How to set up smartphones and PCs. Informational portal

Security Information Portal.

11.04.2019 TVs (Smart TV)

Direct analogue of Traffic Inspector no. Existing programs solve similar problems in particular, so you have to build a solution using several programs at the same time.

Server proxy.

Such a task as traffic accounting, on programs such as Microsoft Proxy Server, Microsoft ISA Server, WinGate, WinRoute and many others, is usually solved by analyzing their log files. This approach has many disadvantages:

For Microsoft ISA Server there is an extension TrafficFilter to limit traffic, but it only works through a proxy server and is quite expensive.

For these programs, the disadvantages should also be noted:

There is one more significant disadvantage, inherent in some programs (for example WinGate, WinRoute and some simple proxy servers) - no "foolproof" protection. Inexperienced user can easily make a mistake in the settings and leave an anonymous proxy, SOCKS or an open mail relay published outside. The result can be gigabytes of wasted traffic and getting the IP address into the "black" lists. The most unpleasant thing is that they may not even record this traffic. At Traffic Inspector this is simply impossible.

NAT.

Many programs have the NAT service, but not all of them have the ability to authorize by user, having a client agent, and also support authorization by MAC address. The lack of authorization by user nullifies the possibility of using this service in real network organizations. In the home network option, the absence of secure authorization by username is also unacceptable, since IP and MAC addresses very easy to fake.

Microsoft ISA Server and Microsoft Proxy Server has its own service - Firewall Client (Winsock proxy), through which most applications can work, but the client part is only for the Windows platform. Also, clients must be in a Windows domain.

All of the above programs (proxy and NAT), as a rule, take into account only their own traffic (passing through their services). Installing other programs that work with the Internet on the server will result in unaccounted traffic. They do not have mechanisms to control traffic directly to external interface- it is impossible to accurately control the real traffic consumed by the provider. The appearance of open relays, anonymous proxies or SOCKS published from the outside can lead to huge traffic consumption that will go unnoticed.

These tasks are often solved by installing additional analyzers, for example, such popular program how TMeter . It not only accurately takes into account traffic on interfaces, maintains network statistics, but also has the ability to block. But this program is bound to IP addresses and therefore cannot be used in cases where authorization by username is used. Besides, it's not free.

Routing.

In the latest versions of our program, it became possible to fully use several connections to the Internet. For operating room Windows systems this is a truly unique solution, given the possibility of flexible configuration depending on various factors. For systems based UNIX this is not a new solution, but it is much more difficult to set up there, as a rule, you have to assemble everything from cubes manually, losing in ease of control.

Under Windows there is a fairly powerful system Rain Connect , which knows how to use multiple channels, but it does only that and is very expensive.

There is also a program NAT32 , but it rather expands the capabilities of standard Windows NAT, and is not a program for monitoring and accounting for connections, and it is also not free.

Log file analyzers.

This category of programs, if available Traffic Inspector absolutely not needed. With it, you can solve the problem of accounting for traffic for other proxy servers, if for some reason its service is not suitable. True, in this case it will be impossible to separately account for traffic from the cache and application filters will not work, but there will be prompt accurate accounting of all traffic and the ability to immediately block users.

Incoming billing Email.

For mail billing for external servers, it boils down to accounting for traffic using the appropriate protocols (SMTP, POP3, IMAP) and does not cause problems. If the mail server is located inside the network, then it can be charged using the mail server tools (for example, by analyzing its logs), or using an SMTP gateway (as implemented in Traffic Inspector).

For Microsoft ISA Server, there are additional paid extensions - SMTP filters that can analyze mail traffic, and also perform spam filtering functions. At the same time, it is possible to solve the problem of blocking mail for non-existent recipients (which is especially important for Microsoft Exchange Server), but here you have to maintain separate lists of addresses, which is inconvenient for administration.

billing systems.

The task of accounting for traffic can also be solved by specialized billing systems. To collect traffic, they use:

Everything specialized systems billing, as a rule, cannot charge traffic separately from the cache of the proxy server. There are also difficulties taking into account mail traffic for internal servers. AND main disadvantage such systems under Windows - they are all paid and quite expensive.

Personal mode.

Such a specific task as accounting for the work of several users on a single computer connected to the Internet cannot be reliably solved by other programs. Using a local proxy will not work, as the user can easily disable the use of a proxy server and work directly. Using parsers with type locking TMeter also not suitable, as they consider only general traffic and do not allow it to be calculated individually for the user.

The main features of the Traffic Inspector system were considered, including a proxy server, SMTP gateway, billing rules, network protection, load balancing, as well as traffic accounting and filtering. Now we would like to compare the functionality of Traffic Inspector with the capabilities of similar integrated solutions for IT infrastructure management.

In spite of a large number of very high-quality proxy servers (for example, Handycache) and traffic accounting systems (such as BWMeter and Internet Access Monitor), most of them are, in fact, highly specialized products and, as a rule, solve one or two tasks. Meanwhile, there are not so many truly integrated solutions that can be completely entrusted with managing network activity. The most famous of them (besides Traffic Inspector) are Kerio Control, Lan2net, UserGate and Microsoft ForeFront TMG, the development and sale of which, unfortunately, was discontinued in 2012. We will talk about them.

Kerio Control

Kerio Control (formerly WinRoute Firewall) is complete solution in the field of security, combining several functions - including inter firewall(firewall) and router, intrusion detection and prevention system (IPS), antivirus, VPN and content filter. The main feature of Kerio Control is the presence of an intrusion detection and prevention system (IDS / IPS), based on the industry standard Snort. The system classifies and stops attacks on servers, applications and infrastructure components.
Simultaneous IPv4 and IPv6 support, connection tracing (SPI), connection limit, anti-spoofing, protocol inspection, traffic policy wizard, DHCP server, DNS relay, IP blacklist, history analysis network activity, a large number of highly customizable reports, email alerts, user authentication via Kerberos/Active Directory/Open Directory/proxy/NTLM, full support VPN and NAT, P2P network blocker, integrated Sophos antivirus, load balancing and QoS, traffic shaper, powerful administration functions, support for 15 interface languages.
In addition, the product is ICSA certified in the "corporate firewall" category.
Summary: a very powerful and flexible all-in-one solution from one of the leading companies in the field. There is probably only one drawback - high price. Server license for 5 users (including 1 year of technical support) will cost almost 14 thousand rubles, while the same license for Traffic Inspector costs 5900 rubles.

Lan2net

The Lan2net product has been developed by NetSib LLC since 2004 and is a software firewall for organizing secure access to the Internet, traffic control and counting, network protection. The solution has the following features:

Built-in NAT to connect the local network to the Internet and quickly process network traffic.
DNS Forwarder feature that allows you to quickly centralized configuration network settings, as well as adjust its operation imperceptibly for users.
DHCP server for automatic allocation of IP addresses, which makes it easier to deploy an enterprise LAN.
Redirecting connections to the specified port and/or IP address to provide access to local network resources from the Internet.
Monitoring information transmitted from the local network of the enterprise via the Internet (e-mail, Mail.Ru Agent, social media, ICQ). All POST requests, chat history, sent files, emails including attachments.
Blocking access to sites on the Internet by URLs.
Traffic count.
Rate limit for a group of computers or users with a uniform distribution bandwidth channel between group members.
Connection monitoring in real time.
A system for collecting statistics based on a built-in web server and reporting.
Summary: A good and inexpensive system for small and medium businesses. However, it lacks some of the features required large companies with complex IT infrastructure, for example, full support for VPN and SIP, FSTEC certificate of compliance, client agent, and a number of others, and the built-in NAT is still slower than the reference NAT from Microsoft.

usergate

UserGate is a comprehensive solution for connecting users to the Internet, which provides full-fledged traffic accounting, access control and provides built-in network protection tools. UserGate allows you to charge users' access to the Internet, both by traffic and by network time. The administrator can add various tariff plans, dynamically switch tariffs and regulate access to Internet resources. built-in firewall And antivirus module allow you to protect the UserGate server and check the traffic passing through it for malicious code.
UserGate consists of several parts: server, administration console (UserGate Administrator) and several additional modules.
The UserGate server provides access to the Internet, performs traffic counting, maintains statistics on user activity on the network, and performs many other tasks.
The UserGate Administration Console is a program designed to manage the UserGate server. The UserGate Administration Console communicates with server part over a special protocol over TCP / IP, which allows you to perform remote server administration.
In addition, UserGate includes four additional modules: "UserGate Statistics", "Web Statistics", "UserGate Authorization Client" and the "Application Control" module.
Summary: A good solution with a flexible modular architecture, but to provide the same functionality as Traffic Inspector, you need to purchase at least four additional modules, which in the end will cost much more than a single Traffic Inspector license. However, for small and medium-sized companies that do not need advanced functionality, this solution is one of the best on the market.

Microsoft Forefront Threat Management Gateway (TMG)

Microsoft Forefront Threat Management Gateway (TMG) allows employees to securely and efficiently use the Internet for work while protecting them from malware and other threats. It provides access to multiple layers of constantly updated protections, including URL filtering, malware detection, intrusion prevention, application and network firewall, and HTTP/HTTPS inspection, all integrated into a single, easy-to-manage gateway. The product has the following features:

Support for 64-bit architecture.
IPv6 support: Web Access Policy: this is the so-called "configuration node", which contains all the settings for the web proxy service, parameters for user access to Internet resources via HTTP, HTTPS, FTP-over-HTTP (tunneled FTP), as well as configuration settings of the module for checking user traffic for malicious code (Malware Inspection).

Malware Content Inspection module for checking web traffic for malicious code. Allows you to inspect HTTP traffic, tunneled FTP traffic from web proxy clients, and outbound HTTPS connection traffic.
Subsystem Network Inspection System for intrusion detection at the network level.

Support for the SIP protocol, as well as the VoIP (Voice over IP) NAT Traversal function, which allows this type of traffic to pass through gateways with a translation service network addresses(NAT).
Support for the SSTP (Secure Socket Tunneling Protocol) protocol, which allows VPN session traffic to be tunneled inside the regular HTTP protocol within an SSL session. This mechanism allows you to easily establish VPN connections regardless of the configuration of the firewall, web proxy server, or network address translation service.
HTTPS Inspection: Inspects HTTP/HTTPS traffic for viruses and spyware, and analyzes web content against corporate policies (resource filtering based on classification). ISP Link Redundancy Function: Support for multiple internet channels. ISP Link Redundancy allows you to organize a fault-tolerant connection to the Internet through two ISP channels at once.
Enhanced NAT function: 1-to-1 NAT address translation capability.

Email Protection feature: Ability to integrate with the Microsoft role Exchange Server 2007 Edge Transport Server postal system Microsoft Exchange Server 2007 to protect e-mail from malware and spam at the network perimeter level. The Forefront TMG management console has everything you need to configure this functionality.
Summary: a very powerful and fundamental system from the giant of the IT industry. However, there are a number of disadvantages (where would we be without them): you can install it only on the OS Microsoft Windows Server 2008 x64, no support for advanced routing, billing, and content filtering, and complex scheme licensing, deployment and updates. But this is not so bad: in 2012, Microsoft officially stopped the development and sale of this solution, and mainstream support will end in April 2015, so bet on this system very risky.

Why is Traffic Inspector good?

The Traffic Inspector system is a comprehensive product with a wide range of functionality and eliminates many of the shortcomings inherent in similar solutions:

Certified billing. The Traffic Inspector billing system has a communication compliance certificate, which guarantees exceptional accuracy of calculations (up to a byte). The program calculates traffic for each user, and you yourself determine the unit of account, limits, credits, blocking, filters and schedules. It is possible to take into account service headers of communication packets, service TCP traffic, headers of Ethernet packets.
Expandability. Integration of new functionality by connecting expansion modules
Advanced routing capabilities. The Advanced Routing routing control system allows you to direct traffic to different channels access, including satellite. Up to 32 external network interfaces are supported.
The presence of its own API, which allows you to access the Traffic Inspector functionality from external scripts and programs.
The presence of a certificate of the Federal Service for Technical and Export Control (FSTEC), which is a mandatory requirement for the implementation of the product in government agencies, therefore Traffic Inspector is used in the Russian Emergencies Ministry for the Volgograd Region, the State Space Research and Production Center named after M.V. Khrunichev and a number of other state institutions.
The implementation of NAT from Microsoft is used, which has the most high performance in your class.
Affordable price: the minimum license for 5 accounts costs only 4900 rubles.

There is a Traffic Inspector and not so obvious benefits over competitors, for example:

Many similar products incorrectly count traffic when working through a proxy server. Proxy servers do not take into account packet headers and service TCP traffic, which leads to an underestimation of the result by 5-15%. Traffic Inspector correctly takes into account traffic in all cases, including when working through its proxy server, SOCKS and SMTP gateway.
When caching HTTP content, it's often hard to pick up optimal parameters cache work. The desire to save traffic as much as possible leads to problems viewing rapidly updated resources. Implemented in Traffic Inspector unique opportunity, which allows users to independently switch the cache mode. Thanks to the unique algorithm of work, the use of the cache in Traffic Inspector is on average 25-35% more efficient.

In general, we can safely say that in terms of price / quality ratio, Traffic Inspector is one of the market leaders in corporate management systems. information infrastructure And network security. Well, the final choice still remains with CIOs and ordinary users.

The main features of the Traffic Inspector system were considered, including a proxy server, SMTP gateway, billing rules, network protection, load balancing, as well as traffic accounting and filtering. Now we would like to compare the functionality of Traffic Inspector with the capabilities of similar integrated solutions for IT infrastructure management.

Despite the large number of very high-quality proxy servers (for example, Handycache) and traffic accounting systems (such as BWMeter and Internet Access Monitor), most of them are, in fact, highly specialized products and, as a rule, solve one or two tasks. Meanwhile, there are not so many truly integrated solutions that can be completely entrusted with managing network activity. The most famous of them (besides Traffic Inspector) are Kerio Control, Lan2net, UserGate and Microsoft ForeFront TMG, the development and sale of which, unfortunately, was discontinued in 2012. We will talk about them.

Kerio Control

Kerio Control (formerly WinRoute Firewall) is a comprehensive security solution that combines multiple functions, including firewall and router, intrusion detection and prevention system (IPS), antivirus, VPN, and content filter. The main feature of Kerio Control is the presence of an intrusion detection and prevention system (IDS / IPS), based on the industry standard Snort. The system classifies and stops attacks on servers, applications and infrastructure components.
Simultaneous support for IPv4 and IPv6, connection tracking (SPI), connection limit, anti-spoofing, protocol inspection, traffic policy wizard, DHCP server, DNS relay, IP address blacklisting, network activity history analysis, a large number of highly customizable reports, warnings by Email, user authentication via Kerberos/Active Directory/Open Directory/proxy/NTLM, full VPN and NAT support, P2P network blocker, integrated Sophos antivirus, load balancing and QoS, traffic shaper, powerful administration functions, support for 15 interface languages.
In addition, the product is ICSA certified in the "corporate firewall" category.
Summary: a very powerful and flexible all-in-one solution from one of the leading companies in the field. There is probably only one drawback - the high price. A server license for 5 users (including 1 year of technical support) will cost almost 14 thousand rubles, while the same license for Traffic Inspector costs 5900 rubles.

Lan2net

The Lan2net product has been developed by NetSib LLC since 2004 and is a software firewall for organizing secure Internet access, monitoring and counting traffic, and protecting the network. The solution has the following features:

Built-in NAT to connect the local network to the Internet and quickly process network traffic.
DNS Forwarder function, which allows you to quickly centrally configure network settings, as well as adjust its work imperceptibly for users.
DHCP server for automatic allocation of IP addresses, which makes it easier to deploy an enterprise LAN.
Redirecting connections to the specified port and/or IP address to provide access to local network resources from the Internet.
Tracking information transmitted from the local network of the enterprise via the Internet (e-mail, Mail.Ru Agent, social networks, ICQ). All POST requests, correspondence history, sent files, emails, including attachments are saved.
Blocking access to sites on the Internet by URLs.
Traffic count.
Rate limit for a group of computers or users with a uniform distribution of the channel bandwidth among the members of the group.
Connection monitoring in real time.
A system for collecting statistics based on a built-in web server and reporting.
Summary: A good and inexpensive system for small and medium businesses. However, it lacks some features that large companies with complex IT infrastructure need, such as full VPN and SIP support, FSTEC certificate of compliance, client agent, and several others, and built-in NAT is still slower than Microsoft's reference NAT.

usergate

UserGate is a comprehensive solution for connecting users to the Internet, which provides full-fledged traffic accounting, access control and provides built-in network protection tools. UserGate allows you to charge users' access to the Internet, both by traffic and by network time. The administrator can add various tariff plans, perform dynamic tariff switching and regulate access to Internet resources. The built-in firewall and anti-virus module allow you to protect the UserGate server and check the traffic passing through it for malicious code.
UserGate consists of several parts: server, administration console (UserGate Administrator) and several additional modules.
The UserGate server provides access to the Internet, counts traffic, maintains statistics on user activity on the network, and performs many other tasks.
The UserGate Administration Console is a program designed to manage the UserGate server. The UserGate administration console communicates with the server part using a special protocol over TCP/IP, which allows remote administration of the server.
In addition, UserGate includes four additional modules: "UserGate Statistics", "Web Statistics", "UserGate Authorization Client" and the "Application Control" module.
Summary: A good solution with a flexible modular architecture, but to provide the same functionality as Traffic Inspector, you need to purchase at least four additional modules, which in the end will cost much more than a single Traffic Inspector license. However, for small and medium-sized companies that do not need advanced functionality, this solution is one of the best on the market.

Microsoft Forefront Threat Management Gateway (TMG)

Microsoft Forefront Threat Management Gateway (TMG) enables employees to securely and efficiently use the Internet for work while protecting them from malware and other threats. It provides access to multiple layers of constantly updated protections, including URL filtering, malware detection, intrusion prevention, application and network firewall, and HTTP/HTTPS inspection, all integrated into a single, easy-to-manage gateway. The product has the following features:

Support for 64-bit architecture.
IPv6 support: Web Access Policy: this is the so-called "configuration node", which contains all the settings for the web proxy service, parameters for user access to Internet resources via HTTP, HTTPS, FTP-over-HTTP (tunneled FTP), as well as configuration settings of the module for checking user traffic for malicious code (Malware Inspection).

Malware Content Inspection module for checking web traffic for malicious code. Allows you to inspect HTTP traffic, tunneled FTP traffic from web proxy clients, and outbound HTTPS connection traffic.
Subsystem Network Inspection System for intrusion detection at the network level.

Support for the SIP protocol, as well as the VoIP (Voice over IP) NAT Traversal function, which allows this type of traffic to pass through gateways with the Network Address Translation (NAT) service.
Support for the SSTP (Secure Socket Tunneling Protocol) protocol, which allows VPN session traffic to be tunneled inside the regular HTTP protocol within an SSL session. This mechanism allows you to easily establish VPN connections regardless of the configuration of the firewall, web proxy server, or network address translation service.
HTTPS Inspection: Inspects HTTP/HTTPS traffic for viruses and spyware, and analyzes web content against corporate policies (resource filtering based on classification). ISP Link Redundancy Function: Support for multiple internet channels. ISP Link Redundancy allows you to organize a fault-tolerant connection to the Internet through two ISP channels at once.
Enhanced NAT function: 1-to-1 NAT address translation capability.

Email Protection Feature: Ability to integrate with the Microsoft Exchange Server 2007 Edge Transport Server mail role Microsoft systems Exchange Server 2007 to protect e-mail from malware and spam at the network perimeter level. The Forefront TMG management console has everything you need to configure this functionality.
Summary: a very powerful and fundamental system from the giant of the IT industry. However, there are a number of disadvantages (where without them): you can install it only on Microsoft OS Windows Server 2008 x64, no support for advanced routing, billing, and content filtering, and complex licensing, deployment, and upgrades. But this is not so bad: in 2012, Microsoft officially stopped the development and sale of this solution, and the main support will end in April 2015, so betting on this system is very risky.

Why is Traffic Inspector good?

The Traffic Inspector system is a complex product that has a wide range of functionality and eliminates many of the disadvantages inherent in similar solutions:

Certified billing. The Traffic Inspector billing system has a communication compliance certificate, which guarantees exceptional accuracy of calculations (up to a byte). The program calculates traffic for each user, and you yourself determine the unit of account, limits, credits, blocking, filters and schedules. It is possible to take into account service headers of communication packets, service TCP traffic, headers of Ethernet packets.
Expandability. Integration of new functionality by connecting expansion modules
Advanced routing capabilities. The Advanced Routing routing control system allows you to direct traffic to different access channels, including a satellite. Up to 32 external network interfaces are supported.
The presence of its own API, which allows you to access the Traffic Inspector functionality from external scripts and programs.
The presence of a certificate of the Federal Service for Technical and Export Control (FSTEC), which is a mandatory requirement for the implementation of the product in government agencies, therefore Traffic Inspector is used in the Russian Emergencies Ministry for the Volgograd Region, the State Space Research and Production Center named after M.V. Khrunichev and a number of other state institutions.
Uses Microsoft's implementation of NAT, which has the highest performance in its class.
Affordable price: the minimum license for 5 accounts costs only 5900 rubles.

Traffic Inspector also has not so obvious advantages over its competitors, for example:

Many similar products incorrectly count traffic when working through a proxy server. Proxy servers do not take into account packet headers and service TCP traffic, which leads to an underestimation of the result by 5-15%. Traffic Inspector correctly takes into account traffic in all cases, including when working through its proxy server, SOCKS and SMTP gateway.
When caching HTTP content, it is often difficult to find the optimal settings for the cache. The desire to save traffic as much as possible leads to problems viewing rapidly updated resources. Traffic Inspector has a unique feature that allows users to independently switch the cache operation mode. Thanks to the unique algorithm of work, the use of the cache in Traffic Inspector is on average 25-35% more efficient.

In general, we can safely say that in terms of price / quality ratio, Traffic Inspector is one of the market leaders in corporate information infrastructure management systems and network security. Well, the final choice still remains with CIOs and ordinary users.

MIKHAIL ABRAMZON, IT expert. Author of more than 500 publications in Russian editions on computer topics

Network Inspectors
Windows in the office. What could be easier? *

Whatever new operating systems appear, whatever attempts are made to switch to free systems Linux type, most computers (according to the latest data, more than 90%) run Windows. Simple, familiar, uniform. Therefore, application programs are preferable - those that work on this OS

This also applies to programs for managing Internet access. Such a solution for Windows families and is a certified Traffic Inspector software product or its hardware counterpart - the AquaInspector Internet gateway.

Integrated solution for organizing Internet access

Traffic Inspector solves a set of tasks: support for multiple access channels; download management; protection from external attacks, viruses and spam; traffic usage control; reducing traffic by blocking ads, restricting access to resources. An additional advantage over foreign analogues is the presence of a certified billing system, the completion of work on certification of the product through the FSTEC as a means of protecting information (firewalls) and the absence of undeclared capabilities.

Traffic Inspector - modular solution

Traffic Inspector can be considered a modular solution. Although it includes implementations of a wide variety of tasks, they can also be applied separately. In particular, the program can be used as a traffic monitoring and accounting system for other gateway solutions.

Traffic Inspector includes: transparent proxy server; NAT management through ICS and RRAS; firewall; billing with flexible billing; rules and limits for users; system of dynamic limitation of speeds and sessions; blocking due to excessive network activity; traffic redirection and prioritization; integration with AD; secure authorization; statistics web server; remote access; reports. This kit allows you to solve most of the tasks of organizing public access in Internet. But the capabilities of the product do not end there, since additional modules can also be connected.

To protect against viruses and other malware, you can connect up to two antivirus solutions - Kaspersky Gate Antivirus and Panda Gate Antivirus. To protect against spam, you can use Traffic Inspector AntiSpam, a self-learning server tool. The module integrates into the Traffic Inspector mail gateway and analyzes all messages coming to the internal mail server.

Monitoring instant messaging services is implemented through a separate solution Message Inspector, which can be configured for joint work. This local proxy server for messaging protocol with analysis functions transmitted information, collecting statistics and managing communication rules.

There is protection from intrusive advertising. To do this, you can use the Adguard module. It integrates with the Traffic Inspector program and analyzes incoming traffic, removing ads and pop-ups from loaded web pages. Unlike custom programs for this purpose, the module runs on the gateway and clears all web traffic. Additional advantage– the removal of banners and other advertising elements of web pages does not depend on the browser or OS of the user's computer.

The new version of Traffic Inspector has been supplemented with the NDIS6 driver for Windows 7 and 2008 R2. The driver is optimized to work with big amount users and torrent networks. The program has convenient sets of rules for managing user traffic and a module for updating dynamic IP addresses in a public DNS server.

Thus, taking into account the additional modules, Traffic Inspector solves almost all the tasks that are necessary when organizing the general access of employees to the Internet.

Installing the program in five minutes

The installation only requires the administrator to have the knowledge necessary to manage a LAN that uses the Windows operating system. Initial setup The program is executed using a special configuration wizard. We indicate the operation option - a network or external gateway ("listening" mode), select the type of routing (using NAT or manually configured), define additional settings and services used, set internal and external networks, network interfaces, DNS mode.

On this basic setup programs completed. All that remains is to add users by specifying their name, authorization method and access parameters (when using Active Directory, user information will be imported automatically). Separately, it is worth noting the possibility of authorization through a client agent - small program, where the user can see his balance, as well as independently switch personal modes caching and filtering without distracting the administrator.

Group access rules − best option settings

Let's start fine-tuning the program by creating groups (or inheriting them from AD) and distributing users among them. The principle by which groups are formed will depend on the structure of the organization or on functional responsibilities. For a group, you can set access times, category filters, traffic limits, speed limits, redirect rules, etc., in general, everything you need to manage users.

An even simpler option for including the Traffic Inspector program in the organization's network is to use the AquaInspector complex. This Internet gateway is based on Aquarius equipment and software solution traffic inspector. The complex comes fully configured, just connect it to the network and specify the users or computers that are allowed to access the Internet.

The results of saving both traffic and working time of employees will be immediately visible and can be calculated using a calculator (http://crisis.smart-soft.ru). Thus, it is possible to prove to the management that the costs of Traffic Inspector pay off within the first month of its use. And the result is obvious - a reduction in traffic costs, an increase in employee productivity and, as a result, an increased profit of the organization, which can be spent on bonuses for system administrator, at least partially.

Appendix

We have been using the program for a long time to limit the amount of information downloaded from the Internet. Flexibility, accuracy, ease of administration, intuitive interface, integration with AD, the ability to change the cost of traffic to various resources - this is far from full list positive aspects of this development.

IT department of Yugtransgaz LLC,
subsidiary of OAO Gazprom

Traffic Inspector is very useful for companies in the northern regions of the Russian Federation and Siberia, where the cost of Internet traffic is currently very high. In 2010, the airline's expenses on the Internet amounted to about 2.5 million rubles, and without the use of Traffic Inspector, they would have approached 3.5 million rubles.

Pavel Udod, 1st Deputy CEO
OJSC Yakutia Airlines

A stunningly flexible, simple and understandable program with its interface. Works with isa, which is great! I use all the features of the program, I will list only a few, because. the list is huge: traffic limit per day, division into groups, auto-adding users by cards, viewing statistics of any user, antivirus check ftp & http content, the ability of an unauthorized user to access the city backbone (preferential and free networks) and much more. And if there are problems and difficulties, the support always helps!

System administrator, CJSC "Spetsavtomatika"

Traffic Inspector - great program. Thank you for a quality and reliable product!

System Administrator of the Moscow Taganka Theater

A wonderful program that perfectly meets the requirements of our enterprise in the field of separation of rights and traffic accounting. Easy, convenient, very inexpensive, lots of settings for any requirements, excellent traffic calculation and informative reports.

OOO Yugmetallsnab-Holding


In contact with

The company "Smart-Soft" in its activities is not limited to the development of exclusively commercial (paid) software products. The maximum satisfaction of the needs of users (regardless of their status) is our main task. The program has already gained wide popularity among commercial and industrial organizations with extensive internal multi-user networks.

Meanwhile, the Internet is actively used by an increasing number of individual households, and there are many who use the Internet working only on one computer. Therefore, it would be at least unfair to deprive these and other categories of users of the advantages and benefits that Traffic Inspector provides. In connection With the foregoing, Smart-Soft has developed a special version of Traffic Inspector - Personal Edition, designed for those who work on a single computer connected to the Internet. The program is free, has no restrictions, while almost all the features of the main version of Traffic Inspector are available . It will allow you to solve a lot of problems that arise when working with the Internet, for example:

  • provide a personal accounting of work with the Internet for several computer users. As in network version, each user will have a separate account and you can impose restrictions on his work
  • provide access control - by resources, work time, etc. This can be especially important for families where children and teenagers have Internet access. With the help of Traffic Inspector, you can easily solve the age-old dilemma of restricting access to unwanted resources and the emergence of Internet addiction
  • save traffic due to the shared cache of the built-in proxy server
  • provide effective network protection
  • provide detailed network statistics on Internet connection usage
  • set up flexible filtering of banners, pictures, multimedia files with the ability to quickly switch these filters during operation to save traffic. Despite its full availability, the Personal Edition has components that are completely identical Pro versions, thereby guaranteeing high quality, reliability, simplicity and versatility of the traffic accounting program - Traffic Inspector.

Traffic Inspector Lite (for testing and home use)

The server part of the Traffic Inspector program is implemented only under Windows platform(2000/XP/2003/Vista), clients can use any operating system - there are no restrictions. The system is easy to install, configure and manage, there are tools remote administration. Not required to set up the program. special knowledge and qualifications - a specialist who is able to install Windows, set up a network and connect to the Internet will set up this program without any problems.

In Traffic Inspector, we tried to implement in one product at least most of the tasks that arise when connecting to the Internet via a dedicated channel. These tasks can be divided as follows:

  • Provide access to the Internet from the internal network.
  • Authorization and differentiation of user access.
  • Billing - billing users, counting traffic and blocking access in case of overspending.
  • Provide users with the means to save traffic and give them the opportunity to independently control their work on the Internet.
  • Network protection (Firewall) - close the access server and the internal network from unauthorized access from the outside.
  • Detailed analysis of network traffic consumed by the provider.
  • Dynamic speed limit for users or their groups.
  • Advanced Routing (Policy Routing or Source Routing) - the ability to flexibly configure redirects different users and types of traffic to different access channels.
  • Disconnecting users from the Internet when infected with network viruses.

There are many programs that solve these problems in particular (see overview). But there is no analogue that would do all this in one package - one program is indispensable here and all this has to be assembled on the basis of various programs. The cost of the solution increases, the task of configuration and administration becomes much more complicated. It is also significant that by combining different services in one package, it has become possible to easily implement some things that would otherwise be extremely difficult to do.

Traffic Inspector Lite+ (for beginner home networks and individuals)

Inexpensive solution for Windows base 2000/XP/2003 for non-profit organizations and start-up home networks, combining the many features of Traffic Inspector and affordable pricing for individuals. This version will help you test your strength in providing Internet access services without ruinous expenses. If successful, you can always switch to another version by paying the difference in price.

  • One internal interface, that is internal networks can only be connected to one network device. Quantity external connections to the Internet is not limited, there may be several providers through different devices.
  • There is no support for domains and Windows authentication. This means that users will not be able to use login authentication. Windows records or domain accounts.
  • There is no SMTP gateway (mail billing on the internal mail server).
    Cannot be used as certified billing, the form is not sent. To receive all documents, you need to upgrade to the HomeNet or PRO version by paying the difference in price.
  • Registration of the program is carried out only on individual according to the contract-offer, paper documents are not sent.

Traffic Inspector HOME NET (for providers, home networks, computer clubs and Internet cafes)

A comprehensive certified solution based on Windows 2000/XP/2003 for providing Internet access services that does not require an expensive network equipment, which provides settlements with clients, flexible billing, detailed editable web statistics, as well as two-way server protection, channel load distribution and convenient system control.

  • Availability, accuracy and analysis. The billing system does not require the use of special network equipment, it is enough to install the program on a gateway server that connects providers and your customers' networks. Accounting for all types of traffic on the network interfaces of the gateway is made with high precision, the possibility of detailed analysis and viewing of network statistics.
  • Traffic accounting and billing. A separate account for each client, flexible billing settings in any type of currency, prepaid traffic, subscription fee, blocking by balance, the ability to set a loan. The billing parameters settings are so universal that you can set the change in the cost of traffic depending on the time, the access channel used, the type of traffic, and many other parameters.
  • Efficient work with multiple connections. Maybe full use various channels access, including satellite, while the flexibility of settings allows many options: divide user groups into channels, distribute the load depending on time, change billing depending on the channel used.
  • Channel division. The program supports dynamic channel width control (shaper), which allows you to set the speed limit for clients and their groups, as well as specify priority traffic.
  • Protection against external and internal attacks. A simple but reliable firewall completely closes the gateway server from attacks from the outside, as well as from hacking attempts from the inside.
  • Network flood protection. To prevent uncontrolled consumption of traffic by clients when infected with network viruses, you can configure a blocking system, in which case, when a flood is generated, the client will be disconnected from Internet access, and the administrator will receive a notification.
  • Web statistics. The client can independently view his balance, traffic statistics, as well as detailed network statistics on the use of his connection. The web statistics server uses templates and editable scripts, which makes it possible to completely change it appearance and displayed information.
  • Card payment system. The web server of the program can be extended to use prepaid cards. In this case, customers will be able to replenish their balance by entering prepaid card codes, and the web statistics will also show additional opportunity tariff changes and alternative authorization.
  • proxy server. The program's built-in proxy server can be used to save traffic and block banners and unwanted resources controlled by clients, it supports cascading and forced redirection of requests.

The billing system is certified. The program has a certificate of conformity in the field of communications, which is necessary for the provision of paid telematic services. A compliance form is sent along with the documents.
Version features: No support for domains and Windows authentication. This means that users will not be able to log in using domain accounts, but all other methods (login, IP, MAC, VPN) are fully available.
Use is allowed only for the purpose of providing telematic communication services.

Traffic Inspector Pro (for organizations)

A unique comprehensive solution based on Windows 2000/XP/2003 for connecting an organization's network to Internet access, providing reliable network protection, accurate accounting and connection usage statistics for each user, as well as effective savings in traffic and working time due to caching and managed blocking of banners and unwanted resources.

  • Cost savings. The program offers a number of tools to minimize Internet costs: managed caching of visited resources, blocking ads and unnecessary information, constant display of allocated and spent funds to the user, the possibility of group restrictions, detailed statistics and traffic control for each user with the possibility of automatic blocking for overspending.
  • Double level of control. Full control of the connection to the provider, where each access channel can be checked for the correctness of accounting and correctness of invoices, and precise control of all users, where accounting is kept for each access to the Internet.
  • The billing system is certified. The program has a certificate of compliance in the field of communications, which is necessary for the provision of paid telematic services and can serve as a convincing argument in disputes with the provider.
  • Accuracy and analysis. Accounting for all types of traffic with high accuracy, the ability to analyze and view network statistics in detail.
  • Ease of use. Having configured the network once, additional settings for various Internet applications (mail, ICQ, etc.) are no longer required.
  • Efficient work with multiple connections. It is possible to make full use of various access channels, while the flexibility of settings allows many options: to divide user groups into channels, to distribute the load depending on time, to direct the download of archives and updates through an economical channel, for example, via satellite.
  • Mobility. The management console can be installed separately and allows you to always be aware of traffic costs and the use of Internet access by employees.
  • Domains. The program supports Accounts domain users, which allows you to organize their automatic registration, division into groups and authorization.
  • Automation. A flexible system of scripts allows you to automate the work of a system administrator, providing handy tools to manage traffic consumption and generate reports.
  • Attack protection. A simple but reliable firewall completely closes the network from outside attacks, transparently passing outgoing traffic.
  • Virus protection. By configuring the blocking system, you can be sure that when infected with a network virus, the user will be disconnected from Internet access, and the administrator will receive a notification. To protect traffic from malicious programs to the program, a separate integrated solution Panda Gate Antivirus has been implemented, which can be installed additionally. More about antivirus
  • Spam protection. The program's SMTP gateway can serve as additional level protection of the internal mail server from spam, supports<черные>lists and RBL services.
  • Access and restrictions. A user or group can be limited by numerous parameters: dates, time, access speed, sites, types of data.

Budgetary and educational organizations can purchase an unlimited version of the program at a special reduced price

Top Related Articles

Formatting characters and paragraphs in MS Word What is paragraph formatting
Formatting characters and paragraphs in MS Word What is paragraph formatting
The file system performs a function
The file system performs a function
The history of the creation of CRT - CRT monitors with a slit mask (Slot Mask)
The history of the creation of CRT - CRT monitors with a slit mask (Slot Mask)
Categories:
© 2022 bumotors.ru. How to set up smartphones and PCs. Informational portal.