In-Line Mode: What it does and what to be aware of
July 15, 2011 • Customer Services
Synopsis
In-Line Mode: What it does and what to be aware of
Article
ATTENTION: Inline mode is not recommended for very large networks. Please consider using sideways mode (the default) instead.
Out of the box the CensorNet runs in Sideways mode, which means that you need to configure your browsers to use it as a proxy and you can use any method of authentication you like.
You can configure the CensorNet to be an In-Line proxy. In this mode, user authentication is not possible, however user identification is using our Active Directory agent (http://www.censornet.com/adagent/). Users are simply not able to bypass the proxy because their packets go straight through the proxy, with no configuration of the browser at all.
This works because setting the CensorNet to In-Line mode turns it into a bridge and as such you just need to plug one of the CensorNet's interfaces into your network switch and the other into the router or firewall that connects to the Internet.
Because the CensorNet is a bridge it will be running the Spanning Tree Protocol (all switches and bridges run it by default) and it will send out certain packets knows as BPDU packets. Some switches, if not configured correctly, can block the port you plug the CensorNet into when they see these sorts of packets and so you should ensure that your switch is configured so that this will not occur. In particular, some Cisco switches have a bpduguard feature. You should discuss with your network engineers whether it is safe to disable this or not. In general, however, if it is enabled, you will not get the CensorNet to communicate with your network.
One of the other things that In-Line Mode enforces is SSL Intercept mode. In this mode, the CensorNet is able to examine the contents of HTTPS transmissions in real time because it effectively acts as a Man-in-the-Middle (MITM) in the data stream between the browsers and the web-site.
In order for this to work without lots of errors being seen you need to read our SSL Certificate Installation Guide and ensure that all of your browsers have the CensorNet’s certificate installed as a trusted verifier of web certificates.
Related articles
