8e6 Technologies - Frequently Asked Questions

Frequently Asked Questions

General Questions

R3000 Internet Filter / URL Library Database

Enterprise Reporter (ER) / Access Client / Web Client

Obtaining Technical Support

Note: Before pursuing a technical issue, be sure that your R3000 and/or Enterprise Reporter (ER) is running the latest software version. On the R3000, the version appears at the bottom of the "Home” window. On the ER, the last patch applied appears on the "Software Update" pull-down menu.

1. I recently attempted to go to a certain web site. I received a page that stated my access was denied. Why was my "Access Denied"?

A: 8e6 Technologies provides Internet filtering appliances and URL categorization services to schools, businesses, Internet Service Providers and government agencies. Our customer base is made up of these groups. They have full administrative control of the servers, and ultimately determine which services and web sites their users/clients are allowed to access. If you suspect that you are being filtered inappropriately, please contact your network administrator or ISP.

If you are the administrator of an 8e6 Internet filter and need assistance with blocking or unblocking a URL, please refer to the "How do I block or unblock a web site?" FAQ.

2. As an administrator of the filtering appliance, how do I block or un-block a web site?

If you want us to review a URL to determine if we categorized it correctly, please send it to This e-mail address is being protected from spam bots, you need JavaScript enabled to view it We also encourage you to submit URLs that are not currently categorized in our library database.

To block a web site on the R3000 Internet filter:

Perform a Library Lookup:
1. From the GUI in the R3000, click on the “Library” button at the top of the screen.
2. Click on “Library Lookup” in the left-side menu
3. Type the complete URL (including the http:// header) into the URL field
4. Click Lookup. If the URL in question in already in a category, you can either block that specific category or place the URL into a custom created category.
To add a URL to an existing category:
1. Click on the “Library” button at the top of the screen.
2. Click on the “+” symbol next to the “8e6 Supplied Categories” link on the left side of the screen. This will expand the list of our categories.
3. Click on the specific category
4. Click on “URL”
5. Type the URL into the URL field. Be sure to include the proper header information (http://).
6. Click on “Add”
To add a URL to a custom category:
1. Click on the “Library” button at the top of the screen.
2. Click on “Custom Category”
3. Click on “Add Category”
4. Type in the description and short name of your category and click “Apply”.
5. Click on “Custom Category”
6. Click on “Refresh”
7. Click on your newly added category
8. Click on “URLs”
9. Type the URL into the URL field. Be sure to include the proper header information (http://)
10. Click on “Add”
Reload the Library:
1. Click on the “Library” button at the top of the screen.
2. Click on “Library Update” on the left side of the screen
3. Click on “Reload Library” at the bottom right side of the screen
Modify your Group settings to block the new category
1. Click on the “Group” button at the top of the screen
2. Click on either Global Group or the specific group that you wish to modify
3. For global group – click on Rules and choose which categories should be blocked. Include the new category that you just created or just added the site to and this site will now be blocked.

Some web sites are particularly difficult to block because they utilize many—and sometimes obscure—URLs

For example:

www.myspace.com
browseusers.myspace.com
a.myspace.com
j.myspace.com

You can effectively block all permutations of "myspace.com" using wildcards. First, create a custom category. Then add the wildcard version of the URL (e.g. "*.myspace.com") to your custom category. Go to your Global Group Profile and/or IP Group Profile and move your custom category to the "Blocked" list. Be sure to "Apply" your changes and "Reload Library."

To un-block a web site on the R3000 Internet filter:

Perform a Library Lookup:
1. From the GUI in the R3000, click on the “Library” button at the top of the screen.
2. Click on “Library Lookup” in the left-side menu
3. Type the complete URL (including the http:// header) into the URL field
4. You will see of categories in which the URL is a member of
Removing the URL from the library:
1. Simply click on the URL line item in the search return window and click on the Remove button
2. Click on Reload Library

Please do not hesitate to contact our technical support staff for further assistance on this matter.

R3000 Internet Filter / URL Library Database

1.Q:My R3000 is not filtering at all. What should I do?

A: Go through the following checklist. This will ensure that your current configuration is setup to properly filter. If you need assistance with any of the following steps, you can either reference our other FAQs, or you can our technical support staff.

If you are installing a new R3000, you will need to activate your subscription and then perform a Complete Library Update before it is ready to begin filtering.
Check to verify that the server is physically powered-up and online.
If the server appears to be powered-up but you still cannot reach the Java GUI, try connecting a monitor to the console port on the back of the server to check for any error messages.
Verify that Overall Filtering is turned “on” in System -> Control -> Filter.
Verify that Troubleshooting Mode is “Disabled” in System -> Diagnostics.
If the listening interface is not seeing network traffic, verify that the port on your switch or hub has not gone “bad.”
If you are using a switch, check your port span. The port span/mirror on your switch might have been “broken” or reset.
Do a Library Lookup on a URL that you know exists in the library database (e.g. http://www.yahoo.com). If the results return “The URL/keyword is not in the master library,” this means the daemons responsible for filtering are not enabled. Verify that Troubleshooting Mode is “off” and Overall Filtering is “on” (see above).
If you perform a Library Lookup on a URL and the results return one or more categories, the filtering daemons are working properly and the R3000 should be filtering any traffic that it sees. Be sure that the listening interface is, in fact, seeing traffic (i.e. do a packet capture, see below).
Go to System -> Diagnostics -> Troubleshooting Mode. Temporarily enable troubleshooting mode and then do a packet capture on the listening interface to confirm whether or not it sees your network traffic. Be sure to disable Troubleshooting Mode when you’re finished.

2. Q: My http requests are being categorized/filtered, but I don’t get the “Access Denied” block page. What should I do?

A: Go through the following checklist. If you need assistance with any of these items, please reference our FAQs or contact our technical support staff for additional help:

If you are using a custom block page, ensure that your web server is up and running. Are you able to browse directly to your web server from your workstation?
Check your firewall to verify that the R3000 can send the “URL redirect” to users on TCP port 81, and that users can connect to the R3000 on port 80 to download the block page.
Verify that your workstation can communicate with the R3000 to download the block page by typing this in your web browser: http://X.X.X.X/cgi/block.cgi (note: replace the “X’s” with the IP address of your R3000’s block page interface. Failure to download the block page from the R3000 might indicate a routing or firewall issue between the R3000 and the users.
If you are using an http proxy server, be sure that the URL redirect and block page is not going through the proxy server. To accomplish this, set up an exception in your web browser’s proxy settings. For example, if you’re using Internet Explorer, go to Internet Options -> Connections -> LAN Settings -> Advanced -> Exceptions. In the “Exceptions” list, enter the IP address of your R3000’s block page interface, and the R3000’s hostname. If you are using a custom block page, you should enter the IP address and hostname of your web server, in addition to the IP address and hostname of the R3000. You will have to make this simple modification on every workstation that’s being filtered. Normally, you can push this out as a Policy from your Active Directory server.

3. Q: Why is my library failing to update?

A:Below are some reasons why your library updates may be failing. If you are unable to determine the problem from this list, please contact our technical support staff for further assistance.

If you are installing a new R3000, you will need to activate your subscription. The activation code is normally sent via email to the main account contact. Please notify us if you did not receive your activation code.
Have you changed the R3000’s hostname recently? The hostname specified in your R3000’s LAN Settings must match the hostname you gave us when you activated your subscription.
Make sure that your firewall is allowing the R3000 to establish FTP connections (on TCP port 21) to these FTP servers: update.8e6.net, patch.8e6.net and secureupdate.8e6.net (do an ‘nslookup’ to get all the IP addresses associated with these hosts).
Be sure that your system is running the most recent patch version. Go to the “patches/updates” area of http://www.8e6.com/ to find the current patch version.
If the Library Update Log says “Cannot start another Traveler,” please reboot the system and then start a manual library update.
An expired subscription would also prevent your system from downloading updates. Please contact This e-mail address is being protected from spam bots, you need JavaScript enabled to view it if you need further assistance.

4. Q: I’m getting the “Access Denied” page, but it doesn’t load completely--it’s “broken-up.” What should I do?

A: If you are using an http proxy server, be sure that the URL redirect and block page is not going through the proxy server.

To accomplish this, you will need to set up an exception in your web browser’s proxy settings.

For example, if you’re using Internet Explorer, go to Internet Options -> Connections -> LAN Settings -> Advanced -> Exceptions.

In the “Exceptions” list, enter the IP address of your R3000’s block page interface, and the R3000’s hostname. If you are using a custom block page, you should enter the IP address and hostname of your web server, in addition to the IP address and hostname of the R3000. You will have to make this simple modification on every workstation that’s being filtered. Normally, you can push this out as a Policy from your Active Directory server.

5. Q: How often does the R3000 receive library updates?

A: The R3000 downloads incremental library updates every night. If a new software patch is available, the R3000 will automatically download it, but you will be able to apply the patch yourself at your own convenience. The new patch will appear in the System -> Patch window. Additionally, the R3000 checks every two hours for any emergency updates that might have been released.

6. Q: How do I know when a new patch is available?

A: New patches appear in the System -> Patch window. The R3000 will automatically download patches, but you will be able to apply it yourself at your own convenience. You can have the R3000 send you an email when a new patch is available by adding your email address in the System -> Administrator window.

7. Q: Do I need to reboot the server after applying a software patch?

Most of the patches do not require a reboot. However, the filtering will stop for approximately 5-10 minutes while the daemons reload. For the rare occasion where a reboot is required, you’ll be informed before applying the patch.

8. Q: How many Exception URLs can I create?

A: The purpose of Exception URLs is to temporarily block or allow access to specific URLs. Because of the additional overhead they create, we recommend using custom categories for long-term URL management. For example, you can create a category to hold URLs that you want to block, and create another category to hold URLs that you want to allow (or “white list”).

9. Q: What’s the purpose of the “Always Allow” feature?

A: This feature is available in Global Group Profiles and IP Group Profiles. It allows you to set up a “white list” of URLs that you want users to always be able to access. For example, suppose your company is blocking the Pornography (GPORN) category for everyone, but the Marketing Department needs to be able to see playboy.com because they advertise there. You can't take playboy.com out of the GPORN library because then everyone can see it. So, you add playboy.com to a custom category and set it to "Always Allow" for the Marketing Department's IP Group.

10. Q: How do I create an IP Group?

A: Follow the following steps to create an IP Group.

From the Java GUI, go to Group -> IP -> Add Group.
Type in a group name and password. (This allows you to provide a login to a sub-admin to manage this particular IP Group, if you choose).
Select “Members” to define an IP address or subnet to be associated with the IP Group.
Select “Group profile” to define the filtering profile for members of the IP Group.

For greater flexibility, you can create sub-groups under IP Groups, each with different “Members” and filtering profiles.

11. Q: How do I copy/paste from the Java GUI?

A: Older versions of Java contained a security feature that prevented many customers from using copy/paste between Windows and the R3000 Java GUI. However, this shouldn’t be a problem if you’re using Java Runtime Environment version 5.0 or above. You can download Java for free at http://www.java.com/. We recommend removing older versions of Java from your computer before installing a new Java version.

12. Q: My R3000’s are not able to synchronize with each other, what should I do?

A: Please check the following settings in your R3000 appliance:

In System -> Synchronization, you need to configure one server as the “source” box, and the other sever as the “target.”
For synchronization to work, all of the servers must be at the same software version. The current version number appears at the bottom of the “Home” window.

Make sure that the servers can communicate with each other on TCP ports 26262, 26268 and 88.

13. Q: How do I back-up my system?

A: Go to System -> Backup/Restore to create a back-up of your combined configuration and libraries. Then, download the file your workstation for safekeeping. Please note that the network settings (IP address, default gateway, net mask, hostname, etc) are not saved with the backup. Be sure to record these parameters somewhere.

14. Q: I just did a “restore” and now theR3000 isn’t filtering. What should I do?

A: After you perform a back-up restore, you must download a fresh copy of the 8e6 URL database. Go to Library -> Updates -> Manual Update and select "Complete Update."

15. Q: I just did a "Library Reload" but my changes didn't take effect. What should I do?

A:Please allow 15-20 minutes for the libraries to finish reloading before testing the changes you made.

16. Q: I performed a “back-up,” but I can’t download the file to my workstation. What should I do?

A:When you highlight a file on System -> Backup/Restore page and click “Download,” a pop-up box should appear allowing you to specify a location to save the file. If nothing happens after you click “Download,” one of the following steps should resolve the issue:

Disable any pop-up blockers and firewalls on your workstation.
Option 1: Hold down the “Ctrl” key on your keyboard while clicking the “Download” button.
Option 2: In Internet Explorer, go to "Tools > Internet Options > Security" tab. Highlight the "Internet" icon and click on the "Custom Level..." button. Scroll to the "Downloads > Automatic prompting for file downloads" option and select the "Enable" option. Click OK twice to save the settings.
Option 3: In Internet Explorer, go to "Tools > Internet Options > Security" tab. Highlight the "Local Intranet" icon and click on the "Sites..." button. Click on "Advanced" and in the "Add this Web site to the zone:" field, add the R3000's IP. Click OK three times to save the settings

17. Q: How does the newsgroup filtering work?

A: If you are blocking the “Web Based Newsgroups” category, users will not be able to connect to most web sites that offer access to newsgroups. If you also want to prevent users from being able to use newsgroup-reading software installed on their PCs, you can have the R3000 block TCP port 119 (NNTP). To block specific ports, go to Group -> Global Group -> Minimum Filtering Level -> Port.

18. Q: How do I block Instant Messaging and/or P2P File-Sharing?

A: Make the following changes to your settings in the R3000 appliance:

In the java GUI, go to System -> Control -> Filter -> Service Blocking
Turn Instant Messaging and/or “P2P” blocking “on”, then click “Apply”

In your Global Group Profile and/or IP Group Profiles, make sure that you are blocking the “Instant Messaging” and/or “Peer-to-peer/File Sharing” categories.

19. Q: How do I allow a user to bypass the filter, or give the user a less-restrictive filtering profile?

A:One option is to create an Override Account for the user. You can create Override Accounts under Global Group Profile as well as in IP Group profiles. A user with an Override Account can simply click the “options” link on the block page and log in with his or her username and password. The user will then be under a special filtering profile that you defined for that Override Account. Please note that the R3000 will associate the override account with the IP address the user is using when he or she logs in. For this reason, Override Accounts may not be suitable in a proxy environment where many users are sharing a single IP address.

Another option would be to put the user in an IP Group, and define a special filtering profile for that group. Again, this would not be an ideal solution if the R3000 sees all the users coming in on a single IP address in a proxy environment.

20. Q: How do I know when someone logs into an Override Account?

A: You can track Override Account logons and logoffs in System -> Diagnostics -> View Log File, select “User Name Log” from the drop-down menu.

21. Q: I created an Override Account, but it’s not working. What should I do?

A:Go through the following troubleshooting steps:

Be sure that your R3000 is running the latest software version. The version number is listed at the bottom of the “Home” page.
If the user exists in an IP Group, make sure that you created the Override Account in the correct IP Group. For users that do not exist in an IP Group, you can create an Override Account at the Global Group Profile level. A user cannot have an Override Account at both the Global Group and IP Group levels—the IP Group takes priority.
Once you have created an Override Account, select the account and click “Rule” to define a filtering profile for that account. When finished, go back to the Account Details page and click “Apply.” If you fail to define a specific filtering profile for the Override Account, the user will default to the Minimum Filtering Level.
Also check Group -> Global Group -> Minimum Filtering Level to see if the “Allow an Override Account to bypass the Minimum Filtering Level” option is set appropriately.

22. Q: Why isn’t the R3000 seeing my VLAN traffic?

A: Try enabling “VLAN Detection” in System -> Control -> Filter. This allows the R3000 to identify VLAN-tagged traffic.

23. Q: Why should the listening interface have a “/32” bit net mask in Invisible Mode?

A: With Linux, either interface is allowed to respond to ARP broadcasts - whether the IP address in the request is bound to that interface or another interface on the same machine. What can happen in this case is that the wrong interface may respond to various ARP requests, telling the machine who is asking for it to connect to the wrong interface. That in and of itself is not necessarily a problem, as internally the Linux kernel will generally route the packet to the correct interface. However, many managed switches will detect this type of 'flopping' back and forth between two physical ports on the switch - where sometimes the IP address is shown on one physical port, and other times, it is shown on a different physical interface - and will actually disable the physical ports that this machine is connected to. The condition above is often referred to as "ARP-flux". By assigning a /32 subnet mask, that LAN1 interface will no longer have a routable IP, and will not be able to respond to any broadcast request. This will ensure that only LAN2 ever responds for an ARP broadcast requesting the MAC address of the interface for that IP address.

24. Q: What are the different levels of HTTPS filtering?

A: When HTTPS filtering is enabled, the R3000 will attempt to identify and validate the secure server certificate in https requests, depending on the filtering level you select:

None - if you do not want the R3000 to filter HTTPS sites.
“Low” - if you want the R3000 to filter HTTPS sites without having the R3000 communicate with IP addresses or hostnames of HTTPS servers.
“Medium” - if you want the R3000 to communicate with HTTPS servers in order to get the URL from the certificate for URL validation only (this is the default setting).
“High” - if you want the R3000 to communicate with HTTPS servers to obtain the certificate with a very strict validation of the return URL. WARNING: If using the “High” setting, end users may be blocked.

25. Q: When I go to an HTTPS (secure) site, I get a page that says “the page cannot be displayed” instead of the “Access Denied” page I normally see.

A: When you go to an “https” version of a URL that’s blocked, you’ll always see “the page cannot be displayed” instead of an “Access Denied” page. Due to the nature of compressed/encrypted traffic, the R3000 will block the request, but it cannot send the usual block page.

26. Q: What is the purpose of the Range to Detect setting?

A: By default, the R3000 in Invisible mode will filter ANY and ALL traffic it sees on the listening interface. However, you should not filter return packets coming into your network from the Internet, nor should you be filtering most internal traffic (i.e. NetBIOS and broadcast packets, requests to and from your internal DNS and mail servers, etc). You can set a Range to Detect that tells the R3000 to filter only your internal subnet(s), and to ignore traffic coming into your network(s), and traffic destined to other machines within your network(s). The Range to Detect setting is located in Group -> Global Group -> Range to Detect.

27. Q: Can the R3000 filter more than one subnet or network?

A: Yes, the R3000 will filter any traffic that you send to it’s listening interface. You can specify which networks to filter by setting a Range to Detect (Group -> Global Group -> Range to Detect).

28. Q: How can I keep users from bypassing the filter using web proxies or “anonymizers”?

A: The R3000 can detect and block access to web proxies and “anonymizers” by enabling Proxy Pattern Blocking (located in System -> Control -> Filter).

29. Q:Can you give me some examples of IM and P2P applications that the R3000 can block?

A: The R3000 can block users from logging into and/or sending messages or files using AOL, AIM, Trillian, Web ICQ, MSN Messenger, Yahoo! Messenger, Kazaa, iMesh, Gnucleus, Bearshare, Morpheus, Shareaza, Emule, Edonk, and more. This list will evolve in time as new IM and P2P clients become available on the market.

30. Q: Can you give me a list of all or some of the URLs in a category?

A: The URLs contained in the 8e6 URL database is considered proprietary information. However, you can get a short description of each of our categories, as well as a few sample URLs, on our website. Go to http://www.8e6.com/ and click on “8e6 Database.”

31. Q: How do I activate my R3000?

A: When you receive a new, R3000, you will need to activate the subscription by entering your activation code at http://8e6.com/activate The activation code is normally emailed to the main account contact. If you did not receive your activation code, please contact your 8e6 Account Executive, or email This e-mail address is being protected from spam bots, you need JavaScript enabled to view it . Be sure that the hostname you provide during the activation process is the same hostname that you specified in System -> Network -> LAN Settings. A hostname mismatch will cause your library updates to fail. After submitting the activation, please allow 20-minutes for the change to take effect.

Enterprise Reporter (ER) / Access Client / Web Client

1. Q: How do I Create a User Group in the Web (reporting) Client?

A: Take the following steps:

Log into the ER Web Client on port 8080 or 8443 (if using https)
Go to Settings -> User Groupings
Under Group Information, type a group name, click “Add”
Under Group Definitions, highlight the group, click on “Add to Group.”
You may now add users based on username pattern, IP range, or individual users.
When finished, click “Add” and “Close.”

2. Q: How do I Create User Permissions in the Web (reporting) Client?

A: Take the following steps:

Log into the ER Web Client on port 8080 or 8443 (if using https)
Go to Settings -> User Permissions
Click “Add User”, enter the username and password, click “Ok”
Select the user from the pull-down menu.
Select the group from the “Add to Group” menu. Click “Go” and then “Ok”

3. Q: Why can’t I log in to the Web Client?

A:When you browse to the Enterprise Reporter’s IP address, be sure that you’re specifying port 8080, or port 8443 if you’re using secure “https.”

If the login page fails to come up, you may need to re-start the Web Client. Browse to the ER on port 88, then restart the Web Client by selecting “Web Client Server Management” from the drop-down menu.

If you get the login page but can’t connect to the database, please contact Technical Support.

4. Q: I’m receiving email alerts from the ER saying “dbcontrol has processed duplicate files 3 or more times.” What does this mean?

A: The most likely cause is that you have multiple R3000’s sending log files to the ER at exactly the same time. Our technical support staff can adjust the timing on your R3000s so that you don’t keep receiving these messages. Normally, this is a warning message only; it does not affect filtering or log processing.

5. Q: My ER is displaying a pop-up message saying, “Evaluation Mode – max data storage is 2 weeks.”

A: By default, all of our ER’s ship out in Evaluation Mode. In this mode, the ER is fully functional, except that the database can hold only two-weeks’ worth of data. In order to hold more data, please follow these steps to activate the server:

Log into into the ER’s Java GUI on port 88.
You should immediately see the pop-up messsage indicating the the ER is in Evaluation Mode, and it will display the server’s IP address, hostname, and MAC address.
Send an email to This e-mail address is being protected from spam bots, you need JavaScript enabled to view it with the IP address, hostname, and MAC address. We will then generate an activation code and send it to you by return email.
Once you’ve received the activation code, simply log back into the Java GUI and click on “Change Mode” from within the pop-up box.

The change will take effect overnight.

Obtaining Technical Support

Our Technical Support staff would be happy to help you resolve any issues you may be experiencing with our products.

Email: This e-mail address is being protected from spam bots, you need JavaScript enabled to view it

Phone (inside the U.S.): 888-786-7999

Phone (outside the U.S.): 714-282-6111

Technical Support is open Monday through Friday, 5:00 a.m. – 5:00 p.m. (California – Pacific time). After-hours support is available for emergencies.

To help optimize our troubleshooting, we normally need to access your R3000 and/or ER on TCP port 22 (ssh1). Please configure your firewall to permit the following IP addresses to connect to the R3000/ER:

209.11.160.50
209.11.160.51

Next Steps: