Guest

Support

Administration

Hierarchical Navigation

  • Viewing Options

  • PDF (975.4 KB)
  • Feedback
Administration

Table Of Contents

Administration

Overview

Account Management

Editing Your Account Details

Changing Your Password

Changing the Scanned IP Addresses

Downloading a List of Dynamic DNS Addresses

Managing Admin Users

Creating a New Admin User

Editing an Admin User

Removing an Admin User

User Management

Managing Groups

Adding a Directory Group

Creating a Custom Group

Editing a Group

Removing a Group

Managing Users

Importing a User List

Removing Users

Hosted Configuration Files

Uploading a New Configuration File

Managing Configuration Files

Removing Configuration Files

Authentication

Company Keys

Group Keys

Bulk Group Management

User Keys

Bulk User Management

Setting the User Email Message

Dictionaries and Databases

Managing Dictionaries

Creating a New Dictionary

Editing a Dictionary

Managing File Information Databases

Creating a New Database

Editing a Database

Removing a Database

Generating an Audit

Secure Traffic Inspection

Legal Disclaimer

Secure Sockets Layer Certificates

Creating a Certificate in ScanCenter

Using an Externally Generated Certificate

Editing a Certificate Description

Removing a Certificate

Filters

Creating a Filter

Editing a Filter

Removing a Filter

Policy

Creating a Rule

Editing a Rule

Removing a Rule


Administration


Overview

The administration tasks in ScanCenter are accessed via the Admin tab. From there you can:

Change your account details and password.

Update the IP addresses scanned by the Web Scanning Services.

Verify dynamic DNS.

Manage admin users.

Manage company, group, and user keys.

Configure email messages.

Manage users and groups.

Host configuration files.

Create or import dictionaries and file information databases.

Run audits.

Manage HTTPS certificates, filters, and policy.

Account Management

The account management area of ScanCenter enables you to:

Edit your account details.

Change your password.

Update the scanned IP addresses.

Download a list of registered dynamic DNS addresses.

Manage admin users.

Editing Your Account Details

To edit your account details:


Step 1 Click the Admin tab to display the administration menus.

Step 2 In the Your Account menu, click Account Details to display the Account Details page.

Step 3 In the Title list, click your title. The available options are:

Mr

Ms

Miss

Mrs

Dr

Other

Step 4 Enter your First name.

Step 5 Enter your Last name.

Step 6 Enter your Job Title.

Step 7 Enter your organization's name in the Company name box.

Step 8 Enter the URL of your organization's website in the Website box.

Step 9 Enter your telephone number in the Telephone box.

Step 10 Enter your facsimile number in the Fax box.

Step 11 Enter your mobile telephone number in the Mobile Phone box.

Step 12 Enter your organization's address, using up to three lines, in the Address boxes.

Step 13 Enter your postal code in the ZIP/Post Code box.

Step 14 In the Country list, click your country.

Step 15 In the Timezone list, click your time zone. Alternatively, click UTC.

Step 16 Click Save to save your changes. Alternatively, navigate to another page to abandon your

changes.


Changing Your Password

To change your password:


Step 1 Click the Admin tab to display the administration menus.

Step 2 In the Your Account menu, click Change Password to display the Change Password page.

Step 3 Enter the new password in the Password and Confirm password boxes.

Step 4 Click Save to change your password. Alternatively, navigate away from the page to abandon your changes.



Note Clicking Reset does not reset your password. It only clears the boxes.


Changing the Scanned IP Addresses

To request changes to the IP addresses scanned by the Web Scanning Services.


Step 1 Click the Admin tab to display the administration menus.

Step 2 In the Your Account menu, click Scanning IPs to display the Request Scanning Ips page.

Step 3 Enter the IP addresses with their net masks in the box.

Step 4 Click Save to save your changes. Alternatively, navigate away from the page to abandon your changes.



Note IP addresses will normally be updated within one business day. A confirmation email will be sent when the changes are complete. If your change is urgent, email support for immediate action.


Downloading a List of Dynamic DNS Addresses

Typically, accessing the proxy servers from a dynamic IP address requires the use of Connector configured with group or company authentication keys.

The majority of Cisco and third-party routers can issue Dynamic DNS (DDNS) requests. DDNS enables the router to communicate with an external server to send its current external (WAN) IP address, so that other devices can connect to it using a static name resolved through normal DNS requests. The DDNS server is automatically updated if the external IP address changes. A DDNS update comprises a username, password, and hostname, which can be used by the service to authenticate these devices.

It is also possible to perform DDNS registration with client-side software.


Note For transparent deployment, DDNS routers must support the ability to port forward traffic to the proxy servers. Alternatively, browser proxy settings (PAC, WPAD, and so on) may be used if required.


Cisco provides a proprietary DDNS service as a means to verify dyanmic IP addresses against its authentication database. Any router which has a `custom' option for DDNS should be able to use this functionality.

For detailed instructions on configuring your router, refer to your router documentation.

To enable DDNS support:


Step 1 If you have not already done so, create a group authentication key in ScanCenter.

Step 2 Create a `custom' DDNS on your router.

Step 3 Set the server to ddns.scansafe.net.

Step 4 Set a unique identifier for the username or equivalent parameter.

Step 5 Set the password to the group authentication key you previously created.

Step 6 Set the hostname to one of the domains associated with your ScanCenter account, typically your email domain.

Step 7 Set the URL to /dir/register?hostname=.


To verify your routers are working correctly you may want to view a list of currently registered dynamic DNS addresses. The list is provided as a CVS file containing the current IP address for each device. It does not contain a history of device IP addresses. To download the list:


Step 1 Click the Admin tab to display the administration menus.

Step 2 In the Your Account menu, click Dynamic DNS to display the Dynamic DNS page.

Step 3 Click Generate Audit to download a comma-separated list of the dynamic IP addresses registered with your account. The list contains user names, IP addresses, host names, and the date of the last update.


Managing Admin Users

The Admin Users page enables you to create, edit and remove admin users. The access rights of an admin user are determined by the role assigned to that user. The available roles are:

Full Access

Read Only

Report Admin

Admin with no Forensic Role

HR

Full Read Only

See Role Permissions, page D-1 for details of the access rights associated with each role.

To manage admin users:


Step 1 Click the Admin tab to display the administration menus.

Step 2 In the Your Account menu, click Admin Users to display the Admin Users page.


Creating a New Admin User

To create a new admin user:


Step 1 Click Create to display the Create Admin User page.

Step 2 Enter the email address of the admin user in the Email Login box. This will be the user name.

Step 3 In the Role list, click a role.

Step 4 Enter a password in the Password and Confirm Password boxes.

Step 5 Click Save to save your changes. Alternatively, navigate away from the page to abandon your changes.



Note You must activate the admin user to enable them to log in.


Editing an Admin User

To activate an inactive admin user, click Activate.

To deactivate an active admin user, click Deactivate.

To change the role of an admin user:


Step 1 Click the require role in the Role list.

Step 2 Click Save. Alternatively, navigate away from the page to abandon your changes.


Changing an Admin User Password

To change an admin user's password:


Step 1 Click Change to display the Change Password page.

Step 2 Enter the new password in the Password and Confirm password boxes.

Step 3 Click Save to change the password. Alternatively, navigate away from the page to abandon your changes.



Note Clicking Reset does not reset your password. It only clears the boxes.


Restricting Access to Reports

You can restrict the data that an admin user is able to view when running reports. By default there are no restrictions in place.

To exclude attributes from reports run by a specific admin user:


Step 1 Click Change to display the list of attributes.

Step 2 Clear the check boxes of the attributes that you do not want to be viewed by the admin user.

Step 3 Add any filters you want to apply to online reports viewed by the admin user. For more information about filters see Filtering Reports, page 3-11.


Note Filters will not be applied to scheduled reports. Filter sets cannot be applied to admin users.


Step 4 Click Save.


Removing an Admin User

To permanently remove an admin user:


Step 1 Select the Delete check box for the required user. You can select multiple admin users to be removed.

Step 2 Click Delete. You will be prompted to confirm your action.



Caution When an admin user has been removed it cannot be recovered. Instead, you must create a new admin user.

User Management

The user management area of ScanCenter enables you to create groups, edit groups and users, and import users, dictionaries, and file information. When using Cisco Integrated Services Router Web Security, Cisco AnyConnect Secure Mobility Web Security, or Connector, groups enable you to implement role based Web access policy.

Groups are evaluated as follows:

1. If Connector is configured to send internal group details, a check is made to see if the supplied group name matches any groups configured in ScanCenter. If a match exists the matched group is selected. If the user belongs to more than one group then any group containing the string 'webscan' will be given priority.

2. If the user name is matched but no group is matched, a check is made to see if the user belongs to an existing group.

3. If the group cannot be matched but the internal IP addresses is present, a check is made to see if the IP address matches a group IP expression.

4. If the group cannot be matched, a check is made to see if the external IP address matches a group IP expression.

5. If the group still cannot be matched, the default group is used.

Managing Groups

Two types of groups are supported in ScanCenter; directory groups and custom groups. Directory groups can be Windows Active Directory groups or LDAP groups. Custom groups enable you to create a group containing any users, regardless of their active directory or LDAP group.

To manage groups:


Step 1 Click the Admin tab to display the administration menus.

Step 2 In the Management menu, click Groups to display the Manage Groups page.

Adding a Directory Group

Before you can add a directory group you must first create the Windows Active Directory or LDAP group on your server.

To add a directory group:


Step 1 Click Add Directory Group to display the Add New Directory Group page.

Step 2 Enter the Active Directory or LDAP group in the box.

Step 3 Click Save to save your changes. Alternatively, click Cancel to abandon your changes.


Creating a Custom Group

To create a custom group:


Step 1 Click Add Custom Group to display the Add New Custom Group page.

Step 2 Enter a name for the group in the box.

Step 3 Click Save to return to the Manage Groups page. Alternatively, click Cancel to abandon creating the group.

Step 4 Edit the group.


Editing a Group

To edit a group:


Step 1 In the Mange Groups page, click the group name hyperlink to display the Edit Custom Group page.

Step 2 Enter a new name for the group in the box and click Save. Alternatively, accept the existing name.

Step 3 Enter the required IP expressions in the box, for example 192.168.0.0/255.255.0.0, and click Save.

Step 4 Enter the required Active Directory or LDAP users in the box and click Save.


You can click Done to return to the Manage Groups page.

Removing a Group

In the Manage Groups page, select the check box of the group to be removed then click Delete Selected to permanently remove the group. You will be prompted to confirm your action. You can select multiple groups to be removed. You cannot remove a group that is associated with a policy.


Caution When a custom group has been removed it cannot be recovered. Instead you must create the custom group again.

Managing Users

Users cannot be added individually. They must be imported from a text file containing a comma-separated list in the form <group>, <user name>, <email address> for each user. When the list has been imported individual users can be removed. Users cannot be edited. If you need to make changes you should remove the existing user and import a new user with the appropriate details.

Importing a User List

To import a user list:


Step 1 Click the Admin tab to display the administration menus.

Step 2 In the Management menu, click Import User List to display the Import User List page.

Step 3 Click Browse then navigate to the file.

Step 4 Click Import. You will be notified if the file cannot be validated.

Step 5 If the list is correct, click Confirm. You will be notified if the import was successful. Alternatively, click Back to step 1, edit the file and repeat the import process.


When you have imported a user list you can click Back to step 1, to import additional user lists. Alternatively, if you wait 10 seconds you will be taken back.

Removing Users

To remove a user:


Step 1 Click the Admin tab to display the administration menus.

Step 2 In the Management menu, click Users to display the Manage Users page.

Step 3 Select the check box of the user to be removed.

Step 4 Click Delete Selected. You will be prompted to confirm your action.


You can select multiple users to be removed.

You can search for a user by entering all or part of the user name in the Search box and clicking Search. To display the full list again click Reload list.

Hosted Configuration Files

The hosted configuration area of ScanCenter enables you upload PAC (proxy auto-config) files, and other configuration files to ScanCenter, and manage those files. For information about PAC files, refer to the Connector Administrator Guide appendix "Proxy Auto-Config Files."

To view your hosted configuration files:


Step 1 Click the Admin tab to display the administration menus.

Step 2 In the Management menu, click Hosted Config to display the Hosted Config page.

The description, type, URL or associated group key, status, creation and modification dates are displayed.


Uploading a New Configuration File

To upload a file:


Step 1 Click the Upload Config tab to display the Upload Config page.

Step 2 Click the required file type in the Resource Format box.

Step 3 Enter a unique Description in the box.

Step 4 Click Browse to select a file to upload. There is a maximum file size limit of 500 kilobytes.

Step 5 Click Upload to upload the file.


Managing Configuration Files

When you have uploaded a file you can activate or deactivate it, upload newer versions, and delete versions.

To manage a configuration file:


Step 1 Click the Admin tab to display the administration menus.

Step 2 In the Management menu, click Hosted Config to display the Hosted Config page.

Step 3 Click the Edit icon.


To activate a configuration file, select the Active check box, then click Save. Alternatively, clear the check box to deactivate the configuration file, then click Save.

When there are two or more versions of a file, click Default to enable a specific version, then click Save.

To remove a specific version of a file, click Delete.


Caution When you click Delete the file will be deleted immediately unless it is the default version. You will not be asked to confirm your action.

Removing Configuration Files

Only configuration files that are inactive can be completely removed.

To remove an inactive configuration file:


Step 1 Click the Admin tab to display the administration menus.

Step 2 In the Management menu, click Hosted Config to display the Hosted Config page.

Step 3 Click the Delete icon.


Caution Files are removed immediately. You will not be asked to confirm your actions.

Authentication

The authentication area of ScanCenter enables you to generate authentication keys for your organization, groups, and individual users. Keys are used with Cisco Integrated Services Router Web Security, Cisco AnyConnect Secure Mobility Web Security, and Connector. For further information refer to the relevant administrator guide. Before creating group or user keys you should set up your groups and users. See User Management.

Company Keys

The company key is used for organization-wide authentication.

To view the company key:


Step 1 Click the Admin tab to display the administration menus.

Step 2 In the Authentication menu, click Company Key to display the Company Key page.


To deactivate an active key, click Deactivate. To activate a deactivated key, click Activate.

To permanently remove a key click Revoke.


Note Revoking or deactivating a key will prevent users from being able to authenticate with the Web Scanning Services. When you have revoked a key you must generate a new key.


To generate a company key:


Step 1 Click Create new.

The Authentication Keys page is displayed.

Step 2 Copy the authentication key to a secure location.


Caution For security reasons, the authentication key is displayed only once. If you lose the key you must revoke the existing key and create a new key.

Group Keys

Group keys are used for authenticating groups of users. Before creating group keys you should ensure you have created the required groups. See User Management.

To view the group keys:


Step 1 Click the Admin tab to display the administration menus.

Step 2 In the Authentication menu, click Group Keys to display the Group Authentication Keys page.


To create and activate a key:


Step 1 Click Create Key. The Authentication Keys page is displayed.

Step 2 Enter a group email address in the Send via email to the user box.

Step 3 Click a domain in the list.

Step 4 Click Send to send an email to members of the group.


To deactivate an active key, click Deactivate.

To activate a deactivated key, click Activate.

You can search for a group by entering all or part of the group name in the Search box and clicking Search. To display the full list again click Reload list.

Bulk Group Management

You can activate, deactivate and revoke group keys in bulk.

Click the check box to select a group with a key. You can click Select All to select the check box of all groups with keys or Deselect All to clear all check boxes.

Click Activate Selected to activate all the selected group keys.

Click Deactivate Selected to deactivate all the selected group keys.

Click Revoke Selected to permanently remove all the selected group keys.

User Keys

User keys are used for authenticating individual users. Before creating user keys you should ensure you have imported the required users. See User Management.


Step 1 Click the Admin tab to display the administration menus.

Step 2 In the Authentication menu, click User Keys to display the User Authentication Keys page.


To create and activate a key, click Create Key. The Authentication Keys page is displayed. Enter a user email address in the Send via email to the user box, click a domain in the list and click Send to send an email to the user.

To deactivate an active key, click Deactivate.

To activate a deactivated key, click Activate.

To enable mobile functionality for a user, select the Mobile check box. Alternatively, clear the check box to switch off mobile functionality. You will be prompted to confirm your action.

You can search for a user by entering all or part of the user name in the Search box and clicking Search. To display the full list again click Reload list.

Bulk User Management

You can activate, deactivate and revoke user keys in bulk.

Click the check box to select a user with a key. You can click Select All to select the check box of all users with keys or Deselect All to clear all check boxes.

Click Activate Selected to activate all the selected user keys.

Click Deactivate Selected to deactivate all the selected user keys.

Click Revoke Selected to delete all the selected user keys.

Setting the User Email Message

To set the email message that is sent to a user with an authentication key:


Step 1 Click the Admin tab to display the administration menus.

Step 2 In the Authentication menu, click Email Messages to display the Email Messages page.

Step 3 Edit the message in the first box. The text [username] and [company_name] will be replaced with the user's name and your organization's name.

Step 4 Edit the signature in the second box.

Step 5 Click Submit to save your changes. Alternatively, navigate away from the page to abandon your changes.


You can click Reset to default message to restore the default message.

Dictionaries and Databases

Dictionaries are used with Outbound Content Control (OCC). You can import dictionaries from a file which can include words and phrases, but not regular expressions or wild cards. Dictionaries can contain a maximum of 1,000 words or phrases. File information databases enable you to block specific files. You can also import databases from a file.

Managing Dictionaries

Click the Admin tab to display the administration menus.

In the Management menu, click Dictionaries to display the Manage Dictionaries page.


Creating a New Dictionary

To create a new dictionary:


Step 1 Enter a name in the Enter new Dictionary name box.

Step 2 Click Add Dictionary.

Step 3 Edit the dictionary.


Editing a Dictionary

Click the dictionary name hyperlink to display the Edit Dictionary page.

To add an individual word or a phrase, enter the text in the Enter the words or phrases below that you wish to block box then click Add.

To remove a word or phrase, click it in the list then click Delete.

You can import words and phrases from a text file. The list must be comma-separated. For example:

the,quick,brown,fox,jumps over the,lazy dog

To import a comma-separated list of words and phrases:


Step 1 Click Browse then navigate to the file.

Step 2 Click Import.

Step 3 If the list is correct, click Confirm to add the words or phrases and return to the Edit Dictionary page. Alternatively, click Back to step 1, edit the file and repeat the import process.


Removing a Dictionary

To remove a dictionary:


Step 1 In the Manage Dictionaries page, select the check box of the dictionary to be removed.

Step 2 Click Delete Dictionaries. You will be prompted to confirm your action.


You can select multiple dictionaries to be removed.

Managing File Information Databases

To manage file information databases:


Step 1 Click the Admin tab to display the administration menus.

Step 2 In the Management menu, click File Info DBs to display the Manage File Infos page.

Creating a New Database

To create a new database:


Step 1 Enter a name in the Enter new File Info DB name box.

Step 2 Click Add File Info DB.

Step 3 Edit the database.


Editing a Database

Records are added to a database by importing comma-separated lists of file information. Each entry in the list must include the file name, file size, an MD5 checksum, and an SHA-1 checksum in that order, for example:

1video.avi,37352,d97343b7ef8a00307091c6456b25c84,de9e351ebe13186770f3fc79f45733a6d595e2e1

On UNIX and UNIX-like systems, OpenSSL can be used to generate the checksum with the following commands:

openssl md5 <filename>
openssl sha1 <filename>

On Windows, the Microsoft File Checksum Integrity Verifier can be used to generate the checksum with the following commands:

fciv md5 <filename>
fciv sha1 <filename>

The File Checksum Integrity Verifier can be downloaded from Microsoft's website:

http://search.microsoft.com/results.aspx?q=microsoft+file+checksum+integrity+verifier

To import a list of file information into a database:


Step 1 Click the database name hyperlink.

Step 2 Click Browse then navigate to the file.

Step 3 Click Import. You will be notified if the file cannot be validated.

Step 4 If the list is correct, click Confirm. The imported data is displayed in a table with file name, file size, MD5 and SHA-1 checksum. Alternatively, click Back to step 1, edit the file and repeat the import process.


Removing a Database

To remove a database:


Step 1 In the Manage File Infos page, select the check box of the database to be removed.

Step 2 Click Delete File Infos. You will be prompted to confirm your action.


You can select multiple databases to be removed.

Generating an Audit

Generating an audit enables you to see all the administration activity that has taken place in ScanCenter over a period of time, from a day up to a year. Audits provide a record of changes to administration, configuration, filtering, and policy. The audit is downloaded as a CSV file containing the user name, category type, action, log time, and a description for each logged event.

To download an audit:


Step 1 Click the Admin tab to display the administration menus.

Step 2 In the Reports menu, click Audit to display the Audit Logging page.

Step 3 In the Select Period area, click a period for the audit. The available options are:

Yesterday

Last full week

Last full month

Last full year

Custom

Step 4 If you chose a custom period, click the required start and end dates in the From and To lists.

Step 5 Clear the All Admins check box and click an admin user in the or select an Admin list. Alternatively, select the All Admins check box to include all admin users.

Step 6 Clear the All Categories check box and click a category in the or select a Category list. The available categories are:

Administration

Filtering Policy

Spyware Policy

Web Virus Policy

Https Inspection

Alternatively, select the All Categories check box to include all categories.

Step 7 Clear the All Actions check box and click an action in the 'or select an Action list. The available actions are:

INSERT

UPDATE

DELETE

Alternatively, select the All Actions check box to include all actions.

Step 8 Click Generate Audit to download the audit as a CSV (comma-separated value) file.


Secure Traffic Inspection

When a user connects to a website via HTTPS, the session is encrypted with a digital certificate. When secure traffic inspection is enabled, the Web Scanning Services block all expired, invalid, and revoked certificates.

Secure traffic inspection decrypts and scans the HTTPS traffic passing through the Web Scanning Services for threats and carries out actions based on your policy settings. If the traffic is deemed safe it is re-encrypted and passed back to your organization with a new SSL certificate.

All users must use an SSL certificate to generate the Certificate Signing Request (CSR). You can upload an existing certificate or generate a certificate in ScanCenter. The public certificate, deployed to each user's browser, and the corresponding certificate are stored securely by Cisco. The certificates are then associated with your secure traffic inspection policy.

Two changes are required on the client:

1. Proxy settings for SSL traffic must be configured in the client browser, or on your organization's firewall or gateway device.

2. The Web Scanning Services root certificate must be imported into the client browser to enable it to trust SSL connections with the Web Scanning Services.

Legal Disclaimer

It is your responsibility to determine if it is legal for you to inspect HTTPS traffic in your jurisdiction. Switching on this functionality will permit the Web Scanning Services to inspect HTTPS traffic. While all such inspection is carried out automatically rather than by individuals, such decryption may nonetheless be in breach of privacy laws in certain countries. By enabling this functionality you agree that you have the legal right to decrypt this traffic in all relevant jurisdictions and that you have obtained all necessary consents from your users to do so.

In most jurisdictions you are required by law to inform your users that secure traffic is being inspected. It is possible to present an HTML page to the user that states that the session will be decrypted, and gives the user the option to continue or not. To enable you to comply with privacy law, notice is given to the user before the SSL connection is established.

You can exclude websites from secure traffic inspection, for example banking websites. These sites will bypass secure traffic inspection and the user will be connected to the site via a direct SSL connection.


Caution To abide by privacy laws, no log record is maintained. However, you are responsible for ensuring that the content decryption and encryption takes place in a closed loop and that no content is cached.

Secure Sockets Layer Certificates

When you generate an SSL certificate in ScanCenter, Cisco will be the Certificate Authority (CA). If you want your organization to be the CA you can generate a Certificate Signing Request (CSR) in the portal, use that to generate the certificate, and then upload it to the portal.

To view existing certificates:


Step 1 Click the Admin tab to display the administration menus.

Step 2 In the HTTPS Inspection menu, click Certificates to display the certificates page.


Creating a Certificate in ScanCenter

To create an SSL certificate:


Step 1 Click the Create a certificate tab.

Step 2 Click create a certificate or.

Step 3 Enter an Identifier.

Step 4 Enter a Description.

Step 5 Click Save to save your changes. Alternatively, navigate away from the page to abandon your changes.


Using an Externally Generated Certificate

If you want to generate your own SSL certificates with your organization as the CA, you will need an SSL toolkit such as OpenSSL. This is generally included with most UNIX and UNIX-like operating systems but is also available for Windows from http://www.openssl.org/. If you are not familiar with SSL software you should use the portal to create an SSL certificate instead.

To use an externally generated SSL certificate:


Step 1 Click the Create a certificate tab.

Step 2 Click generate a CSR?.

Step 3 Enter a unique name for the CSR in the Identifier box.

Step 4 Enter a Description of the CSR.

Step 5 Click Generate to generate a CSR.

Step 6 Click Download your CSR to download the CSR.

Step 7 Generate your SSL certificate using the downloaded CSR. For more details refer to your SSL toolkit vendor documentation. You have 30 minutes to create and upload the certificate.

Step 8 Click Browse and navigate to the SSL certificate you wish to associate with the CSR.

Step 9 Click Upload.


Editing a Certificate Description

To edit an SSL certificate description:


Step 1 Click the Edit icon.

Step 2 Enter a new Description.

Step 3 Click Save. Alternatively, navigate away from the page to abandon your changes.


Removing a Certificate

To delete an SSL certificate, click the Delete icon. You will be prompted to confirm your action.

Filters

Filters enable you to set the websites and categories that will be subject to HTTPS inspection.

To view filters:


Step 1 Click the Admin tab to display the administration menus.

Step 2 In the HTTPS Inspection menu, click Filters to display the filters page.


Creating a Filter

To create a new filter:


Step 1 Click the Create a filter tab.

Step 2 Enter a Filter name.

Step 3 Select the Active check box to make the rule active. Alternatively, clear the check box to activate the rule at another time.

Step 4 Click the Categories hyperlink.

Step 5 Select the check boxes of the required categories. You can click Select All to select all the check boxes or Deselect all to deselect all the check boxes. See Web Filtering Categories, page B-1.

Step 6 Click the Domains/URLs hyperlink.

Step 7 Enter the domains or URLs to be included in the filter. Each domain or URL should appear on its own line. You can use host names and sub-domains but you must omit the protocol (https://). You can click Sort Alphabetically to sort the list.

Step 8 Click the Exceptions hyperlink.

Enter the domains or URLs to bypass the filter. Each domain or URL should appear on its own line. You can use host names and sub-domains but you must omit the protocol (https://). You can click Sort Alphabetically to sort the list.

Step 9 Click Save all settings to save your changes. Alternatively, navigate away from the page to abandon your changes.


Editing a Filter

To edit a filter:


Step 1 Click the Edit icon.

Step 2 Click the hyperlink of the settings you want to change.

Step 3 Make your changes.

Step 4 Click Save to save your changes. Alternatively, navigate away from the page to abandon your changes.


Removing a Filter

To remove a filter, click the Delete icon.

Policy

Policy enables you to set the rules for applying filters.

To view your existing policy:


Step 1 Click the Admin tab to display the administration menus.

Step 2 In the HTTPS Inspection menu, click Policy to display the policy page.


You can set the priority of a rule by clicking the up and down icons in the Move column and then clicking Apply Changes.

Creating a Rule

To create a new rule:


Step 1 Click the Create a rule tab.

Step 2 Enter a rule Name.

Step 3 In the Choose certificate list click an SSL certificate.

Step 4 Click Add group.

Step 5 Enter all or part of a group name in the Search box and click Go.

Step 6 Click Select to select the group.

Step 7 Click Confirm Selection. You can click the Delete icon to remove any groups added by mistake.

Step 8 Select the Set as an exception check box to exclude the group from the rule. Alternatively, clear the check box to apply the rule to the group.

Step 9 In the Add Filter list, click a filter then click Set to set the filter. Only one filter can be set. You can click the Delete icon to remove a filter added by mistake.

Step 10 Click Create rule to save your changes. Alternatively, navigate away from the page to abandon your changes.

Step 11 You will be prompted to confirm that you are in compliance with privacy laws and have obtained consent to inspect HTTPS traffic. If this is correct, click OK. If this is not correct, you must click Cancel.


Editing a Rule

To edit a rule:


Step 1 Click the Edit icon.

Step 2 Make your changes.

Step 3 Click Save to save your changes. Alternatively, navigate away from the page to abandon your changes.

Removing a Rule

To remove a rule, click the Delete icon. You cannot remove the default rule.