• HOME
• PRODUCTS
• CyBlock Proxy
• Filtering
• Reporting
• Technical Specs
• Price Quote
• FAQs
• CyBlock ISA
• Filtering
• Reporting
• Technical Specs
• Price Quote
• FAQs
• CyBlock Appliance
• Filtering
• Reporting
• Technical Specs
• Price Quote
• FAQs
• Cyfin Reporter
• Reporting
• Technical Specs
• Price Quote
• FAQs
• Cyfin Proxy
• Reporting
• Technical Specs
• Price Quote
• FAQs
• PARTNERS
• Resellers
• COMPANY
• Customers
• WaveNews
• Careers
• RESOURCES
• White Papers
• Case Studies
• Press Releases
• Blog
• SUPPORT
• CyBlock Proxy
• FAQs
• Tech Tips
• Forum
• Documentation
• Downloads
• CyBlock ISA
• FAQs
• Tech Tips
• Forum
• Documentation
• Downloads
• CyBlock Appliance
• FAQs
• Tech Tips
• Forum
• Documentation
• Cyfin Reporter
• FAQs
• Tech Tips
• Forum
• Documentation
• Downloads
• Cyfin Proxy
• FAQs
• Tech Tips
• Forum
• Documentation
• Downloads
• CONTACT US

Technical Specs

Web filter plug-in for Microsoft ISA / TMG Server.

Use the links below to find out how CyBlock ISA / TMG Web filter fits into your network.

• Network Configuration
• Array Configuration
• OS Requirements
• Configuration Notes
• Logfile Setup - ISA Server 2004 and 2006
• Logfile Setup - ForeFront TMG
• Logfile Setup (Off-Box)

Network Configuration

CyBlock Web filter is designed to work with ISA Server 2004, ISA Server 2006, and Forefront TMG.  Your CyBlock ISA system can be configured in two ways:  as an on-box solution (required for filtering) and optionally, as an off-box solution (to assume reporting duties).

Below, please examine the diagrams depicting how CyBlock integrates with ISA Server 2004, ISA Server 2006, and Forefront TMG.  Also please view our recommendations for product configuration.  This information is designed to help you have seamless, trouble-free use of CyBlock ISA.

CyBlock ISA installed directly on ISA Server or Forefront TMG ("On-Box")

NOTE:   CyBlock ISA must be installed on your ISA Server to filter Web browsing.

CyBlock ISA / TMG plug-in installs directly on Microsoft ISA or TMG Server, monitoring user activity, filtering access to the Web sites or categories of sites you specify, and generating categorized reports on user activity.

CyBlock ISA installed on an additional server for reporting purposes only ("Off-Box")

CyBlock ISA can also be installed on another machine to handle reporting duties (the machine in the middle of the above diagram depicts this setup).  This is recommended due to the CPU usage required when running reports.  Simply put, it can be beneficial to have CyBlock ISA doing its filtering on your ISA Server, and its reporting functions on another machine. Additionally, you can FTP the ISA Server logfiles to the second machine to help with ease of reporting.

Array Configuration

Install CyBlock ISA / TMG on multiple servers and manage settings from the designated primary console.  This makes for easy administration when managing different locations or a large number of employees.

1. Install CyBlock ISA / TMG on your specified servers.
2. Designate one server as your primary and follow the instructions on the product's Setup - Array screen to get set up properly.
3. Enter settings at the primary console, and add the other servers to its product "array" (not to be confused with an actual Microsoft ISA / TMG Server array, which has no effect on this configuration).
4. Settings and policies you make will be applied to secondary servers.  For more information, check the CyBlock ISA / TMG product manual.

OS Requirements

The supported operating systems for CyBlock ISA / TMG Web filter are shown below. Please click on the links for recommendations and details.

Minimum Requirements

• Processor: 2.0 GHz
• Memory: 1GB RAM
• Hard Disk: 500 MB free disk space

Supported Operating Systems

• Windows Server 2008/2003/2000

Administrative Interface Requirements

• Supported Browsers: The CyBlock ISA interface is fully tested in Internet Explorer 8.0. However, this does not exclude other browsers from being fully functional with our interface, i.e., Internet Explorer Versions 7.0 or higher, Firefox, Chrome, Safari, and Opera.

Configuration Notes (On-Box)

Set Service Account 

1. On your ISA or TMG Server, open Services.
2. Double-click on Microsoft Firewall to display its properties.
3. On the Log On tab, choose Local System Account.
4. Click Apply and Ok to save changes.
5. Restart the Service to put changes into effect.

Configure Integrated Authentication for Outbound Web Requests (Optional, Recommended)

It is recommended that you configure Integrated authentication for the users on your network, as it will provide seamless Internet browsing (e.g., no 'popup' messages requiring a login and password will appear) for Internet Explorer browsers.  To do this, follow these steps: 

1. On your ISA or TMG Server, start the ISA Server Management tool.
2. Expand Server Name, expand Configuration, and then click on Networks.
3. Right-click the network that listens for the outbound Web requests and then click Properties.  For example, to configure authentication for users who are connected to the internal network, right-click Internal, and then click Properties.
4. Click the Web Proxy tab, and then click the Authentication button.
5. Click to select the Basic check box, then click to select the Integrated check box.
6. Click to select the Require all users to authenticate check box.
7. Click OK to save changes and to exit.

Logfile Setup - ISA Server 2004 or 2006

One of the following "logfile types" needs to be configured in CyBlock ISA/TMG in the Logfiles - Setup wizard.

MSDE Database Configuration:

Logfile Type:  Microsoft ISA Server (MSDE database)

Default Directory:  C:\Program Files\Microsoft ISA Server\ISALogs

A few simple steps are required to set up communication between the product and your MSDE database.  These instructions appear after you select "Microsoft ISA Server (MSDE database)" as your logfile type in the product at the Logfiles - Setup screen. 

SQL Database Configuration:

Logfile Type:  Microsoft ISA Server (SQL database)

Default Directory:  (none)

Some configurations are necessary so that the product can access the SQL database and read it.  Follow the onscreen instructions provided when configuring this type of data source in the product (begin with Logfiles - Setup screen).

ISA Server Format Configuration:

Logfile Type:  Microsoft ISA Server (ISA Server Format)

Default Directory:  C:\Program Files\Microsoft ISA Server\ISALogs

NOTE:  ISA Server Format uses local time for data record time stamp.

Configure Web Proxy Logging:

To change Web proxy logging to the standard file type (non-MSDE), here are detailed instructions:

1. On your ISA Server, open the ISA Server Management console and expand the server name.
2. Click on Monitoring node in the left pane of the console.
3. On the Monitoring node, click the Logging tab in the middle pane.
4. Click on the Tasks tab in the right pane.
5. Click the Configure Web Proxy Logging link.
6. Select log storage format File (do not select database).
7. In the format drop down menu select ISA Server file format.
8. Click Apply.
9. Click OK.
10. To save these changes please click Apply on the top of the middle pane.

Extended Format Configuration:

Logfile Type:  Microsoft ISA Server (Extended)

Default Directory:  C:\Program Files\Microsoft ISA Server\ISALogs

NOTE:  ISA Extended format uses GMT time (this is set by the ISA server and is not configurable).

Configure Web Proxy logging:

To change Web proxy logging to the standard file type (non-MSDE), here are detailed instructions:

1. On your ISA Server, open the ISA Server Management console and expand the server name.
2. Click on Monitoring node in the left pane of the console.
3. On the Monitoring node, click the Logging tab in the middle pane.
4. Click on the Tasks tab in the right pane.
5. Click the Configure Web Proxy Logging link.
6. Select log storage format File (do not select database).
7. In the format drop down menu select ISA Server file format.
8. Click Apply.
9. Click OK.
10. To save these changes please click Apply on the top of the middle pane.

Logfile Setup - Forefront TMG

Standard Configuration:

Logfile Type:  Forefront TMG (TMG Format)

Default Directory:  C:\Program Files\Microsoft ISA Server\ISALogs

Alternate Configuration:

Logfile Type:   Forefront TMG (W3C Extended Format)

Default Directory:  C:\Program Files\Microsoft ISA Server\ISALogs

NOTE:  CyBlock ISA can be installed directly on the Forefront TMG or on a stand-alone machine.   Forefront TMG File Format uses local time for data record time stamp.  ISA W3C Extended Log File Format format uses GMT time (this is set by the Forefront TMG and is not configurable).

SQL Server Express Database Configuration:

Logfile Type:  Forefront TMG (SQL Server Express Database)

WARNING:  You will need SQL Server Management Studio to complete the required steps for this logfile selection.  It is not installed by default with TMG, so you must obtain the installation file.  When you have the file saved locally to the machine, install it using these instructions:

• Double-click the .exe file for SQL Server Management Studio to open it.
• In the left pane menu, click on Installation.
• In the right pane, click New SQL Server stand-alone installations or add features to an existing installation.
• Click OK at the first screen ("Setup Support")
• Click Install at the next screen.
• Click Next when installation ends.
• In the right pane, change the selected radio button to Add features to an existing instance of SQL Server
• Use the pulldown to select MSFW
• Click Next.
• In the right pane, under Shared Features, check the box Management Tools - Basic
• Click Next until arrive at the Ready to Install screen.
• Click Install.
• When it completes, click Next.
• Click Close.
• Click the "X" to close out of SQL Server Installation Center dialog box.

Please perform the following steps carefully and in order:

1. Open SQL Server Configuration Manager:
   • Expand SQL Server Network Configuration
   • Highlight Protocols for ISARS, still in the left pane.
   • In the right side pane, right-click TCP/IP and select Properties.
   • Click on IP Address tab, and scroll to bottom of dialog box.
   • Change the TCP Port to 1434.
   • Click Apply.  A dialog box will appear stating you need to restart a service. Click OK.
   • Click OK again to close the dialog box.
   • Minimize (but do not Close!) the SQL Server Configuration Manager, and go to your machine's Services (this will be under Administrative Tools).
   • Restart the SQL Server (ISARS) service.
   • Minimize (but do not Close!) your Services dialog box, and maximize the SQL Server Configuration Manager again.
   • In the left pane, highlight Protocols for MSFW.
   • In the right pane, right-click TCP/IP and select Enable.
   • Next, right-click TCP/IP again and this time select Properties.
   • Click on IP Address tab, and scroll to bottom of dialog box.
   • Clear out the numbers appearing in the TCP Dynamic Ports box, so that it is completely blank.
   • Next, in the TCP Port box type in 1433, so that the TCP Port will now be 1433.
   • Click Apply.  A dialog box will appear stating you need to restart a service. Click OK (we will restart it later in this procedure.)
   • Click OK again to close the dialog box.
   • Close SQL Server Configuration Manager.

   CRITICAL NOTE:  For the remaining steps in the process, you must have SQL Server Management Studio installed.  It is not installed by default with most TMG installs.

2. Open SQL Server Management Studio.  If you don't see it, try typing 'studio' in the Start - Search box. This will either show you where it is or launch the program.
   • Connect to your SQL Server.  Use the following credentials:
     • Server type = Database Engine
     • Server name =  TMG \MSFW
     • Authentication = Windows Authentication
   • Right-click on the top (Server) node, and go into Properties.
   • In the left pane, highlight Security.
   • In the right pane, change the Server Authentication radio button to SQL Server and Windows Authentication mode.
   • Click OK.  You will see a message stating that changes won't take effect until the SQL Server is restarted.  Click OK.
   • In the left pane, expand the Security folder.
   • Right-click the Logins folder, and select New Login.
   • In the right pane, for Login Name type wavecrest. NOTE: This label is very important, the product will expect this exact login name only.
   • Next, change the radio button selection to SQL Server Authentication.
   • Type in this password: password.  NOTE: This label is very important, the product will expect this exact password only.
   • Confirm the password by typing it in again.
   • Uncheck the Enforce password expiration checkbox.
   • Next, in the left pane highlight Server Roles.
   • Check the checkbox for sysadmin.
   • Click OK.
   • Close out of SQL Server Management Studio.
3. Restart Services.  
   • In Administrative Tools - Services, restart:
     • SQL Server (ISARS) service (only if you did not do so earlier.)

     NOTE:  It is important that this one be restarted BEFORE the MSFW service!

     • SQL Server (MSFW) service.

With these steps complete, you will be logging to the SQL Server Express database and connection to it is now possible.  However, the SQL Server Express data does not become immediately available.  After completing the above steps, you will need to wait for a period of one day before proceeding with logfile configuration in your Wavecrest product.

SQL Server Database Configuration:

Logfile Type:  Forefront TMG (SQL Server Database)

NOTE:  It is presumed that you have already set up a SQL database and are logging to it from your TMG Server.  The steps that follow will not work if you have not set that up first. 

If you are successfully logging to a SQL database, please perform the following steps:

1. Allow Open Database Connectivity.  It is important to set up SQL Server to accept ODBC (Open Database Connectivity). On the machine with SQL Server installed on it, complete these steps:
   • Log in to 'SQL Server Managment (Studio)'
   • Expand the server name
   • Expand Security folder
   • Right-click 'Logins' folder and click 'New Login'
   • Enter a new login name (example: wavecrest)
   • Select 'SQL Server Authentication' radio button
   • Type in a password (example: wavecrest)
   • Uncheck 'Enforce Password Policy'
   • Click 'Default db' pulldown, select the database our product will access
   • Click OK to save and exit
2. Create new account for your Wavecrest product to access the SQL Server. You need to set up another account for the product to communicate with your SQL Server database:
   • In 'SQL Server Management (Studio)', expand 'Databases' folder
   • Expand the database that the Wavecrest product will access
   • Expand the Security folder
   • Right-click the Users folder, click 'New User'
   • Type in the same user and login name (example: wavecrest) *we recommend using the same credentials that you created earlier
   • Select dbo as the Default Schema.  Use the browse buttons to find the checkbox for dbo, select it, then click OK to save.
   • For 'Database Role Membership' (bottom section of the page) check the following checkboxes:
     • dbdatareader
     • dbdatawriter
   • Click OK to save and exit
3. Proceed with configuration in your Wavecrest product.

Logfile Setup (Off-Box)

If CyBlock ISA is also installed "off-box" for reporting use, the logfiles need to be transferred to that box or put into a suitable location where CyBlock can read them.  This can be done in a few ways:

• Copy the logfiles to the second CyBlock machine's local drive (this is what we recommend for best network performance).  To automate this process, you can create a script to copy the logs over at a specific time each day.
• FTP the logs over to the second CyBlock machine's local drive.   Again, this process can also be automated with scripts.
• Have the logfiles reside on a network drive.  NOTE:  CyBlock cannot browse the network in its default state.  For this logfile option to be successful, two things must be true: 
  • The network drive must be mounted on the network
  • The CyBlock Service logon account needs to be a domain account with administrative rights

Please see the sections above for information about logfile setup, keeping in mind that the directory path for logfiles might be different in an "off-box" solution.