DNS filtering with authentication

Optimized Throughput

Configuring Access and Policies

If you are using NxFilter for the first time, the DNS filter will assign a policy to all users. In many contexts, however, it makes sense to work with different policies to implement different usage options and restrictions. Authentication can be handled with the instruments mentioned earlier and configured in the User and Policy menus.

Starting with the Policy settings simplifies the system configuration. The initial installation creates a default policy, but you can customize those policies, as well as create policies from scratch. To create a new policy, give the policy a name and, optionally, a description and click Submit . You then assign a priority, quota settings, and the categories to be blocked to the policy and limit the time. If you want to configure categories, you can use the settings in the Category menus.

The same approach is used to create users and groups. Both can be managed in the User menu (Figure 2). You can assign each user a policy for working hours and free use, as well as a user group. In group management, you can create your own groups and assign users to them from a simple selection menu. If you use AD or an OpenLDAP server for user authentication, set up both in the User menu, too. NxFilter also supports the use of a RADIUS server. To grant network users access to specific domains and content explicitly, use Whitelist | Domain . You can bypass authentication, filtering, and logging for each of these entries.

Figure 2: NxFilter provides extensive policy settings for filtering web content by DNS.

Another special feature in NxFilter is the availability of special filter agents that run on client systems and thus enable location-independent DNS filtering. The developers refer to the agent as NxProxy and provide appropriate installation programs for macOS and Windows. After installing the agents, you only need to specify the NxFilter server and the login token. You can also configure multiple NxFilter server installations. If the client cannot access a stored DNS filter, filtering is bypassed until a connection can be re-established.

Extensive Reporting System

NxFilter also offers extensive logging and reporting functions. Basically, NxFilter can keep the logfiles generated by the environment for up to 400 days. The DNS filter generates daily, weekly, and monthly reports at the user level. Some of the prepared logs can be viewed in the dashboard; specifically, the blocking logs for the past 12 hours can be found there.

If you want to delve deeper into the details, you can use the Request submenu to search the logs based on various criteria. The Logging menu gives you further insights into the health state of the environment, and Report lets you view agent signal data, bandwidth control, and various usage reports.

Multiclient-Capable DNS Filtering

With NxCloud, the developers provide multitenant DNS filtering software for cloud-based filtering. The environment lets you create customer accounts that implement company-specific policies. In terms of functionality, the cloud version is no different from the standard version. NxCloud supports different user types, which you or your operators and users can manage in the Admin , Operator , and User menus. To begin, create an administrator account for NxCloud. The administrator role can create customer (operator) accounts that are similar to subadministrator accounts. The operators can then assign users and policies.

NxCloud is based on NxFilter, so the functionality is almost identical. Nevertheless, the multiclient-capable environment offers various special features, such as client policies, which you can create in the Operator | License Policy menu. You can generate your own login and password reset forms via the API set. The /nxcloud/webapps directory contains the signup.jsp file for login and resetpw.jsp for resetting the administrator password. These basic pages can be adapted to your individual needs.

The authentication for access to the NxCloud environment is IP-based, which allows for user-specific application of predefined policies. This service can also be used for remote filtering with NxProxy or CxBlock (for Chromebooks).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus