Configuration of the Igaware Digital Safeguarding/UTM is done via a Web Administration Interface. This guide helps you explore the full range of fucntionlity available and where on the Interface to set-up users and services. We recommend going through each section in order.
Igaware Digital Safeguarding is a next generation Internet filter that transparently filters Internet traffic (including SSL) to enable users to access the Internet safely without the hassle and cost of having to configure a proxy or install client software or apps.
Igaware digital safeguarding filters Internet access according to policies that you control. You can allow or block sites by category, domain, IP address, MIME types, file types, search terms, phrases and regular expressions.
Reports and alerts tell you when Internet access policies are being breached and more importantly, help you identify vulnerable users.
By enabling the man in the middle (MITM) option, search terms can be filtered and safe searches can be enforced.
Digital safeguarding is delivered on premise by an Igaware server installed on your network through which all Internet traffic is filtered. It can be joined to an existing active directory server (ADS) or the Igaware server can be enabled as an ADS in it's own right. UTM functionality is also included.
For support please drop an email to support@igaware.com or call our support team on +44 (0)191 2804013.
Prior to installation you need to think about the level of filtering and control you want to have and the type of reports and email alerts you would like. Your installer will go through options with you and pre-configure the system so that it has the preferences you required, enabled.
Things you need to consider:
Our installers you will be take through the decision process and get everything setup for you.
The Igaware Linux Small Business Server has a factory default IP address of 192.168.2.252 and DHCP is enabled. To start configuring the server you can simply connect a computer using an Ethernet cable plugged into the server's LAN port. The Igaware Linux Small Business Server can then be configured by opening a web browser and entering the address https://192.168.2.252.
This address will open up the login page for the Igaware configuration interface. Login using the user name and password supplied with the Igaware Linux Small Business Server.
Before you start configuring the Igaware Linux Small Business Server please go to System => Register/Licence => Registration. You will be asked to enter the system user name and password (supplied with the Server). Registration must be completed for the server to fully function.
IMPORTANT: Any configuration changes made are only activated after 'Commit Changes' has been run (found on the left hand menu of all configuration pages).
To add the Igaware Linux Small Business Server to your LAN go to Administration => Network and select 'Ethernet #0' give it an IP Address on your LAN and complete all fields using the on screen help. By default DHCP is enabled.
Note: One Handed Mode is available to give the Igaware Linux Small Business Server an Internet connection over the LAN. In this mode the Igaware Linux Small Business Server only requires one Ethernet connection to the LAN and no separate connection to the Internet.
The Igaware Linux Small Business Server can be connected directly to the Internet using an Ethernet router, a USB PPPoe modem, a serial modem, and USB 3G dongle.
There is also the option to connect over the LAN using ‘One-Handed Mode’. To configure Internet access, go to Administration => Network and select Ethernet #1 and 'Add New ISP Connection'.
If a router is used, it must be configured to allow the Igaware Linux Small Business Server unrestricted Internet access inbound and outbound otherwise the Igaware Linux Small Business Server may not be able to operate correctly. Most routers have a DMZ option that makes this easy.
Once you have configured Internet access, you can test that it is working by going to System => Tools => Test Internet Connection.
If the Igaware Linux Small Business Server is installed in ‘One Handed Mode’ (see 2.2.1 above) then your existing firewall must be configured to allow the Igaware Linux Small Business Server unrestricted outbound Internet access.
Inbound access from the Internet to the following ports on the Igaware Linux Small Business Server must be provided:
- SSH 22 (This allows remote support services).
- SSL 443(This allows remote access to the Igaware administration interface. If port 443 is already in use then use port 666).
Note: You may need to forward additional ports to enable some services. E.g. if the Igaware Linux Small Business Server is being used to filter email that is delivered via SMTP you will need to forward traffic on port 25 to the Igaware Linux Small Business Server. If the Igaware Linux Small Business Server is installed as the router/firewall then things are much simpler.
By default, all outgoing Internet access from the LAN is blocked. To enable Internet access for machines on the LAN go to Administration => Access Controls => Outbound Firewall => Individual Computers.
The Individual Computers page is used to configure Internet and Web access for machines on the LAN. Any computers or devices not listed here will not be allowed Internet access.
Note: The default "blocking" policy can be changed by selecting a derestricted access policy e.g. Web Access Only etc.
The 'default' machine listed, on this page, defines the default Internet access policy that will be applied to machines added to this list. Click on this and check the settings before adding machines.
The quickest way to add machines to the list is to click on the 'Scan LAN Network' button. The scan will find machines on your network and apply the default Internet access policy.
Note: Machines with a software firewall enabled may not be found by a Scan. Disable firewalls and try again. Any machines that are not picked up by the scan can be added manually.
Once machines/devices are listed you can click on them to change their access policies.
It is recommended that you avoid giving all the machines on your LAN unrestricted Internet access unless it is really necessary; most security breaches come from internal staff innocently downloading and accessing malicious content on the Internet. Prevention is a lot cheaper than cure.
Access is controlled by applying an access policy such as Web Only or Web & FTP. There are several pre-defined policies that cover the majority of user requirements.
Note: Additional access policies can be created using the left-hand menu options;
- Service Port List (configure Internet ports that are used to define LAN Access Policies).
- LAN Access Policies ( define Internet Access Policies that can then be applied to machines on the LAN).
Access to the web can be controlled in a number of ways by checking appropriate boxes on the LAN Devices configuration page. Options include:
- Limit access to only the sites listed in the company white list
- Allow access to any web site except those in site categories you select (e.g. pornography), and the company black list.
- Block access to certain file types that may be 'dangerous' e.g. executable files.
- Control access according to the time of day
Web access control through the Igaware Linux Small Business Server requires the default gateway on LAN machines to be set as the LAN IP address of the Igaware Linux Small Business Server. This can be done automatically using DHCP.
* Web authentication can be enabled to force users to login with a user name and password when they open their web browser. Useful if users share computers.
* The Igaware Linux Small Business Server can be joined to an ADS Domain to allow single sign on. Go to Administration => Servers => Windows Services => PDC/ Domain Member Configuration => PDC/ ADS Member. Setting browsers to then proxy through the Igaware will populate web reports with user names.
Users
Users only need to be added once for them to be able to use the different services on the Igaware Linux Small Business Server. To add users go to Administration => Users/Groups => Users and click on the ‘Add User’ and follow the on-screen help.
Groups
If you have a large number of users it may be easier to administer access to the web or file server shares according to local group policies. Local groups can be created in Administration => Users/Groups => Groups.
Note: If you are using an Active Directory Server, users can be synchronised with this automatically. To enable ADS integration go to Administration => Servers => Windows Services => PDC/ Domain Member Configuration => PDC/ ADS Member.
The Igaware Server can handle both incoming and outgoing email. In addition to ensuring email gets to its destination the Igaware Linux Small Business Server filters email to remove malicious payloads including viruses, dangerous content, fraud attempts (phishing) and spam.
To configure the Igaware Linux Small Business Server for email go to Administration => Servers => Email.
Select ‘General’ from the menu and set which user will be the ‘Postmaster’. The ‘Postmaster’ can receive various notifications from the Igaware Linux Small Business Server about, for example, emails that can't be delivered. On the same page enter the outgoing SMTP server; this should be the outgoing SMTP server address given to you by your ISP.
Note: The Igaware Linux Small Business Server can relay outgoing mail directly but some anti-spam systems will reject emails sent by a server using a public IP address that is part of a block allocated to an ISP. It's a good fallback,though, if your ISP's outgoing SMTP server fails.
The Igaware Linux Small Business Server can be configured to receive email for multiple domains using POP3, IMAP and SMTP. You can configure this in Administration => Servers => Email => Internet Accounts.
To allow email to be received via SMTP, open port 25 in Administration => Access Controls => Port Input.
Incoming email is distributed to users’ mail boxes (created when a user is added to the Server). Email aliases or mailing lists can be configured, and email received for these will be delivered to users you select in Administration Servers => Email => Aliases.
Users can access email on the Igaware Linux Small Business Server using any client software that supports POP3 or IMAP e.g. Outlook, Mozilla Thunderbird. Client software should have the incoming and outgoing mail servers set as the Igaware server's IP address on the LAN. The user name and password for the incoming mail server is the same as that set on the Igaware server when the user was created.
Email can also be accessed using Web based groupware. For more about groupware see page 10.
Note: A global Outgoing Email Signature can be defined in Administration => Servers => Email => Outgoing Email Signature
By default only users on the local LAN can send (relay) email through the Igaware Linux Small Business Server. To enable remote users to relay email when connected by VPN go to Administration => Servers => Email => SMTP Relay.
Kopano Groupware is a drop in replacement for MS Exchange. It allows you to share e-mail and calendars via Outlook, on your smart phone or using Kopano Webapp and Kopano Deskapp. The Kopano Webapp/Deskapp features the familiar Outlook 'Look & Feel' interface, and you can keep using the features in Outlook that have always allowed you to work efficiently. Kopano Groupware supports Active Sync for synchronisation with mobile devices.
To enable Kopano go to Administration => Servers => Collaborative Groupware => Kopano
Note: See the Kopano Setup Guide.
Horde is a browser based communication suite used primarily before Zarafa was available. Users can read, send and organize email messages and manage and share calendars, contacts, tasks and notes.
To enable Horde go to Administration => Servers => Collaborative Groupware => Horde.
Once enabled, login to Horde by pointing a web browser at http://serverip/groupware (where serverip the IP address of the Server on your LAN. You can login remotely over the Internet using https://publicip/groupware, where publicip is the public IP address of the Igaware server. You can find your public IP address by looking in Administration => Network => ISP Settings.
Note: Port 443 (https) is opened in Administration => Access Controls => Inbound Firewall => Port Input. This allows users to login remotely over the web to groupware using SSL (https://)
When you login to Horde for the first time, you must set an ‘Identity’ in ‘Personal Information’. If not, you will be unable to send emails. To set your Identity; When in Email click on Options and select Personal Information. Fill in at least the first 3 fields and the "Sent mail folder". Click on "Save Options" when finished. Go back to Personal Information and set "Your Default Identity". Click on "Save Options" when finished.
The Igaware Linux Small Business Server filters email for viruses, spam, phishing attempts and other malicious content. To configure email filtering go to Administration => Servers => Email => Email Filtering.
Note: You can block emails to and from specific email addresses and/or domains by going to Administration=>Servers=>Email=> Blocking List.
Note: Emails can be forwarded on to another Email server, such as MS Exchange, This is configured by using Administration => Servers => Email => SMTP Forward
The Igaware Linux Small Business Server can control how computers logon to your network. It can be enabled as a Workgroup Server, a Domain Server, or an Active Directory Server.
To enable ADS go to Administration=>Servers=>Windows Services=>General
Note: If ADS is enabled you can then only administer users and groups using the Windows Remote Server Administration Tool.
The Igaware Linux Small Business Server provides central file serving with access to public and private file shares that you define. Users can logon to the file server as a member of an domain or a workgroup. The file server is configured in Administration => Servers => Windows Services.
Note: A number of options exist to backup data held on the file server. See ‘Data Backup’ .
Note: File server space can be used as iSCSI Storage. This allows you to effectively add additional hard disk storage to existing servers. This is enabled in Servers => ISCSI Storage.
The Igaware Linux Small Business Server can be used to host web pages that can be made publicly accessible by opening port 80 in Administration => Access Controls => Inbound Firewall => Port Input. The Web server runs Apache, MySQL and PHP, enabling the hosting of dynamic, data driven websites. To configure the Web server go to Administration => Servers => Web Server.
The Igaware Linux Small Business Server can send and receive faxes providing it is connected to a telephone line using a Fax Modem. We recommend that you use a US Robotics 56K External Fax modem V.92 (USR015630D). Incoming faxes are converted to PDF and sent as attachments to emails to the fax recipients specified for the ‘FAX recipients’ alias in Administration => Servers => Email => Aliases.
Outgoing faxes can be sent via the fax printer on the Igaware server or via email.
To configure faxing go to Administration => Servers => FAX Server
The Igaware Linux Small Business Server supports PPTP, IPSec and SSL VPN protocols that enable the creation of secure connections to your Network over the Internet. We recommend using SSL for 'road warriors' in preference to PPTP (best avoided for security and performance reasons).
To connect remote offices together over the Internet we recommend using IPSec. This can be setup to connect to another Igaware Server or any IPSec compliant device. To setup IPSec VPN go to Administration => Network => Virtual Private Networking (VPN) => IPSec VPN.
If you are out of the office, working from home or on a train, for example, you can create a secure connection to the Igaware server in your office using PPTP VPN. Most computers have a PPTP client as standard – for MS Windows this is called “VPN Adapter”. To setup PPTP VPN go to Administration => Network => Virtual Private Networking (VPN) => PPTP.
The Igaware Linux Small Business Server offers a number of ways to backup data held on it. Data can be stored to tape, an external USB/Firewire hard drive, a Windows share on your network, or offsite to a remote Rsync server. All settings are available in System => Backup where you can configure a ‘Main’ and a ‘Secondary’ backup.
The Igaware Linux Small Business Server can be used as an Rsync Server and receive data from other Igaware Servers. E.g. If you have several offices, each with an Igaware Linux Small Business Server, you can back these up centrally to your head-office Igaware Server that has been enabled as an Rsync Server. Enable in System => Backup => Rsync Server.
Note: The system configuration is automatically backed up offsite to Igaware’s data center, daily. This ensures that if your Server is, for example, destroyed in a flood etc, another Igaware Server can be supplied pre-configured with all of your settings.
The Igaware Linux Small Business Server makes a number of reports available in ‘Activity Reporting’. These include:
Email Summary
This report shows a summary of email activity for the last 7 days including the total number of emails sent and received, the number of viruses detected and the number of spam emails filtered.
Email Usage Report
This report provides details of emails sent and received by users for date ranges you select.
Site Blocking Report
This report shows attempts to access web sites blocked by web filtering policies.
Web Visits Report
This report shows details of web visits by individual machines (IP address), or by users if connected to an Active Directory Server (browsers must be configured to proxy through the Igaware)
Network Traffic
Graphs show network traffic on each of the network interfaces in use.
PPTP VPN Report
This report shows information about past and present remote PPTP connections.
Reports can be viewed within your web browser, or exported to be saved as an MS Excel file.
What makes Igaware different from other products is that the whole software bundle, including the operating system and all applications, are constantly updated to provide new features and protect against new security threats.
An unsupported security product will soon become vulnerable to security threats. Not only should Spam, AV and Web Filtering databases be updated, for example, but you should also update the software engines and add new techniques that become available.
Because of our approach your Igaware Linux Small Business Server is secure and robust. To view the latest updates, click on the ‘changelog’ link on the home page of the administration interface or check our web site Changelog. For boredom control we only detail significant updates.
If you go to System => Tools you will find a number of options that can help you monitor and diagnose network problems. Here's a summary of the tools and what they provide:
Network/Host Monitoring
You can monitor devices on the LAN or WAN and receive email alerts if they should become unavailable.
Log Viewer
One of the many advantages of an Igaware Server is that it is very verbose about what it is doing. The logs tell you what is going on, taking the guess work out of support.
Ping Scan LAN
This utility will tell you what devices the Igaware Server can see on your network.
Network Vulnerability Scanner
This option allows you run a Nessus scan on local or remote networks to identify security vulnerabilities. See http://www.nessus.org/
Network Query Tool
A tool for discovering Host Information e.g. DNS, WHOIS etc, and checking Host Connectivity e.g. PING, TRACEROUTE etc.
Test Internet Connection
Does what it says.
Ntop Server
This is a network discovery tool that provides a graphical web interface through which you can see exactly what is happening on the network. See www.ntop.org/overview.html.
When you first login to the Igaware Linux Small Business Server configuration interface, you are presented with live system status information. This status console provides a heads up to any current issues, such as disk space running low, and also provides statistics on, for example, email filtering. More detailed information can be accessed by using the ‘Full Info’ links.
Alerts can be configured to be emailed using the ‘Config’ links.
The status console can be accessed anytime in System Status => Status Console.
If you have a problem, please don’t try the 'I've run out of ideas' approach and reset the server (switch the server on and off) - this will not fix anything, but it may well make diagnosis of the problem much harder, and could result in a damaged file system.
Let’s say, for example, that you are not receiving email. This could be down to a whole number of factors; your domain has expired, your ISP mail server could have a problem, your MX record has been misconfigured, your personal computer has a problem, your internal network has a problem, your Internet connection is down, or it could even be that no-one has sent you any email today. Re-booting the Server will not resolve any of these issues. Please call for support if you have any problems and we’ll work with your dealer to resolve them in the minimum possible time.
NOTE: If a unit loses power (powercut/unplugged/reset), when it is powered back on it will run file system checks which can take several minutes - resetting at this point can seriously damage the file system. If in doubt, seek expert help.
Igaware Servers are available in a number of different specifications and upgrades are available as and when required. You can request upgrade information from your Igaware dealer. The system status console can alert you if hard disks, for example, need upgrading sometime soon.