What is Traffic Inspector and what it is eaten with

Traffic Inspector has long gained popularity among system administrators due to its flexibility, modular architecture, ease of administration, and powerful functions to monitor network activity. Traffic Inspector features such as network protection, Internet traffic monitoring, access statistics, VPN, NAT, proxy server and Active Directory, site blocking and content filtering, intelligent routing and dynamic load balancing have made this solution a key element of network security. in many organizations of small, medium and large businesses.
However, as practice shows, even professional system administrators who have been working for the first time in Traffic Inspector are not aware of all the capabilities of our product. Therefore, in this article we would like to give a complete list of system capabilities and briefly comment on the most interesting ones. We hope that all readers will find here something new - both newcomers who are still eyeing Traffic Inspector and experienced network engineers who actively use Traffic Inspector to manage the company's IT infrastructure.


Internal and external networks
')
• Internal networks in Traffic Inspector are divided into local (for example, intra-office network) or public (for example, home network), and for each network you can configure a unique access policy. Interception of user traffic through other servers on the internal network can be carried out in a special sniffer mode ("wiretapping"), which we will discuss in future articles. As for external networks, Traffic Inspector can work with several external interfaces at once (that is, you can create several simultaneous connections to the Internet), and also correctly separates incoming and outgoing traffic on these interfaces (for example, with satellite connection). If external interfaces are dynamic, Traffic Inspector will automatically select the optimal mode for them.
• Traffic Inspector server can work with several internal interfaces in a local network with arbitrarily complex topology. In particular, the server supports 802.3 (Ethernet), 802.11 (Radio Ethernet), WAN PPP and WAN VPN (PPTP, L2TP).
• There is support for NAT and a RAS server, and RAS (Dial-out), VPN (PPTP, L2TP) and PPPoE connections are supported for NAT, and modem and VPN connections (PPTP, L2TP) can be used for RAS.
• Among the additional functions, it is worth noting the ability of clients to work on a terminal server and native support for the IEEE 802.1Q (Tag based VLAN) protocol, which serves to transmit information about the traffic belonging to a particular virtual network.

User Authorization

• Users can be authorized in Traffic Inspector by IP address and / or MAC address, by IP address range, by name and password (including from different domains), by e-mail addresses (used in an SMTP gateway) or via API (for third-party applications). As an additional parameter of authorization, you can also use a virtual network identifier. A total of 8192 users and 256 groups are supported.
• If the user is not yet authorized (for example, logged on to the network for the first time), the system can automatically redirect him to a special information page of the embedded web server. This is especially convenient for Wi-Fi networks, as well as for connecting new customers in intrahouse networks.
• Traffic Inspector automatically tracks violations of authorization rules. Upon detecting a violation, the system records it in network statistics and a log, and then notifies administrators of the incident by email.
User restrictions
• The duration of user work and the availability of certain network resources can be regulated in several ways: by date, by schedule (for all at once or for specific users or their groups), by access level (using group and general prohibition or permission filters that are applied to network level for any traffic or at the application level for programs running through a proxy server), by client’s IP and / or MAC addresses, by access to services (NAT, routing, proxy server, SOCKS server), and by TCP count Sessions (for both SOCKS traffic and direct traffic)
• The Virus Flood Protect subsystem to protect the network and server from overload. This subsystem analyzes incoming and outgoing user traffic and blocks access if network statistics overflow or if a virus is suspected.
• It is possible to disable the port of the managed equipment using the SNMP protocol using scripts in the event of a client status change.

Billing

• Traffic Inspector supports various traffic accounting options: by incoming volume, outgoing volume, sum of incoming and outgoing volumes or by the maximum volume between incoming and outgoing.
• In Traffic Inspector it is possible to rate the working hours of customers and, if necessary, set the amount of prepaid (free) traffic. Subscription fees can be charged daily or per minute or be provided on credit, and the tariffs themselves can be backdated (each time they are changed, the system automatically recalculates the billing statistics). Additionally, you can enter discounts for cached, mail or any other traffic in accordance with the specified filtering criteria, or set traffic limits for a day, week, month or a special period.
• All tariffication settings can be made individual, group or general, which allows you to simultaneously use multiple tariff plans.
• The current status of the client with all its billing parameters is displayed in real time, and all changes in the status of clients are recorded in the log for further processing and generation of reports (including group ones).

External traffic control

• To account for the total traffic consumed by the provider, there are monitored counters, which are described as IP networks. By setting up several such meters, you can keep separate records of different types of traffic (for example, paid, discounted and free). For monitored counters, limits are set (total and daily), above which an alert from the administrator is generated and / or traffic is blocked. When locks are triggered on external counters, any external application can be launched. Data on external counters can be displayed both in real time and recorded in a log for generating reports.
• For additional analysis of the total consumed traffic, external information counters can also be defined, which can additionally analyze traffic over IP protocol and ports.

Network statistics

• For users and external counters, Traffic Inspector can collect network statistics about IP addresses, protocols, ports and DNS names, and the administrator can configure the analysis interval and the number of active connections. The collected statistics is recorded either in the internal DBMS, which, if necessary, is synchronized with the external database MSSQL 2005, MySQL or PosrgreSQL.
• Current statistics can be displayed in real time and recorded in a log for further analysis and reporting.

Proxy server

• The proxy server built into Traffic Inspector operates using HTTP / 1.1, FTP and SOCKS 4/5 protocols. Authentication can be BASIC (by open password) or integrated through a Windows domain (NTLM v. 1/2).
• The proxy server includes powerful caching features to save traffic and allows you to assign flexible caching options to individual resources. The entire cache is stored in a single DBMS file, and its internal fragmentation is completely excluded. All cache indexes are stored in RAM, which provides high read and write speeds.
• For content filtering, the Traffic Inspector proxy server shares lists with IP filters, but it is also possible to set the content type and analyze the protocol and URL up to contextual search by regular expressions, which allows, for example, to easily “cut” banners .
• There is also support for the HTTP CONNECT method — through this proxy server, any application that supports SSL, FTP or TCP, as well as work through an HTTP tunnel, can work in this mode.
• FTP over HTTP support (GET method) - the proxy server generates HTML pages, allowing you to work with FTP servers in read mode, and automatically switches between active and passive modes for the FTP protocol.
• By default, the proxy server uses pass-through authorization, but if the user is not authorized before logging into the proxy server, authentication through a proxy server or SOCKS is requested.
• Automatic configuration of web browsers according to company standards. The proxy server provides clients with a standard WPAD.DAT JAVA script to configure them, and you can specify LAT (local address table) in this script. In addition, browsers can be forcibly configured using a client agent.
• If necessary, the Traffic Inspector proxy server can block HTTP traffic, as well as redirect HTTP requests to another proxy server.
• The client, for its part, can quickly manage the filtering and caching modes.
• In addition, the proxy server can keep a log of requests processed by it.

SMTP gateway

• The SMTP gateway built into Traffic Inspector publishes outside one internal SMTP server, verifies the validity of domains in senders' addresses, and also prohibits open "forwarding" (relay), which allows using the simplest mail servers within the network.
• Verification of sender hosts using DNS-based RBL services. Multi-threaded implementation allows you to use a large number of services without slowing down. All intermediate SMTP servers can also be checked through RBL.
• The SMTP gateway maintains blacklists of sender hosts, which can be filled out either automatically or manually. Automatic blacklisting of hosts filtered through RBL allows you to significantly save traffic and effectively deal with spam. In addition, there are white lists, including senders, for which message filtering will not be applied.
• For the analysis of filtered mail is a detailed log, as well as a mass mailing for administrators.
• Incoming mail billing is supported for well-known recipients (Traffic Inspector users). In order to save traffic, receiving mail for unknown recipients may be prohibited.
• The integration of Traffic Inspector AntiSpam anti-spam module is supported.

Firewall

• By default, it closes all requests from the outside, while allowing outgoing TCP, UDP and ICM traffic transparently, so service configuration is practically not required.
• Implements dynamic UDP filtering, which allows to correctly distinguish incoming UDP requests from outgoing ones, transparently allowing outgoing UDP traffic.
• Provides dynamic filtering FTP-DATA. An analysis of the FTP commands PORT and PASV and setting temporary permissions in the firewall are performed. This allows you to conveniently work with both the active mode (client) and passive (published server).
• To control the operation of various server applications or other protocols, you can separately define a list of allowing and prohibiting rules.
• Information counters can be used for separate accounting and analysis of filtered incoming traffic (flood analysis, port scanning, etc.).
• To protect the server itself within the network, you can also enable an internal firewall, the functionality of which is similar to an external firewall. The internal firewall supports individual settings for local and public internal networks.
• The possibility of banning unauthorized traffic coming from the server itself.

Shaper

• Shaper works with any traffic passing through the server, including proxy server and SOCKS.
• A shaper can limit the client's individual speed at reception and / or transmission. In addition, the limitation can be dynamic when a total maximum rate for a group is assigned (separately for reception and transmission), and also based on the number of packets if it is necessary to prevent network congestion during a virus outbreak.
• Shaper also allows you to specify in the filters the type of traffic that should be excluded from monitoring, as well as the speed limits for each type (however, these restrictions do not apply to data from the proxy server cache and to the local web server statistics).
• In addition, each type of traffic can be assigned a priority in order to change the order of processing packets in the internal shaper queue and transmit this data with minimal delays.
• A schedule can be assigned to all rules, which allows you to dynamically change the settings of this service depending on the time.

Extended routing

• Using advanced intelligent routing functions, you can configure conditional or unconditional traffic redirection through a specified external interface for a group of users, and you can also set the type of HTTP content when working through a proxy server.
• In addition, it supports redirection of outgoing TCP connections from the client when a third-party proxy server is running on the local network or when the client needs to redirect to another online resource.

Customer agent

A client agent is a special application that is installed on users' computers and allows users to independently perform the following actions:
• View current balance and set up alerts about insufficient funds in your account.
• Toggle content filtering levels to save traffic.
• Switch proxy caching modes to quickly view updatable resources with minimal traffic.
• Quickly enter your personal account using the context menu of the agent.
• Change your password through the agent, if the administrator has not disabled this feature in the Traffic Inspector.
• Use a desktop or online agent version (web agent). The web agent supports all functions of the desktop version and is available on the special page of the Traffic Inspector server.
• Receive alerts from the administrator in real time.

Administration

• Supports remote control using standard DCOM technology. The management console is designed as a MMC snap-in, which makes it easy to integrate it with other administrator tools.
• Access restriction: you can set the group of administrators in the Windows domain or use the built-in password authentication.
• Distribution of access: you can create administrators with limited rights, for example, only to add customers, only to replenish accounts or only to work with a specific group of customers.
• Supports real-time monitoring of client performance and network statistics.
• You can view customer statistics and replenish their accounts in the web interface.
Reports
• In the Traffic Inspector you can create several dozen types of reports on traffic, billing and network statistics. All reports can be imported and saved in various types and formats - both tabular and graphic.
• If necessary, the set of reports can be expanded using the automation interface.

Conclusion

Traffic Inspector is a modern integrated solution for organizing and controlling Internet access. To implement it, you do not need to purchase expensive server hardware or expand the staff of system administrators. Due to its simplicity, flexible charging rules, reliable network protection, effective load balancing, accurate metering and filtering of traffic, this system will not only protect your corporate infrastructure, but also save a lot of effort, money and nerves. Additional information about Traffic Inspector can be found on our official website .