What is Traffic Inspector and what does it eat

Traffic Inspector has long gained popularity among system administrators due to its flexibility, modular architecture, ease of administration and powerful functions for monitoring network activity. Traffic Inspector features such as network protection, Internet traffic control, access statistics, work with VPN, NAT, proxy server and Active Directory, website blocking and content filtering, intelligent routing and dynamic load balancing made this solution a key element of network security in many organizations of small, medium and large businesses.
However, as practice shows, even professional system administrators who have been working in the Traffic Inspector for several years do not know all of the features of our product. Therefore, in this article we would like to give a complete list of the system’s capabilities and briefly comment on the most interesting of them. We hope that all readers will find something new here - both beginners who are just looking at the Traffic Inspector, and experienced network engineers who actively use the Traffic Inspector to manage the company's IT infrastructure.


Internal and external networks

• Internal networks in the Traffic Inspector are divided into local (for example, intra-office network) or public (for example, intra-house network), and for each network a unique access policy can be configured. Interception of user traffic through other servers of the internal network can be carried out in a special sniffer mode (“wiretapping”), which we will discuss in the following articles. As for external networks, the Traffic Inspector server is able to work with several external interfaces at once (i.e., you can create several simultaneous Internet connections), and it also correctly separates incoming and outgoing traffic on these interfaces (for example, with satellite connection). If the external interfaces are dynamic, the Traffic Inspector will automatically select the optimal mode for them.
• The Traffic Inspector server can work with several internal interfaces on the local network with an arbitrarily complex topology. In particular, the server supports 802.3 (Ethernet), 802.11 (Radio Ethernet), WAN PPP and WAN VPN (PPTP, L2TP).
• There is support for NAT and RAS-server; moreover, for NAT, RAS (Dial-out), VPN (PPTP, L2TP) and PPPoE connections are supported, and for RAS, modem and VPN connections (PPTP, L2TP) can be used.
• Among the additional functions, it is worth noting the ability to work clients on a terminal server and built-in support for the IEEE 802.1Q (Tag based VLAN) protocol, which serves to transfer information about traffic belonging to a specific virtual network.

User Authorization

• Users can be authorized in the Traffic Inspector by IP address and / or MAC address, by the range of IP addresses, by name and password (including from different domains), by email addresses (used in the SMTP gateway) or through the API (for third-party applications). You can also use the virtual network identifier as an additional authorization parameter. In total, 8192 users and 256 groups are supported.
• If the user is not logged in yet (for example, he has entered the network for the first time), the system can automatically redirect him to a special information page of the built-in web server. This is especially convenient for Wi-Fi networks, as well as when connecting new clients in house networks.
• Traffic Inspector automatically monitors violations of authorization rules. Having detected a violation, the system makes a record of it in the network statistics and log, and then notifies administrators of the incident by e-mail.
User restriction
• The duration of users' work and the availability of certain network resources can be regulated in several ways: by date, by schedule (for all at once or for specific users or their groups), by access level (using group and general filters for prohibition or permission, which are applied to network level for any traffic or at the application level for programs running through a proxy server), by IP and / or MAC addresses of the client, by access to services (NAT, routing, proxy server, SOCKS server), as well by the number of TCP Sessions (both for traffic through SOCKS and for direct traffic)
• Virus Flood Protect subsystem to protect the network and server from overload. This subsystem analyzes the user's incoming and outgoing traffic and blocks access when the network statistics are full or if a virus is suspected.
• It is possible to disable the port of managed equipment via SNMP protocol using scripts in case of a change in client status.

Billing

• Traffic Inspector supports various types of traffic metering: by incoming volume, outgoing volume, sum of incoming and outgoing volumes, or by maximum volume between incoming and outgoing.
• In the Traffic Inspector, you can charge customers' working hours and, if necessary, set the amount of prepaid (free) traffic. The subscription fee can be charged daily or per minute or provided on credit, and the tariffs themselves can be changed retroactively (with each change, the system automatically recalculates billing statistics). In addition, you can enter discounts for cached, mail, or any other traffic in accordance with the specified filtering criteria or set traffic limits for a day, week, month, or a special period.
• All tariffication settings can be made individual, group or general, which allows you to simultaneously use many tariff plans.
• The current status of the client with all its billing parameters is displayed in real time, and all changes in the status of clients are recorded in a log for subsequent processing and generation of reports (including group reports).

External traffic control

• To account for total trafficconsumed by the provider, there are controlled counters, which are described as IP networks. By setting up several such meters, you can keep separate records of different types of traffic (for example, paid, preferential and free). For monitored meters, limits are set (total and daily), when exceeded, a notification is generated from the administrator and / or traffic is blocked. When locks are triggered on external counters, any external application can be launched. Data on external meters can be displayed in real time and recorded in a log for generating reports.
• For additional analysis of the total consumed traffic, external information counters can also be set, which can additionally analyze traffic using the IP protocol and ports.

Network statistics

• For users and external meters, the Traffic Inspector can collect network statistics about IP addresses, protocols, ports and DNS names, and the administrator can configure the analysis interval and the number of active connections. The collected statistics are recorded either in the internal DBMS, which, if necessary, is synchronized with the external database MSSQL 2005, MySQL or PosrgreSQL.
• Current statistics can be displayed in real time and recorded in a log for subsequent analysis and reporting.

Proxy Server

• Built-in Traffic Inspector proxy server running on the HTTP / 1.1 protocol, FTP and SOCKS 4/5. Authentication can be BASIC (with an open password) or integrated through a Windows domain (NTLM v. 1/2).
• The proxy server includes powerful caching functions to save traffic and allows you to assign flexible caching settings to individual resources. The entire cache is stored in a single DBMS file, and its internal fragmentation is completely excluded. All cache indexes are stored in RAM, which provides high read and write speeds.
• To filter content, the Traffic Inspector proxy server uses common lists with IP filters, but it can also set the type of content and analyze the protocol and URL up to the contextual search using regular expressions, which makes it possible, for example, to easily “cut” banners .
• There is also support for the HTTP CONNECT method - through a proxy server, any application that supports SSL, FTP or TCP can work in this mode, as well as work through an HTTP tunnel.
• Support for FTP over HTTP (GET method) - the proxy server generates HTML pages, allowing you to work with FTP servers in read mode, and automatically switches between active and passive modes for the FTP protocol.
• By default, the proxy server uses pass-through authorization, but if the user has not logged in before entering the proxy server, authentication through the proxy server or SOCKS is requested.
• Automatic configuration of web browsers according to the standards in force in the company. The proxy server provides clients with the standard WPAD.DAT JAVA script for their configuration, and in this script you can specify LAT (local address table). In addition, browsers can be forced to configure using the client agent.
• If necessary, the Traffic Inspector proxy server is able to block HTTP traffic, as well as redirect HTTP requests to another proxy server.
• The client, for its part, can quickly manage filtering and caching modes.
• In addition, the proxy server can keep a log of requests processed by it.

SMTP gateway

• The SMTP gateway built into the Traffic Inspector publishes one internal SMTP server from the outside, verifies the authenticity of the domains in the addresses of senders, and also prohibits open “transfers” (relays), which allows using simple mail servers inside the network.
• There is sender host verification using DNS-based RBL services. Multithreaded implementation allows you to use a large number of services without slowing down. Through RBL, all intermediate SMTP servers can also be scanned.
• The SMTP gateway maintains “black lists” of sender hosts, which can be filled either automatically or manually. Automatic blacklisting of hosts filtered through RBL can significantly save traffic and effectively deal with spam. In addition, there are white lists including senders for which message filtering will not be applied.
• For the analysis of filtered mail, a detailed journal is kept, and mass mailing for administrators is also provided.
• Incoming mail charging is supported for well-known recipients (Traffic Inspector users). In order to save traffic, mail reception for unknown recipients may be prohibited.
• Supports integration of the Traffic Inspector AntiSpam anti-spam module.

Firewall

• By default, it closes all requests from the outside, while transparently allowing outgoing TCP, UDP, and ICM traffic, so service configuration is practically not required.
• Carries out dynamic UDP filtering, which allows you to correctly distinguish incoming UDP requests from outgoing ones, transparently allowing outgoing UDP traffic.
• Dynamic FTP-DATA filtering is provided. The FTP PORT and PASV commands are analyzed and the temporary permissions in the firewall are set. This allows you to conveniently work with both active mode (client) and passive (published server).
• To control the operation of various server applications or other protocols, you can separately specify a list of allowing and denying rules.
• On information counters, it is possible to conduct separate accounting and analysis of filtered incoming traffic (flood analysis, port scans, etc.).
• To protect the server itself inside the network, you can also enable the internal firewall, the functionality of which is similar to the external firewall. The internal firewall supports individual settings for local and public internal networks.
• The possibility of prohibiting unauthorized traffic coming from the server itself has been implemented.

Shaper

• Shaper works with any traffic passing through the server, including through the proxy server and SOCKS.
• A shaper may limit the individual speed of a client to receive and / or transmit. In addition, the restriction can be dynamic when the total maximum speed for a group is assigned (separately for reception and transmission), and also be based on the number of packets if it is necessary to prevent network congestion during a virus outbreak.
• Shaper also allows you to set the type of traffic in the filters that should be excluded from control, as well as speed limits for each type (however, these restrictions do not apply to data from the proxy server cache and to the local statistics web server).
• In addition, priority can be assigned to each type of traffic in order to change the order of processing packets in the internal shaper queue and transmit this data with minimal delay.
• A schedule can be assigned to all rules, which allows you to dynamically change the settings of this service depending on the time.

Advanced routing

• Using the advanced intelligent routing functions, you can configure conditional or unconditional traffic redirection through a specified external interface for a group of users, and when working through a proxy server, you can also specify the type of HTTP content.
• In addition, redirection of TCP outgoing from the client is supported when a third-party proxy server is running on the local network or when it is necessary to redirect the client to another online resource.

Client agent

A client agent is a special application that is installed on users' computers and allows users to independently perform the following actions:
• View the current balance and set up alerts about insufficient funds in the account.
• Switch content filtering levels to save traffic.
• Switch proxy caching modes to quickly view updated resources with minimal traffic.
• Quickly enter your personal account using the agent’s context menu.
• Change your password through an agent if the administrator has not disabled this feature in the Traffic Inspector.
• Use the desktop or online version of the agent (web agent). The web agent supports all the functions of the desktop version and is available on the special page of the Traffic Inspector server.
• Receive real-time alerts from the administrator.

Administration

• Support for remote management using standard DCOM technology. The management console is designed as an MMC snap-in, which makes it easy to integrate it with other administrator tools.
• Access restriction: you can set a group of administrators in a Windows domain or use the built-in password authentication.
• Distribution of access: you can create administrators with limited rights, for example, only to add customers, only to replenish accounts or only to work with a specific group of clients.
• Supports real-time monitoring of client performance and network statistics.
• You can view customer statistics and replenish their accounts in the web interface.
Reports
• In the Traffic Inspector, you can generate several dozen types of reports on traffic, billing, and network statistics. All reports can be imported and saved in various types and formats - both tabular and graphical.
• If necessary, the set of reports can be expanded using the automation interface. Traffic Inspector

Summary

- This is a modern integrated solution for organizing and controlling Internet access. For its implementation, you do not need to purchase expensive server hardware or expand the staff of system administrators. Due to its unpretentiousness, flexible pricing rules, reliable network protection, efficient load balancing, accurate accounting and filtering of traffic, this system will not only protect your corporate infrastructure, but also save a lot of effort, money and nerves. Additional information about the Traffic Inspector can be found on our official website .