Tags: GFI WebMonitor, ISA Server, Monitoring, Security
A while ago I had the chance to review GFI Webmonitor, an ISA Server add-on that enhances significantly the possibilities for web access and download control. Now, GFI introduces a great and brand new option within web monitor possibilities: GFI WebMonitor version that does not require an ISA Server installation.
You can download the free 30-day trial here. And even more, once the trial expires, the software switches to freeware mode; where you maintain the monitor features but the security and access control are removed.
Differences with the ISA Server add-on version? None
The first thing I’ve started to wonder about this product is: It doesn’t require ISA Server, so which capabilities and features will be lost? Well I had a great surprise there, not only maintains all the features, but also there a few new ones.
GFI WebMonitor dashboard, same as the ISA add-on version
Reviewing New GFI WebMonitor
As you can see, the dashboard looks the same, but let’s take a closer look about the tool and find out a little bit more.
Same, again. As we’ve seen it in my previous post, the installation is a very simple and intuitive process; the same one is included here. In my environment I’ve installed GFI WebMonitor on a Windows Server 2008, working just as a member server in my lab environment.
At the end of the installation, you’ll get all the necessary hints to start working with GFI WebMonitor.
Based on my configuration, the simple proxy mode is selected
The last message: All that you actually need to configure your clients
With the last image, you’ve already had all the necessary information to configure your clients. Just configure your browser proxy server options.
Internet Explorer Proxy Server options
Remember that you can automatically configure these options using Group Policies in your domain. User Configuration > Windows Settings > Internet Explorer Maintenance > Connection > Proxy Settings
Group Policies: Proxy Server option for IE
Configuring the Server
Before start testing your clients with the proxy options, you should verify that the machine working as a proxy has the 8080 port open to receive connection from the clients.
Just add an exception in your firewall to allow traffic
You can also configure in your GFI WebMonitor a few more options related to the proxy settings: Authentications and chained options.
You can use anonymous, basic and integrated authentication for proxy clients
Chained Proxy: When you have a separate proxy or firewall in your network.
The rest of the configurations within GFI WebMonitor, you’ll find the exact same as my previous review:
- Statistics: Nice data parsing showing bandwidth consumption, sites history, users history. One of my favorites within this stats is the “top policy breakers”: users that more times have tried to access content prohibited by your policies.
- White and Black lists. The name isn’t that simple as the configuration needed to block websites and content.
And the clients will receive a message like this:
- Web Filtering Policies: All the policies defined here will allow you to manage access to certain sites and even pre defined categories to specific users, groups or even IP address. Including the time window in which each policy will apply. Pretty simple to configure and set.
- Security: This section represents one of the most powerful within this tool, you get the chance to configure Download Control Policies (which users can download what and when); IM Control Policies (allowing or blocking IM); and my favorite Virus Scanning.
All the content that is downloaded from the clients will be scanned with three different antivirus engines: BitDefender, Kaspersky and Norman antivirus; all of them with databases updated constantly.
Every time a user downloads a file, by default, the window that will appear:
And virus scanning, of course
And GFI WebMonitor also gives you the “Quarantine” section to analyze blocked downloaded content.
One of the new features introduced is the “Hidden Downloads” section. That show downloads which were unattended by users that could reveal malware or unwanted applications within the network.
More Resources and Troubleshooting
Installation and Configuration
- Mozilla Firefox keeps asking for credentials repeatedly
- Integrated authentication fails with GFI WebMonitor 2009 Standalone Proxy
- Internet Explorer is unable to retrieve my new wpad.dat configuration
- This tool represents a great way to easily use and configure a proxy server in your network in just a few seconds. From the installation process to the web filtering policies, all of them represent very intuitive and simple processes; you don’t need expert knowledge in firewall or proxy servers.
- Removing the ISA Server requirement, you almost have no excuse to give it a try if you are concerned with your current bandwidth consumption and access control.
- The security section gives you a nice bonus and avoiding having viruses or malware within your network. You know the feeling, having just one negligent user can become in several work hours for your help desk department.
If you are considering implementing new security policies in your company, you should know that what people usually access every day on the web it is a significant matter.
Tags: GFI WebMonitor, ISA Server, Traffic Monitoring
For those that never heard about GFI WebMonitor; it’s an ISA Server (2004 or 2006) “add-on” that helps you monitor in real time the network traffic inside your organization, it also complements with ISA Server giving you the chance to directly configure white/black lists, set some access rules to the internet and scan all the traffic for virus and malware.
In this post I’ll try to review the functionality, pros and cons, as well as the process of installing and configuring.
GFI WebMonitor 2009 Requirements
I’m evaluating the GFI UnifiedProtection Edition (that combines WebFilter and WebSecurity) in one package.
- Processor: 1.8ghz
- Memory: 2GB RAM
- Hard Disk: 10/15 GB free
Operating System and Software
- Windows Server 2000 SP4 / Windows Server 2003
- ISA Server 2004 SP3 / ISA Server 2006
- Internet Explorer 6 or later
- .Net Framework 2.0
GFI WebMonitor Installation
You can download the trial version for GFI WebMonitor from this link.
The installation process it’s simple, you shouldn’t have any problem with this.
Access Permissions. Here you can set from which of the IP address the GFI web configuration will be accessible. Take note that you can specify the users that can access it.
Mail Settings. Configure it to receive mail notifications about when, for example, a user is trying to infringe a configured policy in WebMonitor.
Testing mail notifications.
Once the installation is complete, two new access rules are configured in your ISA Server Firewall Policy: One to allow access to the WebMonitor tool from a browser, and the other for updates.
GFI WebMonitor Dashboard
You can access the main window from the Program Menu of from your web browser.
Always having a dashboard it’s a good idea, specially with this kind of tool. Making a quick look here you’ll get most of the necessary information that WebMonitor provides: Bandwidth consumed, active connections, blocked content, etc.
Including also a graphical presentation of the data, that, of course, helps you a lot to discover any anomaly.
Within this section you’ll find all of data parsed and sorted in a very user-friendly way. They are pretty much self-explained.
All of this information is sorted also from a calendar, so if you want to take a look from previous dates, just use the “<” “>” buttons from upper right corner.
Active and Past Connections.
Bandwidth Consumption and Distribution.
Top Policy Breakers. Users marked that tried to access or download blocked content. In my case, only IPs are showing but remember this tool is highly integrated with ISA Client and ISA Server authentication that associates traffic with specific users.
If that’s not enough for you, check the charts options for specific URLs:
By default, there are a few sites configured already in the white list.
As an interesting option, you also have a “temporary white list” to allow specific sites for a few hours.
When a black listed site is trying to be browsed, the client will receive this message.
Web Filtering Policies
Here you can create rules and policies for your network traffic. You have a “Default Web Filtering Policy” that allows all contents from all categories; you can modify this one or create a new one for a specific user or IP.
Creating a new policy it’s quite simple and intuitive.
Policy name and schedule.
Categories to be blocked and allowed by the policy.
Applies to (users, groups or IPs).
Notification options when a user intents to access blocked content.
To define a website category a query is run to the WebGrade Database, that also receives updates periodically.
You can also run queries manually to the database and find out the category for a specific site.
Web Security Policies
These policies have the same functionality that the filtering policies, but are defined for file downloads, IM access and virus scanning.
By default, all content is allowed for download.
As an alternative policy to blocked downloads is the “quarantine” option.
IM Control Policies
This an option that is constantly asked and requested by ISA Server administrators, how to block IM on their networks.
Unfortunately, using this tool, you can only block MSN and Live Messenger traffic using HTTP connections.
Virus Scanning Policies
The default files that are scanned: Microsoft Office documents, PDFs, ZIP and RAR, executables and MSI.
Whenever any of these files are downloaded, the client will open the GFI WebMonitor Secure Download window that validates the file it’s not infected.
Download and virus scan completed.
- It is one of the best monitoring tools for bandwidth consumption available in the market. With a nice data parsing as well.
- It represents a great complement for ISA Server access and deny rules.
- Rules and policies are very easy to add and configure.
- Minimum overhead in network connectivity.
- Antivirus Integration: This is probably my favorite feature. Has almost the same functionality than an corporative antivirus solution that controls any suspicious packet in the network.
- Hardware requirements. It is not recommendable to use GFI WebMonitor on a machine with less than 2gb of RAM.
- Even though the data parsing is great, there’s no easy way to export those reports to a document or even a CSV file.
- There are no options available for export/import WebMonitor configurations. It is not possible to replicate the same configuration on another server or make a backup in a simple way.
If you are an IT Administrator that continuously perceive that your network is slow or it does not has the performance that it should, this tool can give you a lot of help. As a bonus, it will simplify configuring access rules and provide you with an excellent protection with 3 antivirus engines scanning packets.
But if you are using a small resources machine as your gateway, don’t bother installing it, it would give you a lot more problems than solutions.
Hope that you find this useful,