Chapter 5 Plug-in operation

Policy instruction

    Network activity can be monitored by defining various kinds of policies. The following operations are defined in policies:

  1. Pass: data packets can pass the filters, without any events logging;
  2. Deny: data packets are blocked or denied to pass, without any events logging;
  3. Pass Record: data packets can pass the filters, with events logging;
  4. Deny Record: data packets are blocked or denied to pass, with events logging.

Wildcard matching instruction

    <Active Wall> support two kinds of wildcard: "*" and "?". An asterisk (*) represents any number of characters. A question mark (?) represents only one character. For example:

  1. "comput*" represents "computer" (*=er), "computation" (*=ation), "computing" (*=ing).
  2. "wom?n" represents "woman" (?=a), "women" (?=e).
  3. "*" and "?" can be used together. "*.?bc.*" matches "www.abc.com" (*=www, ?=a, *=com), www.bbc.co.uk (*=www, ?=b, *=co.uk).

Event log instruction

    Logs are files where history of certain events performed through or detected by <Active Wall> are recorded and kept. Each log is displayed in a window in the Logs section. When the log export module and log database module are loaded, the events will be recorded in files or database. The log saved can be used for analysis later.

5.1. Authorization

    The authorization function requests correct usernames and passwords to visit Internet. <Active Wall> supports several ways of authorization:

  1. IIS based authorization, Windows integrated authorization, digest authorization.
  2. Apache based, Netscape based, kinds of web servers authorizations.
  3. Web page authorization like ASP, PHP, CGI, Java, .NET.
  4. Customized authorization C/S based.

Operation Instruction:

  1. Select a group which you want to configure in list [Group].
  2. Enter the server IP address and port number.
  3. Check [Enable Authorization] option, which means this group needs to be authorized; if not checked, this group do not need.
  4. Press <OK> or <Cancel> to save the configuration or cancel.

Additional instruction:

  1. [Server IP]: the server's IP address which does the authorization, but it can not be 127.0.0.1, it must be recognizable by other computers in LAN.
  2. [Port]: the server's port number used for authorization usually is set to 80.
  3. [Server IP] and [Port] are global parameters. Once the server's IP address or port number is changed, all groups will be authorized in a new server.
  4. The computers in LAN should go through the gateway configured by <Active Wall> before a successful authorization.
  5. Authorization server configuration: since there are many ways of authorization, which can not be listed here, for details please visit our support forum.
Tip: If you need web authorization, please don't use static web page in case that IE cache prevents <Active Wall> detecting correct data packets.

5.2. Time Filter

    Time range filter can configure time intervals in a week, a day, or an hour. Following dialog shows:

Operation instructions:

  1. Select a group which you want to configure in list [Group].
  2. Each rectangle in the frame means an hour in some day in a week. If you change the rectangle to an "X" by left clicking, in this hour the software will deny any Internet access. If you change the rectangle to a blank by left clicking, in this hour the software will allow Internet access.
  3. Press <OK> or <Cancel>.

Additional instructions:

  1. Time range view: the view is a rectangle frame which consists of 24*7 rectangles. The x axis means hours, range from 0 to 23; the y axis means days, range from Monday to Sunday (ISO-8601 standards). Each rectangle in the frame means an hour in some a day. For example, (x: 0, y: Mon) means 0:00-1:00 on Monday; (x:17, y: Fri) means 17:00-18:00 on Friday.
  2. Time range filtering can only restrict users with some hours during internet surfing. If you want to configure more specific policies, you can choose the time range management function.

5.3. Port Filter

    Port filter module can open or close some ports defined, in order to pass or block some services used by users in LAN. Following dialog shows:

Operation instructions:

  1. Select a group which you want to configure in list [Group].
  2. Select a default policy in the list [Default Policy].
  3. In the left list [Common Port List], double click the port number then it will be sent into the right list [Exclude List].
  4. If there is no port you want to select, please select a protocol type in the list [Prot]. Then enter a port number in the text box [Port]. Press <Add> to add the customized port into the right list.
  5. In the right list [Exclude List], select a port or several ports and right click the mouse. In the popup menu, click the menu [Delete] to delete the ports.
  6. Press <OK> or <Cancel>.

Additional instructions:

  1. If [Default Policy] is "Deny", the ports in the list [Exclude List] are "Pass". If [Default Policy] is "Pass", the ports in the list [Exclude List] are "Deny".
  2. When adding some ports, if the ports are in the same protocol and sequential, the software will combine them into a port range.
Note: UDP Port 53 is used for DNS service. When it is blocked, some other services may work abnormally.

5.4. Bandwidth Control

    The bandwidth control module is used to control the transportation speed of each computer in LAN and the maximum volume of data transferring every day. Following show a [Bandwidth Control Config] dialog:

Operation instruction:

  1. Select a group which you want to configure in list [Group].
  2. In the tab [Computer Traffic]: limit each computer in the selected group with bandwidth. Enter a digit in each blank to limit the inbound, outbound and total traffic.
  3. In the tab [Computer Quota]: limit each computer in the selected group with quota in a day. Enter a digit in each blank to limit the inbound, outbound and total quota.
  4. In the tab [Group Traffic]: limit the group with bandwidth which is the total of bandwidth of all the computers in the group. Enter a digit in each blank to limit the inbound, outbound and total traffic.
  5. In the tab [Group Quota]: limit the group with bandwidth which is the total of quota of all the computers in the group in a day. Enter a digit in each blank to limit the inbound, outbound and total quota.
  6. Press <OK> or <Cancel>.

Additional instruction:

  1. Bandwidth: Unit KB/s, network transportation speed.
  2. Quota: Total volume of data every day, Unit MB/day.
  3. Outbound: Data transferred from LAN to Internet.
  4. Inbound: Data received from Internet to LAN.
  5. Total: The sum of outbound and inbound.
  6. The bytes here include not only the TCP, UDP contents, but also Ethernet headers, IP headers and TCP headers.

5.5. Show Flux

    The Show flux module is used to configure the view of the [Flux View]. The administrator can select a favorite way of statistics display. Following shows a [Config] dialog:

Operation instruction:

  1. In the list [Show Protocol], choose which one to display.
  2. In the frame [Mode], choose which unit is used for measuring.
  3. In the text box [Max Value], enter a digit to display the maximum value.
  4. Press <OK> or <Cancel>.

Additional instruction:

  1. Total flow volume: total of all protocols.
  2. TCP: total of Transmission Control Protocol.
  3. UDP: total of User Datagram Protocol
  4. ICMP: total of Internet Control Message Protocol.
  5. IGMP: total of Internet Group Management Protocol.
  6. In the frame [Mode], "Packet(P)" means flow is measured by a unit of packet; "Byte(K)" means flow is measured by a unit of byte.
  7. The bytes here monitored include not only the TCP, UDP contents, but also Ethernet headers, IP headers and TCP headers.

5.6. MAC Filter

    MAC filter can filter each computer through MAC address in LAN; can also bind one MAC address with a static IP address. Following shows a [MAC Filter Config] dialog:

Operation instruction:

  1. In the option list [Default Policy], select a default policy "Pass" or "Deny".
  2. In the list below, select an item which you want to modify. Right click the mouse, and then a menu shows. Press [Bind] to bind the current MAC address. Press [Unbind] to unbind the current MAC address. Press [Delete] to delete the current MAC address item. Press [Import] to import all the MAC and IP address in the computer list of the main frame.
  3. Double click one MAC address which you want to modify. Edit the policy including [MAC], [IP], and [Policy], and then press <Add>.
  4. If you want to add one new policy, just fill in the blanks below, including [MAC], [IP], and [Policy], and then press <Add>.
  5. Press <OK> or <Cancel>.

Additional instruction:

  1. [Default Policy]: it means that all the other MAC addresses which are not in the list will be served as this policy.
  2. When setting "Pass" in the MAC address list, it means that this MAC is permit to pass.
  3. When setting "Deny" in the MAC address list, it means that this MAC is not permit to pass.
  4. [Bind] means that the selected item MAC and IP address are bind together. It will pass the match of MAC and IP address together.
  5. This filter can only be used in single subnet.
Tip: In order to ban the users modifying IP address, it is recommended to bind MAC and IP together.

Note: When you start a DHCP server in LAN in order to automatically dispatch the IP addresses, please set the static IP address for the MAC address in the DHCP server and then start MAC-IP binding function.

5.7. IP Filter

    It can filter the IP destination address on the Internet which visited by users in LAN. Following shows a [IP Filter Config] dialog:

Operation instruction:

  1. Select a group which you want to configure in list [Group].
  2. Double click in the list, edit the content of the item, and then press <Add>.
  3. Add IP filtering: select [IP] tab, input IP address, select a policy and then press <Add>.
  4. Add subnet filtering: select [Net] tab, input a network number and a length of mask, select a policy, and then press <Add>.
  5. Select the item which you want to modify, right click the mouse, select [Delete] in the popup menu to delete the item in the list.
  6. Press <OK> or <Cancel>.

Additional instruction:

  1. [Subnet]: CIDR network prefix presentation (RFC 1878) is used for recording IP address. For example, a network address 210.31.233.0, with its mask 255.255.255.0, can be recorded as 210.31.233.0/24; a network address 166.133.0.0, with its mask 255.255.0.0, can be recorded as 166.133.0.0/16; a network address 192.168.0.0, with its mask 255.255.255.240, can be recorded as 192.168.0.0/28, etc.
  2. The order of IP/Net filtering is from narrow to wide range. For example, IP "61.141.238.1" policy is "Pass", and subnet "61.141.238.0/24" policy is "Deny", which means that the only IP "61.141.238.1" can be passed in the subnet "61.141.238.0/24", all the other IP addresses are denied.
Tip: All the IP and subnet mentioned in this filter are address or site on the Internet, not in LAN. For LAN IP filtering, please deliver them to different groups and set policies in the main frame.

5.8. DNS Filter

    The DNS filter module can filter all domain required in the Internet by computers in LAN. Following shows the dialog [DNS Filter Config]:

Operation instruction:

  1. Select a group which you want to configure in list [Group].
  2. Fill the [Domain] edit blank, select a policy, and then press <Add>.
  3. In the domain list, select what you want to modify, press <Up> or <Down> to move the order of the items.
  4. In the domain list, select what you want to modify, right click the mouse, press <Delete> in the popup menu to delete the item.
  5. [Domain]: Input domain into [Domain] blanks, select a policy, and then press <Add>. When the computers in this group request the domain which matches this item, the policy will be applied. [Domain] filter applies wildcard match.
  6. [Category]: In the category list select one item which you want to modify, select a policy, and then press <Update>. Or select an item, right click the mouse and select a policy. When the computers in this group request the domain which matches this item, the policy will be applied.
  7. Press <OK> or <Cancel>.

Additional instruction:

  1. [Domain]: The order of filtering is ascending. All the domain items apply wildcard match. For example, in the first item, domain is "www.google.com", policy is "Pass"; meanwhile, in the second item, domain is "*.google.*", policy is "Deny", this will pass only one domain visited "www.google.com", and all the other domains "*.google.*" will be denied.
  2. The order of filtering is from [Domain] to [Category]. If a domain requested matches one item in the [Domain] list, the filter will not query the [Category] list.
Tip: When querying a domain name, the computer will automatically query the DNS name list in the cache in local host. If it does not get a domain name, it will send a domain request to the Internet. If it does, it will retrieve the DNS name from cache directly. Therefore, there will be a little latency in the DNS query procedure, a new policy may not effect at once until the DNS cache expires in the computers in LAN.

5.9. HTTP Filter

    HTTP filter module is used for filtering HTTP, including URL, web page contents, post contents, post files and so on. Following shows a [HTTP Filter Config] dialog:

Operation instruction:

  1. Select a group which you want to configure in list [Group].
  2. Fill the edit blanks, select a policy, and then press <Add>.
  3. Select an item in the list, press <Up> or <Down> to adjust the order of the filters.
  4. Select an item in the list, right click the mouse and press [Delete] in the popup menu to delete the item.
  5. [URL]: Input an URL into the [URL] blank. The URL does not include a prefix "http://". Select a policy in the [Policy] list, and then press <Add>. When the computers in this group request an URL which matches this item, the policy will be applied. [URL] filter applies wildcard match.
  6. [Web Keyword]: Input a keyword into the [Keyword] blank, select a policy in the [Policy] list, and then press <Add>. When the computers in this group visit a web page including the keyword which matches this item, the policy will be applied.
  7. [Post Keyword]: Input a keyword into the [Keyword] blank, select a policy in the [Policy] list, and then press <Add>. When the computers in this group post some content including the keyword which matches this item, the policy will be applied.
  8. [Post File]: Input a file name into the [File] blank, select a policy in the [Policy] list, and then press <Add>. When the computers in this group post a file through web browser which matches this item, the policy will be applied. [Post file] filter applies wildcard match.
  9. [Deny http proxy tunnel]: When selecting this option, it will ban the users from using http proxy or http tunnel. Only the standard HTTP GET and POST method can pass through.
  10. [Deny IP host]: When selecting this option, it will ban the users from visiting web server through IP address (for example, http://64.233.189.22), and it will only pass the URL request with domain name (for example, http://www.google.com).
  11. [Output size limit]: When selecting this option, you should fill the edit blank in the same line. When it works, the exceeding bytes will be denied to post.
  12. [Download size limit]: When selecting this option, you should fill the edit blank in the same line. When it works, the exceeding bytes will be denied to download.
  13. Press <OK> or <Cancel>.

Additional instruction:

  1. [URL] filters are running in the order of top-down and apply wildcard match. For example, in the first policy (URL is "admin.*", policy is "Pass"), in the second policy (URL is "ad*", policy is "deny"), it means that all the web sites including "admin.*" will be passed, but all the other web sites including "ad" will be denied.
  2. [Web Keyword] filters are running in the order of top-down. For example, in the first policy (keyword is "medical", policy is "Pass"), in the second policy (keyword is "sex", policy is "Deny"), it means that all the web pages including "medical" will be passed, but all the other web pages including "sex" will be denied.
  3. [Post Keyword] filters are running in the order of top-down. For example, in the first policy (keyword is "contract", policy is "Deny"), in the second policy (keyword is "=", policy is "Pass Record"), it means that all the post requests including "contract" will be denied, and the other requests will be passed and record.
  4. [Post File] filters are running in the order of top-down and apply wildcard match. For example, in the first policy (file name is "*.doc", policy is "Deny"), in the second policy (file name is "*", policy is "Pass Record"), it means all the posted files with postfix "*.doc" will be denied, and the other files will be passed and recorded.
  5. Post keyword filters only works in the "HTTP-POST" method. For "HTTP-GET" method, please use URL filters.
  6. When a post filter or a URL filter works, the <Active Wall> will identify ANSI and UTF8 formats automatically.
  7. When a HTTP request is transferred in one time, it may go through several filters. If one of the filters is "Deny" or "Deny Record", the connection will be terminated at once.
Tip: Since HTTP is the most common protocol on the Internet, many software go through HTTP tunneling to contact with outside in order to transpierce a firewall. Please enable the option [Deny http proxy tunnel] to deny http tunnel.

5.10. SMTP Filter

    The SMTP filter module can filter all the mails sent through SMTP. This module works on sender address, receiver address, mail subject, mail main text, mail attachment and mail size. Following shows a [SMTP Filter Config] dialog:

Operation instruction:

  1. Select a group which you want to configure in list [Group].
  2. Fill the edit blanks, select a policy, and then press <Add>.
  3. Select an item in the list, press <Up> or <Down> to adjust the order of the filters.
  4. Select an item in the list, right click the mouse and press [Delete] in the popup menu to delete the item.
  5. [Sender]: in the [Sender] tab, add a sender address, select a policy, and then press <Add>. When the mail's sender address matches this item, the policy will be applied. [Sender] filter applies wildcard match.
  6. [Receiver]: in the [Receiver] tab, add a receiver address, select a policy, and then press <Add>. When the mail's receiver address matches this item, the policy will be applied. [Receiver] filter applies wildcard match.
  7. [Subject]: in the [Subject] tab, add a subject, select a policy, and then press <Add>. When the mail's subject matches this item, the policy will be applied. [Subject] filter applies wildcard match.
  8. [Keyword]: in the [Keyword] tab, add a keyword, select a policy, and then press <Add>. When the mail's main text including the keyword matches this item, the policy will be applied.
  9. [Attach]: in the [Attach] tab, add a file, select a policy, and then press <Add>. When the mail's attachment matches this item, the policy will be applied. [Attach] filter applies wildcard match.
  10. [Send mail size limit]: in the [Etc] tab, when selecting this option, the user can not send a mail which has more than the limit number (Kbytes).
  11. Press <OK> or <Cancel>.

Additional instruction:

  1. This module works only for the SMTP protocol. If you want to filter mails through HTTP, please refer to the HTTP filter module.
  2. All the following tabs are ordered top-down: [Sender], [Receiver], [Subject], [Keyword] and [Attach].
  3. If a mail through SMTP protocol goes into several filters, in which only one filter's policy is "Deny" or "Deny Record", this mail will be denied.

5.11. POP3 Filter

    The POP3 filter module can filter all the mails received through POP3. This module works on sender address, receiver address, mail subject, mail main text, mail attachment and mail size. Following shows a [POP3 Filter Config] dialog:

Operation instruction:

  1. Select a group which you want to configure in list [Group].
  2. Fill the edit blanks, select a policy, and then press <Add>.
  3. Select an item in the list, press <Up> or <Down> to adjust the order of the filters.
  4. Select an item in the list, right click the mouse and press [Delete] in the popup menu to delete the item.
  5. [Sender]: in the [Sender] tab, add a sender address, select a policy, and then press <Add>. When the mail's sender address matches this item, the policy will be applied. [Sender] filter applies wildcard match.
  6. [Receiver]: in the [Receiver] tab, add a receiver address, select a policy, and then press <Add>. When the mail's receiver address matches this item, the policy will be applied. [Receiver] filter applies wildcard match.
  7. [Subject]: in the [Subject] tab, add a subject, select a policy, and then press <Add>. When the mail's subject matches this item, the policy will be applied. [Subject] filter applies wildcard match.
  8. [Keyword]: in the [Keyword] tab, add a keyword, select a policy, and then press <Add>. When the mail's main text including the keyword matches this item, the policy will be applied.
  9. [Attach]: in the [Attach] tab, add a file, select a policy, and then press <Add>. When the mail's attachment matches this item, the policy will be applied. [Attach] filter applies wildcard match.
  10. [Receive mail size limit]: in the [Etc] card, when selecting this option, the user can not receive a mail which has more than the limit number (Kbytes).
  11. Press <OK> or <Cancel>.

Additional instruction:

  1. This module works only for the POP3 protocol. If you want to filter mails through HTTP, please refer to the HTTP filter module.
  2. All the following tabs are ordered top-down: [Sender], [Receiver], [Subject], [Keyword] and [Attach].
  3. If a mail through POP3 protocol goes into several filters, in which only one filter's policy is "Deny" or "Deny Record", this mail will be denied..
Note: The POP3 filtering module will not deliberately delete the mails which are denied. Meanwhile, POP3 client software tries to receive mails ordered in a queue. This may lead to a block in the receiving procedure. When this happens, users should delete the "denied" mails manually in POP3 servers.

5.12. IM Filter

    The IM filter module works on IM, P2P software including MSN, ICQ, Yahoo! Messenger, IRC, Jabber, BitTorrent, eDonkey and so on. Following shows a [IM Filter Config] dialog:

Operation instruction:

  1. Select a group which you want to configure in list [Group].
  2. Select an item in the IM list, select a policy, and then press <Update>. When the computers in this group use an IM software which matches this item, the policy will be applied.
  3. Press <OK> or <Cancel>.

Additional instruction:

  1. The IM filtering module works based on server ports, domain names or IP addresses which the IM software use.
  2. Many IM software support proxy or HTTP/HTTPS tunneling. In order to completely deny IM software, it is recommended that you should configure other modules with IM filter together. First, close all unused ports in Port filter. Second, enable [Deny http proxy tunnel] option in HTTP filter. Third, enable [Deny https proxy tunnel] and [Deny server without certificate] options in HTTPS filter.
  3. Since the IM software upgrade gradually, this filter needs upgrading as well to filter all the IM communications.

5.13. FTP Filter

    The FTP filter module can filter all the files transferred through FTP. This module works on upload/download file names and file sizes. Following shows a [FTP Filter Config] dialog:

Operation instruction:

  1. Select a group which you want to configure in list [Group].
  2. Fill the edit blanks, select a policy, and then press <Add>.
  3. Select an item in the list, press <Up> or <Down> to adjust the order of the filters.
  4. Select an item in the list, right click the mouse and press [Delete] in the popup menu to delete the item.
  5. [Upload File]: in the [Upload File] tab, input a file name into [File] blank, select a policy, and then press <Add>. When the computers in this group upload a file by FTP which file name matches this item, the policy will be applied. [Upload File] filter applies wildcard match.
  6. [Download File]: in the [Download File] tab, input a file name into [File] blank, select a policy, and then press <Add>. When the computers in this group download a file by FTP which file name matches this item, the policy will be applied. [Download File] filter applies wildcard match.
  7. [Upload file size limit]: in the [Etc] tab, when selecting this option, the computers in this group can not upload a file which has more than the limit number (Kbytes).
  8. [Download file size limit]: in the [Etc] tab, when selecting this option, the computers in this group can not download a file which has more than the limit number (Kbytes).
  9. Press <OK> or <Cancel>.

Additional instruction:

  1. [Upload File]: all the filters in this module are ordered top-down. [Upload File] filter applies wildcard match. For example, the first policy (file name "*.doc", policy "Deny"), the second policy (file name "*", policy "Pass Record"), these mean that an upload file which has postfix "*.doc" will be denied, but other files will be passed and recorded as events in log files.
  2. [Download file]: all the filters in this module are ordered top-down. [Download File] filter applies wildcard match. For example, the first policy (file name "*.exe", policy "Deny"), the second policy (file name "*", policy "Pass Record"), these mean that a download file which has postfix "*.doc" will be denied, but other files will be passed and recorded as events in log files.
  3. FTP filter supports PORT and PASV mode.

5.14. HTTPS Filter

    The HTTPS filter module is used for filtering HTTP over SSL, including IP address, net address, server side certificate, SSL version and so on. Following shows a [HTTPS Filter Config] dialog:

Operation instruction:

  1. Select a group which you want to configure in list [Group].
  2. Fill the edit blanks, select a policy, and then press <Add>.
  3. Select an item in the list, press <Up> or <Down> to adjust the order of the filters.
  4. Select an item in the list, right click the mouse and press [Delete] in the popup menu to delete the item.
  5. Add IP filtering: select [IP] tab, input IP address, select a policy and then press <Add>.
  6. Add subnet filtering: select [Net] tab, input a network number and a length of mask, select a policy, and then press <Add>.
  7. [Cert]: in the [Cert] tab, input a certificate into [Cert] blank, select a policy, and then press <Add>. When the computers in this group visit a server which certificate matches this item, the policy will be applied. [Cert] filter applies wildcard match.
  8. [Deny https proxy tunnel]: When selecting this option, it will ban the users from using https tunnel. Only the standard HTTPS protocol can pass through.
  9. [Deny server without certificate]: When selecting this option, it will ban the users from visiting a server which use the standard SSL protocol but has no certificate.
  10. [Disable SSL 2.0]: When selecting this option, it will ban the users from using SSL version 2.0 protocol.
  11. [Disable SSL 3.0]: When selecting this option, it will ban the users from using SSL version 3.0 protocol.
  12. [Disable TLS 1.0]: When selecting this option, it will ban the users from using TLS version 1.0 protocol.
  13. Press <OK> or <Cancel>.

Additional instruction:

  1. [Subnet]: CIDR network prefix presentation (RFC 1878) is used for recording IP address. For example, a network address 210.31.233.0, with its mask 255.255.255.0, can be recorded as 210.31.233.0/24; a network address 166.133.0.0, with its mask 255.255.0.0, can be recorded as 166.133.0.0/16; a network address 192.168.0.0, with its mask 255.255.255.240, can be recorded as 192.168.0.0/28, etc.
  2. The order of IP/Net filtering is from narrow to wide range. For example, IP "61.141.238.1" policy is "Pass", and subnet "61.141.238.0/24" policy is "Deny", which means that the only IP "61.141.238.1" can be passed in the subnet "61.141.238.0/24", all the other IP addresses are denied.
  3. [Cert] filters are running in the order of top-down and apply wildcard match. For example, in the first policy (certificate is "*.paypal.*", policy is "Deny"), in the second policy (certificate is "*", policy is "Pass Record"), it means all the servers which certificate match "*.paypal.*" will be denied, and the other servers will be passed and recorded.
Tip: Since HTTPS is the most common protocol on the Internet, many software go through HTTPS tunneling to contact with outside in order to transpierce a firewall. Please enable the option [Deny https proxy tunnel] and [Deny server without certificate] to deny https tunnel.

5.15. Redirect to Proxy

    This module supports many protocols: DNS, HTTP, SMTP, POP3, FTP, IMAP, NNTP and so on. This module can cooperate with other common proxy servers and implement transparent proxy service, so that there is no need for the users to configure any proxy settings. This proxy redirection module automatically transports a common proxy into a proxy application in order to implement some kinds of high-level applications: Anti-virus in the gateway, Spam mails filtering and so on. Following shows a [Redirect to Proxy Config] dialog:

Operation instruction:

  1. Select a group which you want to configure in list [Group].
  2. Fill in IP address and port number.
  3. In the [Mode] option, select a redirection mode. In DNS tab, there is only one [Port Redirect] option.
  4. In the [Splitter] blank, select a splitter between "account" and "server". In DNS and HTTP tabs, you do not need to select [Splitter] option.
  5. Please check the [Redirect] option, if you want to redirect the protocol into a proxy server.
  6. Press <OK> or <Cancel>.

Additional instruction:

  1. In the [IP] blank, please do not use 127.0.0.1. IP address must be recognizable by other computers in LAN.
  2. [IP], [Port], [Mode] and [Splitter] are global parameters. It means that if you modify IP address, port number, redirect mode, splitter in one group, it will affect all groups.
  3. <Active Wall> must locate between LAN and the proxy server. Otherwise the module does not work.
  4. Redirect mode should match the proxy server configuration. Common proxy servers support proxy mode. Some transparent proxy servers can support port redirect mode, for example, http port redirection can work with SQUID transparent proxy mode.
  5. Splitters should be defined according to the configuration of the proxy server. Take POP3 protocol as an instance, the original accountant is "user", pop3 server name is pop.server.com. If the proxy server defines a way that users in client should change account to user#pop.server.com, then the splitter should be "#".
  6. When this filtering module starts, the client does not configure any proxy servers. This module can redirect all the data in client to proxy server in order to visit internet.

5.16. Log to Files

    This module can export all the log files into hard disk, including all the records functioned by the policies of all the filtering modules. Following shows a [Log to Files Config] dialog:

Operation instruction:

  1. In the [Log cache size] blank, fill up a number.
  2. Press <Browse> to direct a path where to save the log.
  3. Press <OK> or <Cancel>.

Additional instruction:

  1. [Log cache size]: This number represents the maximum of the event records in the cache, is 100 by default. A bigger number will cost more memory, while a smaller number will lead to low performance because of too many operations in hard disk I/O.
  2. [Save to directory]: The directory is an absolute one which the log file will be stored in. This module will create a file to save the log every day.

5.17. Log to Database

    This module works on all the records in the other filters and exports the log into a database. Following shows [Log to Database Config] dialog:

Operation instruction:

  1. In the [Log cache size] blank, fill up a number.
  2. Press <Browse> to direct a database link file.
  3. Press <Test> to test the database link whether it works or not.
  4. Press <Config> to modify the database information in UDL file.
    Additional instruction:

Additional instruction:

  1. [Log cache size]: this number represents a maximum number how many records can be stored in cache, is 100 by default. A bigger number will cost more memory, while a smaller number will lead to low performance because of too many operations in hard disk I/O.
  2. [Db link file]: UDL file is used for connecting the database. UDL is Usual Database Link file for short, which stores a string which connects the database.
  3. The <Active Wall> installation has a database of Access type. Users can export to the database of Access directly, or can create a new database and modify the UDL file.
  4. The following statement is used to create a database table structure:
    CREATE TABLE [EventLog] (
    [ID] [int] IDENTITY (1, 1) PRIMARY KEY ,
    [EventTime] [datetime] NOT NULL ,
    [LanIP] [nvarchar] (15) NOT NULL ,
    [WanIP] [nvarchar] (15) NOT NULL ,
    [PlugIn] [nvarchar] (20) NOT NULL ,
    [Act] [int] NOT NULL ,
    [Msg] [nvarchar] (255) NOT NULL ,
    [Res] [ntext] NULL
    )

5.18. Log to Mail

    This module can send urgent message through e-mail to a defined mail-box. Following shows a [Log to Mail Config] dialog:

Operation instruction:

  1. [Rule]: Fill in the [Keyword] blank, and then press <Add>. When the event record content includes the keyword, an email will be sent into the defined mail-box.
  2. Select an item in the list, right click the mouse and press [Delete] in the popup menu to delete the item.
  3. [Config]: Fill the [Config] tab with the defined mailbox address, SMTP server and so on.
  4. Press <Test> to verify the configuration whether is OK or not. The verification procedure can send a test mail to the mailbox.
  5. Press <OK> or <Cancel>.

Additional instruction:

  1. [Mail to]: fill in a mailbox which is used for receiving alert.
  2. [Send from]: fill in a mailbox which is used for sending alert.
  3. [SMTP server]: server name which is used for sending mail.
  4. [SMTP server requires authentication]: some SMTP servers require user authentication to send mails. If that happens, please select this option and fill in the [Account] and [Pass].
  5. [Account]: SMTP authentication account.
  6. [Pass]: SMTP authentication password.

5.19. Log to Message

    This module can send urgent message through Windows messenger service to defined computers. Following shows a [Log to Message Config] dialog:

Operation instruction:

  1. [Rule]: Fill in the [Keyword] blank, and then press <Add>. When the event record content includes the keyword, a message will be sent to the defined computer.
  2. Select an item in the list, right click the mouse and press [Delete] in the popup menu to delete the item.
  3. [Config]: fill the [Target computer] blank, with a computer which is usually the administrator.
  4. Press <Test> to send a test message.
  5. Press <OK> or <Cancel>.
Tip: The messenger service in Windows is shut down usually. To use this module, the sender computer and receiver computer must start the messenger service.

Active Network CO., Ltd