Prepare Your System for Webcheck - (Single server)
Minimum Server Requirements
Depending on how you deploy Webcheck, your hardware requirements may vary greatly. Different functionality and configuration requirements may dictate very different server specifications.
For example, a machine filtering a 6.8 Gigabits-per-second network will require more CPU cores and memory than a machine filtering a 600 Megabits-per-second network. In both cases, you will require a specific deployment configuration, along with proper product scaling.
The Webcheck software can run on a machine with lower CPU and less memory; however, the following requirements are the recommended minimum for out-of-the-box server operation.
4 GB to 16 GB or higher
1 or more
Preparing Your Firewall
You must open both inbound and outbound firewall ports for proper Webcheck operation. Please refer to the following two tables for the commonly used ports. See your firewall documentation for specific information about how to open these ports.
These lists do NOT include ports that Webcheck may require for integration with 3rd party applications or installation of multi-server setups.
For more information on Inbound and Outbound ports, please see the Ops and Admin Appendix document ‘Inbound and Outbound Ports’.
Inbound Firewall Ports to Open
80 and 8080 – WebAdmin and Profile Manager (optional)
Webcheck uses these two ports for WebAdmin access. If you are using the Client Filter, you will also use these ports to access the Profile Manager. However, you can firewall these ports if you are only accessing the WebAdmin interface internally. All filtered customers must be able to load the deny page on these ports.
Deny pages are also loaded from the WebAdmin. It is very important that ports 80 and 8080 are accessible to all filtered workstations.
3431 and 3432 – Client Filter
If you are using the Client Filter with roaming users, you will need to open both ports.
The Client Filter uses port 3431 for Windows Username filtering (RUS Mode), while the Profile Manager uses port 3432 for Client Filter management.
60104 – Secure Shell
Open this port if you want remote support from Webcheck. We use this port for SSH support instead of the usual port 22.
Outbound Firewall Ports to Open
25, possibly others
You can configure Webcheck to send emails from the WebAdmin and/or the Reporter server. For email sending, the Webcheck server must have access to the mail server as configured in the product. Generally, TCP port 25 is used for sending email via SMTP. Open this port only to the mail server. If you did not configure a mail server, you must open the SMTP outgoing port to all remote systems.
You must open the DNS port to allow the Webcheck to resolve domain names.
80 and 443 – update.Webcheck.com
Your Webcheck server will use ports 80 and 443 to access update.Webcheck.com to download updates to the product, categorization templates, lists, and other functions.
Note The IP address of this update server may change at any time. Depending on your security policy, please implement proper firewall rules.
3436 – cns.Webcheck.com
Your Webcheck server will use port 3436 to communicate in real-time with the Categorization Name Service, an array of CNS servers that resolve from cns.Webcheck.com and related servers, depending on geographical location.