SurfProtect Panel

SurfProtect: 

SurfProtect is our in-house content filtering solution. We have two variations of SurfProtect, Quantum and Evolution, both of which will sit under this section on the panel. 

When you select a SurfProtect service, you will see the page below: 

This page is split into 3 sections;

• Services filtered in this location - the connectivity services that are filtered

• Filtering profiles - Personalised profiles for users/groups, allowing you to allow/block websites

• Default Filtering Profile - This is created by default and will be used by everyone on site until personalised profiles are created.

Manage SSO data: 

This is where the integration with AD, Google or Azure/Entra would sit. You can view users, groups and what profiles are created for each of them. 

Profiles Overview: 

Here, you can view the policy overview for the current location and its child profiles in one go. You can turn on comparison mode which allows you to either: 

• Mouse over the location / profile names to see where the location / other profiles differ from the currently hovered one.
• Mouse over a policy component,the Allowed URLs, Banned categories, to see where the location / other profiles have different setting or no filtering.

Location settings: 

This setting allows you to change your location's description. This is helpful if you need to note some extra detail about your location that the location's name can't cover. This setting only applies to customers with multiple locations. 

If you have multiple locations but one you manage frequently, you can mark that location as your default. You will automatically be taken to your default location when navigating to the SurfProtect section of the panel. You can click "Manage Locations" in the page header to view all of your locations.

Cross-Site Roaming/PIN sign in 

This setting controls whether SurfProtect Evolution+ customers are able to use their SurfProtect filtering settings while roaming into your location. Please note that if you are an Evolution+ customer, this does not affect users in your own locations - this only affects their ability to roam to other customers' SurfProtect locations.

If enabled, Evolution+ users roaming into your location will be able to sign in to the SurfProtect captive portal with an account (such as an Entra ID user) associated with their "home" location and receive their original filtering settings instead of your location's settings. Logs for their web activity will be stored against both your location and their home location.

This setting enables and disables settings for allowing specific users to sign in to the SurfProtect Captive Portal with a unique 6-digit PIN. Once enabled, you can enable PIN sign-in for specific users via the SSO management tab. 

SurfProtect Settings:

On the left-hand side, there are subsections to help you self-support and to run reports on the connection. 

Global settings refer to configurations that impact the entire location. A location is an overarching grouping for filtering settings. Each location ideally represents a single physical location, such as a school, business, or specific site.

Under the global settings, you will see the following options: 

• Default location - This setting only applies to customers with multiple locations. When managing more than one location, the default one will be the one you access the most. 

• Manage locations - This is where you manage locations. For more info on how to manage locations, please visit ** add link  to locations guide* 

• List overview - This shows the created lists. 

• Reclassified URLs - These are any reclassified URLs that the location has done. E.G., bbc.co.uk is globally classified as Sport, but if a school wanted to change this to education, then it would display under there. 

The next section is the Help section. This will include things to get you started, so it will display the following: 

• Proxy settings with explanations on what each proxy does 

• The proxy port we use 

• The setup guide 

• The SurfProtect certificate 

The next section is the Audit Log: 

The audit log is essentially a log of all changes made, with a record of the date/time, who made it and what the change was. 

The next section is Analytics. This has 2 subsections: the current analytics and the new analytics. This is where we store all traffic logs, whether they were permitted or rejected. 

Website Analytics

The Website Analytics section displays historical data on all web activity filtered by SurfProtect.
You can view when a resource was accessed, who accessed it, whether it was allowed or blocked, and which filtering profile it matched to.

Activities/Searches Tab

Activities are the traffic passing through SurfProtect, which can be websites, applications or backend resources. This shows detailed log entries including:

• Username – Detected from AD Proxy or Captive Portal authentication.

• IP Address – Internal or external address used for the request.

• Status – Whether the request was permitted or rejected.

• URL – The resource that was accessed.

• Profile – The SurfProtect filtering profile matched.

• Decision Match / Item – Reason a request was blocked (category or search term).

You can filter and customise views to focus on specific times, IPs, or users.

Unique Activities groups together any duplicate traffic. For example, if bbc.co.uk was accessed five times, it will combine those accesses and log the total count.

Searches refer to what was entered into a search engine, while unique searches groups those search queries.

Analytics V2 (BETA)

This is a refreshed version of Website Analytics with a modern interface and improved responsiveness. It offers the same core data insights but may evolve as new features are tested.

This is split into 2 sections: Request Trends and Log Viewer. 

Request Trends: 

The Request Trends page provides low-level information about SurfProtect's filtering decisions and your organisation's web traffic. 

It is broken down into three core sections:

• Time selection controls and the timeline graph – which allow you to control what portion of a day's traffic you're analysing and shows you broad trends in request outcome over that period of time.
• Secondary graphs – which give you more information on how SurfProtect processed and filtered your requests by volume and time. This allows you to answer questions like “How many requests for weapons content happened today?” and “What times of day have the most adult category activity?”.
• Request logs – which display data on a per-request basis.

Each section of the page allows you to apply filters to and restrict the data presented in the section below it. For example, clicking a series (i.e. a bar on a bar chart) in a secondary graph will filter the request logs to requests that make up that series.

Secondary charts provide more information about the decisions SurfProtect made about these requests.

Secondary charts are divided into three tabs, each providing a narrower view of your data.

Log Viewer: 

The log viewer page allows you to granularly filter and view your SurfProtect filtering logs. By default, no filters are applied, and almost all of the requests originating from your filtered services are displayed. 

Diagnostic Tools: 

These are self-diagnostic tools ready for end users to help diagnose any SurfProtect issues. This section is split into 3 sections: 

• Domain Classification 
• Domain Doctor 
• Live Log Monitor 

Domain Classification

This allows you to view any classification any domain has. A domain is the human-readable web address used to access a website (e.g., google.com). 

Domain Doctor: 

The SurfProtect Domain Doctor is a diagnostic tool allowing a user to pass a URL to the SurfProtect service and see what filtering decision would be made and why that decision was reached.

From this tool, you get an overview of:

• Information that SurfProtect has globally stored about a URL. Classification, TLS decryption, and auth settings, etc.

• If the end user has set custom categories for the URL.

• A breakdown of the decision made by SurfProtect. 

Below this is also the resources section, which displays any affiliated URLs with that website. These could be subdomains or backend resources. 

Live Log: 

The Live log monitor is a debugging tool used by end users to help find issues with their current service.  

The live log monitor can show you where a request came from and where it went through SurfProtect. If it got rejected, and why, the URL and some information about the user.

This can be used to find who is trying to access blocked pages, as well as to debug what profiles are getting blocked for certain URLs, and why.