• HOME
• PRODUCTS
• CyBlock Proxy
• Filtering
• Reporting
• Technical Specs
• Price Quote
• FAQs
• CyBlock ISA
• Filtering
• Reporting
• Technical Specs
• Price Quote
• FAQs
• CyBlock Appliance
• Filtering
• Reporting
• Technical Specs
• Price Quote
• FAQs
• Cyfin Reporter
• Reporting
• Technical Specs
• Price Quote
• FAQs
• Cyfin Proxy
• Reporting
• Technical Specs
• Price Quote
• FAQs
• COMPANY
• Customers
• Partners
• For Resellers
• WaveNews
• Careers
• RESOURCES
• White Papers
• Case Studies
• Press Releases
• Forum
• Blog
• Twitter
• SUPPORT
• CyBlock Proxy
• FAQs
• Forum
• Documentation
• Downloads
• CyBlock ISA
• FAQs
• Forum
• Documentation
• Downloads
• CyBlock Appliance
• FAQs
• Forum
• Documentation
• Cyfin Reporter
• FAQs
• Forum
• Documentation
• Downloads
• Cyfin Proxy
• FAQs
• Forum
• Documentation
• Downloads
• CONTACT US

Technical Specs

Web filter plug-in for Microsoft ISA / TMG Server.

Use the links below to find out how CyBlock ISA / TMG Web filter fits into your network.

• Network Configuration
• Array Configuration
• OS Requirements
• ISA Server 2004 and 2006 Compatibility
• ForeFront TMG Compatibility

Network Configuration

 

CyBlock ISA / TMG plug-in installs directly on Microsoft ISA or TMG Server, monitoring user activity, filtering access to the Web sites or categories of sites you specify, and generating categorized reports on user activity.

Array Configuration

Install CyBlock ISA / TMG on multiple servers and manage settings from the designated primary console.  This makes for easy administration when managing different locations or a large number of employees.

1. Install CyBlock ISA / TMG on your specified servers.
2. Designate one server as your primary and follow the instructions on the product's Setup - Array screen to get set up properly.
3. Enter settings at the primary console, and add the other servers to its product "array" (not to be confused with an actual Microsoft ISA / TMG Server array, which has no effect on this configuration).
4. Settings and policies you make will be applied to secondary servers.  For more information, check the CyBlock ISA / TMG product manual.

 

OS Requirements

The supported operating systems for CyBlock ISA / TMG Web filter are shown below. Please click on the links for recommendations and details.

Minimum Requirements

• Processor: 2.0 GHz
• Memory: 1GB RAM
• Hard Disk: 500 MB free disk space
• Browser: Internet Explorer version 6.0 or higher, Mozilla Firefox.  Test your browser for compatibility.

Supported Operating Systems

• Windows Server 2008/2003/2000

ISA Server 2004/2006 Compatibility

CyBlock Web filter is designed to work with ISA Server 2004/2006.  Your CyBlock ISA system can be configured in two ways:  as an on-box solution (required for filtering) and optionally, as an off-box solution (to assume reporting duties).

Below, please examine the diagrams depicting how CyBlock integrates with ISA Server 2004/2006.  Also please view our recommendations for product configuration.  This information is designed to help you have seamless, trouble-free use of CyBlock ISA.

• CyBlock ISA installed directly on ISA Server 2004 or 2006 ("on-box")
  • Logfile Setup
  • Configuration Notes
• CyBlock ISA installed on an additional server for reporting purposes only (optional)
  • Logfile Setup
  • Configuration Notes

CyBlock ISA installed directly on ISA Server ("on-box")

NOTE:   CyBlock ISA must be installed on your ISA Server to filter Web browsing.  Other off-box options are discussed later on this page.

Logfile Setup

NOTE:  One of the following four "logfile types" needs to be configured in the CyBlock ISA browser interface.

 

MSDE database configuration:

Logfile Type:  Microsoft ISA Server (MSDE database)

Default Directory:  C:\Program Files\Microsoft ISA Server\ISALogs

NOTE:  A few simple steps are required to set up communication between the product and your MSDE database.  These instructions appear after you select "Microsoft ISA Server (MSDE database) as your logfile type in the product (begin with Logfiles - Setup screen). 

 

NOTES ABOUT PRIOR RELEASES: 

1)  MSDE-formatted data no longer needs to be extracted to ASCII text files for this product to use.  However, if you were using that method (previously required when using MSDE data in past versions of our product), upgrades are backwards-compatible and you do not have to change your processes. You could simply create a new configuration if you want to stop converting MSDE data to text, while still maintaining your older "text" configuration as well. 

2) If you have ISA Server 2000 functioning with CyBlock ISA, you should not upgrade CyBlock ISA until you first upgrade your ISA Server to a more recent version.  ISA Server 2000 is no longer supported with CyBlock ISA.

 

SQL database configuration:

Logfile Type:  Microsoft ISA Server (SQL database)

Default Directory:  (none)

NOTE:  Some configurations are necessary so that the product can access the SQL database and read it.  Follow the onscreen instructions provided when configuring this type of data source in the product (begin with Logfiles - Setup screen).

 

ISA Server Format configuration:

Logfile Type:  Microsoft ISA Server (ISA Server Format)

Default Directory:  C:\Program Files\Microsoft ISA Server\ISALogs

NOTE:  ISA Server Format uses local time for data record time stamp.

 

Extended Format configuration:

Logfile Type:  Microsoft ISA Server (Extended)

Default Directory:  C:\Program Files\Microsoft ISA Server\ISALogs

NOTE:  ISA Extended format uses GMT time (this is set by the ISA server and is not configurable).

 

Configuration Notes

ISA 2004 and 2006 Requirements:  No Service Pack required. 

NOTE:  ISA Server 2006 can NOT be installed on Windows Server 2008!

Set Service Account: 

1. On your ISA Server, open Services.
2. Double-click on Microsoft Firewall to display its properties.
3. On the Log On tab, choose Local System Account.
4. Click Apply and Ok to save changes.
5. Restart the Service to put changes into effect.

Configure Web proxy logging:

With ISA 2004/2006, information is logged to an MSDE database by default.  This product can also read SQL Server data.  A few simple steps are required - and described - in the Logfiles - Setup wizard when you select "Microsoft ISA Server (MSDE database)" or "Microsoft ISA Server (SQL database)" as your logfile type. If you plan to use either of these, steps 1-10 below are unnecessary.

NOTE:  These steps below are only pertinent to the 'Standard' and 'Extended' logfile configurations mentioned above.

To change Web proxy logging to the standard file type (non-MSDE), here are detailed instructions:

1. On your ISA Server, open the ISA Server Management console and expand the server name.
2. Click on Monitoring node in the left pane of the console.
3. On the Monitoring node, click the Logging tab in the middle pane.
4. Click on the Tasks tab in the right pane.
5. Click the Configure Web Proxy Logging link.
6. Select log storage format File (do not select database).
7. In the format drop down menu select ISA Server file format.
8. Click "Apply."
9. Click "OK."
10. To save these changes please click "Apply" on the top of the middle pane.

Filter Setup:  Setting up filtering in CyBlock for ISA Server is a simple process, explained with the following steps: 

NOTE:  These steps should be performed regardless of which data type you plan to use in the product.

1. In the CyBlock ISA browser interface, go to the Setup-Filtering screen.
2. Choose the type of user ID to use in CyBlock filtering (e.g., Login Name, IP Address, or Login Name/IP).
3. Choose how CyBlock will respond when Login Name has been chosen as the ID type, but a login name is not present in the data.  If you check the Block anonymous users check box, CyBlock will block all requests that don't have a login name.  If you do not select the check box, CyBlock will allow all requests that don't have a login name.

Configure Integrated authentication for outbound Web requests    *(Optional, recommended)*

It is recommended that you configure Integrated authentication for the users on your network, as it will provide seamless Internet browsing (e.g., no 'popup' messages requiring a login and password will appear) for Internet Explorer browsers.  To do this, follow these steps: 

1. On your ISA Server, start the ISA Server Management tool.
2. Expand Server Name, expand Configuration, and then click on Networks.
3. Right-click the network that listens for the outbound Web requests and then click Properties.  For example, to configure authentication for users who are connected to the internal network, right-click Internal, and then click Properties.
4. Click the Web Proxy tab, and then click the Authentication button.
5. Click to select the Basic check box, then click to select the Integrated check box.
6. Click to select the Require all users to authenticate check box.
7. Click OK to save changes and to exit.

CyBlock ISA installed on an additional server for reporting purposes only (optional)

NOTE:  CyBlock ISA can also be installed on another machine to handle reporting duties (the machine in the middle of the above diagram depicts this setup).  This is recommended due to the CPU usage required when running reports.  Simply put, it can be beneficial to have CyBlock ISA doing its filtering on your ISA Server, and its reporting functions on another machine.

Additionally, you can FTP the ISA Server logfiles to the second machine to help with ease of reporting.  The section below discusses "off-box" logfile options in more detail.

Logfile Setup

If CyBlock ISA is also installed "off-box" for reporting use, the logfiles need to be transferred to that box or put into a suitable location where CyBlock can read them.  This can be done in a few ways:

• Copy the logfiles to the second CyBlock machine's local drive (this is what we recommend for best network performance).  To automate this process, you can create a script to copy the logs over at a specific time each day.
• FTP the logs over to the second CyBlock machine's local drive.   Again, this process can also be automated with scripts.
• Have the logfiles reside on a network drive.  NOTE:  CyBlock cannot browse the network in its default state.  For this logfile option to be successful, two things must be true: 
  • The network drive must be mounted on the network
  • The CyBlock Service logon account needs to be a domain account with administrative rights

Please see the section above for information about logfile setup, keeping in mind that the directory path for logfiles might be different in an "off-box" solution.

Configuration Notes

NOTE:  The filtering piece of the product will not function on a machine other than the ISA Server, but reporting will work normally.  Simply use the "off-box" installation of CyBlock ISA to run reports (and possibly store logfiles).

Forefront TMG Compatibility

Standard configuration:

Logfile Type:  Forefront TMG (TMG Format)

Default Directory:  C:\Program Files\Microsoft ISA Server\ISALogs

Alternate configuration:

Logfile Type:   Forefront TMG (W3C Extended Format)

Default Directory:  C:\Program Files\Microsoft ISA Server\ISALogs

NOTE:  Cyfin Reporter can be installed directly on the Forefront TMG or on a stand-alone machine.   Forefront TMG File Format uses local time for data record time stamp.  ISA W3C Extended Log File Format format uses GMT time (this is set by the Forefront TMG and is not configurable).

SQL Server Express DB configuration:

Logfile Type:  Forefront TMG (SQL Server Express Database)

WARNING:  You will need SQL Server Management Studio to complete the required steps for this logfile selection.  It is not installed by default with TMG, so you must obtain the installation file.  When you have the file saved locally to the machine, install it using these instructions:

• Double-click the .exe file for SQL Server Management Studio to open it.
• In the left pane menu, click on Installation.
• In the right pane, click New SQL Server stand-alone installations or add features to an existing installation.
• Click OK at the first screen ("Setup Support")
• Click Install at the next screen.
• Click Next when installation ends.
• In the right pane, change the selected radio button to Add features to an existing instance of SQL Server
• Use the pulldown to select MSFW
• Click Next.
• In the right pane, under Shared Features, check the box Management Tools - Basic
• Click Next until arrive at the Ready to Install screen.
• Click Install.
• When it completes, click Next.
• Click Close.
• Click the "X" to close out of SQL Server Installation Center dialog box.

Please perform the following steps carefully and in order:

1. Open SQL Server Configuration Manager:
   • Expand SQL Server Network Configuration
   • Highlight Protocols for ISARS, still in the left pane.
   • In the right side pane, right-click TCP/IP and select Properties.
   • Click on IP Address tab, and scroll to bottom of dialog box.
   • Change the TCP Port to 1434.
   • Click Apply.  A dialog box will appear stating you need to restart a service. Click OK.
   • Click OK again to close the dialog box.
   • Minimize (but do not Close!) the SQL Server Configuration Manager, and go to your machine's Services (this will be under Administrative Tools).
   • Restart the SQL Server (ISARS) service.
   • Minimize (but do not Close!) your Services dialog box, and maximize the SQL Server Configuration Manager again.
   • In the left pane, highlight Protocols for MSFW.
   • In the right pane, right-click TCP/IP and select Enable.
   • Next, right-click TCP/IP again and this time select Properties.
   • Click on IP Address tab, and scroll to bottom of dialog box.
   • Clear out the numbers appearing in the TCP Dynamic Ports box, so that it is completely blank.
   • Next, in the TCP Port box type in 1433, so that the TCP Port will now be 1433.
   • Click Apply.  A dialog box will appear stating you need to restart a service. Click OK (we will restart it later in this procedure.)
   • Click OK again to close the dialog box.
   • Close SQL Server Configuration Manager.

    

   CRITICAL NOTE:  For the remaining steps in the process, you must have SQL Server Management Studio installed.  It is not installed by default with most TMG installs.

    

2. Open SQL Server Management Studio.  If you don't see it, try typing 'studio' in the Start - Search box. This will either show you where it is or launch the program.
   • Connect to your SQL Server.  Use the following credentials:
     • Server type = Database Engine
     • Server name =  TMG \MSFW
     • Authentication = Windows Authentication
   • Right-click on the top (Server) node, and go into Properties.
   • In the left pane, highlight Security.
   • In the right pane, change the Server Authentication radio button to SQL Server and Windows Authentication mode.
   • Click OK.  You will see a message stating that changes won't take effect until the SQL Server is restarted.  Click OK.
   • In the left pane, expand the Security folder.
   • Right-click the Logins folder, and select New Login.
   • In the right pane, for Login Name type wavecrest. NOTE: This label is very important, the product will expect this exact login name only.
   • Next, change the radio button selection to SQL Server Authentication.
   • Type in this password: password.  NOTE: This label is very important, the product will expect this exact password only.
   • Confirm the password by typing it in again.
   • Uncheck the Enforce password expiration checkbox.
   • Next, in the left pane highlight Server Roles.
   • Check the checkbox for sysadmin.
   • Click OK.
   • Close out of SQL Server Management Studio.

    

3. Restart Services.  
• In Administrative Tools - Services, restart:
  • SQL Server (ISARS) service (only if you did not do so earlier.)

  NOTE:  It is important that this one be restarted BEFORE the MSFW service!

  • SQL Server (MSFW) service.

With these steps complete, you will be logging to the SQL Server Express database and connection to it is now possible.  However, the SQL Server Express data does not become immediately available.  After completing the above steps, you will need to wait for a period of one day before proceeding with logfile configuration in your Wavecrest product.

SQL Server database configuration:

Logfile Type:  Forefront TMG (SQL Server Database)

NOTE:  It is presumed that you have already set up a SQL database and are logging to it from your TMG Server.  The steps that follow will not work if you have not set that up first. 

If you are successfully logging to a SQL database, please perform the following steps:

1. Allow Open Database Connectivity.  It is important to set up SQL Server to accept ODBC (Open Database Connectivity). On the machine with SQL Server installed on it, complete these steps:
   • Log in to 'SQL Server Managment (Studio)'
   • Expand the server name
   • Expand Security folder
   • Right-click 'Logins' folder and click 'New Login'
   • Enter a new login name (example: wavecrest)
   • Select 'SQL Server Authentication' radio button
   • Type in a password (example: wavecrest)
   • Uncheck 'Enforce Password Policy'
   • Click 'Default db' pulldown, select the database our product will access
   • Click OK to save and exit
2. Create new account for your Wavecrest product to access the SQL Server. You need to set up another account for the product to communicate with your SQL Server database:
   • In 'SQL Server Management (Studio)', expand 'Databases' folder
   • Expand the database that the Wavecrest product will access
   • Expand the Security folder
   • Right-click the Users folder, click 'New User'
   • Type in the same user and login name (example: wavecrest) *we recommend using the same credentials that you created earlier
   • Select dbo as the Default Schema.  Use the browse buttons to find the checkbox for dbo, select it, then click OK to save.
   • For 'Database Role Membership' (bottom section of the page) check the following checkboxes:
     • dbdatareader
   • dbdatawriter
   • Click OK to save and exit
3. Proceed with configuration in your Wavecrest product.