Acceptable Use Policy

alt With the Acceptable Use Policy screen, you can create a WiFi hotspot for your patrons. Now, anyone that enters your library with their laptops will be required to read and agree to your Internet policies before getting online access.

A WiFi Authentication and Control Solution

Patronus delivers this built-in splash page feature to save you time, aggravation, and money. With the Acceptable Use Policy screen you can easily create a WiFi authentication and control solution for your patrons without having to purchase, install, configure and maintain additional third party software. And, that’s not all. You no longer need to purchase or maintain any additional hardware. This is another example of how Patronus was developed as a robust, yet flexible, Internet filtering solution.

Learn More About the Acceptable Use Policy Screen

Find out how to maintain control and create a WiFi hotspot with the Acceptable Use Policy screen in Patronus. Fill out a contact form or call us today at 1-888-922-2726.

Private Patron Network

Every Patronus appliance now includes Patron Connect that provides an additional Ethernet Interface for simply and inexpensively creating a separate, secure private patron network. With this built-in feature, Patronus enables a library to create patron WiFi  “guest network” access. This completely separates library patron WiFi traffic from staff computers on different networks—without purchasing an additional Internet connection, router, and firewall.

A Patron Connect private patron network protects your library’s computers and network by preventing a patron using a laptop or wireless device from introducing a virus to your internal network. One simple connection can save you lots of money and time, while drastically reducing the risks of compromising your equipment.

Build Two Separate Library WiFi Networks

When it comes to security, separate is supreme. Patron Connect can also be used to quickly build two library WiFi networks, separating patron from staff computers.

And, that’s not all.  If your library needs to serve its own web pages or provide other Internet content to your community, Patron Connect can be used to create a third DMZ separate from your internal Blue LAN.

Library Internet Filtering Technology

Easy to Use, Scalable Internet Filtering for Libraries

alt Patronus is a reliable, robust, and scalable Internet filtering solution for libraries. Its flexible library Internet filtering technology enables it to fit into almost any infrastructure with minimal maintenance. To meet these needs, Patronus offers the following technological features and benefits:

  • Simple, Web-based administration.
  • Easy integration into a wide variety of existing TCP/IP networks and client operating systems, including Windows, Mac OS, and Linux.
  • Server-side solution with no proprietary client software.
  • Configurations can be applied to individual computers and/or groups of computers.
  • Works with any form of Internet access.
  • Automatic software and content updates and back-up every night.
  • Includes necessary network infrastructure components optimized for libraries including Internet gateway router, Internet filter, firewall and Web cache system.

For details about Patronus' library Internet filtering technology, print our informational piece, Patronus Technology @ a Glance (254kb pdf).

Library IP Multicast Support

IP Multicast Support

alt Streaming of video, audio or other multimedia content from the Internet to multiple computers simultaneously can consume massive amounts of bandwidth. Patronus now supports PIM and IGMP multicasting. This enables it to receive a single video and then broadcast it to many computers on a network, thus saving huge amounts of bandwidth. However, multicasting requires support from your Internet Service Provider, and can only be enabled and configured by contacting BASCOM support.


  • Every night, Patronus performs automatic, remote backup of all configuration files-including firewall rules, profiles, and network settings-and stores this data securely at BASCOM's Network Operation Center. This relieves a library's technology staff of doing daily tape backups.
  • For disaster recovery, a phone call to BASCOM's Technical Support staff is all that is needed to remotely restore Patronus using a private, inter-server, communication channel. A simple interface is used to restore a library's backed-up data and Internet access. For hardware failures with notification to BASCOM by 12:00 noon Eastern Time, Monday through Friday, our three (3)-year Express Exchange Warranty guarantees delivery of a new Patronus appliance server the following business morning. (Notifications after 12:00 noon Eastern Time cannot guarantee delivery of a new appliance the following day.)

Cache YouTube Videos and More

Integrated Web Caching

alt Cache YouTube videos and other HTTP traffic with Patronus's integrated Web Caching. This speeds up Internet access by storing frequently used Web objects on the server.

Web caching is the ability for a server or computer to 'cache' or save Web pages and their individual elements onto its internal storage. When a Web surfer calls for the page, parameters determine whether it's more efficient to ask for the page from the original Web server over the Internet (takes more time) or directly from Patronus (saves time). In addition, a rudimentary check is performed to assure that the locally cached information is still valid. Since pages are served locally whenever appropriate, libraries can get better performance out of less expensive connection scenarios, saving bandwidth and access costs.

Learn How to Cache YouTube Videos and More with Patronus

BASCOM's Patronus library Web filter gives librarians the tools they need to set the appropriate amount of Internet access for their patrons. To learn more, read about its flexible filter management, Access Zones, Kids Zone Portal and technology. To schedule your personal demo, fill out a contact form or call us today at 1-888-922-2726.


Flexible Setup

Flexible Setup

alt Patronus is available in a variety of setup options for ease of installation and to meet your networking requirements. This flexibility includes the following configurations: Internet (2 or 3 Ethernet), Internet Gateway (PPPoE), Proxy Only, Transparent Bridge (with or without firewall) and URL Filter Server.

Internet Gateway (2 Ethernet)

  • This model of Patronus includes a LAN firewall, Web caching, filtering, the Kids Zone, and the Virtual Administrator. It is compatible with many forms of Internet access, including ISDN, DSL, Cable, and T1 and works with an external router.

Internet Gateway (3 Ethernet)

  • This model of Patronus requires the installation of a third network card. Depending on the system, this third network card may be pre-installed and provides a separate physical network. This network can be used as a DMZ for the protection of public servers such as a Web or an e-mail server, or it can be used as a separate internal network. For both networks (depending upon the setup), this Patronus includes the LAN firewall, filtering, Web caching, the Kids Zone and the Virtual Administrator. It is compatible with many forms of Internet Access, including ISDN, DSL, T1 and works with an external router.

Internet Gateway (PPPoE)

  • Point-to-Point Protocol over Ethernet (PPPoE) is used by some DSL-based ISPs to establish communications. If using a DSL line, check with the ISP to see if they use PPPoE. If they do use PPPoE, it must be enabled. Remember to remove any existing PPPoE routers on the network and plug the system directly into the DSL modem. This model of Patronus includes a LAN firewall, filtering, Web caching, the Kids Zone, and the Virtual Administrator.

Proxy Only

  • In this configuration, the system is not in the direct path of network traffic. It sits adjacent to a router. The Web browser on each of the workstations needs to be configured with a proxy setting so that all Web requests are directed to the system. The DNS setting on each of the workstations also needs to be pointed towards the IP address of the system to properly resolve the system interface addresses. The system then performs filtering and Web caching. This model of Patronus also includes the Kids Zone and the Virtual Administrator.

Transparent Bridge

  • In this configuration, Patronus is in the direct path of network traffic. All traffic flows through it, but only Web and DNS requests are intercepted. The system performs Web caching and filtering. This model of Patronus also includes the Kids Zone and the Virtual Administrator.

Transparent Bridge with Firewall

  • In this configuration, Patronus is in the direct path of network traffic. All traffic flows through it. The system acts as a Web cache, filter and firewall. This model of Patronus also includes the Kids Zone and the Virtual Administrator.

URL Filter Server

  • Use this selection if a Cisco product (that supports the URL-filter command) is on the network and Patronus will be used for filtering only. In this configuration, the system is not in the direct path of network traffic. Instead, it is adjacent to the Cisco product and is used for filtering Web requests. This model of Patronus also includes the Kids Zone and the Virtual Administrator.

Acceptable Use Policy (AUP) Splash Screen

  • This feature allows a library to create a WiFi hotspot for a portion of their network. For patrons using their own laptops your library may wish to institute an Acceptable Use Policy (AUP) which requires agreement of your Internet guidelines in order to access the Internet. The screen can also be used to alert patrons of any vital information. For flexibility in administration, specific computers and/or IP ranges of computers can be excluded from receiving the AUP screen.

Logging and Reporting

alt Patronus makes it easy for an Administrator or Technology Director to study how the Internet is used throughout the library by offering a variety of reports for analyzing Internet use. The library network logging and reporting feature also automatically archives log files for easier auditing and logs all access requests for a firewall rule from either inside or outside of a network.

The Patronus Logging and Reporting Tool Gives You Access To The Following Reports:

  • Workstation Reports for analyzing Internet use for a workstation
  • Profile Reports for locating a profile by specific criteria
  • Profile Reports show usage for profiles by Users or Access Zone
  • Firewall Traffic Reports
  • Access Reports for analyzing Internet use by specific requests
  • User Reports for finding individuals that are misusing the Internet
  • Reporting-LDAP-based Directory Services
  • Patronus is now able to integrate with LDAP-based directory services—such as Novell eDirectory or Microsoft Active Directory—to add User Names to reports.


alt Patronus's flexible authentication options accommodate most network architectures. Mix and match the methods offered to work within many environments—all without reworking administrative philosophies.


  • The simplest configuration permits access control assignments by a client's IP address. This allows access policies to be set across a large number of client computers.


  • Patronus can be configured to require a login before permitting access. This login is directly tied to a profile, allowing a roving user to apply their Internet access settings to any computer on a network.

Directory Services Logging and Reporting

  • LDAP can also be used for access logging and reporting. Rather than "opaque" reporting of usage by IP address, utilizing the directory services feature permits reporting with more useful, descriptive names. Doing this requires no configuration or administration of directory services during installation; the login facility conveys a user's information automatically to Patronus's logging and reporting subsystem. Established components of a network's design are leveraged intuitively, without forcing the administration of access control into an "all or nothing" approach.

Directory Services Integration (Novell, Microsoft Active Directory)

  • Access can be authenticated and controlled by utilizing the client's LDAP attributes. When a user logs into their computer, their identifying information is associated with the access control defined within Patronus's administrator interface. Access can be controlled by user or workstation name, or by the associated group or organizational unit.

Integrated Library Firewall

alt BASCOM's Patronus  includes an integrated stateful library firewall, providing robust network security that is managed through a simple Web interface. This deep-packet inspection affirmative firewall filters both inbound and outbound traffic. All traffic into and out of the network must be allowed by the System Administrator.

Patronus actively logs blocked attempts against the firewall. For added library Internet security, the firewall also actively monitors, blocks, and logs invalid login attempts.

Patronus Offers Robust Library Internet Security Features

Predefined Rules

  • For ease of network deployment, BASCOM has provided numerous predefined firewall rules, allowing firewall settings to be defined with just a few clicks and keystrokes. Many common applications, such as Web servers, VNC, FTP, and H.323, are made available in the Predefined dropdown of the Add Firewall Rule page. With a single selection, the required rules for an entire application are added to a firewall.

VPN Pass-Through

  • Within these predefined rules, BASCOM has defined VPN pass-through rules. This enables VPN connectivity without knowing the nuances of each port and protocol that's required to properly deploy it. Our VPN pass-through rules encompass popular VPN protocols, including IPSec, PPTP, and L2TP.

Port Forwarding

  • Patronus's firewall allows the definition of specific port forwards for applications that are not predefined.

Network Address Translation (IP Translation/Outbound)

  • Patronus's firewall supports network address translation (NAT), further providing security and control over a network's resources.

Temporary Rules

  • Firewall rules can be enabled and disabled on demand, eliminating the need to constantly redefine infrequently-used rules.

Locked Down by Default

  • Patronus's firewall is completely locked down by default, restricting all communication in or out of your network.

Deep, Stateful Packet Inspection

  • Patronus employs a stateful packet inspection (or SPI) firewall which actively tracks all inbound and outbound communication. This implementation minimizes administration and security headaches. An initial connection is examined, and if allowed, is continually tracked by the firewall. In addition, Patronus deploys application-level filters at the packet level—utilizing deep packet inspection to dynamically detect and configure the firewall in response to the examined traffic.

Peer-to-Peer Detection and Blocking

alt Your network and its bandwidth are protected by the peer-to-peer detection, blocking and monitoring capabilities of Patronus.

Peer-to-Peer Blocking

  • Protects a network and its bandwidth by restricting clients from running many distributed peer-to-peer file sharing and browsing programs. This allows the enforcement of your Internet Use Policies. It effectively detects most protocols, including: bittorrent, gnutella, edonkey, fasttrack, neonet, ares, and torpark.
  • Our protocol blocking monitors all traffic flowing from your network to the Internet. By examining the data, Patronus detects suspicious traffic from clients on your network.

Peer-to-Peer Monitoring

  • Patronus's peer-to-peer control monitors and logs activity, quietly logging access, but not blocking the access of violating clients. This provides the freedom of not restricting clients, while still maintaining the ability to administer network utilization.


  • TorPark (now referred to as XeroBank) uses a modified version of FireFox, which routes its traffic through a worldwide distributed network of "onion" servers. These servers make Web requests on behalf of the TorPark browser—therefore not only distributing Web access, but also anonymizing the access in the process. This circumvents most front-line, Web content control. Incorporating TorPark control into Patronus's suite of detectable peer-to-peer protocols effectively fixes the security and policy issues that these browsing proxies and anonymizers introduce.
Copyright © 2015 BASCOM Global Internet Services, Inc. BASCOM, BASCOM Global Internet Services, Inc., Anywhere Filter, Anywhere Filter Cloud, Frontera, Patronus, and My Communitas are trademarks or registered trademarks of BASCOM Global Internet Services, Inc. All other products are trademarks or registered trademarks of their respective companies. Certain uses protected under U.S. Pat. No. 5,987,606. All rights reserved.