This message appears to indicate the detail file that is migrating to another path
Modules: RM
5194
Scripting engine message '%s' received executing script '%s' from configuration file '%s'.
This message appears to indicate that the scripting engine is running a script from the indicated
configuration file
Modules: RM, WS
14-72
5195
Scripting engine output '%s' received executing script '%s' from configuration file '%s'.
This message appears to indicate the output of the script executed by the scripting engine
Modules: RM, WS
5196
Workmode %s ignored. Unable to load Reporter configuration.
This message appears to indicate that one workmode is ignored because it was not possible to load from the
configuration file
Modules: RM
5197
Received DCAgent response (%s) with more than %s bytes.
Deprecated
5198
%1 At least a Primary Server is available again.
Deprecated
5199
%1 At least a Server is available again.
Deprecated
5200
%1 Has been re-configured properly.
Deprecated
5201
%4:%2 Connection to Server has been restored.
Deprecated
5202
%4:%2 Connection to Server has been restored.
Deprecated
5203
Download limit reached for %s.
This message appears to indicate that is was reached the download limited in a LDAP query.
Modules: CM
5204
Starting upgrade.
This message appears to indicate that an upgrade process has been started
Modules: RM
5205
Upgrade completed.
This message appears to indicate that the upgrade process has been completed
Modules: RM
5206
Upgrading databases.
This message appears to indicate the databases are being upgraded during the upgrade process.
Modules: RM
5207
Database %s is up to date.
This message appears to indicate that the database is updated
Modules: RM
14-73
5208
Database %s successfully upgraded.
This message appears to indicate that the database has been successfully upgraded
Modules: RM
5209
Detailed log %s is up to date.
This message appears to indicate the indicated log is updated
Modules: RM
5210
Detailed log %s successfully upgraded.
This message appears to indicate that the detailed log has been upgraded
Modules: RM
5211
Antivirus module loaded.
Deprecated
5212
Analysis started, ScanId %d.
Deprecated
5213
Analysis done, ScanId %d.
Deprecated
5214
Update finished.
Deprecated
5215
System analysed: %s objects analysed, %s infected.
Deprecated
5216
AV Library Version %s; AV Engine Version %s; AV Updater Version %s; SW Version %s; Num.virus %s
Deprecated
5217
%d%% Filtered by cpu%d
Deprecated
5218
The service %s changed its status to %s
Not implemented yet
5219
Interface %s optimized: %s
This message appears to indicate that the network interface driver is known and that CCOTTA has optimized
it
Module: CT
5220
The IP address %s from blacklist has been removed because it belongs to whitelist: %s
Not implemented yet
Only for WOLF solution.
Module: CM
5221
14-74
The IP address %s from blacklist has been removed because it exceeds the maximum traffic threshold
Only for WOLF solution.
Module: CM
5222
%s email discarded for client %s: %s
The oldest email for a client is discarded because a new email for that client is pending to send (welcome to
the service email)
Module: CM
7001
%s SOAP service restored
This message appears to indicate that there is a http error while calling ManagerSoap
Module: CT
7002
%s HTTP service restored
This message appears to indicate that http service for SOAP calling was restored
Module: CT
7003
The created number of clients has reached the permitted amount for your license. The correct operation
of the system should have been recovered.
Module: CM
7004
The license control key has been restored. The correct operation of the system should have been
recovered.
Module: CM
7005
%s email for client %s sent successfully
This message appears to indicate that there was sent a wellcome email to the client.
Module: CM
10001
OWS Debug: %s
Not implemented yet
14-75
Appendix B: OST General Categories
Importance of Categories within OST
Static lists used within the Filtering Modules of OST contain URLs that are categorized.
URL lists are expanded using URL list generators, which enable the use of wildcards in
URL specifications. Each URL is part of one to “N” classification categories available.
Figure 14-1: Categorization of URLs
Classification categories are groups of URLs which facilitate the administration and
definition of profiles (types of services, such as young, teen, mature and adult).
14-76
Classification categories are used to define rules. Rules are hierarchical and there are
three major levels: (a) General lists, (b) Operator lists and (c) End-User lists. The
precedence of rules matches this order, so Operator list rules will be valid for all EndUsers and if there is a conflict between rules, the rule with the higher priority is applied.
URL Classification within categories has two major levels — (a) General and (b)
Operator — so the Operator is able to place a URL directly in a category and that
classification will be applied to End-Users, even though it is not considered a General
classification. So, for example, URLs can be linked to categories as shown in the
following table:
General
Categories
http://www.google.com/* Search Engine
URL
http://www.leisure.com/*
…
Games, Gambling,
Pay Per Surf
…
Operator’s Categories
Operator Categories
Operator Category 1 (Operator can
define new categories and link URLs to
them)
Pornography, Operator Category 2
…
Available Categories
The available General Categories are listed below:
14-77
14-78

Anonymizers: Websites that allow users to browse the Internet
and access Internet content without being registered by third
parties.

Anorexia and Bulimia: Websites dedicated to promoting and
encouraging eating disorders.

Art: Websites that provide information about the arts, e.g.
museums, sculpture, photography, literature, etc.

Banks and Financial Institutions: Websites of banks and
financial institutions worldwide.

Banners: Advertising banners that form part of a website.

Blogs: Websites where people can publish their diaries and any
experiences, comments, ideas, etc. they wish to share over the
Internet.

Bombs: Websites that explain how to prepare, make, build and use
explosives and explosive devices.

Chat: Websites where end users can communicate with other users
in real time.

Computing: Websites with information relating to hardware,
software, the Internet, etc.

DNS Services: Blocks access to Dynamic DNS Services.

Drugs: Websites that encourage the drug use or provide contacts
and locations where drugs can be bought. This category does not
include general information or preventive measures on drugs.

Economy: Websites with content on stock markets, banking,
financial investments, insurance, etc.

Education: Websites of schools, universities, academies and
centers that offer training courses.

Employment: Websites for job searches; this category also
includes head hunters and any content they may include on the
Internet.

Dating: Match-making websites through which the user can meet
other people, make friends, find a partner, etc.

Directory and Street maps: Websites that include city and street
maps, as well as contact information such as addresses, telephone
numbers, etc.

Forums: Websites that invite users to participate in discussions on
predetermined topics.

Gambling: Websites providing access to online gambling such as
casinos and any other online services that allow an end user to
place bets.

Games: Websites where user can play online games or download
computer games.

Government: Websites of public entities and institutions, such as
ministries, government departments, city councils, the European
Union and any other URL or web page that provides information
regarding government institutions from around the world.

Hackers: Websites where one can find information on hacking,
pirated and illegal software as well as software used for hacking.

Health: Websites where you can find non-scientific information
about illnesses and how to cure them.

Hosting domains: Hosting websites from where Internet domains
can be obtained.

Information: Websites that provide general information on traffic
conditions, weather, etc.

Instant Messaging Servers: Websites where Instant Messaging
software (e.g. MSN Messenger, Yahoo Messenger, etc.) can be
downloaded.

Legal: Websites containing information on legal matters.

Leisure: Websites containing information on what to do during
free time, e.g. films, plays, books, restaurants, hobbies, etc.

Logos/Ringtones: Websites where images and/or ringtones
(monophonic or polyphonic melodies) for cell phones can be
downloaded.

Malware: Websites containing malicious code or programs such
as viruses or Trojans.

Models: Websites containing photographs of models. Websites
where this type of photographs shows models fully or partially
naked are included in the pornography category.

Music: Websites where users can purchase or download music, or
get information on singers and music groups in general.

P2P Servers: Websites that make it possible for users to share or
download legal and illegal files. This category also includes
websites that contain P2P applications and programs.
14-79
14-80

Pay-per-surf: Web pages which allow people to earn money on
the Internet by receiving e-mails, surfing certain web pages,
subscribing to free offers, etc.

Personal Websites: Personal websites created by users all over the
world to present themselves or specific topics of interest to them.

Pornography: Websites with a pornographic and erotic content.
This category includes access to chat rooms where this type of
material can be found.

Portals: Websites offering a wide range of content (e.g. news,
leisure, sport, games, music, etc.) all in one place.

Press: Online neOSTapers or magazines.

Racism: Websites with contents of an openly xenophobic nature
or that promote and/or defend racist behavior based on culture,
race, religion, ideology, etc.

Remailers: Web pages that readdress or transform other web
pages.

Search engines: Websites used for content searches and browsing
on the Internet (google.com, yahoo.com, altavista.com,
alltheweb.com, etc.).

Sects: Websites on organizations universally accepted as sects.
Within this category URLs are included on organizations that
promote directly or indirectly: (i) group, animal or individual
injuries, (ii) esoteric content (iii) content that sets a bad example
for young children: that teaches or encourages children to perform
harmful acts or imitate dangerous behavior, (iv) content that
creates feelings of fear, intimidation, horror, or psychological
terror, (v) Incitement or depiction of harm against any individual
or group based on gender, sexual orientation, ethnic, religious or
national identity.

Sexuality: Websites that provide information on sex, sex and
teenagers, sexual education etc., without pornographic content.

Shopping: Websites for online shopping.

Society: Websites with content relating to celebrities, fashion,
home improvement, etc.

Sport: Websites that provide content relating to sports, sports
teams, etc.

Spyware: Websites containing spyware. Spyware is software that
collects confidential and general information from a PC and
transmits it to a third party. All this takes place without the
knowledge and/or consent of the user.

Telecommunications: Websites that provide information about
landline telephony, cell phones, internet connections, etc.

Travel: Travel agency portals and websites with information on
cities, hotels and transportation.

Violence: Websites and/or web pages that provide openly violent
content and/or that promote violence or defend it.

VoIP: Voice over IP. Web pages that provide access to
applications that provide live voice transmission via the internet,
using TCP/IP protocols.

Webmail: Websites that provide Webmail services where you can
send and receive e mails from any personal computer with an
Internet connection (Hotmail, Yahoo, Gmail, etc.).
*On many occasions, the same website may be included in two or more categories at
the same time.
14-81
Appendix C: Border Gate Protocol
Border Gateway Protocol (BGP) is a protocol used by ISPs registered on the Internet to
exchange routing tables. It requires a router that has been configured with each neighbor
that will exchange the routing information it has stored. A feature of BGP is that it
exchanges routing information between autonomous systems at the same time as
guaranteeing a choice of direct routes free of loops.
OST 6.04 includes some BGP functionalities. Specifically, it can be used to interact
with installations that use this protocol under certain conditions:
14-82

It is not compatible with a standard installation. The installation of
OST using BGP has specific features that make it different to a
traditional installation. The result is that many service features are
affected, mainly those related to content analysis, which is not
possible in this type of installation.

It can only filter by connection. The content filter in a BGP
installation works using lists of blocked URLs. The client makes a
request using a router and CCOTTA. If the requested URL is on
the preloaded lists of the filtering module, the request is rejected
and the default page or a custom blocking page is shown. If the
requested URL is not on the lists, the page is delivered to the client
through the router, without passing through the filtering module.

The Reporter service generates information in certain situations.
The information saved in the logs relates only to traffic that passes
through the filtering module, something that does not necessarily
happen with this type of installation. Using BGP, most traffic
passes directly from the client to the external server without
passing through CCOTTA or another filtering module.

The main advantage is that it enables a minimal degree of filtering
of restricted pages using small machines that can provide service
to large numbers of users.

OST Administration Guide - Optenet Knowledge Base ::OKB

Transcription

Similar documents

Accessing the SE EMS Online Education Modules

BerLin UrBAn Living- De ZwArTe HonD ArcHiTecTs

Mauro Caccivio , Lia Ditton , Matteo Marzoli , Enrico Burà

Optional Profitek G/L, A/P and Canadian Payroll modules

DS CPCI-400 - MAX Technologies

innovation series

SC 255-96M SC 260-96M SC 265-96M

Log into eVision Choose modules