iBoss Web Filters   contact us 877.742.6832   
  
 Products: iBoss Web Filter Overview | Web Filtering | Reporting | QoS | Desktop Recording | URL Database   Integration   Screen Shots | More Info
Administration  |  Active Directory  |  eDirectory  |  Gigabit & 10G  |  Proxy Integration  |  Network Diagrams  |  Load Balancing  |  Distributed Filtering  |  Mobile
Security		  |  Tap Mode  |  Bypass Interface
    Request Webinar
    Request Quote
    Education/K12
    Product Guides
    Datasheets
    Case Studies
    Contact Us
 Integration - Network Diagrams

iBoss Enterprise Web Filter Deployment Configuration Options

The iBoss Enterprise Web Filter provides its filtering functionality in a completely transparent fashion on the network. It does not segment a network, nor does it provide firewall or NAT capability which allows for easy deployment. The iBoss filters traffic passing between the LAN and WAN port. The iBoss will actively scan traffic applying filtering rules and intercepting traffic when necessary. This allows the iBoss to achieve very high filtering performance without affecting network topology. If using the iBoss Enterprise Web Filter in an Active Directory or eDirectory environment, the iBoss can be used to transparently identify the user using their authentication credentials.

Transparent in-line Filter (Recommended) - Figure 1

Out of the box, the iBoss Enterprise Web Filter is a true in-line filter analyzing multiple streams for optimum performance. The iBoss Enterprise Web Filter typically sits in-line between the existing firewall and network switch. With throughput speeds capable of reaching 1 Gbps (up to 10 Gbps*), iBoss Web Filters can ensure powerful filtering without sacrificing network performance. In addition, optional Fiber, 10G, Management and Fail-Safe Bypass Interfaces are available.

Transparent in-line Filter- Fig. 1

 

Tap Mode (Mirrored Span Port) - Figure 2

In this mode, the iBoss Enterprise Web Filter is connected to a mirrored span port on the network switch. Traffic is mirrored to the iBoss and filtering is applied with block pages generated and sent to the computers on the network. This allows you place the iBoss off the network and still filter traffic.

Tap Mode- Fig. 2

 

Inline Proxy Filter - Figure 3

In this mode, requests made by the computers on the network are sent through the iBoss Enterprise Web Filter at which point the request is made by the iBoss on their behalf with filtering applied. This can be done by configuring the proxy settings within the browser through an Active Directory Group Policy Object (GPO) or manually. In this mode, the proxy will analyze web requests. For applications to be analyzed, the iBoss must be placed in-line on the network so that the iBoss can see the network streams. For Web 2.0 streams, the policy for that computer will be applied instead of the Active Directory proxy user.

Inline Proxy Filter- Fig. 3

 

Non-Inline Proxy Filter - Figure 4

In this mode, requests made by the computers are sent to the iBoss Enterprise Web Filter at which point the request is made by the browser through an Active Directory Group Policy Object (GPO) or manually. In this mode, the iBoss Enterprise Web Filter is not in-line and attached to the switch.

Non-Inline Proxy Filter- Fig. 4

 

Multiple iBoss Enterprise Web Filters on Redundant Firewall Paths - Figure 5

Corporations with secondary networks for redundancy can implement one iBoss Enterprise Web Filter in-line behind each firewall path. The filtering settings can be synced between the two for redundancy using the Distributed Filtering Platform (DFP) Clustering (see figure 9 for example).

Multiple iBoss Enterprise Web Filters on Redundant Firewall Paths- Fig. 5

 

Dual-WAN Router Transparent in-line Filter - Figure 6

When using a Dual-WAN Router with two Internet connections, simply implement the iBoss Enterprise Web Filter in-line between the Dual-WAN Router and the switch.

Dual-WAN Router Transparent in-line Filter- Fig. 6

 

Multiple iBoss Web Filters with External Enterprise Reporter - Figure 7

The iBoss Enterprise Web Filters can be implemented deeper within the network to filter portions of the network. This clustered method allows for better performance as it offloads the tasks to multiple units. The filtering settings can be synced between the two for redundancy using the Distributed Filtering Platform (DFP) Clustering (see figure 9 for example).

Multiple iBoss Web Filters with External Enterprise Reporter- Fig. 7

 

Multiple Locations with Filters Synchronized Through Remote Management - Figure 8

Filtering settings between iBoss Enterprise Web Filter devices can be synced with each other using the Remote Management Interface. This allows you to quickly and easily manage multiple locations using the iBoss Enterprise Web Filters.

Multiple Locations with Filters Synchronized Through Remote Management- Fig. 8

 

Distributed Filtering Platform (DFP) Clustering - Figure 9

The iBoss distributed filtering platform (DFP) provides support for the most distributed complex networking topologies. When deployed using the DFP, several iBosses across unsecure Internet connections can be clustered to a central iBoss master. All settings are configured within the master typically located at a datacenter or co-location facility. Settings from the primary master are automatically distributed to members of the cluster over a secure AES encrypted connection using push real-time technology.

It is not necessary for the primary iBoss to be at a central datacenter. Any iBoss in the cluster can be designated a master and central policy configuration point. Although locations may be distributed across the globe, policies can be applied via groups to iBosses that are part of the cluster. This provides a seamless and centralized control of policies as well as consolidated reporting across the enterprise.

Distributed Filtering Platform (DFP) Clustering- Fig. 9

 

Additional Management Interface - Figure 10

An additional management network interface can be added to the iBoss Enterprise Web Filter to allow for configuration of the iBoss settings. This is useful for having the iBoss Enterprise Web Filter on a different subnet than the one that you will be managing the settings from. In this configuration, the two on-board network ports will be filtering traffic for the network and the additional management interface would be connected to the network which you will be able to access the configuration of the iBoss. In this configuration, the management port is added and the two LAN/WAN ports onboard are used for filtering and don't have direct IP access.

Additional Management Interface- Fig. 10

 

Additional Bypass Interface - Figure 11

An additional management network Bypass Fail-Safe interface can be added to allow for a relay to assure Internet connection is always up and running. Even with power loss of the iBoss Enterprise Web Filter, the traffic still passes through the network ports. In this configuration, the bypass interface for the LAN/WAN ports are used for filtering with no direct IP access and the onboard LAN is used as the management port for configuration.

Additional Bypass Interface- Fig. 11
About Us | Customers | Partners | News & Events | Support | Site Map | Privacy Policy | Terms of Use | Contact Us
© 2010 Phantom Technologies Inc. All rights reserved.
All trademarks and registered trademarks on this website are the property of their respective owners.