Chapter 1: Overview

	Clavister NetEye On-Premises Getting Started Guide	Next

	Note: This document is also available in other formats
A PDF version of this document along with all current and older documentation in PDF format can be found at https://my.clavister.com. It is also available as a single HTML page.

Note: This document is also available in other formats

A PDF version of this document along with all current and older documentation in PDF format can be found at https://my.clavister.com.

It is also available as a single HTML page.

The Clavister On-Premises NetEye product provides the ability for local client HTTP and HTTPS Internet traffic to be scanned for viruses by a local NetEye installation. NetEye uses SSL inspection to be able to perform scanning on client HTTPS traffic. Should a virus be detected by NetEye, the malicious file is dropped and a predefined HTML block page is sent to the client. The diagram below illustrates how On-Premises NetEye functions.

Figure 1.1. On-Premises NetEye Traffic Processing

The NetEye box in the above diagram represents a computing platform that is separate from the Clavister firewall that is protecting the clients. The platform can be either a dedicated On-Premises NetEye hardware device supplied by Clavister or the NetEye software running in an on-premises virtual environment such as VMware or KVM.

On-Premises NetEye is Managed By Clavister

On-Premises NetEye is not managed by the end-customer. Instead, it is managed remotely by Clavister over the Internet via a dedicated NetEye management interface. Only Clavister is able to connect via this interface and its IP address is predefined and cannot be changed.

The NetEye management interface also connects to the Internet via the firewall in the above diagram (although the management connection is not shown). The administrator makes changes to the On-Premises NetEye installation using the MyClavister website interface, in the same way that the NetEye Cloud service is administered.

This means that administrator needs only physically connect NetEye to the firewall and then correctly configure cOS Core on the firewall. The configuration of cOS Core will allow the following:

Sending of client HTTP/HTTPS traffic through NetEye instead of directly to the Internet.
Allow traffic to flow between NetEye and the Internet.
Allow NetEye management traffic to flow between NetEye and the Internet.
Allow NetEye log messages to flow to an instance of Clavister InCenter (either the Clavister cloud service or an on-premises installation of InCenter).

The initial NetEye setup steps are detailed in Chapter 2, NetEye Setup. The cOS Core configuration steps for a connecting Clavister firewall are described in Chapter 3, cOS Core Setup.

NetEye is Transparent to Non-HTTP/HTTPS Traffic

The purpose of NetEye is to scan HTTP and HTTPS traffic. However, non-HTTP/HTTPS traffic can also be sent, NetEye will be transparent to such traffic and it will pass to and from the Internet without any scanning being performed.

Whitelisting Potentially Unreachable Websites

Depending on the type of client being used (browser or mobile app), the SSL inspection used by NetEye may make some sites inaccessible. This may be because a site uses certificate pinning. The solution is not to send such traffic through NetEye and to route it straight to the Internet. This can usually be achieved by whitelisting FQDNs that are known to potentially be inaccessible when using SSL inspection. Setting up whitelisting is discussed in Chapter 4, Whitelisting.