Web Filter – User Identification & the User Agent

Library > Teacher U
What you’ll learn:
  • How users are identified within the Lightspeed Systems Web Filter
Introduction:

It’s important that users are properly identified in order to ensure that reporting is complete and that users pick up the correct policies. One of the best ways to do this, without the users involvement, is the User Agent.

Let’s Learn!

Types of user resolution

You need to choose a way to do user resolution (one of which is the User Agent) but we also provide other methods of user resolution, including agent-less resolution.

User resolution supplies the Web Filter with the user credentials in order to provide the end user with the proper policy assignment and reporting.

The User Agent is often the most accurate (especially in environments where a single device might have multiple IPs) and the most seamless for the user (avoiding the need for web authentication) method of user resolution. Agent-less user resolution can inaccurately report tracking when a device has multiple or changing IPs (the Rocket only knows the IP that was in use when the user logged in). The one downside to clientside agents is that they need to be installed on every machine; however, we have solutions to streamline that installation.

Here are the four primary methods of User Resolution. These methods can be combined in various ways to create the solution that best fits your school district’s needs. (All of our authentication methods will integrate with the school district’s Active Directory, Open Directory, eDirectory, LDAP or local users database. Multi-directory environments are also fully supported.)

  • Captive Portal/Web Authentication: This agentless authentication works well in all environments. Similar to what you would see at a hotel or WiFi hotspot, with this enabled users are forced to identify themselves prior to accessing the Internet. This will work in all environments with any client device.
    Provide the following links to your users as an easy method for web authentication (Requires Rocket version 2.10.0 or newer):

  • User Agent: This agent installed on Mac laptops provides transparent authentication for these devices. Because this is a client-side agent, it can also provide the Web Filter with IP information for all the interfaces on the device. There are many conditions today where a device may have multiple IP addresses that it will switch between; machines with both wired and wireless conditions or dual stack environments where both IPv4 and IPv6 are in use are a couple of examples. Learn more about User Agents.
  • Domain Controller User Agent: The agent can be installed on Microsoft Active Directory Domain Controllers to supply the Rocket Web Filter with user information when a user logs in our out of the network. Learn more about our DC User Agent.
  • Lightspeed Rocket RADIUS Integration: For environments utilizing user authentication through RADIUS when users connect to the school district WiFi, the Rocket appliance can be set up as an accounting server with the Wireless RADIUS system. This is ideal for BYOD environments where a variety of personally owned devices are connecting. Since these users are already authenticating to the wireless, this information can be transparently shared with the Rocket. Learn more about configuring your Rocket for RADIUS integration.

 

Typically a combination of methods works best. We’re happy to work with you to understand your needs and set up the best method(s) of user resolution for your school.

If you decide to use the User Agent, you can find downloads, installation instructions, and more in the Manual.

Agents

User Agents are one method of user resolution, in which an agent is installed on each device to transparently communicate user information with the Web Filter to deliver appropriate policies. (Learn more about the other methods available here.)

User Agents may be the best method for you if:

  • You want transparent authentication (without the need for users to identify themselves through web authentication)
  • You need to provide the filter with complete IP information for devices with multiple IP addresses
  • You want the most complete and reliable web traffic reporting
  • You have primarily school-owned mobile devices rather than student-owned

Various methods of user resolution can be combined to create the solution that best fits your school district’s needs. (All of our authentication methods will integrate with the school district’s Active Directory, Open Directory, eDirectory, LDAP or local users database. Multi-directory environments are also fully supported.)

User Agents are available for:

All User Agents are available for download here.

Tip: Captive Portal/Web Authentication: This agentless authentication works well in all environments. Similar to what you would see at a hotel or WiFi hotspot, with this enabled users are forced to identify themselves prior to accessing the Internet. This will work in all environments with any client device.

Provide the following links to your users as an easy method for web authentication (Requires Rocket version 2.10.0 or newer):

Required Ports for User Agents

Please refer to the knowledge base article “What ports do I need to open?” for which ports need to be opened.

Learn about the User Agent hardware and software requirements here.

Conclusion:

You should now have a good understanding of how important user resolution is and how the User Agent can help, by transparently identifying the users on your network.

Take the quiz!

You need to be registered and logged in to take this quiz. Log in or Register