Traffic Inspector is a comprehensive gateway solution for network security and access control that is designed for small and medium-sized businesses.
Traffic Inspector enables you to accomplish the majority of tasks when connecting a home or office network to the Internet. Traffic Inspector has an extensive set of features: a secure firewall to protect against network threats, web access rules for blocking unwanted Internet resources, antivirus for scanning web and email traffic, SMTP gateway for filtering spam, a billing system, bandwidth limiter and traffic prioritization, extensive logging and reporting facilities, multiple ISP support and connection failover, advanced routing features and more.
Traffic Inspector is best described as:
Comprehensive
Traffic Inspector is an all-in-one gateway solution for network security, web access control and detailed traffic analysis and reporting.
Simple
Traffic Inspector is easy to install, configure and administer and does not require extensive knowledge of networking and computers.
Secure
The product’s extensive range of network security features protects against the majority of modern Internet threats.
Flexible
Traffic Inspector gives you the tools to enforce flexible access control policies with highly customizable subsystems.
Effective
By blocking social media sites, entertainment sites, online games, music and video content, Traffic Inspector reduces wasted time and improves employee productivity.
System Requirements
Supported OS: Windows 7 x86, Windows 7 x64, Windows 8 x86, Windows 8 x64, Windows 8.1 x86, Windows 8.1 x64, Windows 2008 R2 x64, Windows 2012, Windows 2012 R2
Intel(R) Core(TM)2 Duo 6300 1.86GHz processor
4 GB free hard disk space.
Monitor and video adapter with 1024x768 resolution
Internet connection
Feature |
GFI WebMonitor |
Kerio Control |
Traffic Inspector |
Operation modes |
Proxy |
Proxy
NAT |
Gateway mode (NAT/Proxy)
Single interface mode (Proxy) |
NAT |
Not supported (Proxy only) |
Custom NAT implementation |
Windows NAT |
Advanced routing |
Unsupported |
Supported |
Supported |
Connection failover |
Unsupported |
Supported (two connections only) |
Supported |
Web filtering |
Supported |
Supported |
Supported |
Firewall |
Unsupported |
Supported |
Supported |
Bandwidth management |
Supported |
Supported |
Supported |
Traffic prioritization |
Unsupported |
Supported |
Supported |
Flood Mitigation |
Unsupported |
Unsupported |
Supported |
Accounting for terminal server users |
Unsupported |
Unsupported |
Supported |
Spam filtering |
Unsupported |
Unsupported |
Supported |
Active Directory integration |
Supported |
Supported |
Supported |
External database integration |
MS SQL |
StaR embedded database |
SQLite PostgreSQL MySQL MS SQL |
Integrated gateway antivirus |
Supported |
Supported |
Supported |
Billing system |
Unsupported |
Unsupported |
Supported |
Reports and logs |
Supported |
Supported |
Supported |
TI Agent is a small program that authenticates users to the Traffic Inspector server, displays current user account balances and TI notifications. It also allows users to customize their Internet experience by setting up individual filtering levels and caching modes. TI Agent offers quick access to a personal web page where users can view their network statistics.
Traffic Inspector’s functionality can be extended using a plug-in collection maintained by Smart-Soft’s development team. There are five supported plug-ins: DDNS Updater, RAS Dialer, Kaspersky Gate Antivirus, Phishing Blocker and WOT Plug-in.
The DDNS plug-in automatically updates Dynamic DNS service records with the current gateway IP address. The RAS Dialer plug-in provides a dialer service for dial-up and VPN connections. The Kaspersky Gate Anti-Virus plug-in provides malware inspection for traffic passing through the Web Proxy and SMTP Gateway. The WOT Plug-in and Phishing Blocker assist in blocking unsafe and phishing web sites by querying either the Web of Trust reputation service or Google Safe Browsing.
Traffic Inspector Anti-Virus powered by Kaspersky and Traffic Inspector Anti-Spam powered by Kaspersky are purchased and licensed separately from Traffic Inspector. All other plug-ins are available under the Traffic Inspector license.
A purchased license entitles you to one year of support and technical updates. Your program installation remains fully functional even after the entitlement expires, but you will have to renew the entitlement if you want to have continued access to new product updates and technical support.
There are two renewal options: standard renewal and late renewal. Standard renewal: a customer has up to 60 days after expiration to renew entitlement for a year by paying 30% of the price of the currently owned license. Late renewal: if more than 60 days have passed since expiration, a customer can renew entitlement for a year by paying 60% of the price of the currently owned license.
Version
A version is identified by a unique version number. Version numbers are assigned in increasing order.
Upgrade
Used exclusively to mean “License upgrade.” Upgrading the license allows you to add more user accounts to the program.
Update
Used exclusively to mean “Software update.” Each subsequent program version typically implements new features and has fixed bugs. Updating the product ensures that you are using the most stable and feature-rich version.
Expiration and renewal
A purchased Traffic Inspector license is permanent and never expires.A purchased license entitles you to one year of support and technical updates. The program installation remains fully functional even after the entitlement expires. You have to renew the entitlement if you want to have continued access to new product updates and technical support.
The license for the Traffic Inspector Anti-Virus powered by Kaspersky plug-in is separate from the Traffic Inspector license and it is time-limited. Anti-virus updates are disabled after the expiration. Malware inspection is not disabled. You have to extend the license if you want to have continued access to anti-virus updates.
The license for the Traffic Inspector Anti-Virus powered by Kaspersky plug-in is separate from the Traffic Inspector license.
The license for the Traffic Inspector Anti-Virus powered by Kaspersky plug-in is time-limited, and anti-virus updates are disabled after expiration. Malware inspection is not disabled. The license must be extended for continued access to anti-virus updates.
The number of users associated with a Traffic Inspector Anti-Virus powered by Kaspersky license determines the number of user accounts for which malware inspection can be enabled.
Immediately after installation, Traffic Program runs in demo mode. Demo mode only supports up to three user accounts and severely restricts program functionality.
A trial version of Traffic Inspector is fully functional but time-limited. After the 30-day trial period expires, the program will revert to demo mode.
The only difference between the trial version and the full version is that trial version is time-limited while full version is not.
There are two license types: a trial license and a purchased license.
With a trial license, you can evaluate a fully functional copy of the software for free for 30 days. This trial period may be extended in certain circumstances.
A purchased license is permanent and never expires. A purchased license comes with one year of support and product updates. Activation of a purchased license will remove any existing trial license.
Activation is used to validate the product license. The activation process requires an Internet connection to contact our activation server.
The license that you activate may be a trial license or a purchased license.
Activating a trial license allows you to try out a free, 30-day fully functional version of the program. To activate a trial license, please, select the Activate a trial license option in the Activation Wizard. You can request an extension when your trial license expires. To do that, select the Request a trial license extension
option in the Activation Wizard.
If you purchased a license, you can activate it by selecting the Activate a purchased license option in the Activation Wizard. When activating a purchased license, any existing trial activation will be removed.
The Traffic Inspector activation process involves binding. Binding is a process used by the software to derive the unique installation ID based on hardware serial numbers. It is a relatively low-level procedure that you can safely ignore most of the time.
The only situation when you need to worry about binding is when moving the program from one computer to another, or when changing hardware components. Both situations involve activation of new hardware (invalidating the previous installation ID). Please note that reverting to the old hardware is not allowed.
You can transfer your Traffic Inspector license to another machine. To do that, remove Traffic Inspector from the original server, then install and activate the program on a new server. Please note that the previous installation will be invalidated and reverting to the previously used hardware configuration is not allowed.
The procedure is slightly different depending on whether you are moving the program to a different computer or not.
If you move the program to a different computer:
Install Traffic Inspector on the new computer
Stop Traffic Inspector service
Copy the Config and Data folders from the old installation to the new installation folder
The Config folder contains program configuration files. Do not copy the Data
folder if you are not interested in retaining logs and statistics.
If you update Traffic Inspector on the same computer:
Uninstall the old version of Traffic Inspector
Install the new version of Traffic Inspector
You may still backup the necessary folders, but there is usually no need for that. The Config and Data folders are not deleted during uninstallation and will be picked up by the newly installed version of Traffic Inspector.
Malware inspection is provided by the Traffic Inspector Anti-Virus powered by Kaspersky plug-in. Malware inspection is only available for HTTP and SMTP traffic processed by TI web proxy or SMTP Gateway.
To configure malware inspection, follow these instructions. First, make sure that you activated the Traffic Inspector Anti-Virus powered by Kaspersky plug-in. The plug-in should be activated during program activation.
To access the plug-in settings, navigate to the Plug-ins
console tree node and then to the Traffic Inspector Anti-Virus powered by Kaspersky node.
Click the Anti-virus Update icon to run anti-virus update.
Click the Anti-virus Settings icon to configure the plug-in settings. On the Malware Inspection tab, select the traffic types that will be scanned. On the Scan Settings tab, select the number of scanning threads, whether or not you want infected data to be disinfected, compressed executable and archive scanning settings, and heuristic analysis settings. You can schedule automatic updates on the Updates tab. If there is an upstream HTTP proxy, configure proxy authentication settings via the general program settings.
Malware Inspection settings that are specific to Web Proxy and SMTP Gateway can be accessed via the Web Proxy Malware Inspection Settings
and SMTP Gateway Malware Inspection Settings icons.
When configuring Web Proxy malware settings, you can enable email notifications and the preferred delivery method. If you select the standard delivery method, content is delivered to a client only after it is fully downloaded and scanned by Traffic Inspector. If trickling is used, Traffic Inspector delivers and scans transferred files simultaneously. If a file is infected, delivery is blocked by holding back the last portion of the file.
When configuring SMTP Gateway malware settings, you can enable email notifications and specify settings for tagging emails containing objects that cannot be scanned.
The final configuration step involves specifying users and groups that will have their traffic inspected by the KAV plug-in. To selectively enable malware inspection, right-click on the desired user or group and choose the Attributes menu item. Change the value of the Traffic Inspector Anti-Virus powered by Kaspersky attribute to "No"/"Yes" or 0/1 as needed.
If malware inspection is enabled for a group that contains, say, 50 users and only 30 antivirus licenses are available, then malware inspection will be only enabled for the first 30 users of that group.
Every time you launch the Administration Console, the program warns you of any unresolved configuration issues. If you have not configured backup, there will be a warning informing you that backup is not configured. Expand the disclosure widget and click on the Configure a backup task icon.
Another way to access backup settings is by navigating to the Maintenance console tree node and then clicking on the Backup link.
On the General tab, select the Enable backup checkbox to enable backup. The backup task may be run manually or scheduled for a specific time. To schedule a backup task, click on the Schedule
button and set the appropriate time settings.
On the Backup Settings tab, select the destination for saving backup data. Choose a backup method: select the Back up without resizing files radio button or the Backup data for a specified period radio button. Choose whether you want to backup the proxy cache index file. Select whether you want new files to be created for each backup or whether backup files will be overwritten.
On the Custom Backup tab, specify the retention period for backup data. A custom retention period may be specified for specific database files.
The Connection Failover feature prevents downtime and connection loss by ensuring that Traffic Inspector fails over to one of the backup connections if the primary connection becomes unavailable.
Follow these steps to configure Connection Failover:
Make sure that you use RRAS-based NAT and there are two or more external interfaces available. There must be a default route for each external interface. Default routes must have different metrics.
Launch the Configuration Wizard, navigate to the Connection Failover tab and select the Enable connection failover check box. Navigate to the Connection Failover console tree node (subnode of the External Networks node) and go to the properties window. Configure Connection Failover settings:
specify probing interval (i.e. interval between route availability checks)
specify IP address of the probe host (if the probe host is reachable, the connection is OK)
specify response time (if ICMP round-trip time is less than specified response time, the connection is OK)
enable connection availability logging, if required
select interfaces for which the connection failover functionality will be enabled
select one primary interface and backup interfaces
Connection Failover is currently only supported for Ethernet interfaces.
Flood mitigation is a unique feature that allows users to be blocked when they generate excessive network traffic. Such behavior usually indicates that the machine is infected with a virus that replicates itself by using the network, or that a user is unfairly monopolizing the available bandwidth (by running a BitTorrent client, for example). Once the connections threshold is reached, the user is automatically blocked and prevented from further saturating the Internet connection.
Flood mitigation requires that network statistics collection be enabled. Flood mitigation and network statistics collection may be configured for a particular user/group or all users:
User account --> Properties --> Network Statistics tab (for a particular user)
Group account --> Properties --> Network Statistics tab (for a particular group)
User Management console tree node --> Properties --> Network Statistics tab (for all users)
Flood mitigation configuration involves two steps:
1. Set the Collect network statistics checkbox to enable network statistics collection.
Specify sync interval (20 minutes by default). Sync interval determines how often synchronization to a database takes place and also the period of time before the Flood mitigation connection counter is reset.
2. Set the Enable Flood Mitigation checkbox and specify the block threshold limit and block interval.
Sync interval and block threshold values may have to be empirically adjusted to avoid false positives.
Follow these steps to make a user exempt from firewall and traffic rules restrictions:
Locate the user account and go to its properties window.
On the Traffic Policy tab, select the Disable network filters and firewall for this user checkbox.
As a result, traffic rules and internal firewall rules will not be applied to the selected user. This option allows administrators to retain remote access to the TI server in case the firewall is not properly configured, but it can also be used to make a user exempt from all traffic restrictions.
There is a good video tutorial tutorial on this topic available on our website.
Traffic Inspector offers various authentication options: IP/MAC/VLAN ID-based authentication and BASIC / NTLM authentication. From the user perspective, the following methods are available:
TI Agent-based authentication
Windows-based computers can authenticate via TI Agent, a small program that authenticates users to Traffic Inspector server and displays current user account balances and TI notifications. TI Agent currently only supports Microsoft Windows and can be downloaded from the integrated Web Portal.
Web Agent
Computers running non-Windows operating systems (Linux, Mac OS, etc.), tablet computers and smartphones can authenticate via Web Agent, a TI Agent that runs directly in your web browser. Authentication is lost if the Web Agent window is closed. Using Web Agent also requires that pop-up blocking be turned off.
Proxy authentication
Users that access the Internet via Traffic Inspector web proxy can use proxy authentication.
Single Sign-On Authentication
The single sign on allows end users to log into a Windows client machine on a domain, then access the Internet via the Traffic Inspector web proxy without signing on again. This functionality is only available when the Traffic Inspector server is joined to an Active Directory domain.
Consult your network administrator for information about alternative authentication methods.
You have to know what Windows service provides NAT functionality before you publish a service. On Windows, NAT can be provided by Windows Firewall/Internet Connection Sharing (ICS) or Routing and Remote Access service. Service publishing configuration may involve slightly different steps depending on the Windows service that provides NAT functionality.
There are two way to publish a service. The first one requires more manual steps: you create a rule in ICS or RRAS, create an external firewall rule in Traffic Inspector, and check that the target LAN computer is authenticated to Traffic Inspector. The other way is more convenient: you run the Service Publishing Wizard, which guides you through the necessary steps to publish a service.
Please check if one of the following issues is preventing successful installation.
The user lacks sufficient administrator privileges to install new software on the computer
The user lacks sufficient permissions to access the installation directory.
Internet connection is not available during installation
Traffic Inspector prerequisites are not installed (.NET Framework, Microsoft Visual C++ Redistributable Package)
A pirated version of Window OS is being used
Third-party antivirus software is interfering with Traffic Inspector’s installation
The activation process involves contacting our activation server, so Internet connectivity is required. If there is an upstream HTTP proxy, configure proxy authentication settings via the general program settings.
If you encounter the "Invalid ID or PIN" error, make sure that you entered your ID and PIN correctly.
If you encounter the "Socket error 11004 - Valid name, no data record of requested type" error, check your DNS server settings.
If you encounter the "Activation limit reached" error, contact our tech support team at support@smart-soft.ru to reset the activation limit.
If you encounter "The activation server responded, but program activation failed" error, check your server’s time and date settings and restart the Traffic Inspector service. Computer clock synchronization may be required. It is recommended that you synchronize your computer clock with an Internet time server (even if the computer is a member of a domain).
If you have anti-virus software is installed on the computer, make sure that the anti-virus is not preventing Traffic Inspector from accessing and modifying files in the installation directory. This can be achieved by excluding the Traffic Inspector installation directory from virus scanning in your anti-virus software settings.
If the Traffic Inspector service was not properly uninstalled, uninstall it by calling:
sc.exe delete trafinspsrv
If the Traffic Inspector network driver was not properly uninstalled, try removing it manually following these steps:
1. Open Network Connections
2. Click one of the local area connections used by Traffic Inspector and go to its properties window.
3. On the General tab, in This connection uses the following items, click the Traffic Inspector network driver and then click Uninstall.
4. In the Uninstall
dialog box, click Yes.
Uninstalling the Traffic Inspector network driver removes it from all network connections.
If the above methods do not help, try using a third-party uninstaller.
Please contact our sales team at sales@smart-soft.ru. Describe the problem and provide your purchase information.
By default, Traffic Inspector blocks access to external networks (i.e. Internet) when TI service is not running. This option is used to prevent uncontrolled traffic consumption. To change this behavior, follow these steps: Go to the Start Page of the Traffic Inspector snap-in andclick on the Program Settings icon. On the Network Driver tab, deselect the Block external networks when TI service is not running checkbox.
Please check if one of the following issues is preventing a connection.
If you encounter the "No connection to server" error, make sure that the Traffic Inspector server is started and Traffic Inspector server firewall settings are correct.
If you encounter the "Unable to find server" error, make sure that the Traffic Inspector server IP address is specified correctly.
If you encounter the "Socket error 11004 - Valid name, no data record of requested type" error, check your computer’s DNS server settings.
If you encounter the "Wrong username or password" error, make sure your username and password are specified correctly.
If you encounter the "Wrong authentication type" error, verify that the authentication method is specified correctly.
If you encounter the "Synchronization error" error, check your computer time and date settings. Computer clock synchronization may be required. It is recommended that you synchronize your computer clock with an Internet time server (even if the computer is a member of a domain). Alternatively, you can disable the time synchronization check: navigate to the User Management console tree node, go to the properties window, click the TI Agent tab and deselect the Enable time sync check checkbox. Please note that disabling this option weakens the security of the authentication mechanism.
Problems with report generation can be caused by one of the following issues: anti-virus software, improper configuration of Traffic Inspector or traffic rules.
If you have anti-virus software installed on your computer, make sure that the anti-virus is not preventing Traffic Inspector from accessing and modifying files in the installation directory. This can be achieved by excluding the Traffic Inspector installation directory from virus scanning in your anti-virus software settings.
Verify that network statistics collection is enabled for a particular user/group or all users as required:
User account --> Properties --> Network Statistics tab (for a particular user)
Group account --> Properties --> Network Statistics tab (for a particular group)
User Management console tree node --> Properties --> Network Statistics tab (for all users)
Check if there are traffic rules in the Allow Rule for All
category. Packets that match these rules are excluded from network statistics.
Please note that by default collected data is written to a database every 20 minutes, so it does not appear in reports immediately.
Follow these instructions to enable terminal server users to authenticate to the Traffic Inspector server:
Navigate to the Authentication Rules console tree node. Launch the New Authentication Rule Wizard. The wizard will guide you through the steps necessary to create a new authentication rule. On the Source IP tab specify the IP address of your terminal server. If the terminal server and the Traffic Inspector server run on the same machine, specify the loopback address (i.e. 127.0.0.1). On the Terminal Server tab select the Terminal Server checkbox.
These settings enable traffic accounting for terminal server users. Multiple terminal server users will be able to authenticate from the same IP address (terminal server). Terminal users will only be able to access the Internet by authenticating each web proxy session.