8e6 R3000 Internet Filter
The 8e6 Professional Edition offers high-performance, enterprise-level filtering with the R3000 Internet Filter. An appliance optimized for speed and scalability, the R3000 provides 90+ categories and millions of Web sites in the M86 Security Database. Deployed in "pass-by" or transparent mode, the R3000 sits outside the flow of network traffic to "watch" rather than "stop and check", delivering unmatched network compatibility and performance.
Benefits:
- Improves productivity by eliminating time wasted on unauthorized Web sites, Instant Messaging (IM) and Peer-to-Peer (P2P) applications.
- Mitigates filtering and reporting issues and frees up IT management for mission-critical projects.
- Provides management with tools to enforce an organization's Acceptable Use Policy
- Complies with filter-enforcing laws such as CIPA, HIPAA and Sarbanes-Oxley
- Protects against damaging and costly legal liabilities due to exposure to inappropriate or offensive Web content
- Secure confidential information against spyware, phishing agents and peer-to-peer transfers
- Controls access to bandwidth-intensive sites
Product Features:
- Filters the Internet: Includes URLs and/or IP addresses, file types (e.g. MP3, MPEG, .zip), HTTP, HTTPS, FTP, Newsgroups (NNTP), and TCP Ports.
- Blocks Internet Threats: Including spyware, malicious code and phishing sites.
- Blocks Instant Messaging and Peer-to-Peer: Utilizes M86 Security's Intelligent Footprint Technology (IFT) to block IM and P2P servers by signature or pattern.
- Real-Time Probes: Allow administrators to monitor user Internet activity as it happens.
- "X-Strikes" Blocking: Locks down a user's workstation when administrator-defined thresholds for accessing inappropriate Web sites are exceeded.
- Proxy Pattern Blocking: Blocks anonymous proxies using signature-based/network pattern detection.
- Google/Yahoo! SafeSearch Enforcement: Forces the SafeSearch mode "on" for all searches, including images within the Google or Yahoo! search engines.
- Customer Feedback Module: Sends frequent, non-categorized URLs from participating customers back to 8e6 on a daily basis. Selected URLs are reviewed and added to M86 Security's standard library categories.
- Synchronization Central Management Console (SCMC): Allows administrators to synchronize and manage multiple R3000s without independently configuring each unit.
- Directory-based Authentication: Utilizes directories such as Windows Active Directory, Windows NT and LDAP.
How It Works
Filtering technologies are divided into two types: Pass-through (server plug-in based) and Pass-by (standalone-based). Many networks operate in a pass-through environment, that creates "slow" points in the flow of data. Filtering solutions placed within a pass-through environment creates additional speed bumps and even a choke point if network traffic exceeds certain capacity levels. Pass-by solutions such as the R3000 are placed outside the flow of network traffic. It "watches" rather than "stops and checks" Web site requests. The result: no slowdown, even in heavy traffic situations. Most importantly, it doesn't create a point of failure.
This diagram illustrates the M86 Security's Pass-by filtering technology that removes the R3000 from any inclusion in the network connection path.
- Inappropriate request is sent by user
- R3000 monitors request as it passes through the hub/switch
- R3000 matches the request against its database
- If the Web site requested finds a match in the database, a TCP reset is sent to the Web server to kill the session (request) and a block page is sent to the client
The diagram above describes the Pass-through filtering products that represent an additional network device in the connection path. When users (Client PCs) make Internet requests, the traffic flows (1) through the network control points such as a proxy server or a firewall. All user requests (2) are redirected to the Pass-through filtering product, where it determines the action to either block (3) or redirect the requests back out (3) to control points. If the Pass-through filtering product determines to pass the user's request, the return traffic is returned from the Internet to the control points, and (4) then back to the user.
The R3000 filtering engine allows filtering of network traffic at an IP packet level. This eliminates any need for proxy settings, and allows the R3000 to operate totally invisible to the connections it filters. It "monitors" the packets flowing through the network, and can "intercept" the TCP session once inappropriate activity is detected. The R3000 will either not appear in the path of the connection, or will appear as an IP router, depending on the configuration.
Invisible mode
This is the simplest mode of the R3000. The unit can invisibly filter all network traffic that it "sees" on the Ethernet without being involved in the path between the client and the Internet. It has the ability to "intercept" a session when necessary if it determines something inappropriate is done, and return a message to the client and server. Although the original request packets are transmitted in all cases, the R3000 will return a "block page " to the client if the request was inappropriate.
This allows the R3000 to be totally uninvolved in the routing of packets from client to Internet, allowing for automatic redundancy, and automatic fail-safe. If the R3000 should fail and filtering stops, the network traffic is unaffected.
Above diagram illustrates how the R3000 is connected to the managed switching hub. The R3000 port is configured with the "port monitoring" function enabled. This allows the port to mirror the port that is connected to the router.
Router Mode
This mode allows the R3000 to act as an Ethernet router, passing packets from one card to the other. As the packets pass through the R3000, they are filtered. Only outgoing packets need to be routed, not the return packets, allowing the R3000 to appear only in the outgoing path of the network.
In this mode, the original packets from the client are allowed to pass in all cases, but if the request is inappropriate, a block page is returned to the client to replace the actual requested web page. All packets are allowed to pass just as if the R3000 was only a Ethernet router.
Firewall Mode
This mode is a modification of Router Mode. It provides for 100% assurance that filtering will take place regardless of the loading of the R3000. To accomplish this, all original packets are "blocked" from routing through if they are a filtered service. The filtering takes place, and if the request is appropriate, the original packet is allowed to pass unchanged. The overall affect is that the outgoing request is delayed slightly to allow filtering to take place before it leaves the gateway router of the network, but return traffic is still unaffected.
In this set-up, a local caching proxy will not affect the R3000, even if it is unfiltered and contains cached "bad" pages, since no request can pass until after it is filtered.
In this set-up, a local caching proxy will affect the R3000, if the caching proxy contains cached "bad" pages. It is always recommended to clear or expire the cached content after the installation of the R3000.
Does the R3000 work with our firewall, cache server or proxy server?
The R3000 is compatible with any Ethernet network. Additionally, the R3000 has flexible installation modes that allow it to be introduced in almost any network with little or no change in configuration.
Why is the R3000 faster than competitive products?
Most competitive filtering solutions are shared offerings. In other words, they share functionality with a firewall, caching, proxy or other type of server. This approach forces the device to now share its originally intended use with filtering (as well as reporting), causing poor performance and in some cases server overload especially when it comes to competing with real-time applications. In addition, these solutions usually filter in "pass through" mode which requires it to stop and check every web request creating a slow flow of data as well as an additional point of failure. The R3000, on the other hand, is a standalone appliance dedicated to the task it was designed for filtering. It offers scalability and performance without compromising other server/networking functions and filters in "pass by" mode which allows it to watch traffic and intervene only when necessary. This methodology does not create additional points of latency or failure and gives the R3000 superior performance over competitors.
How much traffic can the R3000 handle?
The R3000 can handle any amount of traffic that can be put on a fast Ethernet. At 80 megabits per second the R3000 has a 99.x% capture rate.
Does the R3000 work with PIX, Checkpoint, or other vendor firewalls?
If there is a firewall on the network, the R3000 will work in that environment. It will not, however, interface with the firewall to provide filtering. The R3000 is a standalone filtering device and achieves its performance by not having to tie in with any devices such as a firewall.
Does the R3000 work with NT Proxy/Squid Proxy/Novell Cache/Stratacache/Other Proxy or cache servers?
If there is a proxy/caching server on the network, the R3000 will install and filter without problems. It will not, however, interface in any way with the proxy/caching server to provide filtering. There are special considerations to consider in a situation where a proxy/cache server is involved.
Does the R3000 allow a customized block page?
Yes. There is a function in the R3000's GUI that allows the administrator to set up an http-redirect to their block page.
What operating system does the R3000 use?
The 8e6 R3000 operates on Red Hat Linux. It's a stable, fast and resource-efficient OS that provides an excellent base for higher throughput. 8e6 has made some changes to the kernel for increased operating efficiency.
- Next Steps
- Call Direct:
877.369.8686 - Have M86 contact me
- Register for Free
Product Evaluation - Follow us on
