In addition to the large list of changes, we wanted to expand on our new Web Protection look and feel for those that are after some clarification/change log there. In 9.2, UTM includes a new simplified interface for web filtering policies. While the style has changed considerably, the underlying functionality is mostly the same. All of your existing settings have been preserved; after you upgrade your system should behave in the exact same way. In previous releases, configuring multiple policies centered around the creation of Web Proxy Profiles. These consisted of Filter Actions, created on the Filter Actions tab, which were then assigned to users and groups through a Filter Assignment on the Filter Assignments tab, and then configured to apply to a network through a Proxy Profile on the Proxy Profiles tab. This process has been simplified. Now, each Filter Profile has a Policies tab where you can configure which users and groups are assigned to a Filter Action, as well as the ability to create and edit Filter Actions using a wizard. In previous releases, if you wanted to have user-based policies where different individual users had different Filter Actions, you could not do this in the default policy. In previous releases user-based policy was only possible by creating an additional Proxy Profile so as to have multiple Assignments. Starting with the 9.2 release the default profile now supports true user-based policies, which reduces the need for creating additional Profiles. Some Key Differences are below. Previously: the “Web Protection > Web Filtering” had tabs containing global options. These have moved to Web Protection--> Filtering Options. there was an Filter Assignment object that defined which users got which Filter Action. This has been renamed to "Policy" and is now presented in a table. the Default Profile had only a single Filter Assignment (called the default assignment). Now you can have many Policies within the default profile. there were Proxy Profiles and the Filter Assignments were chosen via check boxes. They have been renamed to Filter Profiles, and the Policies are managed in a table on a new tab. all proxy Profiles had a Fallback Action. This has been renamed to Base Policy, although the functionality is the same. The Base Policy contains the Filter Action that is used if no other policies match. You can also now set the Base Policy of the Default Profile. creation of Filter Actions was done on multiple tabs in the Default Profile and for other Profiles they had to be pre-created in a very tall, thin column. Filter Actions are now created and edited in a multi-tab dialog, and can be done while creating a Policy. a single Filter Assignment could be used in multiple Proxy Profiles. Now a Policy is specific to a single Filter Profile. Migration When you upgrade your UTM to version 9.2, all of your previous Web Protection configuration and settings are migrated and preserved. As the interface has changed considerably, things may not be where you expect them to be. Take note of the following things you will notice about you configuration once it has been migrated from 9.1 to 9.2: One of the first things you will see is that in any Filter Profile (including the default policy), is that in addition to one (or more) enabled policies there are several "disabled" ones. This can be initially confusing, however it has been migrated this way to preserve the same functionality and configuration as 9.1, and to make it easier for an administrator to update their configuration to take advantage of the new features in 9.2. In 9.1, when you edit a Proxy Profile, there was a list of Filter Assignments with check boxes that are either checked or unchecked. In 9.2 there is now a list of Policies that are either enabled or disabled. It is the same functionality, presented in a different way. Therefore if you look in Filter Profile and you see disabled Policies, these are the unchecked Filter Assignments from 9.1. The 9.1 Filter Assignments are global objects, but 9.2 Policies are specific to a Filter Profile. Therefore migration takes the Filter Assignment and copies it as a Policy in each Filter Profile. This means you can delete a Policy in one Profile and it does not affect other Profiles. Because most Profiles don’t care about the migrated disabled Policies you can safely delete them. This is also true in the default Filter Profile that is in the Web Filtering > Policies tab. In 9.1, the default Profile had a single default Filter Assignment (not really so obvious in the WebAdmin) called Default content filter profile assignment. In 9.2 it has been migrated to a Policy with the same name, and it will be enabled. You will also see many disabled Policies, which are the migrated Filter Assignments that used to only be available to additional Profiles. These migrated Policies can be deleted if not needed. The reason for migrating policies only to disable them and tell you they can be deleted is that you may wish to consolidate or move your settings. For example, in 9.1 you may have created an additional Proxy Profile so that you could have multiple Assignments (which was not possible in the default Profile). In 9.2 that restriction is removed and it is simpler to put everything in the default Profile. The migration has been done so that you only need to set your Profile’s networks correctly and enable the migrated policies. You can then delete the entire additional Filter Profile, simplifying your configuration. Another change that you may wish to make is the use of Base Policy. In previous releases all Proxy Profiles had a Fallback Action, and in 9.2 this has been migrated to a Base Policy. In the past, if an Administrator wanted to have everyone use the same Filter Action they often would create a Filter Assignment that includes all users. A simpler (but less obvious) method would be to just set the Fallback Action. In 9.2 the simpler method using a Base Policy is more straight forward. If you want all users in a migrated Profile to have the same Action, then set the Base Policy and delete all the migrated Policies (even the enabled one). The choice is yours – whether to delete (or ignore) the disabled policies and maintain your previous configuration unchanged, or to spend the time to simplify the configuration with the new features that 9.2 provides. Hope that provides some insight. Let us know what you think of the new Web Protection GUI! The good, the bad, and the ugly. Trust us, we can take it [:)]

UTM 9.2 Web Filter Policy Overview

In addition to the large list of changes, we wanted to expand on our new Web Protection look and feel for those that are after some clarification/change log there.

In 9.2, UTM includes a new simplified interface for web filtering policies. While the style has changed considerably, the underlying functionality is mostly the same. All of your existing settings have been preserved; after you upgrade your system should behave in the exact same way.
In previous releases, configuring multiple policies centered around the creation of Web Proxy Profiles. These consisted of Filter Actions, created on the Filter Actions tab, which were then assigned to users and groups through a Filter Assignment on the Filter Assignments tab, and then configured to apply to a network through a Proxy Profile on the Proxy Profiles tab.

This process has been simplified. Now, each Filter Profile has a Policies tab where you can configure which users and groups are assigned to a Filter Action, as well as the ability to create and edit Filter Actions using a wizard. In previous releases, if you wanted to have user-based policies where different individual users had different Filter Actions, you could not do this in the default policy. In previous releases user-based policy was only possible by creating an additional Proxy Profile so as to have multiple Assignments.

Starting with the 9.2 release the default profile now supports true user-based policies, which reduces the need for creating additional Profiles.
Some Key Differences are below.
Previously:

the “Web Protection > Web Filtering” had tabs containing global options. These have moved to Web Protection--> Filtering Options.
there was an Filter Assignment object that defined which users got which Filter Action. This has been renamed to "Policy" and is now presented in a table.
the Default Profile had only a single Filter Assignment (called the default assignment). Now you can have many Policies within the default profile.
there were Proxy Profiles and the Filter Assignments were chosen via check boxes. They have been renamed to Filter Profiles, and the Policies are managed in a table on a new tab.
all proxy Profiles had a Fallback Action. This has been renamed to Base Policy, although the functionality is the same. The Base Policy contains the Filter Action that is used if no other policies match. You can also now set the Base Policy of the Default Profile.
creation of Filter Actions was done on multiple tabs in the Default Profile and for other Profiles they had to be pre-created in a very tall, thin column. Filter Actions are now created and edited in a multi-tab dialog, and can be done while creating a Policy.
a single Filter Assignment could be used in multiple Proxy Profiles. Now a Policy is specific to a single Filter Profile.

Migration
When you upgrade your UTM to version 9.2, all of your previous Web Protection configuration and settings are migrated and preserved. As the interface has changed considerably, things may not be where you expect them to be. Take note of the following things you will notice about you configuration once it has been migrated from 9.1 to 9.2:

One of the first things you will see is that in any Filter Profile (including the default policy), is that in addition to one (or more) enabled policies there are several "disabled" ones. This can be initially confusing, however it has been migrated this way to preserve the same functionality and configuration as 9.1, and to make it easier for an administrator to update their configuration to take advantage of the new features in 9.2.
In 9.1, when you edit a Proxy Profile, there was a list of Filter Assignments with check boxes that are either checked or unchecked. In 9.2 there is now a list of Policies that are either enabled or disabled. It is the same functionality, presented in a different way. Therefore if you look in Filter Profile and you see disabled Policies, these are the unchecked Filter Assignments from 9.1.
The 9.1 Filter Assignments are global objects, but 9.2 Policies are specific to a Filter Profile. Therefore migration takes the Filter Assignment and copies it as a Policy in each Filter Profile. This means you can delete a Policy in one Profile and it does not affect other Profiles. Because most Profiles don’t care about the migrated disabled Policies you can safely delete them.
This is also true in the default Filter Profile that is in the Web Filtering > Policies tab. In 9.1, the default Profile had a single default Filter Assignment (not really so obvious in the WebAdmin) called Default content filter profile assignment. In 9.2 it has been migrated to a Policy with the same name, and it will be enabled. You will also see many disabled Policies, which are the migrated Filter Assignments that used to only be available to additional Profiles. These migrated Policies can be deleted if not needed.
The reason for migrating policies only to disable them and tell you they can be deleted is that you may wish to consolidate or move your settings. For example, in 9.1 you may have created an additional Proxy Profile so that you could have multiple Assignments (which was not possible in the default Profile). In 9.2 that restriction is removed and it is simpler to put everything in the default Profile. The migration has been done so that you only need to set your Profile’s networks correctly and enable the migrated policies. You can then delete the entire additional Filter Profile, simplifying your configuration.
Another change that you may wish to make is the use of Base Policy. In previous releases all Proxy Profiles had a Fallback Action, and in 9.2 this has been migrated to a Base Policy.
In the past, if an Administrator wanted to have everyone use the same Filter Action they often would create a Filter Assignment that includes all users. A simpler (but less obvious) method would be to just set the Fallback Action. In 9.2 the simpler method using a Base Policy is more straight forward. If you want all users in a migrated Profile to have the same Action, then set the Base Policy and delete all the migrated Policies (even the enabled one).

The choice is yours – whether to delete (or ignore) the disabled policies and maintain your previous configuration unchanged, or to spend the time to simplify the configuration with the new features that 9.2 provides.

Hope that provides some insight. Let us know what you think of the new Web Protection GUI! The good, the bad, and the ugly. Trust us, we can take it [:)]

Parents

0 AlanT_01 over 11 years ago

q2srw77, I think you're right that it could be simplified a bit further, like if the default policy was just shown in the list of web filter profiles, and "Web Filtering" was removed from the menu.

I wouldn't mind that at all, but I don't know if this would be easiest for new users to understand. The old UI tried to make basic setups really easy, and push the more complicated stuff off to the profiles section. The concept was fine, but the implementation was less effective.

The UI was much too different between the default and additional profiles, and was not very intuitive. Also, too many users couldn't do everything they needed with the "easy" side of the setup, and needed to figure out how to create profiles. Now, the UI is consistent in both sections, both are reasonably intuitive, and many fewer users will ever need to create profiles. I think the expectation is that the vast majority of users won't ever need to touch "Web Filtering Profiles" at all, and if that turns out to be true, then I think the current layout is right.

If it's still common that additional profiles are needed, then that's probably the feedback we need to hear.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 AlanT_01 over 11 years ago

q2srw77, I think you're right that it could be simplified a bit further, like if the default policy was just shown in the list of web filter profiles, and "Web Filtering" was removed from the menu.

I wouldn't mind that at all, but I don't know if this would be easiest for new users to understand. The old UI tried to make basic setups really easy, and push the more complicated stuff off to the profiles section. The concept was fine, but the implementation was less effective.

The UI was much too different between the default and additional profiles, and was not very intuitive. Also, too many users couldn't do everything they needed with the "easy" side of the setup, and needed to figure out how to create profiles. Now, the UI is consistent in both sections, both are reasonably intuitive, and many fewer users will ever need to create profiles. I think the expectation is that the vast majority of users won't ever need to touch "Web Filtering Profiles" at all, and if that turns out to be true, then I think the current layout is right.

If it's still common that additional profiles are needed, then that's probably the feedback we need to hear.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

No Data