Version 8 - Release Notes
Posted by Adam Smith on 11 July 2013 02:36 PM
Introduction To CIPAFilter Version 8.0
Designed primarily with the needs of schools and libraries in mind, CIPAFilter is a unified threat management (UTM) solution which combines routing, firewall, access control, VPN, anti-virus, anti-spam, reporting, and Web-filtering into a single managed, low-cost, and easy-to-use product.
The latest revision to the CIPAFilter platform, version 8.0, represents the most ambitious update yet, incorporating enhancements to nearly every aspect of the product and adding several compelling new features, including SSL/HTTPS decryption, Google Apps domain restriction, and a captive portal system.
This document serves as a brief introduction to the new features in CIPAFilter version 8.0.
Interface and Usability
Perhaps the most readily visible improvement for administrators is the updated configuration interface, which incorporates many customer feature requests. These include an updated appearance, table column sorting, drag-and-drop re-ordering, a "quick list" for easier navigation, and several aesthetic improvements. In addition, configuration tables provide comprehensive validation, alerting users when invalid data has been entered and providing suggestions to correct the problem.
On the non-administrative side, almost all user-facing pages (such as the NAC log-in and reject pages) have been updated with a modern-looking, mobile-friendly design. These pages are also designed to be customizable, so that administrators can easily specify their own logos, error messages, and instructions, without having to make code changes as in previous firmware versions.
SSL (HTTPS) Decryption
In recent years, more and more Web sites have begun to use the HTTPS protocol to serve their content. Because of the secure nature of HTTPS connections, filtering access to these sites has traditionally been difficult. To address this problem, CIPAFilter version 8.0 features SSL decryption functionality.
When SSL decryption is enabled, the CIPAFilter intercepts communication between the client (the user's computer) and server (the secure Web site) and "impersonates" each side of theconnection.This allows the CIPAFilter to see inside of the secure tunnel, enabling the same filtering functionality that customers already enjoy with insecure HTTP connections, including anti-virus, inappropriate content detection, and advanced URL matching.
Google Apps Domain Restriction
One additional benefit of SSL decryption is the ability to perform Google Apps domain restriction. This is a frequently requested feature which allows administrators to restrict users from accessing Google properties (such as Gmail) with their personal accounts, while allowing them access with their administrator-provided accounts.
For instance, a school may wish to provide students with a firstname.lastname@example.org account to use with Google's Mail and Drive applications, while preventing them from using their personal email@example.com accounts with the same sites. This is now possible with CIPAFilter's SSL decryption and the Google Apps domain restriction feature. For more information about this functionality, please see Google Apps Help.
Captive Portal System
One of the most popular improvements to CIPAFilter version 8.0 is the new captive portal system. This feature is similar from a user perpsective to a public Wi-Fi hotspot or to the network access control (NAC) functionality provided in previous versions of the product — when the portal is enabled, unauthorized users attempting to access the Internet are directed to a page where they must view the organization's usage policy and/or log in with a user name and password.
This feature is of great benefit to organizations with bring-your-own-device (BYOD) programs, as it allows users to authenticate in an ad-hoc manner from not only PCs and Macs but also nearly any web-enabled mobile device, from iPhones to Android tablets to ChromeBooks.
Live bandwidth reporting
The last major feature introduced in version 8.0 is the live bandwidth reporting system. This feature is an extension of the existing bandwidth reporting system which provides a more modern and accessible way of viewing bandwidth data. In addition to the significant usability enhancements, the new system also allows for viewing of utilization data in real time.
Although the most significant changes are described above, there are numerous miscellaneous enhancements throughout the product. These include greatly improved performance, better security, better documentation, more reliable upgrades, enhanced VMware support, and more.If you have any questions at all about changes to version 8.0 or how the new platformwill work with your configuration, please contact CIPAFilter tech support at 1-800-24DERBY, or by e-mail at firstname.lastname@example.org