GFI WebMonitor 2009: Review and Common Configurations
For those that never heard about GFI WebMonitor; it’s an ISA Server (2004 or 2006) “add-on” that helps you monitor in real time the network traffic inside your organization, it also complements with ISA Server giving you the chance to directly configure white/black lists, set some access rules to the internet and scan all the traffic for virus and malware.
In this post I’ll try to review the functionality, pros and cons, as well as the process of installing and configuring.
GFI WebMonitor 2009 Requirements
I’m evaluating the GFI UnifiedProtection Edition (that combines WebFilter and WebSecurity) in one package.
- Processor: 1.8ghz
- Memory: 2GB RAM
- Hard Disk: 10/15 GB free
Operating System and Software
- Windows Server 2000 SP4 / Windows Server 2003
- ISA Server 2004 SP3 / ISA Server 2006
- Internet Explorer 6 or later
- .Net Framework 2.0
GFI WebMonitor Installation
You can download the trial version for GFI WebMonitor from this link.
The installation process it’s simple, you shouldn’t have any problem with this.
Access Permissions. Here you can set from which of the IP address the GFI web configuration will be accessible. Take note that you can specify the users that can access it.
Mail Settings. Configure it to receive mail notifications about when, for example, a user is trying to infringe a configured policy in WebMonitor.
Testing mail notifications.
Once the installation is complete, two new access rules are configured in your ISA Server Firewall Policy: One to allow access to the WebMonitor tool from a browser, and the other for updates.
GFI WebMonitor Dashboard
You can access the main window from the Program Menu of from your web browser.
Always having a dashboard it’s a good idea, specially with this kind of tool. Making a quick look here you’ll get most of the necessary information that WebMonitor provides: Bandwidth consumed, active connections, blocked content, etc.
Including also a graphical presentation of the data, that, of course, helps you a lot to discover any anomaly.
Within this section you’ll find all of data parsed and sorted in a very user-friendly way. They are pretty much self-explained.
All of this information is sorted also from a calendar, so if you want to take a look from previous dates, just use the “<” “>” buttons from upper right corner.
Active and Past Connections.
Bandwidth Consumption and Distribution.
Top Policy Breakers. Users marked that tried to access or download blocked content. In my case, only IPs are showing but remember this tool is highly integrated with ISA Client and ISA Server authentication that associates traffic with specific users.
If that’s not enough for you, check the charts options for specific URLs:
By default, there are a few sites configured already in the white list.
As an interesting option, you also have a “temporary white list” to allow specific sites for a few hours.
When a black listed site is trying to be browsed, the client will receive this message.
Web Filtering Policies
Here you can create rules and policies for your network traffic. You have a “Default Web Filtering Policy” that allows all contents from all categories; you can modify this one or create a new one for a specific user or IP.
Creating a new policy it’s quite simple and intuitive.
Policy name and schedule.
Categories to be blocked and allowed by the policy.
Applies to (users, groups or IPs).
Notification options when a user intents to access blocked content.
To define a website category a query is run to the WebGrade Database, that also receives updates periodically.
You can also run queries manually to the database and find out the category for a specific site.
Web Security Policies
These policies have the same functionality that the filtering policies, but are defined for file downloads, IM access and virus scanning.
By default, all content is allowed for download.
As an alternative policy to blocked downloads is the “quarantine” option.
IM Control Policies
This an option that is constantly asked and requested by ISA Server administrators, how to block IM on their networks.
Unfortunately, using this tool, you can only block MSN and Live Messenger traffic using HTTP connections.
Virus Scanning Policies
The default files that are scanned: Microsoft Office documents, PDFs, ZIP and RAR, executables and MSI.
Whenever any of these files are downloaded, the client will open the GFI WebMonitor Secure Download window that validates the file it’s not infected.
Download and virus scan completed.
- It is one of the best monitoring tools for bandwidth consumption available in the market. With a nice data parsing as well.
- It represents a great complement for ISA Server access and deny rules.
- Rules and policies are very easy to add and configure.
- Minimum overhead in network connectivity.
- Antivirus Integration: This is probably my favorite feature. Has almost the same functionality than an corporative antivirus solution that controls any suspicious packet in the network.
- Hardware requirements. It is not recommendable to use GFI WebMonitor on a machine with less than 2gb of RAM.
- Even though the data parsing is great, there’s no easy way to export those reports to a document or even a CSV file.
- There are no options available for export/import WebMonitor configurations. It is not possible to replicate the same configuration on another server or make a backup in a simple way.
If you are an IT Administrator that continuously perceive that your network is slow or it does not has the performance that it should, this tool can give you a lot of help. As a bonus, it will simplify configuring access rules and provide you with an excellent protection with 3 antivirus engines scanning packets.
But if you are using a small resources machine as your gateway, don’t bother installing it, it would give you a lot more problems than solutions.
Hope that you find this useful,