Install / uninstall
Impossible to launch the administration console of SurfPass (Windows error or
"Cannot open the database")
Check that the framework .Net v4.7 is installed on the administration
computer. If it is not the case, you can install it from Windows Update /
Optional updates, or from the links given at the download page, or from the
SurfPass cd-rom. The framework .Net v4.7 is already build-in in Windows 10 and
The filtering lists are not downloaded
- The framework .Net v4.7 must be installed on the server computer (see previous §).
- The DNS client of the server computer is not properly configured.
How to reinstall / update SurfPass
- It is possible to mix versions of which only the last digit changes (for
example 8.0.1 and 8.0.2) on the same network. In other cases it is necessary
to install the same version everywhere, starting with the server.
- Always begin an update by uninstalling the previous version by the
normal procedure of Windows without deleting the files manually. After restarting the system, simply install the
new version. SurfPass detects when a previous configuration is already
present and proposes to recover it, thus preserving the full data and
settings in the new installation. In case of server switching, you must uninstall
SurfPass on the old server, copy the directory c:\Program Files\Cogilab from the
old to the new server and then install SurfPass to the new server, and
accept the existing parameters recovery.
Error "SurfPass is already installed on this computer" during re-install
Uninstall the previous version and reboot the computer before installing / re-installing.
SPConfig does not appear automatically when installing or error when writing parameters
This is a security level issue and necessary rights of the Windows administrator, the elevation of privileges needed to install and uninstall SurfPass didn't happen.
The language of SurfPass is not the expected one
There is only one version of SurfPass. If SurfPass is installed on a French version of Windows, it will run in French, in
all other cases SurfPass will run in English.
Using Firebird SQL with a different port than the default port (3050)
If Firebird should be used with another port than the default port (e.g. 3052
instead of 3050), you must change the port number in the SurfPass configuration
account on the server, button "Database". You also must change the line :
RemoteServicePort = 3050 in the file c:\Program
File\Cogilab\SurfPass8\Firebird\firebird.conf on the server and the
How to enter in the administrator mode the first time?
From the Windows desktop : Start -> All programs -> Cogilab ->SurfPass8 ->
SPAdmin, enter "admin" in the login field and "cogilab" in the password field.
When changed settings are taken into account?
The changes of parameters are taken into account after validation of the form
by the green button "Validate" in the upper right, and in the forthcoming
opening of a SurfPass user session.
What are the differences between user profile and computer profile?
The computer profile is used when SurfPass is in idle mode, the user profile
is used starting from the beginning of a SurfPass user session. Only one is active at the same
Identification of users with the captive portal
SurfPass offers two types of user identification.
- In automatic mode (default installation) SurfPass uses the name or IP address of the computer. The SurfPass session begins when you first access the network.
- The captive portal method requires users to enter their name and password in the browser to start a SurfPass session. The tab "Computers profiles" / "generic" / "General" contains the settings for the mode identification. If the "identification Winlogon" option is checked, identification is automatic, otherwise the captive portal is called. The computer profile "Generic" is set to automatic, the computer profile "Portal" is set through the captive portal. The captive portal can not be called directly, but trying to open an external site to which the user is redirected after the identification. This site should be a HTTP site and not an HTTPS site.
If the browser home page is Google, the address of that page should have the following value in the browser settings: http://www.google.com. After authentication in the captive portal, there will be an automatic redirection to the HTTPS version of the site.
Network cards of the gateway does not appear when creating a route
The card must be connected to another node or to a switch in order to be recognized by Windows and appear in SurfPass.
How to change the administrator's password? (and others)
Enter in administrator mode, "Users" tab. Select the user
account, then over-write the previous password with a new one. The previous
password cannot be read, but only replaced by a new one.
- Filtering level too high / too low: the level of the content filtering can
be modified in each user profile, "Filtering" tab. It is
recommended to fit the level to the age of users, for example 8-10 for children,
4-7 for teenagers, 1-3 for adults. It is also possible to completely bypass the
filtering by moving some users in the user group "Unlimited - Not filtered".
- Blacklist: tab "Global" / "Filtering lists" / "Lists editing". For blocking
sites like YouTube or Dailymotion, simply disable the audio-video or filehosting
list. Facebook is in the blog list, Myspace is in the
audio-video and filehosting lists. It is advisable to not display the blocking
with rules using the audio-video and filehosting lists, otherwise any valid web
page containing for example a video will display a blocking popup.
To enable/disable a list, just select it on the left,
then check the option "List deactivated" on the right and finally validate with
the green button "Apply" in the upper right. The disabled lists appear on a gray
background to the left. The change will take effect after the reopening of a
- Difference between domain and URL filtering: Domain is dedicated to a
whole domain, for instance cogilab.com. URL means only one Web page such as cogilab.com/index.htm.
- Domain name : the name may or may not be starting with www. It is
recommended to enter domain.com instead of www.domain.com, such as cogilab.com.
- How to prevent downloads: SurfPass filters by TCP/IP port. You can block the
corresponding port, 21 for FTP. To prevent files downloading, you can add
filtering rules like this: full site, denied, with address such as *.mp3,
or *.zip, *.exe.
- Filtering by TCP/UDP ports:
For applications like chat or instant messaging, it is possible to block at the same time the port
and the application. Many ports are predefined in the list, but it is also
possible to enter directly the port number.
- If you wish to authorize a site blocked by a black list, you have to add an
authorization rule for this site with a priority of medium or above in the
"Filtering" tab in the corresponding user profile. The same for
authorizing a site blocked by the content analysis.
- It is advisable that schools enable SafeSearch in SurfPass.
- To completely prohibit the access to certain hours, you just have to add
corresponding prohibition time slots . It is not necessary to add ranges
when the access is not completely prohibited; it is the behavior by default.
- Crossing midnight: If a time slot starts before midnight and finishes
afterwards, it should be broken up into two. A first range finishes at 23h59
and the following one starts at 00h00.
- The time slots can also be used to change a user profile, for example, have a different filtering depending on the time of day.
Unable to connect to the captive portal
- Check that the firewall of the LAN NIC enables the ports used by the captive portal (by default 8081 or 44300).
- The site called to get the captive portal must be an HTTP site and not an HTTPS site.
No filtering and empty log
Check if the evaluation period has expired. If this is the case and there is no serial number, the routing function is still operational but not filtering or logging.
Empty or incomplete log in transparent proxy mode
One possible cause may be the existence of at least one other routing node in parallel with the SurfPass gateway. In this case, the Internet access works fine, but log and filtering are incomplete. To work properly, the SurfPass gateway must be the only routing node between the main network (WAN) and subnets to filter (LAN).
A device (VoIP, Skype ...) does not work
Check that the Internet is in automatic identification for this device and does not pass through the captive portal.
The filtering doesn't work
- Are you sure to test with the right user profile?
- If you use a black list, did you push the "Import" button after the
selection of the black list file?
- See § Configuration / Filtering.
The speed of Web browsing seems slower
SurfPass makes frequent calls to the DNS (Domain Name Service) for auditing
tasks. The DNS provided by ISPs is sometimes a bit slow, which causes a feeling
of slowing down. If so, it is recommended to use an alternative DNS
such as 22.214.171.124.
The access to Internet is authorized permanently without a SurfPass user connected to
See § configuration / filtering. Maybe the filtering in the computer profile is not correctly configured.
The log file remains very large even after the deletion
The file c:\Program Files\Cogilab\SurfPass8\Data\splog.fdb on the server
contains the log of SurfPass. When you delete part or all historical data, often
the size of the file does not change immediately. The reason is that the released pages are
marked as deleted but are not physically removed from the data base for
performance optimization. The only
way to force a quick compaction is to make a backup and a restore it with the GBAK utility,
as indicated in the user manual chapter "Maintenance".
Where to find the user's manual pdf?
The user manual is located in the folder c:\program files\cogilab\SurfPass8\doc.