Connecting the world…

eSafe

eSafe Proxy with NTLM v2.0

Today I am playing with eSafe 8 operating in eSafe Proxy with NTLM authentication mode. Configuring eSafe Proxy with NTLM authentication is very straightforward and not difficult. The authentication settings are configuring using the eSafe Appliance Manager web interface, like shown below.

eSafe_proxy

I did some testing with multiple browsers and single sign-on with NTLM authentication is working perfectly. The system administrator was also testing, but he was complaining that he couldn’t authenticate. A pop-up box is received and when you enter the appropriate credentials, they aren’t accepted by eSafe. I found out that the customer is using Windows 7 and I was testing with Windows XP and Windows Server 2003.

Windows Vista, Windows 7 and Windows Server 2008 R2 and higher use NTLM v2.0-only by default. eSafe Proxy uses NTLM v1.0. The default setting within Windows can be changed to operate in a mode which is backwards compatible with eSafe Proxy. Take the following steps to change the NTLM settings:

  1. 1. Open the Group Policy Editor with gpedit.msc;
  2. 2. Go to Computer Configuration – Windows Settings – Security Settings – Local Policies – Security Options;
  3. 3. Go to the setting: Network security: LAN Manager authentication level
  4. 4. Change this setting to: Send LM & NTLM – use NTLMv2 session security if negotiated
  5. 5. Apply the policy with gpupdate /force

ntlmv2

The picture shows the policy setting within Windows. This should solve the problem with single sign-on on Windows Vista, Windows 7 and Windows Server 2008 R2 and higher.

Automated eSafe backup

After configuring an eSafe appliance you have the option to export the configuration through the management interface, but you have to do this manually. eSafe has also a build in command line option to create a backup of the required files.

The command line allows backing up and restoring files using standard backup/restore commands. The command line option creates a tar.gz file; the same file that is created when backing up via the eSafe Appliance Manager.

I did some simple scripting to create a backup file, which is copied to a FTP server daily at 05:00 AM. When using the build in backup feature, the tar.gz file is created in the folder /var/esafe. I created two additional files (backup.sh and ftp_file) to automate the backup proces.

Below you see the content of both files:

backup.sh

#/bin/bash

cd /var/esafe
# Remove old backups
rm -rf *.tar.gz

# Create the backup with build-in eSafe backup
/opt/eSafe/esgapi –createbackup

# FTP files to Management server
ftp -inv </var/esafe/ftp_file &

ftp_file

# FTP files to Management server
open 10.10.1.10
user username password
lcd /var/esafe
cd /backup/esafe
put *.tar.gz
bye
quit

These commands create the necessary tar.gz backup file and copies this file to the FTP server. The last step is configuring the crontab to execute the command daily at 05:00 AM.

crontab

# Backup eSafe configuration
# Backup is copied via FTP to Management server
0 5 * * * bash /var/esafe/backup.sh

I guess the script couldn’t be more easy, but it works perfectly (for me).

When running the build in backup command (/opt/eSafe/esgapi –-createbackup) eSafe looks in the file /opt/eSafe/backup.list to determine the files to backup. You could decide to extend this list with the location of the Anti-Spam & URL filtering database (/opt/eSafe/eSafeCR/ConfigFilter/ofdb/*.fdb). This saves some downloading time when restoring an eSafe appliance.

eSafe license expires

I just received the following interesting question:

What happens if our eSafe license expires?……Because it expires this weekend!!!!!!!!

Interesting question, because I never encountered such a situation. Normally the license is renewed in a timely fashion or a trial is stopped before the license expires. I searched the Knowledge Base from eSafe and found an article. This article tells the following:

Evaluation license: when an evaluation license expires, eSafe allows all traffic to pass through without any scanning at all.

Registered license: when a registered license expires, eSafe scans and blocks traffic, but stops receiving updates. Important note: if there are any licensed add-on’s installed (URL filter, Advanced Anti-Spam), they will stop functioning after the registered license expires.

eSafe Gateway 7.1 Forwarding Proxy with squid

My colleague over at PBSPlaza wrote a nice article about enabling squid on eSafe Gateway 7.1 Forwarding Proxy. Today I had to configure an extra step to enable squid. I followed the instructions from my colleague, but when I tried to start squid I received the following error message.

FATAL: Could not determine fully qualified hostname.  Please set ‘visible_hostname’

Squid Cache (Version 2.6.STABLE18): Terminated abnormally.
CPU Usage: 0.030 seconds = 0.000 user + 0.030 sys
Maximum Resident Size: 0 KB
Page faults with physical i/o: 244
Aborted

I added the following line to /opt/eproxy/etc/squid.conf:

visible_hostname mail.booches.nl

Now squid starts perfectly

eSafe Configuration Restore

Some of our customers use eSafe as forwarding proxy for SMTP and HTTP scanning. Today I had to restore an eSafe, which is configured in NitroInspection II Router mode. I had created a backup configuration file from the running eSafe server and installed a new eSafe server with the default settings.

After the installation I connected my laptop to the eSafe server and opened the default browser page:

https://<IP Addr>:37233

After logging in with the default username (admin) and password (esafe), I browsed to the backup configuration file and started restoring to this configuration. The eSafe appliance needs to reboot after the restore.

I know noticed that after the initial restore and reboot, the eSafe server lost the IP configuration from both NIC’s in the server. I had to restore the IP settings manually, which can be done by editing the following files:

  1. /etc/sysconfig/network-scripts/ifcfg-eth0
  2. /etc/sysconfig/network-scripts/ifcfg-eth1

I always forget the syntax when editing the networking files, so I had to search the internet for the correct syntax. Below the configuration of eth0.

DEVICE=eth0
IPADDR=192.168.3.2
NETMASK=255.255.255.0
NETWORK=192.168.3.0
BROADCAST=255.255.255.0
GATEWAY=192.168.3.1
ONBOOT=yes

After rebooting the network service (/etc/init.d/network restart) I was able to communicate with the eSafe server and everything looked normal, but it wasn’t. I noticed that the service eSafe wasn’t able to start.

Contacting eSafe resulted in re-installing the eSafe appliance from scratch. Manually configure the correct IP settings through the web interface and only restore the file /opt/eSafe/eSafeCR/esafecfg.ini. Next I rebooted the server and this time the configuration was restored and the service was running.

eSafes technical personnel told me that the problem could arise, when restoring the tar.gz file to different hardware, and that’s exactly what I tried.