Optimizing the Web Filter and Rocket

After deploying the Rocket and Web Filter to your network, we recommend that you configure both products with these settings for optimal performance.

Web Filter Settings

Authentication

Authentication ensures that users receive their assigned policy and that internet activity is recorded accurately in Web Filter reports. Follow these tips when authenticating Web Filter users :

  • Reduce the number of authentication source exemptions, external domain exemptions, and proxy authentication exemptions.
  • Use the Captive Portal to authenticate users if they are not identified by other means.
  • Review identification source priority and ensure that the priority order matches the authentication sources used in your district.

General

The following Web Filter > General settings should be enabled:

  • Decode SSL Certificates– Ensures that SSL certifcates are decoded and the assigned domain-level policies are applied to non-decrypted sites.
  • Block Proxied Requests– This is an older method for bypassing the Web Filter but should be blocked.
  • Search Controls– Choose On to enable Safe Search for both Google and Bing browsers.
  • Video Filtering– Select one of YouTube’s native (standard) video filtering modes (Off, Moderate, or Strict) or select Lightspeed Systems Smart Play to apply our proprietary video filter to your policy.
  • Secure access pages– Ensures that user crendentials are transmitted securely to the Web Filter.
  • P2P Controls– Block P2P networks so P2P connections are not used to bypass the Web Filter.
  • QUIC Controls– Block QUIC controls to prevent QUIC protocols from bypassing the Web Filter.
  • Filter Bypass Controls– This setting ensures that tools like Psiphon and UltraSurf cannot be used to bypass the Web Filter.
  • P2P/Bypass/QUIC Exemptions– Keep any P2P/Bypass/QUIC exemptions to a minimum.

Inspectors

Always remove inspectors after an investigation is complete. Inspectors create data that is only valuable during an investigation.

Mobile

Disable Mobile bypass to ensure that students cannot use this setting to bypass the Web Filter.

Proxy Server

Enable these Proxy server settings as follows:

  • Authenticate Proxy users. This ensures reporting and policy assignments function correctly.
  • Review your PAC file and ensure that users are receiving proper SSL Decryption.
  • Minimize the number of SSL Decryption exemptions. These are often created to troubleshoot issues but should be removed after the issue is resolved.

Database Categorization

Periodically review your database categorizations as your organization’s local categories often change over time. Lightspeed System’s database is a comprehensive web filtering database that has evolved with the web over time and focuses on education. Our database is maintained by AI (machine) learning as well as human review.

Our support staff can assist you in comparing your local categorization to our master database, but we highly recommend reviewing your database often to ensure your database is current.

Policy Assignments

Review your Policy Assignments (and rulesets) frequently. These Web Filter rules apply the first assignment that matches the web traffic. Heavy use of IP Assignments may not assign user policies for traffic coming from those IP ranges.

Allowed Refreshers

Only set Allowed Refreshers to trusted sites and review these refreshers often.

URL Patterns

Add URL Patterns sparingly. Policy assignments are managed more easily and perform better when handled through database categorizations.

Rocket Settings

Cluster

Review and ensure that all roles assigned to the Rockets within the cluster are correct and their status is in sync.

About

Verify that your license status has not expired.

Software Updates

Periodically check for updates and take advantage of the Rocket’s latest features. We are continually providing Rocket updates to ensure your network is safe for all users. Out-of-date appliances put your network (and it’s users) at risk.

SSL Certificate

We recommend you review your Console and Proxy Certificates. It’s best to use a CA-generated console certificate and review your proxy certificate annually. The Proxy Certificates should match device requirements for your district and BYOD requirements.