SmartFilter for Cisco Content Engine User's Guide, Version 3.1 - Chapter 5: Configuring Enterprise Settings [Cisco Application and Content Networking System (ACNS) Software]

Table Of Contents

Configuring Enterprise Settings

Launching the Administration Console

Entering Licensing Information

Configuring Plug-In Definition Settings

Adding a Plug-In Definition

Deleting a Plug-In Definition

Copying a Plug-In Definition

Updating a Plug-In Definition

Reviewing Plug-In Information

Configuring Plug-In Groups

Adding a Plug-In Group

Deleting a Plug-In Group

Updating a Plug-In Group

Entering E-Mail Alert Information

Defining Directory Resources Information

Adding a Directory Resource

Copying a Directory Resource

Updating a Directory Resource

Deleting a Directory Resource

Entering Administrator Information

Adding an Administrator Account

Deleting an Administrator Account

Changing the Password for an Administrator Account

Deploying Configurations to Plug-Ins

Deploying Configurations to One or Many Plug-Ins

Deploying Configurations to a Particular Plug-In

Configuring Enterprise Settings

After installing the SmartFilter Administration Server and Administration Console, you must launch the Administration Console and configure the SmartFilter software.

Some of the items covered in this chapter are configured during the installation process.

This chapter explains how to verify that this information is correct and gives instructions for modifying this information to suit your particular needs. It also gives instructions for configuring enterprise settings—those settings that apply to one or more proxy plug-ins. Specifically, the topics included in this chapter are:

•Launching the Administration Console

•Entering Licensing Information

•Configuring Plug-In Definition Settings

•Reviewing Plug-In Information

•Configuring Plug-In Groups

•Entering E-Mail Alert Information

•Defining Directory Resources Information

•Entering Administrator Information

•Deploying Configurations to Plug-Ins

Launching the Administration Console

The method you use to launch the SmartFilter Administration Console depends on the platform you are using. To launch and gain access to the SmartFilter Administration Console, follow these steps:

Step 1 Launch the Administration Console using the appropriate method depending on your operating system platform.

•For Windows:

Double-click the SmartFilter Administration Console icon on the desktop or choose Start > Programs > SmartFilter Administration Console > Administration Console.

•For UNIX:

From the SmartFilter Administration Console installation directory, run the following command:
sh sfadmin.sh
Note For example, the directory could be /usr/local/sfadmin/bin.

The Admin Server Login window appears, shown in Figure 5-1.

Figure 5-1 Admin Server Login Window

Step 2 From the drop-down list, choose the name of the server that you want to work with.

Step 3 Press Tab to reach the Username field and enter the administrator username for the Administration Server.

Step 4 Press Tab to reach the Password field and enter the administrator password for the Administration Server.

Step 5 Click OK.

The tree items in the SmartFilter Administration Console appear.

Entering Licensing Information

The License window, shown in Figure 5-2, contains information about your SmartFilter software, including the activation key and expiration date, which is based on the date of your subscription activation. You can also set or change the expiration options in this window.

Figure 5-2 License Window

Although you may have entered your activation key during the SmartFilter software installation process, you should verify its accuracy in this window. You should also verify that the user level and the subscription expiration date are correct.

When you renew your SmartFilter software subscription, enter information in the Activation Key field only. The remaining fields are automatically populated after you enter the activation key and click Check.

The Action After Expiration setting lets you allow all traffic or deny all traffic when either the Control List expires or your SmartFilter software subscription expires. The default is to allow all traffic.

To add your new SmartFilter software activation key, follow these steps:

Step 1 Click in the Activation Key field.

Step 2 Enter the activation key for your SmartFilter software subscription.

Step 3 Click Check.

The system determines the validity of the activation key that you entered. The remaining fields are automatically populated.

Step 4 Click the radio button that represents the action that you want to occur if either the SmartFilter Control List or the subscription expires.

•To allow all HTTP traffic in the event of a Control List or subscription expiration, click Allow All.

•To deny all HTTP traffic in the event of a Control List or subscription expiration, click Deny All.

Step 5 Click OK.

Configuring Plug-In Definition Settings

The SmartFilter software can manage one or more proxy plug-ins on a particular server. Use the Define Plugins window, shown in Figure 5-3, for managing plug-in tasks:

•Adding a Plug-In Definition

•Deleting a Plug-In Definition

•Copying a Plug-In Definition

•Updating a Plug-In Definition

Figure 5-3 Define Plug-Ins Window

Adding a Plug-In Definition

To add a plug-in definition, follow these steps:

Step 1 Click Add.

The cursor moves to the Name field.

Note If you use the toolbar button to access the Define Plugins window, the cursor appears in the Name field.

Step 2 Enter the name of the plug-in that you want to add.

Note The name cannot contain a space, comma, or dash.

Step 3 Choose Cisco from the Type drop-down list.

Note You must fill in the Name, Type, Address, Port, Username, and Password fields.

Step 4 Choose a group that this plug-in should be added to from the Group drop-down list, if applicable.

Step 5 Press Tab to reach the Address field and enter the address of the device on which the plug-in is running.

You can use either the IP address or the host name of the device.

Step 6 Press Tab to reach the Port field. Either accept the default port number of 8001 or modify the port number according to the port number setting of your Content Engine.

Note When the Cisco plug-in type was chosen in Step 3, the port number was set to the default port number of 8001, which is the Content Engine GUI web server port number. If the Content Engine web server is configured to run on a different port number, enter the port number on which the SmartFilter software agent is listening.

Step 7 Press Tab to reach the Admin Username field and enter the administrator username for the SmartFilter agent.

Note This is the administrator username needed to access the Content Engine web user interface.

Step 8 Press Tab to reach the Admin Password field and enter the password for the SmartFilter agent.

Note This is the administrator password of the Content Engine web user interface.

Step 9 Press Tab to reach the Re-Enter Password field, and reenter the same password you entered in the previous step.

Step 10 Do not check the Encrypt Communications check box to enable use of encrypted communications. The use of encrypted communications between the SmartFilter Administration Server and the SmartFilter plug-in on the Content Engine is not supported in this software release.

Note Make sure that the Encrypt Communications check box remains unchecked.

Step 11 Determine whether to import the configuration from the existing plug-in.

•If you upgraded from an earlier release of SmartFilter software, or have already made some configuration changes, check the Import Config From Plugin check box to import your existing configuration.

•If you installed SmartFilter software for the first time, uncheck the check box.

Step 12 Click OK.

The name, type, address, and group for the plug-in that you added appear in the table.

Deleting a Plug-In Definition

To delete a plug-in definition, follow these steps:

Step 1 Choose the plug-in that you want to delete.

Step 2 Click Delete.

The plug-in that you chose is deleted.

Copying a Plug-In Definition

Copying a plug-in definition copies the plug-in's entire configuration, including policies, users, and custom sites.

To copy a plug-in definition, follow these steps:

Step 1 Choose the plug-in definition that you want to copy.

Step 2 Click Copy.

The settings for the plug-in that you copied appear in the appropriate fields.

Step 3 Click OK.

The plug-in that you copied appears in the table.

Updating a Plug-In Definition

To update or change information for a particular plug-in, follow these steps:

Step 1 Choose the plug-in that you want to update or change.

Step 2 Update or change the appropriate fields.

Step 3 Click OK.

The updates or changes you made to the plug-in appear in the table.

Reviewing Plug-In Information

The Plug-In Information window, shown in Figure 5-4, contains information about an individual plug-in or about a plug-in within a group. Information includes plug-in release, platform, and name; control list information (last download, expiration date, serial number); and agent information (release number).

Figure 5-4 Plug-In Information Window

This window provides information about the different aspects of the plug-in and the components it uses. To see updated information, click Refresh. Table 5-1 summarizes SmartFilter plug-in information.

Table 5-1 Plug-In Information Summary

Parameter

Description

Plugin Name

Plug-in alias or name.

Plugin Ver

Plug-in release version.

Plugin Type

Plug-in Type, such as:

•Cisco

•iPlanet

•ISA

•MS Proxy

•Netscape

•Squid

Plugin Platform

Plug-in operating system platform.

Status

Plug-in status and associated components. Values are shown in order of precedence.

•Disabled (Not Implemented)

•Agent Not Responding

•Plugin No Response

•Control List Bad

•Changes Pending

•Deploying

•Retrying

•Responsive and Current

Last Downloaded

Date on which the Control List was last retrieved from the download site.

Expiration Date

Date on which your SmartFilter software subscription expires.

Next Download

Date on which the next Control List is to be downloaded.

Serial Number

Serial number of the Control List.

Agent Ver

Release version of the agent.

API Ver

Release version of the API.

Configuring Plug-In Groups

You can have several plug-ins for which you want the same configuration applied. In such a case, you can create a plug-in group, add plug-ins to the group you created, and apply configuration changes to all plug-ins in the group simultaneously.

Use the Define Plug-in Groups window, shown in Figure 5-5, for these configuration tasks:

•Adding a Plug-In Group

•Deleting a Plug-In Group

•Updating a Plug-In Group

Figure 5-5 Define Plugin Groups Window

Adding a Plug-In Group

To add a plug-in group of Cisco Content Engines, follow these steps:

Step 1 Click Add.

The cursor moves to the Name field.

Note If you use the toolbar button to access the Define Plugin Groups window, the cursor appears in the Name field.

Step 2 Enter the name of the plug-in group that you want to add.

Note The name cannot contain a space or a comma or a dash.

Step 3 Choose the Cisco option from the Type drop-down list.

Step 4 Choose the plug-ins on the right side of the screen that you want to add to the group and click < Add to move them to the Members field.

Step 5 Click OK.

The name and type for the plug-in group that you added appear in the table.

Deleting a Plug-In Group

To delete a plug-in group, follow these steps:

Step 1 Choose the plug-in group that you want to delete.

Step 2 Remove the plug-ins from the group:

a. Choose the plug-in in the Members field.

b. Click Remove >.

Step 3 Click OK.

Step 4 Click Delete.

Note If you click Delete before removing all plug-ins from the group, a message appears, requesting that you remove all plug-ins from the group. You must click OK to empty the group.

Updating a Plug-In Group

To update a plug-in group, follow these steps:

Step 1 Choose the plug-in group that you want to change.

Step 2 Click < Add or Remove > as appropriate to update plug-ins in the group.

Step 3 Click OK.

The plug-in group that you updated appears in the table.

Entering E-Mail Alert Information

The E-Mail Alert window, shown in Figure 5-6, allows SmartFilter software to e-mail status information to the primary, secondary, or both SmartFilter administrators.

You should expect to receive an e-mail alert in the following situations:

•The SmartFilter software subscription is nearing expiration. You will receive e-mail alerts when the subscription is within 60 days, 30 days, and 15 days of expiring. An example of an e-mail alert is as follows: Warning: Your subscription will expire in under 60 days.

•The SmartFilter Control List is outdated. You will receive an e-mail alert when the SmartFilter Control List becomes older than 15 days.

•The SmartFilter Control List or your SmartFilter software subscription expires. You will receive an e-mail alert specifying which one has expired and instructing you how to reenable SmartFilter software.

•You chose to download the Control List automatically. You will receive an e-mail alert to notify you that a new Control List has been successfully downloaded or if an error occurred while the Control List was being downloaded.

Figure 5-6 Mail Alert Window

.

During installation, you may have configured alert recipients, the SmartFilter identity, and the Simple Mail Transfer Protocol (SMTP) server using a fully qualified domain name. You can change any of these items using the SmartFilter Administration Console.

To add or change e-mail alert information using the SmartFilter Administration Console, follow these steps:

Step 1 Click in the field that you want to change and enter the appropriate information.

•Mail Server—The fully qualified domain name of your SMTP mail server.

•E-Mail Alert Sender—The e-mail address that lets users know who the alert is from.

Note The address in this field must be a valid e-mail address format, or the e-mail alerts will not be sent.

•Primary E-Mail Alert Receiver—The e-mail address of the primary SmartFilter software administrator at your company.

•Secondary E-Mail Alert Receiver—The e-mail address of the backup SmartFilter software administrator at your company.

Note To disable e-mail alerts, remove information from the fields.

Step 2 Click OK.

Defining Directory Resources Information

SmartFilter software for Cisco integration supports dynamic querying of user group information from one or more user directories, including generic Lightweight Directory Access Protocol (LDAP) servers (for example, iPlanet), Active Directory, and the internal SmartFilter database.

The SmartFilter Administration Console only manages the internal SmartFilter software user database as currently implemented in Release 3.1.2. The SmartFilter Administration Console does not import, display, or modify any user or group information from LDAP, Active Directory, or NTLM.

After you have defined the directories for use in your organization, use the User Directories window to determine which of the available directories to use. For more information on the User Directories window, see the "Configuring User Directories" section.

Use the Directory Resources window, shown in Figure 5-7, for these tasks:

•Adding a Directory Resource

•Copying a Directory Resource

•Updating a Directory Resource

•Deleting a Directory Resource

Figure 5-7 Directory Resources Window

Adding a Directory Resource

Note The Directory Resources window is used only for configuring LDAP or Active Directory.

To add directory resources information, follow these steps:

Step 1 Click Add.

The cursor moves to the Address field.

Step 2 Enter either the IP address or the host name used by the LDAP server.

Step 3 Press Tab to reach the Port field and enter the port number used by the LDAP server.

The default port number is 389.

Step 4 Choose the type of LDAP server from the Type drop-down list.

This field assigns the group object class and member attributes that SmartFilter software uses in the search filter. This group object class assignment is necessary because these values differ depending on the various LDAP servers used. The following example shows how these values are used in the search filter:
(&(objectclass=group)(member=cn=joe,cn=Users,dc=mycompany,dc=com))
Table 5-2 describes the Type drop-down options.

Table 5-2 Type Drop-Down Options

Option

Description

active_directory

Microsoft Active Directory LDAP server.

iplanet

Netscape or iPlanet LDAP server, or any LDAP server that uses the following:

•group objectclass: groupOfUniqueNames

•member attribute: uniqueMember

ldap_type1

LDAP servers that use the following:

•group objectclass: groupOfNames

•member attribute: member

ldap_type2

LDAP servers that use the following:

•group objectclass: groupOfUrls

•member attribute: membersUrl

Step 5 Press Tab to reach the Base DN field and enter the base distinguished name.

An example of a base distinguished name is "o=abc, o=com."

Step 6 Press Tab to reach the Admin DN field and enter the name of the LDAP server login user.

This step is optional. If you enter a name in this field, the SmartFilter software binds (login) to the LDAP server, and you must also enter a password in the next step. If you leave this field blank, the SmartFilter software queries the database anonymously.

Note If you choose to enter a name in this field, we recommend creating a separate user on your LDAP server for query purposes.

Step 7 Press Tab to reach the Admin Password field and enter the password for the user that you specified in the Admin DN field.

This step is optional. You need to complete this field only if you entered a name in the previous step.

Step 8 Press Tab to reach the Re-Enter Password field and reenter the same password that you entered in the previous step.

Step 9 Press Tab to reach the User Query field and enter the users and the organizational units they belong to.

Note If you chose active_directory from the Type drop-down list, this field is inactive.

•In the first field, enter the user attribute. For Netscape, this would be "uid."

•In the second field, enter the organizational units to which the user belongs. For Netscape, this can be "ou=People."

Step 10 Click OK.

The directory resource appears in the table.

Copying a Directory Resource

To copy a directory resource, follow these steps:

Step 1 Choose the directory resource that you want to copy from the table at the bottom of the Directory Resources window.

Step 2 Click Copy.

The settings for the directory that you copied appear in the fields.

Step 3 If you want to modify any of the fields, modify the appropriate fields.

Step 4 Click OK.

The directory resource that you copied appears in the table.

Updating a Directory Resource

To update a directory resource, follow these steps:

Step 1 Choose the directory resource that you want to change from the table at the bottom of the Directory Resources window.

Step 2 Update the appropriate fields.

Step 3 Click OK.

The directory resource that you updated appears in the table.

Deleting a Directory Resource

To delete a directory resource, follow these steps:

Step 1 Choose the directory resource that you want to delete.

Step 2 Click Delete.

If you chose only one directory resource, the account is removed from the table and no warning or confirmation message appears. If you chose more than one directory resource, a message appears, asking if you are sure that you want to delete the rows. Click Yes to delete the rows. Click No to return to the table.

Entering Administrator Information

SmartFilter software supports multiple administrator accounts. All administrators have the same administration rights.

Use the Manage Administrators window, shown in Figure 5-8, for these tasks:

•Adding an Administrator Account

•Deleting an Administrator Account

•Changing the Password for an Administrator Account

Figure 5-8 Manage Administrators Window

Adding an Administrator Account

To add an administrator account, follow these steps:

Step 1 Click Add.

The cursor moves to the Name field.

Step 2 Enter the name of the SmartFilter software administrator.

The name cannot contain a space or a comma.

Step 3 Press Tab to reach the Password field and enter a password for the SmartFilter software administrator.

The password must be at least six characters in length.

Step 4 Press Tab to reach the Re-Enter Password field and reenter the same password.

Step 5 Click OK.

The name and password for the administrator appear in the table.

Deleting an Administrator Account

To delete an administrator account, follow these steps:

Step 1 Choose the administrator account that you want to delete from the table at the bottom of the Manage Administrators window.

Step 2 Click Delete.

If you chose only one administrator account, the account is removed from the table, and no warning or confirmation message appears. If you chose more than one administrator account, a message appears, asking if you are sure that you want to delete the rows. Click Yes to delete the rows. Click No to return to the table.

Changing the Password for an Administrator Account

To change the password for an administrator account, follow these steps:

Step 1 Choose the administrator account that you want to change from the table at the bottom of the Manage Administrators window.

Step 2 Enter the new password in both the Password field and in the Re-Enter Password field.

Step 3 Click OK.

The updated administrator account appears in the table.

Deploying Configurations to Plug-Ins

The SmartFilter Administration Console provides two options for deploying configurations to the proxy plug-ins:

•Deploying configurations to one or many plug-ins

•Deploying configurations to a particular plug-in or plug-in group

Both options are performed using buttons in the toolbar of the SmartFilter Administration Console Configuration window, which are shown and described in Table 5-3.

Table 5-3 Deploy Buttons

Button

Name

Description

Deploy

This button opens a dialog box that allows you to deploy configurations to one or many plug-ins. For information on deploying configurations, see the "Deploying Configurations to One or Many Plug-Ins" section.

Deploy Individual

This button deploys the configuration to a particular plug-in or plug-in group. For details, see the "Deploying Configurations to a Particular Plug-In" section.

Deploying Configurations to One or Many Plug-Ins

To deploy configurations to one or more plug-ins, follow these steps:

Step 1 From the SmartFilter Admin Console Configuration window, click the Deploy button.

The Deploy window, shown in Figure 5-9, appears. This window tells you the status of each plug-in and which plug-in has changes pending, but it does not provide a list of the changes that are pending.

Figure 5-9 Deploy Window

Step 2 Use either of the following methods to select the plug-ins for which you want to deploy the new configuration.

•Use the Select drop-down list. The list is a dynamic list that shows the status of the plug-ins that you are managing. Choosing an option from the Select drop-down list puts a check mark in the Deploy check box.

•Review the table and check the Deploy check box.

Note If the plug-in that you selected is part of a plug-in group, the configuration changes are made to the entire group.

Step 3 Click Deploy.

Step 4 Click Close.

Deploying Configurations to a Particular Plug-In

To deploy configuration changes to a particular plug-in, follow these steps:

Step 1 From the SmartFilter Admin Console directory tree, choose the particular plug-in or plug-in group to which you want to deploy the new configuration.

The Deploy Individual button becomes active, and the Status line in the Plug-in Information window, shown in Figure 5-4, indicates that changes are pending.

Step 2 Click the Deploy Individual button.

The changes are deployed to the plug-in.

Step 3 Verify that the changes have been deployed by viewing the Plug-in Information window, shown in Figure 5-4. The Status line should show "Responsive and Current."