GFI Software/GFI WebMonitor

GFI WebMonitor is a comprehensive monitoring solution that enables users to monitor and control web traffic activity (browsing and file downloads) in real-time. It also enables administrators to block active web connections as well as scan web traffic for malicious activity including viruses, trojans, spyware and phishing.

http://www.gfi.com

GFI WebMonitor Online documentation


The aim of this book is to provide access to important information that can help users make the best use of GFI WebMonitor. Wikibookians are therefore encouraged to update this content and/or send feedback, ideas and comments on how this documentation can be further improved via the wiki discussion board, GFI Forums, or by sending an email to documentation@gfi.com.

All feedback is welcome! Please contribute your topics with the above principles in mind.

Introduction

edit

GFI WebMonitor is a web security and internet access control software that allows administrators to monitor employees' web browsing activities and ensure that any files downloaded are free of viruses and other malware.

GFI WebMonitor is available in the following three editions:

  • WebFilter Edition - Increases productivity with Web Filtering[1] and Web Browsing policies. Helps to optimize bandwidth use with Streaming Media policies and website categorization features. Additionally, Web Reputation Index and ThreatTrack help lower incidence of attacks and infringements.
  • WebSecurity Edition - Provides a high degree of web security using combined tools that help mitigate phishing, malware, trojans and virus attacks. This is achieved through the built-in download control module and multiple anti-virus and anti-spyware engines.
  • Unified Protection Edition - Provides all the features of the WebFilter Edition and the WebSecurity Edition in a single package.

How does GFI WebMonitor work?

edit
 
Stage 1 - Request initiation

Users request a webpage or a download from the Internet. The incoming traffic generated by this request is forwarded to GFI WebMonitor.

 
Stage 2 - Always Blocked/Always Allowed filtering

The internal GFI WebMonitor Always Blocked/Always Allowed filtering mechanism analyzes user ID, IP address and requested URL, taking the following actions:

  • Blocks web traffic requests by adding users and/or IP addresses to the Always Blocked list, or to access URLs in the Always Blocked list.
  • Automatically allows web traffic requests by allowed users and/or IP addresses, or to access allowed URLs.
  • Forwards web traffic requests (to the WebFiltering module)by users and/or IP addresses that are neither in the Always Blocked list nor in the Always Allowed list or to access URLs that are neither in the Always Blocked list nor in the Always Allowed list.
 
Stage 3 - WebFilter module

Analyzes web traffic received from the Always Blocked/Always Allowed filtering mechanism against a list of categories stored in WebGrade database. These categories are used to classify and then filter web pages requested by users. GFI WebMonitor can Block, Warn and Allow or Quarantine web traffic according to configured policies. Quarantined web traffic can be manually approved or rejected by the administrators. Approved quarantined URLs are moved in Temporary Allowed area; a mechanism used to approve access to a site for a user or IP address for a temporary period.

NOTE: The WebFilter module is only available in the WebFilter Edition and the Unified Protection Edition of GFI WebMonitor. In the WebSecurity Edition, web traffic is sent directly from the Always Allowed/Always Blocked filtering mechanism to the WebSecurity module.

 
Stage 4 - WebSecurity module

Analyzes web traffic through the download control module and scans incoming web traffic for viruses, spyware and other malware. GFI WebMonitor can Block, Warn and Allow or Quarantine suspicious material according to configured policies. Web traffic is also scanned for phishing material against a list of phishing sites stored in the updatable database of phishing sites. Web traffic generated from a known phishing element is rejected while approved web material is forwarded to the user.

NOTE: The WebSecurity module is only available in the WebSecurity Edition and Unified Protection Edition of GFI WebMonitor. In the WebFilter Edition, WebSecurity processing is not performed, and web traffic is forwarded on to the user.

For more information on GFI WebMonitor, refer to About GFI WebMonitor

GFI WebMonitor versions

edit

GFI WebMonitor is available in the following versions:

  • GFI WebMonitor Standalone: This version allows administrators to monitor and control web-traffic activity on networks that do not have a web-proxy deployed. This version comes with a built-in web proxy and can be installed as a gateway or as a proxy server. To deploy GFI WebMonitor in Gateway mode, two network interface cards are required. To deploy GFI WebMonitor in Proxy Server mode, a router that supports traffic forwarding and port blocking is required.
  • GFI WebMonitor for ISA/TMG: This version allows administrators to monitor and control web-traffic activity on networks that are running Microsoft ISA/TMG web proxy.

Administrator Guide for GFI WebMonitor Standalone

edit

The aim of the GFI WebMonitor Administrator Guide is to help you install and configure GFI WebMonitor in Gateway mode or Simple Proxy mode on your network. It describes:

  • The different environments supported by GFI WebMonitor.
  • How to install and configure GFI WebMonitor in Gateway mode or Simple Proxy mode.
  • Post-installation actions required to start monitoring your Internet traffic.
  • Details overview of the Monitoring Dashboards.
  • How to configure Policies in GFI WebMonitor.
  • How to achieve results with your GFI WebMonitor installation.
  • Troubleshooting common issues.

The following link enables you to browse GFI WebMontor Administrator Guide: Use the Get Started page to find the information you need about GFI WebMonitor.

GFI WebMonitor Administrator Guide for ISA and TMG

edit

The aim of the GFI WebMonitor Administrator Guide is to help you use and configure GFI WebMonitor when installed as an Add-on to Microsoft ISA/TMG. It describes:

  • How to use GFI WebMonitor dashboard.
  • How to monitor internet activity.
  • How to configure WebFilter and WebSecurity editions.
  • How to configure GFI WebMontor Quarantine.
  • Troubleshooting information on common issues.

The following link enables you to browse GFI WebMontor Administrator Guide for ISA/TMG: Use the Get Started page to find the information you need about GFI WebMonitor.

Troubleshooting

edit

This section explains how to resolve any issues encountered during installation of GFI WebMonitor. The main sources of information available to solve these issues are:

  • The Administrator Guide
Download product manuals from www.gfi.com
  • GFI SkyNet articles
GFI maintains a comprehensive knowledge base repository, which includes answers to the most common problems. GFI SkyNet always has the most up-to-date listing of technical support questions and patches. In case that the information in this guide does not solve your problems, next refer to GFI SkyNet by visiting: http://kbase.gfi.com/.
  • Web forum
User to user technical support is available via the web forum. The forum can be found at http://forums.gfi.com/.
  • Contacting GFI Technical Support
If you still cannot solve issues with the software, contact the GFI Technical Support team by filling in an online support request form or by phone.
NOTE: Before you contact our Technical Support team, please have your Customer ID available. Your Customer ID is the online account number that is assigned to you when you first register your license keys in our Customer Area at https://customers.gfi.com/login.aspx.
GFI support will answer your query within 24 hours or less, depending on your time zone.
  1. Smith, Sharon. "Web Filtering". Lenovonetfilter.{{cite web}}: CS1 maint: url-status (link)