Access Control


Overview

The Access Control feature allows administrators to restrict Internet Access by individual workstations. The process uses "Packet Filtering" to block or discard data packets. You can apply the pre-defined filters, and optionally define your own filters.
By default, filtering is disabled; no packets are blocked or discarded.

To use the Access Control feature:

You can limit Internet access for ALL PCs without entering ANY workstation data. Simply apply the desired restrictions to the "Everyone" group.

Beginning of Topic Top of Document


Security Groups

From the Advanced menu, select Security Groups.
Sample Screen (Click to view)

Operations

Select the group from the drop-down box, then click the Configure button to define restrictions for the selected group. You will then see the Security Group Details screen. Note that the Security groups are pre-named "Everyone", "Group 1", "Group 2", "Group 3", and "Group 4". These names cannot be changed.
Click the Show Members button to list the workstations which are members of the selected group. These will be listed on the left; other workstations are listed on the right. If no workstations have been defined, both lists will be empty. Workstations in the right list have their existing group shown in brackets after the name. Use the ">>" and "<<" buttons to move workstations to and from the selected Group.
For convenience, you can create new workstation from this screen, as well as from the Workstations screen. Enter the name of the new workstation, and click Create. You will then see the Workstation Details screen.


Beginning of Topic Top of Document


Security Group Details

This screen is reached by clicking the Configure button on the Security Groups screen.
Sample Screen (Click to view)

Data

Internet Access for this Group

No restrictions

No packets are blocked. Use this to create an "Unlimited Access" group, or to temporarily remove restrictions from a group.

Block all Access

Groups members cannot access the Internet at all. Use this to create the most restrictive group.

Use Packet Filter Table below

Use this to define intermediate levels of access. Using the Packet Filter table gives you fine control over Internet access.

Packet Filter Table

Simply select the items you wish to block. You can select either:

Applications to Block

Any items checked will be blocked. Users will not be able to use the application.

TCP Packets to Discard

This lists any TCP filters you have defined. If no filters have been defined, this is empty.
Multiple items can be selected (or deselected) by holding down the Ctrl key while selecting items.
Selected items can NOT be accessed by members of this group.

UPD Packets to Discard

This lists any UDP filters you have defined. If no filters have been defined, this is empty.
Multiple items can be selected (or deselected) by holding down the Ctrl key while selecting items.
Selected items can NOT be accessed by members of this group.

Beginning of Topic Top of Document


Administrator Defined Filters

The Administrator Defined Filters screen is reached via the Define Packet Filters menu option on the Advanced Menu.
Sample Screen (Click to view)
This screen allows you to define packet filters; that is, what packets should be blocked (discarded). After you define packet filters, they will appear on the Security Group Details screen. You can then select them, as well as the pre-defined filters, when applying restrictions to a Security Group.

Data

TCP Packets

Define the packets you wish to be filtered out, by entering the following data.

Name

Enter a descriptive name for this entry.

Port No.

Enter an integer representing the Port Number for this type of packet. A Network Analyzer or Packet Sniffer can be used to determine the correct port number.

UDP Packets

Define the packets you wish to be filtered out, by entering the following data.

Name

Enter a descriptive name for this entry.

Port No.

Enter an integer representing the Port Number for this type of packet. A Network Analyzer or Packet Sniffer can be used to determine the correct port number.


Beginning of Topic Top of Document