General settings

The global settings of the LANCOM Content Filter are located in LANconfig under Content filter > General:





Activate Content Filter
This is where you can activate the LANCOM Content Filter.
In case of error
This is where you can determine what should happen when an error occurs. For example, if the rating server cannot be contacted, this setting either allows the user to surf without restrictions or access to the web is blocked entirely.
On license exceedance
This is where you can determine what should happen when the licensed number of users is exceeded. Users are identified by their IP address. The system keeps count of the IP addresses that connect via the LANCOM Content Filter. When the eleventh user establishes a connection with a 10-user license, no further checking is performed by the LANCOM Content Filter. Depending on this setting, the unlicensed user can either surf the web without restrictions, or access to the web is blocked entirely.
Note: The users of the content filter are automatically removed from the user list when no connection has been made from the IP address concerned via the content filter for 5 minutes.
On license expiration
The license to use the LANCOM Content Filter is valid for a certain period. You will be reminded of the license expiry date 30 days, one week and one day before it actually expires (at the e-mail address configured in LANconfig under Log & Trace > General > E-mail addresses > E-mail for license expiry reminder).
Here you can specify whether web pages should be blocked or allowed through unchecked after expiry of the license. After the license expires, this setting either allows the user to surf the web without restrictions, or access to the web is blocked entirely.
Note: In order for the reminder to be sent to the specified e-mail address, you must configure the SMTP account.
For non-HTTPS traffic over port 443
Forbidden
Prevents non-HTTPS traffic over port 443.
Allowed
Permits non-HTTPS traffic over port 443
By default the TCP port 443 is reserved exclusively for HTTPS connections. Some applications that do not use HTTPS still use TCP port 443. In this case, you can also open TCP port 443 for non-HTTPS connections.
Important: If you permit non-HTTPS connections over port 443, the traffic is not further classified and is open for any connection. By default, non-HTTPS connections over port 443 are not permitted.
Max. proxy connections
This setting is for the maximum allowable number of simultaneous proxy connections. This limits the load that can be placed on the system. A notification is sent if this number should be exceeded. You can set the type of notification under Content filter > Options > Event notification.
Proxy processing timeout
Specifies the maximum time in milliseconds that the proxy can take for processing. A timeout error page is displayed if this time is exceeded.
Save Content Filter information to flash ROM activated
If you enable this option, you can additionally save the content filter information to the flash ROM memory of the device.
Allow wildcard certificates
With this feature enabled, Web sites with wildcard certificates (consisting of CN entries such as *.mydomain.com) are verified using the main domain (mydomain.com). Verification is evaluated in this sequence:
  • Server name check in the "Client Hello" (depends on the browser used)
  • Check of the CN in the SSL certificate that you received
  • Entries with wildcards are ignored
  • If the CN cannot be verified, the field "Alternative Name"is evaluated.
  • DNS reverse lookup of the associated IP address and verification of the host name obtained
  • If wildcards are included in the certificate, the main domain is checked instead (corresponds to the above function)
  • Verification of the IP address

www.lancom-systems.com

LANCOM Systems GmbH | A Rohde & Schwarz Company | Adenauerstr. 20/B2 | 52146 Wuerselen | Germany | E‑Mail info@lancom.de

LANCOM Logo