The global settings of the LANCOM Content Filter are located in LANconfig under :
- Activate Content Filter
- This is where you can activate the LANCOM Content Filter.
- In case of error
- This is where you can determine what should happen when an error occurs. For example, if the rating server cannot be contacted, this setting either allows the user to surf without restrictions or access to the web is blocked entirely.
- On license exceedance
- This is where you can determine what should happen when the licensed number of users is exceeded. Users are identified by their IP address. The system keeps count of the IP addresses that connect via the LANCOM Content Filter. When the eleventh user establishes a connection with a 10-user license, no further checking is performed by the LANCOM Content Filter. Depending on this setting, the unlicensed user can either surf the web without restrictions, or access to the web is blocked entirely.
-
Note: The users of the content filter are automatically removed from the user list when no connection has been made from the IP address concerned via the content filter for 5 minutes.
- On license expiration
- The license to use the LANCOM Content Filter is valid for a certain period. You will be reminded of the license expiry date 30 days, one week and one day before it actually expires (at the e-mail address configured in LANconfig under ).
- Here you can specify whether web pages should be blocked or allowed through unchecked after expiry of the license. After the license expires, this setting either allows the user to surf the web without restrictions, or access to the web is blocked entirely.
-
Note: In order for the reminder to be sent to the specified e-mail address, you must configure the SMTP account.
- For non-HTTPS traffic over port 443
- Forbidden
- Prevents non-HTTPS traffic over port 443.
- Allowed
- Permits non-HTTPS traffic over port 443
Important: If you permit non-HTTPS connections over port 443, the traffic is not further classified and is open for any connection. By default, non-HTTPS connections over port 443 are not permitted.- Max. proxy connections
- This setting is for the maximum allowable number of simultaneous proxy connections. This limits the load that can be placed on the system. A notification is sent if this number should be exceeded. You can set the type of notification under .
- Proxy processing timeout
- Specifies the maximum time in milliseconds that the proxy can take for processing. A timeout error page is displayed if this time is exceeded.
- Save Content Filter information to flash ROM activated
- If you enable this option, you can additionally save the content filter information to the flash ROM memory of the device.
- Allow wildcard certificates
- With this feature enabled, Web sites with wildcard certificates (consisting of CN entries such as *.mydomain.com) are verified using the main domain (mydomain.com). Verification is evaluated in this sequence:
- Server name check in the "Client Hello" (depends on the browser used)
- Check of the CN in the SSL certificate that you received
- Entries with wildcards are ignored
- If the CN cannot be verified, the field "Alternative Name"is evaluated.
- DNS reverse lookup of the associated IP address and verification of the host name obtained
- If wildcards are included in the certificate, the main domain is checked instead (corresponds to the above function)
- Verification of the IP address
