Difference between WFilter ICF and WFilter NG firewall.

Some users get confused about “WFilter ICF”(WFilter Enterprise) and “WFilter NG firewall”, so in this topic I would like to discuss the difference about these two products.

Though they are all named as “WFilter xxx”,  ”WFilter ICF” is a pass-by web filtering software for windows pc, while “WFilter NG firewall” is a linux-based firewall system which shall be installed in a dedicated x86 pc.

WFilter NG Firewall

  • 1. A total solution for bandwidth optimize, access control, VPN.(UTM and NG firewall)
  • 2. Deployment: gateway, bridge.
  • 3. Installation: x86 PC or virtual machine
  • 4. License: 30-day free trial

WFilter Internet Content Filter(ICF)

  • 1. Pass-by monitoring windows software solution.
  • 2. Recommend deployment: pass-by
  • 3. Installation: shall be installed in a windows PC.
  • 4. License: 30-day free trial

How to choose?

The first, you need to confirm your requirement. If you only need “internet access control”, both “WFilter ICF” and “WFilter NG firewall” can satisfy you. If you also need “bandwidth shaper” or VPN features, you need to choose “WFilter NG Firewall”.

The second, you need to choose the prefered deployment. In case you don’t want to change current network topology or add a new network device, you need to choose “WFilter ICF” which can be deployed with your current topology unchanged. If you agree to replace your current router/firewall, or add a transparent network bridge, please choose “WFilter NG firewall”.

The third, please be aware that WFilter ICF is a windows software program, which can be installed instantly. While WFilter NG firewall is an operation system, you need a dedicated PC and burn a CD or usb stick to install it.

Understanding the bandwidth shaper feature of WFilter NG Firewall

In a recent update of WFilter NG firewall, we have re-designed the “bandwidth shaper” feature. Now “bandwidth shaper” becomes easier to be understood and configured.

Let’s take a look.

The shaper rules list:

Ros ipcontrol 001.png

Bandwidth shaper policy:

Ipcontrol set en.png

In each policy, you need to define total UP and DOWNLOAD bandwidth for this rule. If this rule is applied to multiple clients, all the clients share the defined TOTAL bandwidth. Please note: “ the minimum bandwidth defines the static allocated bandwidth, while the maximum bandwidth is dynamic allocated.”

All clients applied by this rule have fair bandwidth sharing. You may also enable “client maximum rate” if you want to limit bandwidth rate for each IP.

In “ISP” module, the “Rate Limit” policy has the same settings as “bandwidth shaper”, as described in above.

isp_ratelimit01

Youtube videos about WFilter

Below is a list of videos about WFilter in youtube.

How to monitor network traffic and bandwidth usage?

How to monitor internet activities in lan network?

How to monitor internet bandwidth usage on network?

How to block and filter websites in network using software?

How to track internet usage of network clients?

How to block porn websites in network?

How to block youtube videos in network?

How to scan DHCP Server with WFilter?

How to scan network devices with WFilter free?

How to block torrent downloading with WFilter Free?

How to block facebook on network with WFilter free?

WFilter integrates with active directory — solution of content filtering with domain users.

Filtering by IP address and MAC address is enough for most networks. However, in networks with dynamic IP addresses or BYOD networks, you may not identify clients by IP or MAC. In this case, AD integration is a widely adopted solution for internet content filtering.

Both “WFilter Enterprise” and “WFilter NG Firewall” provides “AD integration” solution, which enables you to do reporting, monitoring and filtering with domain users.

1. AD Integration in “WFilter Enterprise”.

More details can be found at: Active directory Integration of WFilter Enterprise

2. WFilter NG Firewall

With WFilter NG Firewall, not only you can do “AD integration”,  you also can add “Local accounts” for monitoring, filtering and VPN access.

Faq en adconf001.png

Faq en adconf003.png

Please check: WFilter NG Firewall Active directory Integration Solutions

How to block torrent in lan with WFilter NG Firewall?

Torrent downloading can consume most of your bandwidth. It’s rather annoying for IT administrators.

With WFilter NG Firewall, you can detect torrent traffic, block torrent downloading and get bandwidth report of torrent traffic.

In this post, I will demonstrate the steps to block torrent in LAN network with WFilter NG Firewall. Please note that WFilter block torrent by protocol matching. So once you block bittorrent in WFilter, all other torrent clients, including bittorrent, utorrent, qtorrent will all be blocked.

1. New a blocking policy in “App Control”.block_torrent1

 

2. Name it “block torrent”, set “bittorrent” to “deny”.block_torrent2

block_torrent3

 

3. Torrent clients being blocked.

utorrent_4

block_torrent04[1][2]

after.

 

Please note that all WFilter products can block torrent in Lan network. You may check other topics:

How to block utorrent downloading with WFilter 4.1?

How to block torrent downloading with WFilter free?

How to block BitTorrent traffic in your network?

Monitor clients bandwidth in network with WFilter Enterprise.

In a previous blog How to monitor internet bandwidth usage in lan network?, I introduced features and steps to monitor lan bandwidth with WFilter NG Firewall.

We have another windows software program named “WFilter Enterprise”, which also can monitor clients bandwidth in pass-by deployment. The WFilter pc do not need to be a gateway or network bridge, it can do internet monitoring and filtering through a mirroring port in your switch or router(passby deployment). With pass-by deployment, you don’t need to change network topology or add new hardware to deploy an internet content filter.

In this guide, I will demonstrate the bandwidth monitoring features of WFilter Enterprise 4.1.

1. Realtime bandwidth shows clients list and real-time bandwidth rate.bandwidth01

2. Click bandwidth to get live connections of a client.

You also can terminate connections by clicking the red icon.

bandwidth02

3. Bandwidth Report by protocols

The reports have pie, bar, line and data formats. You can do report by username, data, protocol name and protocol category.

bandwidth03

4. Bandwidth Alert

Send an alert email when bandwidth threshold is reached.

bandwidth04

How to monitor internet bandwidth usage in lan network?

Internet bandwidth is always not enough if clients in your network have unrestricted internet access. Torrent, downloading, online videos can eaisly consume most of your bandwidth.

As an IT administrator, to protect your internet bandwidth from being abused, you need to have full control of your network.

WFilter provides a total solution to monitor and manage internet bandwidth usage in lan network, with below features:

1. Monitoring live connections bandwidth

In “real-time bandwidth”, you can get a list of client devices, including IPs, MAC addresses, operator system and bandwidth rate. You also can get live connections of client devices.

monitorbandwidth01
monitorbandwidth02

2.  Bandwidth shaper and priority optimize

monitorbandwidth03

 

A complete guide of bandwidth optimization can be found at here: WFilter NG Firewall bandwidth optimization solutions

3. Bandwidth usage reports

monitorbandwidth04

monitorbandwidth05

WFilter NG firewall needs to be deployed as  gateway or network bridge of your network. If you prefer pass-by bandwidth monitoring solutions, please check: WFilter Enterprise.

A youtube video of internet bandwidth monitoring of WFilter Enterprise can be found at: How to monitor internet bandwidth usage on network?

 

How to add clients to penalty box in WFilter NG firewall?

WFilter NG firewall has a built-in group “punish group”. With this punish group, you can add clients to the penalty box for a period of time.

Please note, “punish group” is a virutal group, you also can add your own virtual group, eg: “expired users” or “trial users”…

1. Add a client into the punish group.

In realtime bandwidth, by click “kill” icon in “connections”, you can add a client into the punish group for a period of time. Your own virtual group will also appears here.

2. Clients in the punish group.

punishgroup01

3. Remove a client from the penalty box

To remove a client from the penalty box, you can wait for punish timeout, or click “reset default” in “unblock and reset”.

punishgroup02

4. Set “access policy” and “bandwidth” policy for the punish group.

In “Access Policy” and “Bandwidth”, you can set policy for the punish group. For example, set “bandwidth shaper” for “punish group” to have only 20kb download rate limit.

 

How to fix “size limit exceeded” issue of “AD Intergration” in WFilter?

 

adsizelimit1

To get it working, you need to use the “ntdsutil” tool to modify “MaxPageSize”. The below screenshot demonstrates the steps to set “MaxPageSize” to 5000. No reboot is required. The new setting is applied after “commit changes”.

A more detailed step can be found at: https://support.microsoft.com/en-us/kb/315071

adsizelimit2

After enlarge the “maxpagesize”, WFilter is able to sync AD users.

adsizelimit3

Wifi network monitoring solutions of WFilter NGF

Nowadays, most business networks provide WiFi service. However, WiFi makes it more difficult for IT administrator, because:

  1. There are much more devices in network.
  2. Various operation system(IOS, Andriod, Windows).
  3. Most wifi clients have dynamic ip addresses.
  4. Can not distinguish pc and mobile phone.
  5. Can not identify mobile users.

WFilter can help you to override these issues, and get your WiFi network manageable.

1. Identity Client Operation System

In “realtime bandwidth”, “online users” of WFilter, you can get a clients list, with IP, MAC, OS…

wifi1

wifi2

2. Various Authentication Solutions

    1. IP-MAC Binding, only bound ip-mac pairs have internet access. Please check:  IP-MAC Binding
    2. Web Authentication, only authenticated users have internet access. Please check:  Web Auth

3. Blocking, filtering and recording

You can set internet access policy by IP addresses, MAC addresses and usernames. In a DHCP network, you can set policy based on MAC addresses, so changing of IP has no influence.

In the recording feature of WFilter, you also can track internet usage( web activities, email activies) of Wi-Fi clients. Even mobile phone brand and model can be detected.

WFilter NGF also have a powerful report&statistics system to get detailed web/bandwidth reports.

ngf_report01

5. ISP Management.

The ISP management module of WFilter integrates user authentication, bandwidth rate limit, accounting, and notification features. With this ISP module, you can get your ISP business running without the need of other products. For details, please check: ISP management in WFilter NGF.

6. Extentions.

WFilter extentions also help for WiFi network mangement. For example:

  1. Network clients scan extension: scan the list of network clients.
  2. Nat discover: discover clients who are sharing their internet.plugin_nat_02_en