Contacts      About the site
the main Additional income

UserGate Setting the primary proxy connection. UserGate Setup - Accounting Internet Traffic On Local Network

Today, the Internet is not only a means of communication or a way to leisure, but also a working tool. Search for information, participation in the auction, work with clients and partners require the presence of employees of companies in the network. Most computers used for personal purposes and in the interests of the organization are installed Windows operating systems. Naturally, they are all equipped with internet access mechanisms. Starting with the version of Windows 98 Second Edition, the Internet Connection Sharing (ICS) function is built as a standard component to Windows operating systems, which provides group access from the local network in the Internet. Later in the version of Windows 2000 Server, the Routing and Remote Access Service (Routing and Remote Access) has appeared and support for NAT protocol has been implemented.

But ICS has its drawbacks. Thus, this feature changes the address of the network adapter, and this can cause problems in the local network. Therefore, ICS is preferably used only in domestic or small office networks. This service does not provide authorization of users, therefore it is undesirable in the corporate network. If we talk about application in the home network, then the lack of authorization by the user name also becomes unacceptable, since the IP and Mac addresses are very easy to fake. Therefore, although in Windows and there is the possibility of organizing a single access to the Internet, in practice, either hardware or software for independent developers are used to implement this task. One of these solutions is the UserGate program.

First meeting

The UserGate Proxy Server allows you to provide users with a local network to the Internet and determine the access policy, forbieving access to certain resources, limiting traffic or user hours on the network. In addition, the usergate makes it possible to conduct separate traffic accounting both by users and by protocols, which greatly facilitates the cost control on the Internet connection. Recently, among Internet providers, there is a tendency to provide unlimited Internet access through its channels. Against the background of such a trend on the fore, it is control and access accounting. For this, the usergate proxy server has a fairly flexible rule system.

The usergate support server with NAT (Network Address Translation) runs on Windows 2000/2003 / XP operating systems with a TCP / IP protocol installed. Without the support of the NAT UserGate protocol, it is capable of working on Windows 95/98 and Windows NT 4.0. The program itself does not require special resources to work, the basic condition is the presence of a sufficient disk space for cache and magazine files. Therefore, it is still recommended to install a proxy server on a separate machine, giving it maximum resources.

Setting

Why do you need a proxy server? After all, any Web browser (Netscape Navigator, Microsoft Internet Explorer, Opera) is already able to cache documents. But remember that, firstly, we do not allocate significant amounts of disk space for these purposes. And secondly, the likelihood of visiting the same pages in one person is much less than if it was done dozens or hundreds of people (and such a number of users is available in many organizations). Therefore, the creation of a single cache space for the organization will reduce the incoming traffic and speed up the search in the Internet documents already received by any of the employees. The usergate proxy server can be associated with the hierarchy with external proxy servers (providers), and in this case it will be possible if you do not reduce traffic, then at least speed up obtaining data, as well as reduce the cost (usually the cost of traffic from the provider via the proxy server below ).

Screen 1. Cache setting

Running forward, I will say that the cache setting is performed in the "Services" menu (see screen 1). After translating the cache to "Enabled" mode, you can configure its individual functions - caching post queries, dynamic objects, cookies, content obtained by FTP. Here the size of the cached disk space and the lifetime of the cached document is adjusted. And so that the cache began to work, you need to configure and enable Proxy mode. The settings determine which protocols will work through the Proxy server (HTTP, FTP, SOCKS), on which network interface they will listen and whether cascading will be performed (the data required for this is entered on a separate tab of the service setup window).

Before you start working with the program, you need to perform other settings. As a rule, this is done in such a sequence:

  1. Creating User Accounts in UserGate.
  2. Setting up DNS and NAT on the system with UserGate. At this stage, the setting is made mainly to setting the NAT using the wizard.
  3. Configuring a network connection on client machines where you need to register the gateway and DNS in the TCP / IP network connection properties.
  4. Creating Internet Access Policy.

For convenience, the program is divided into several modules. The server module starts on a computer that has an Internet connection, and provides the main task. UserGate administration is carried out using a special UserGate Administrator module. With it, all the server setup is performed in accordance with the necessary requirements. The USERGATE client part is implemented as a UserGate Authentication Client, which is installed on the user's computer and serves to authorize users on the UserGate server if authorization is used other than IP authorizations or IP + Mac.

Control

User management and groups are submitted to a separate section. Groups are needed to facilitate user management and their shared access and tariff settings. You can create as many groups as it takes. Usually groups are created in accordance with the structure of the organization. What parameters can be assigned to user group? Each group is associated with the tariff for which access costs will be taken into account. The default is the Default tariff. It is empty, so connecting all users included in the group are not charged if the tariff is not overridden in the user profile.

The program has a set of predefined NAT rules that cannot be changed. These are access rules for TELTEN, POP3, SMTP, HTTP, ICQ, etc. When setting up the group, you can specify which of the rules will be applied for this group and users included in it.

The autodotal mode can be used when connecting to the Internet is carried out via the modem. When this mode is enabled, the user can initialize the connection to the Internet when there are no connections, it establishes the connection to its request and provides access. But when connected via a selected line or ADSL, the need for this mode disappears.

Adding user accounts is not more difficult than adding groups (see screen 2). And if the computer with the usergate proxy server is included in the Active Directory (AD) domain, user accounts can be imported from there and then separated by groups. But both when you enter manually and when importing accounts from AD, you must configure user rights and access rules. These include the type of authorization, the tariff plan, the available NAT rules (if the group rules do not fully meet the needs of a particular user).

The usergate proxy server supports several types of authorization, including user authorization via Active Directory and Windows Login Registration Window, which allows you to integrate UserGate to an existing network infrastructure. UserGate uses its own NAT driver that supports authorization through a special module - a client authorization module. Depending on the selected authorization method in the user profile settings, you must specify either its IP address (or the address range), or the name and password, or only the name. Here, the email address of the user can be specified to which reports on the use of access on the Internet will be sent.

rules

The UserGate rules system is more flexible in the settings compared to Remote Access Policy features (remote access policy in RRAS). Using the rules, you can close access to specific URL addresses, limit traffic on any other protocols, set the time limit, limit the maximum file size that the user can download, and much more (see Screen 3). Standard means of the operating system do not have sufficient functionality to solve these tasks.

Rules are created using the assistant. They apply to four main objects tracked by the system - compound, traffic, tariff and speed. Moreover, one action can be performed for each of them. The execution of rules depends on the settings and restrictions that are selected for it. These include the protocols used, time of weeks of the week, when this rule will act. Finally, the criteria for the volume of traffic (incoming and outgoing), the network time on the network, the remainder of the user on the user's account, as well as the list of IP addresses of the source of the query and network addresses of resources to which the action is distributed. Setting up network addresses also allows you to determine the types of files that users will not be able to download.

Many organizations are not allowed to use instant messaging services. How to implement such a ban using UserGate? It is enough to create one rule closing the connection when requesting the site * login.icq.com *, and apply it to all users. The use of rules allows you to change tariffs for day or night time, to regional or shared resources (if such differences are provided by the provider). For example, to switch between night and daytime tariffs, you will need to create two rules, one will switch over time from the day to the night rate, the second - reverse switching. Actually, what are tariffs for? This is the basis of the work of the built-in billing system. Currently, this system can only be used for reconciling and trial cost calculation, but after the billing system is certified, the system owners will receive a reliable mechanism for working with their clients.

Users

Now back to the DNS and NAT settings. The DNS setting is to specify the addresses of external DNS servers to which the system will apply. At the same time, users are needed in the compound settings for the TCP / IP properties as a gateway and DNS, specify the IP of the internal network interface of the computer with UserGate. Somewhat different configuration principle when using NAT. In this case, the system needs to add a new rule in which you want to define an IP receiver (local interface) and the sender IP (external interface), port - 53 and UDP protocol. This rule must be assigned to all users. And in the Connection Settings on their computers, you should specify the IP address of the DNS provider's DNS server, as a gateway - the IP address of the computer with UserGate.

Setting up mail clients can be performed both through Port Mapping and via NAT. If the organization is allowed to use instant messaging services, the connection setting should be changed for them - you must specify the use of firewall and proxy, set the IP address of the internal network interface of the computer with UserGate and select the HTTPS or SOCKS protocol. But it should be borne in mind that when working through the Proxy server, work will be unavailable in Chat Rooms and Video Chat if Yahoo Messenger is used.

The work statistics are recorded in a log containing information about the parameters of the connections of all users: the connection time, the duration spent the tools requested addresses, the number of received and transmitted information. Cancel information about user connections to statistics file cannot be canceled. To view statistics, there is a special module in the system, access to which is possible both through the administrator interface and remotely. Data can be filtered by users, protocols and time and can be saved in an external file in Excel format for further processing.

What's next

If the first versions of the system were intended only for the implementation of the Proxy-Server caching mechanism, then in the latest versions there are new components designed to provide information security. Today, usergate users can use the built-in Firewall and Kaspersky Anti-Virus module. The firewall allows you to monitor, open and block certain ports, as well as publish the company's Web resources in the Internet. Built-in firewall handles packets that have not passed processing at the NAT rules level. If the package has been processed by the NAT driver, it is no longer processed by firewall. Port settings made for proxy, as well as ports specified in Port Mapping, are placed in automatically generated firewall rules (AUTO type). The AUTO rule also places the TCP port used by the UserGate Administrator module to connect to the UserGate server part.

Speaking about the prospects for the further product development, it is worth mentioning the creation of a VPN's own server, which will allow you to abandon VPN from the operating system; Implementing a mail server with the support of the antispam function and the development of an intelligent firewall at the application level.

Mikhail Abramon - Head of the Arkers Group of Digt.

After you have connected the local network to the Internet, it makes sense to configure the traffic accounting system and the UserGate program will help us. UserGate is a proxy server and allows you to control the access of computers from the local network, on the Internet.

But, first, let's remember how we previously configured the network in the video course "Creating and configuring a local network between Windows 7 and WindowsXP", and how to access all computers to the Internet through one communication channel. Schematically, you can imagine in the following form, there are four computers that we combined into a peer-to-peer network, chose Workstation Work-Station-4-7, with the Windows 7 operating system, as a gateway, i.e. Connect an additional network card, with Internet access and allowed other computers on the network, access the Internet through this network connection. The remaining three cars are Internet clients and on them, as a gateway and DNS, indicated the IP address of the computer distribution Internet. Well, now let's deal with the question of controlling access to the Internet.

The UserGate installation does not differ from the installation of the ordinary program, after installation, the system asks to reboot, reboot. After the reboot, let's try to access the Internet, from the computer on which the usergate is installed - it turns out, and there is no other computers, therefore Proxy server started working and default prohibits all access to the Internet, this is required to configure it.

Run the admin console ( Start \\ Programs \\Usergate. \\ Administrator console) And here we have the console itself and the tab opens Connections. If we try to open any of the tabs from Lev, the message is issued (the UserGate Admin Console is not connected to the usergate server), on this, when you start, we open the connection tab, so that we can first connect to the UserGate server.

And so, by default, the name of the server is Local; User - Administrator; Server - LocalHost, i.e. The server part is located on this computer; Port - 2345.

Twice click on this record and connect to the UserGate service, if you could not connect, check if the service is running ( Ctrl+ Alt.+ ESC \\ Services \\Usergate.)

When the first connection is started Wizard SettingsUsergate., Zhmem. NotSince we will configure everything manually to make it more clear what and where to look. And first go to the tab ServerUsergate. \\ Interfaces, here we specify which network card looks in the Internet ( 192.168.137.2 - Wan.), and which is in the local network ( 192.168.0.4 - Lan.).

Further Users and groups \\ usersHere there is one single user, this is the machine itself on which the usergate server is running and it is called Default, i.e. default. Add all users to enter the Internet, I have three of them:

Work-Station-1-XP - 192.168.0.1

Work-Station-2-XP - 192.168.0.2

Work-Station-3-7 - 192.168.0.3

We leave the group and the tariff plan by default, the type of authorization, I will use through the IP address, since they are spelled out manually, and remain unchanged.

Now we will set the proxy itself, go to Services \\ Proxy Setup \\Http.here you choose the IP address that we pointed out as a gateway on client machines, I have it 192.168.0.4 , as well as put a tick Transparent modeIn order not to prescribe a server proxy address manually in browsers, in this case the browser will watch which gateway is specified in the settings of the network connection and will redirect the requests to it.

Note:This article was edited, supplemented with relevant data and additional references.

UserGate Proxy & Firewall represents the UTM Internet Gateway (Unified Threat Management), allowing to provide and monitor the total access of employees to Internet resources, filter malicious, dangerous and unwanted sites, protect the company's network from external invasions and attacks, create virtual networks and organize a safe VPN Access to network resources from outside, as well as control the channel width and Internet applications.

The product is an effective alternative to expensive software and hardware and is intended for use in small and medium-sized businesses, in government agencies, as well as large organizations with branch structure.

All additional information about the product you can find.

The program has additional paid modules:

  • Kaspersky Antivirus.
  • Panda Antivirus.
  • Avira Antivirus.
  • Entensys Url Filtering

The license for each of the modules is provided for one calendar year. You can test the work of all modules in a trial vein, which can be provided for a period of 1 to 3 months on an unlimited number of users.

Details about licensing rules can be found.

For all questions related to the purchase of Entensys solutions, please contact: [Email Protected] or by phone free line: 8-800-500-4032.

System requirements

To organize the gateway, a computer or server is required to meet the following system requirements:

  • CPU frequency: from 1.2 GHz
  • RAM volume: from 1024 GB
  • HDD volume: from 80 GB
  • Number of network adapters: 2 or more

The greater the number of users (relative to 75 users), the more server characteristics should be.

We recommend installing our product on a computer with a "clean" server operating system recommended by the operating system is Windows 2008/2012.
We do not guarantee the correct work of UserGate Proxy & Firewall and / or collaboration of third-party services and we do not recommend it sharing With services on the gateway, which performs the following roles:

  • Is an domain controller
  • Is a virtual machine hypervisor
  • Is an terminal server
  • It serves as a highly loaded DBMS / DNS / HTTP server, etc.
  • Serves as SIP server
  • Services Critical for Business Processes Services or Services
  • All of the above

UserGate Proxy & Firewall at the moment can conflict with the following types of software:

  • All without exception third party Firewall / Firewall Solutions
  • BitDefender Anti-Virus Products
  • Anti-virus modules performing a Firewall function or "Antihar", most antivirus products. It is recommended to disable these modules.
  • Anti-virus modules providing data verification by HTTP / SMTP / POP3 protocols, this can cause a delay in active work through proxy
  • Third-party software products that are able to intercept network adapters - "Speed \u200b\u200bMeasures", "Shepers", and the like.
  • The active role of Windows Server "Routing and Remote Access" in NAT / Internet Connection Sharing mode (ICS)

Attention!When installing, it is recommended to disable IPv6 support on the gateway, provided that the applications use the IPv6 are not used. In the current implementation of UserGate Proxy & Firewall, there is no support for IPv6 protocol, and, accordingly, the filtering of this protocol is not carried out. Thus, the host can be accessible from the outside via the IPv6 protocol even with the activated prohibitive rules of firewall.

With correct configuration, UserGate Proxy & Firewall is compatible with the following services and services:

MICROSOFT Windows Server roles:

  • DNS server.
  • DHCP server
  • Print Server
  • File (SMB) server
  • Applications server
  • WSUS server.
  • Web server
  • WINS server.
  • VPN server

And with third-party products:

  • FTP / SFTP servers
  • Messaging Servers - IRC / XMPP

When installing UserGate Proxy & Firewall, make sure that the third-party software does not use port or ports that Usergate Proxy & Firewall can use. The default usergate uses the following ports:

  • 25 - SMTP proxy
  • 80 - Transparent HTTP proxy
  • 110 - POP3 proxy
  • 2345 - UserGate Administrator Console
  • 5455 - UserGate VPN server
  • 5456 - UserGate Authorization Client
  • 5458 - DNS-Forwarding
  • 8080 - HTTP proxy
  • 8081 - UserGate web statistics

All ports can be changed using the UserGate Administrator console.

Installing the program and select a database for work

UserGate Proxy & Firewall Setup Wizard

A more detailed description of the NAT rules setup is described in this article:

Agent Usergate.

After installing UserGate Proxy & Firewall before Make a reboot of the gateway. After authorization in the system, in the Windows taskbar next to the clock, the UserGate agent icon should become green. If an icon is gray, then in the installation process, an error has occurred and the UserGate Proxy & Firewall server service has occurred, in this case, refer to the appropriate section of the entensys knowledge base, or to Entensys technical support.

Configuring the product is carried out by means of the UserGate Proxy & Firewall administration console, which can be called both by double-clicking on the UserGate agent icon and on the label from the Start menu.
When you start the administration console, the first step is to register the product.

General settings

In the "General Settings" section of the Administrator console, set the Administrator user password. Important! Do not use Unicode-Specifier or PIN Product Code as a password to access the administration console.

Usergate Proxy & Firewall product the protection mechanism of attacksYou can also activate it in the General Settings menu. The protection mechanism from attacks is an active mechanism, a kind of "red button", which works on all interfaces. It is recommended to use this feature in the case of DDOS attacks or massive malware infection (viruses / worms / botnet applications) of computers inside the local network. The attack protection mechanism can block users using filecloth customers - torrents, Direct Connect, some types of VoIP customers / servers that carry out active traffic exchange. To get the IP addresses of blocked computers, open the file PROGRAMDATA \\ ENTENSYS \\ UserGate6 \\ Logging \\ FW.log or Documents and Settings \\ All Users \\ Application Data \\ Entensys \\ UserGate6 \\ Logging \\ FW.log.

Attention!The parameters described below are recommended to be changed only with a large number of customers / high requirements for gateway bandwidth.

This section also has the following settings: "Maximum number of connections" - the maximum number of all connections via NAT and through the Usergate Proxy & Firewall proxy.

"Maximum NAT number of connections" - the maximum number of connections that usergate proxy & firewall can skip through the NAT driver.

If the number of customers is not more than 200-300, then the settings "Maximum number of connections" and "Maximum NAT NAT" change is not recommended. An increase in these parameters can lead to a significant load on the gateway equipment and is recommended only if settings are optimized with a large number of customers.

Interfaces

Attention! Before this, be sure to check the settings of the network adapters in Windows! The interface connected to the local network (LAN) should not contain the address of the gateway! DNS servers in the settings of the LAN adapter not necessarily, the IP address must be assigned manually, we do not recommend it using DHCP.

The LAN-adapter IP address must have a private IP address. It is permissible to use the IP address from the following ranges:

10.0.0.0 - 10.255.255.255 (10/8 Prefix) 172.16.0.0 - 172.31.255.255 (172.16 / 12 Prefix) 192.168.0.0 - 192.168.255.255 (192.168 / 16 Prefix)

Distribution of private network addresses are described in RFC 1918. .

Using other ranges as an addresses for the local network will result in errors in the work of UserGate Proxy & Firewall.

The interface connected to the Internet (WAN) must contain the IP address, network mask, gateway address, DNS servers addresses.
It is not recommended to use more than three DNS servers in the WAN adapter settings, it can lead to errors in the network. Pre-check the performance of each DNS server using the nslookup command in the cmd.exe console, example:

nslookup Usergate.Ru 8.8.8.8.

where 8.8.8.8 - address of the DNS server. The answer must contain the IP address of the requested server. If there is no answer, the DNS server is not validated, or DNS traffic is blocked.

You need to determine the type of interfaces. An interface with an IP address that is connected to the internal network must have a type of LAN; The interface that is connected to the Internet - WAN.

If the WAN interfaces are somewhat, then you must select the main WAN interface through which all traffic will go, clicking the right mouse button on it and selecting "Install the main connection". If you plan to use another WAN interface as a backup channel, we recommend using the "Setup Wizard".

Attention! When you configure the backup connection, it is recommended to set the DNS host name, and the IP address in order for usergate proxy & firewall to reproach it using ICMP (Ping) requests and in the absence of an answer, turned on the backup connection. Make sure the DNS servers in the network backup adapter settings are operational.

Users and groups

In order for the client computer to be logged in to the gateway and access the UserGate Proxy & Firewall and NAT services, you need to add users. To simplify the execution of this procedure, use the scan function - "scan the local network". UserGate Proxy & Firewall scans the local network independently and provide a list of hosts that can be added to the user list. Next, you can create groups and enable users in them.

If you are deployed in the domain controller, you can configure group synchronization with groups in Active Directory, or import users from Active Directory, without constant synchronization with Active Directory.

Create a group that will be synchronized with a group or group from AD, enter the necessary data in the Synchronization with AD menu, restart the UserGate service using the UserGate agent. After 300 seconds. Users are automatically imported into the group. These users will have an authorization method - AD.

Firewall

For correct and safe operation of the gateway you need before Configure the firewall.

The following algorithm for the operation of the firewall is recommended: to prohibit all traffic, and then add permissive rules at the necessary directions. For this, the # nonuser # rule must be translated into "prohibit" mode (it will disable all local traffic on the gateway). Caution! If you configure UserGate Proxy & Firewall remotely, follows off from the server. Then you need to create permissive rules.

Allow all local traffic, throughout the ports from the gateway to the local network and from the local network to the gateway by creating the rules with the following parameters:

Source - "LAN", Purpose - "Any", Services - Any: Full, Action - "Allow"
Source - "Any", Purpose - "LAN", Services - Any: Full, Action - "Allow"

Then create a rule that will open Internet access for the gateway:

Source - "WAN"; Purpose - "Any"; Services - Any: Full; Action - "Allow"

If you need to allow incoming connections to all ports to the gateway, the rule will look like this:

Source - "Any"; Purpose - "WAN"; Services - Any: Full; Action - "Allow"

And if you need that the gateway takes incoming connections, for example, only by RDP (TCP: 3389), and it was possible to ping outside, then it is necessary to create such a rule:

Source - "Any"; Purpose - "WAN"; Services - Any ICMP, RDP; Action - "Allow"

In all other cases, for security reasons, the creation of the rule for incoming connections is not necessary.

In order to access client computers to the Internet, you need to create a network address transmission rule (NAT).

Source - "LAN"; Purpose - "WAN"; Services - Any: Full; Action - "Allow"; Choose users or groups that need to provide access.

It is possible to configure the rules of the firewall - to allow what is clearly forbidden and vice versa, prohibit what is clearly permitted depending on how you set up the rule # non_user # and what is your policy in the company. All rules have priority - the rules work in order from top to bottom.

Variants of various settings and examples of the rules of the firewall can be viewed.

Other settings

Next, in the section Services - Proxy can enable the necessary proxy servers - HTTP, FTP, SMTP, POP3, SOCKS. Select the necessary interfaces, turn on the "Listen to all interfaces" option to be unsafe, because Proxy in this case will be available both on LAN interfaces and on external interfaces. The "transparent" proxy mode routes all traffic on the selected port on the proxy port, in which case it is not necessary to specify the proxy on client computers. The proxy remains available and on the port specified in the settings of the proxy server itself.

If the server includes a transparent proxy mode (Services - Proxy Setup), it is enough to specify in the network settings on the client machine UserGate server as the main gateway. As a DNS server, you can also specify the usergate server, in which case it must be turned on.

If the transparent mode is disabled on the server, then you need to register the usergate server address and the corresponding proxy port specified in the service is to configure the proxy in the browser connection settings. An example of configuring a UserGate server for such a case can be viewed.

If your network has a configured DNS server, you can specify it in the UserGate Forwarding DNS settings and the Usergate WAN WAN settings. In this case, in NAT mode and in proxy mode, all DNS requests will be directed to this server.


Today, leadership, probably, has already appreciated the advantage of the possibilities that the Internet provides the Internet. We are, of course, not about online stores and e-commerce, which, no matter how to twist, today are more marketing tools, rather than a real way to increase the turnover of goods or services. The global network is an excellent information environment, a practically inexhaustible source of a wide variety of data. In addition, it provides fast and cheap communication with both clients and partners of the company. It is impossible to discount the Internet for marketing. Thus, it turns out that the global network, in general, can be considered a multifunctional business tool that can increase the efficiency of the company's employees of their duties.

However, to begin with, it is necessary to provide these employees access to the Internet. Just connect one computer to the global network today is not a problem. There are many ways to do this. There are also many companies offering a practical solution to this task. But it is unlikely that the Internet can be able to bring a prominent benefit on one computer. Access to the network should be each employee from its workplace. And here we can not do without special software, the so-called proxy server. In principle, the possibilities of the Windows family systems allow you to make any connection with the Internet common. In this case, access to it will receive other computers from the local network. However, this decision is unlikely to consider at least any seriously. The fact is that when choosing it will have to forget about the control of the global network by the company's employees. That is, any person from any corporate computer can enter the Internet and do anything there. And what it threatens, probably no one needs to explain to anyone.

Thus, the only reasonable method for organizing connecting all computers included in the corporate local network is a proxy server. Today there are a lot of programs for this class. But we will only talk about one development. It is called UserGate, but created its specialists from ESAFELINE. The main features of this program are wide functionality and a very convenient Russian-speaking interface. In addition, it is worth noting that it is constantly developing. Recently, a new version of this product has been presented to the public, the fourth version of this product.

So, usergate. This software product consists of several separate modules. The first one is directly the server itself. It must be installed on a computer directly connected to the Internet (Internet gateway). It is the server that implements users' access to the global network, calculates the used traffic, leads work statistics, etc. The second module is designed to administer the system. With his help, the responsible employee carries out all the configuration of the proxy server. The main feature of the usergate in this regard is that the administration module does not have to be posted on the Internet gateway. Thus, we are talking about remote control of the proxy server. It is very good because the system administrator gets the ability to manage access to the Internet directly from its workplace.

In addition, the usergate includes two more separate software modules. The first one is needed to conveniently view the statistics of the use of the Internet and building reports based on it, and the second - to authorize users in some cases. This approach is perfectly combined with the Russian-speaking and intuitive interface of all modules. All together it allows you to quickly and without any problems to configure sharing a global network in any office.

But let's still proceed to the analysis of the functionality of the UserGate proxy server. You need to start with the fact that in this program there are immediately two different ways of setting up DNS (most perhaps an important task when implementing overall access). The first one is NAT (Network Address Translation is a network address transformation). It provides a very accurate account of consumed traffic and allows users to apply any protocols authorized by the administrator. True, it is worth noting that some network applications in this case will work incorrectly. The second option is DNS-Forvarding. It has large restrictions compared to NAT, but can be used on computers with outdated operating families (Windows 95, 98 and NT).

Work permits on the Internet are configured using the concepts of "User" and "User Group". And, what is interesting, the user is not necessarily a person in the UserGate proxy server. His role can also perform a computer. That is, in the first case, Internet access is permitted to certain employees, and in the second - all people who are sitting for some PC. Naturally, different ways of user authorization are used. If we are talking about computers, you can define them on the IP address, IP and MAC address bundles, the range of IP addresses. To authorize the same employees, special pairs of login / password can be used, data from Active Directory, name and password, which coincide with the Windows authorization information, etc. User for convenience of setting can be combined into groups. This approach allows you to manage access immediately all employees with the same rights (located on the same positions), and not to configure each account separately.

There is a UserGate proxy server and its own billing system. The administrator can set any number of tariffs describing how much one unit of incoming or outgoing traffic or connection time is worth. This allows you to conduct an accurate account of all Internet costs with reference to users. That is, the management of the company will always know who spent how much. By the way, tariffs can be made dependent on the current time, which makes it possible to accurately reproduce the provider's price policy.

The USERGATE proxy server allows you to implement any, arbitrarily complex corporate Internet access policies. This uses the so-called rules. With their help, the administrator can set restrictions for users in time of work, by the number of sent or accepted traffic per day or month, by the number of time used per day or month, etc. In case of exceeding these limits, access to the global network will be automatically overlapping. In addition, with the help of rules, you can enter restrictions on the speed of access of individual users or integers.

Another example of using the rules are restrictions on access to those or other IP addresses or their ranges, to whole domain names or addresses containing certain lines, etc. That is, in fact, it is about filtering sites with which you can exclude visits Employees of unwanted web projects. But, of course, this is not all examples of the application of the rules. With their help, you can, for example, implement the switching of tariffs depending on the currently downloaded site (it is necessary to account for preferential traffic that exists in some providers), adjust the cutting of advertising banners, etc.

By the way, we have already said that the UserGate proxy server has a separate module to work with statistics. With it, the administrator may at any time view the consumed traffic (common, for each of the users, by user groups, by sites, on server IP addresses, etc.). Moreover, all this is done very quickly with a convenient filter system. In addition, this module implements the report generator, with which the administrator can compile any reporting and export it to MS Excel format.

A very interesting decision of the developers is to embed an anti-virus module into the firewall, which controls the entire incoming and outgoing traffic. Moreover, they did not invent the bike, but integrated the development of the Kaspersky Lab. Such a decision guarantees, firstly, really reliable protection against all malicious programs, and secondly, the regular update of the signature databases. Another important information security feature is a built-in firewall. And so it was created by the developers of UserGate independently. Unfortunately, it is worth noting that the firewall integrated into the proxy server is quite seriously different in its capabilities from leading products in this area. Actually, we are talking about a module that makes a simple traffic locking on the specified ports and protocols to computers with specified IP addresses and from them. It has no invisibility regime, nor some others, in general, mandatory functions for firewalls.

Unfortunately, one article cannot include a detailed analysis of all the functions of the UserGate proxy server. Therefore, let's at least simply list the most interesting of them that have not included in our review. First, it is cached files loaded from the Internet, which allows you to actually save money on the service provider. Secondly, it is worth noting the PORT MAPPING function, which allows you to bind any selected port of one of the local Ethernet interfaces to the desired port of the remote host (this feature is necessary for the operation of network applications: Bank type systems - client, various games, etc.) . In addition, the UserGate proxy server is implemented as access to internal corporate resources, job scheduler, connecting to a proxy cascade, monitoring traffic and IP addresses of active users, their logins, visited real-time URLs and much, much Other.

Well, now it's time to summarize. We, dear readers, are quite detailed by the UserGate proxy server, with which you can organize sharing the Internet in any office. And they made sure that this development combines the simplicity and convenience of setting up and using with a very extensive set of functionality. All this makes the latest version of UserGate very attractive product.

Share with friends or save for yourself:

Loading...
Recommended articles on the topic
Wholesale: Entities, Functions, Development Trends Basic wholesale functions
Wholesale: Entities, Functions, Development Trends Basic wholesale functions
Business cards and the process of creating the concept of a business card and its types
Business cards and the process of creating the concept of a business card and its types
Tutorial Theory Theory of Consumer Behavior General Technological Many Production Element may be
Tutorial Theory Theory of Consumer Behavior General Technological Many Production Element may be