Author Archives: WFilter

How to block google mail (gmail) access of network computers?

Sometimes you might want to block google mail(gmail) access in your network. This tutorial will guide to block gmail with WFilter.

Google mail( gmail ) supports vary kinds of access, including:

Web access via HTTPs protocol.
SMTP over SSL for sending emails.
POP over SSL for receiving emails.
IMAP over SSL for receiving emails.

So for complete blocking of gmail, you need to enable blocking of certain email protocols, and also need to enable “HTTPS black list” to block gmail web access.

1. Block SMTP/POP/IMAP over SSL

Enable blocking of “SMTP over SSL”, “POP over SSL” and “IMAP over SSL” in certain blocking policy. These settings will block gmail access from email client programs.

2. Block gmail web access.

Enable “HTTPS black/white list”, and choose “New” to new a list.

Add “mail.google.com” into the new HTTPs black list.

New gmail web access is also blocked.

Please notice: if gmail web page is already open before enabing of HTTPs black list, the current https session can not be blocked until restarting of your browser.

More information, please check “WFilter Enterprise”.

Other related links:

How to block UDP ports in RRAS windows server 2003?
How to block internet downloading?
How to monitor internet usage on company network?
Internet monitoring software for business
How to filter web surfing?
How to block websites and restrict internet access?
How to block HTTPS websites on my network?

Does port mirroring influence my network speed?

Leave a reply

For pass-by monitoring and filtering, you need to setup a mirroring port in your switch. When port mirroring feature is enabled, the switch will replicate data from other ports onto a single port for monitoring purpose. Since the original packets will not be hold or delayed, port mirroring does not affect your network speed theoretically.

However, inproper port mirroring settings will cause heavy load in your switch and even cause packet loss.

So please consider the following points when configuring a mirroring port:

Do not mirror multiple ports to one port until necessary.
If it is required to mirror multiple ports, please make sure the total mirrored ports throughput will not exceeds the mirroring port throughput limit.
For WFilter, mirroring the internet port is enough. Usually, only the router/firewall port needs to be mirrored.
If your switch does not allow outgoing traffic on the mirroring port, or you’re using WFilter to filter internet access for more than 50 computers, it is recommended to use two network adapters: one is for monitoring only, another one is for filtering.

How to check whether port mirroring settings are correct?
How to check whether a switch supports port mirroring?
Why a port mirroring switch is required to monitor my network?

How to filter the internet access for business network?

Leave a reply

The internet has been turned to an invaluable tool in business. However, the availability of internet currently has given
an important risk factor to the employer liability and at the same time
consumes the employers 90% of hours in productivity.

Therefore internet access shall be filtered and restricted to keep the working productivity of your employees.

There have several ways to filter internet access:

1. Setup an network internet filtering program.
With a filtering program, you will be able to filter internet access of all computers in your network from ONE computer only.
There have a lot such products in the market. For example, WFilter
Enterprise, or Websense Enterprise are very helpful for you to filter internet access of network computers.

Passby internet filtering products usually require you to setup a mirroring port in a manageable switch. Setting up a mirroring port does no change to your network toplogly and it will not influence your network performance.

2. Setup ACL policy in your Router/Firewall/UTM. Firewall devices can
enable you to block websites/ports/ip addresses. So you also can setup
ACL rules in your firewall to block certain traffic. For more
information about UTM solution, please visit http://www.astaro.com

3. Filter websites from the dns server. You may try “opendns” solution.
Opendns solution is simple and easy to setup. However, with this
solution, there can only have one policy for your entire network.

WFilter 4.0 is coming.

Leave a reply

WFilter 4.0 version will be released soon after nearly two years development.

The new version made a lot improvement and optimization of current features. Also a series of new features are added, such as “WFilter Dashboard”, “Central Management of WFilter servers”, “WFilter Local Account”, “Multi-adapter Monitoring”, and several new alert types. Below is a brief introduction to these new features:

1. WFilter Dashboard

WFilter Dashboard allow you to check the monitoring status, log storage status, system warnings from a central dashboard.

2. WFilter Servers Management

This feature enables you to manage several WFilter servers from a central localtion.

3. Default IP Policy

The “Default IP Policy” feature enables you to set different policies to different ip ranges, when a new computer found it’s default ip policy will be applied.

4. Search of Network Computers

You can use the “Search Computers” feature to search computers in your network. It’s more convenient than the passive computer finding in the old version.

5. More Alert Types

More alert types are added: disk space alert, new computer alert, ip address changing alert…

6. More Powerful Account Monitoring

WFilter’s “account monitoring” feature can integrate WFilter with your active directory. So you can deploy monitoring based on user accounts. The new version added “WFilter local accounts” feature. When you don’t have an available active directory, you also can use “WFilter local account” feature to monitor/filter by user accounts.

6.1 Integrate Active Directory

6.2 WFilter local account

7. Multi-adapters Monitoring

WFilter 4.0 can support monitoring on multiple adapters to support complicated networkings.

How to track and restrict internet usage in your network?

Leave a reply

Internet can be a benefit to business when used properly, but internet is often abused by employees and poses significant liability and security risks:

1. Internet downloading and malicious websites are harmful to your network.
2. Online messengers, social networks websites are killing your productivity.
3. P2P programs and IPTV applications can easily consume most of your bandwidth.
4. Sharing of copyrighted popular music and movies is illegal in most jurisdictions.

Therefore, it is necessary for business administrators to track employees internet usage and restrict internet usage in company networks.

Below I list several aspects to track and filter internet activity on company networks.

1. Keep a record of internet activities.

To track internet usage, you can setup a mirroring port in your switch, and connect an internet monitoring product to this mirroring port to archive all internet activities.

Please check this blog article: How to monitor internet usage on company network?

2. Restrict websites access

1. Only work-related websites are allowed during work time.
2. Destructive websites like violence, adult, shall be blocked always.
3. Downloading websites shall be blocked to save bandwidth if you are suffering from slow internet speed.

For those companies who are very strict with websites browsing, you can implement a website whitelist, by which, only websites in the whitelist can be visited.

How to whitelist websites?

3. Block bandwidth consuming protocols

To keep your internet working smoothly, bandwidth consuming protocols like p2p downloading, online streaming shall be blocked during working hours.

Please check:

1. How to monitor internet bandwidth?
2. How to block p2p traffic in your network?

How to deploy internet monitoring and filtering in RRAS windows gateway?

Leave a reply

Routing and Remote Access is a network service in Microsoft Windows Server 2008, Windows Server 2003, and Windows 2000 Server that can provides Network address translator (NAT) for connecting a private network to the Internet. An example network topology is as below:

Since all internet traffic goes through the RRAS server, it’s very simple for you to monitor and filter internet activities: “just install WFilter in this server.”

The RRAS server has two adapters: the internal NIC and external NIC, you shall be able to see two adapters in the “monitoring adapter settings” of “System Settings”->”Monitoring Settings”.

We recommend you to choose the internal NIC as the monitoring and blocking adapter, because you will be able to monitor, block and report on individual network computers.

However, if you choose the external NIC as the monitoring and blocking adapter, WFilter will treat the whole network as one computer, because the RRAS server will translate all subnet ip addresses to its public ip address.

We have noticed that some users prefer to monitor on the internal NIC to save license number, because you only need ONE 1-user license to monitor the public ip address. However, we recommend you not to do it, because this is not WFilter designed to work, and there might have an over-blocking issue for some p2p protocols.

More information, please check “WFilter Enterprise”.

Other related links:

How to block UDP ports in RRAS windows server 2003?

Leave a reply

As a pass-by filtering product, WFilter only can block TCP traffic. For complete blocking of p2p traffic, you’re required to block UDP ports 1024-65534 in your router or firewall. For more information about pass-by filtering, please check: difference between Pass-by filtering and Pass-through filtering.

Since some networks use a windows server with “Routing and Remote Access Service”(RRAS) as the gateway, you also can configure the “IP Filter” in RRAS to block UDP ports. In this tutorial, we will guide you to block all UDP ports except DNS(53) in windows server 2003.

1. Open “Routing and Remote Access” in “Control Panel”->”Administrative Tools”.

2. Choose the external adapter, Click “General”->”properties”.

3. Click “Inbound Filters”.

4. Add DNS port UDP 53 into the allow list

Click “New”->”Add IP Filter”, choose “Protocol” as “UDP”, “Sourceport” as “53″, “Destination port” as “0″(means all).

5. Add all TCP into the allow list

Click “New”->”Add IP Filter”, choose “Protocol” as “TCP”, “Sourceport” as “0″, “Destination port” as “0″.

6. Block others

Check “Drop all packets except those that meet the criteria below” to block other traffic.

By now, UDP ports are all blocked except UDP 53(DNS). And WFilter is now full functional to block p2p/IM/iptv traffic.

More information, please check “WFilter Enterprise”.

Other related links:

How to block internet downloading?
How to monitor internet usage on company network?
Internet monitoring software for business
How to filter web surfing?
How to block websites and restrict internet access?
How to block HTTPS websites on my network?

How to block porn websites from network computers?

Leave a reply

This turtorial will guide you to block porn websites in your network.

Three ways of WFilter to block porn websites:

1. Using website black list.

2. Using “Url keywords filtering” to block keywords in url.

3. Using the default url database of WFilter to block website by categories.

1. Using “website black list” to block porn websites

If you know the websites to be blocked, you can add them into a website black list to be blocked. For example:

2. Using “URL keywords filtering” to block porn sites

The “URL keywords filtering” will search the visited URL addresses for certain keywords. When certain keywords is found, it will be blocked.

For example, add “porn”, “sex” to “Sexual”, and block “Sexual” category in “URL Keywords Filtering”.

3. Using “Web access rules” to block porn sites

WFilter has a default url database which contains millions of common websites. You may enable “Web Access Rule” and block the “Sexual” category to block sexual websites in the default url database.

However, the url database can not cover all websites in internet. You may search a domain in “Category Settings”->”Category Search”. If the search result is “not found”, it means this domain is not in the default url database. You can add it to the default url database in “Categories List”->”Add websites to a catagory”.

4. Websites been blocked.

More information, please check “WFilter Enterprise”.

Other related links:

How to block internet downloading?
How to monitor internet usage on company networks?
Internet monitoring software for business
How to filter web surfing?
How to block websites and restrict internet access?
How to block HTTPS websites on my network?
How to setup ip-mac binding in WFilter?
How to block facebook at work of network computers?

How to identify computers in WFilter?

Leave a reply

WFilter can monitor and filter computers internet activities in your network. In WFilter, two monitoring modes are available: “by ip address” and “by MAC address”. In “by ip address” monitoring mode, WFilter identifies a computer based on its ip address, while it identifies a computer based on its MAC address in “by mac address” monitoring mode.

However, if computers ip addresses are not fixed in your network. You might have trouble to identify a computer to set its monitoring/blocking policy.

This tutorial will introduce you several solutions to identify computers in your network in WFilter.

1. Monitor and block by AD users

Since WFilter can be integrated with Microsoft active directory, you don’t need to face the trouble of identifying computers if you have an available AD.

With “account monitoring” enabled, you can set blocking policy based on AD users, despite which computers they are using.

Please check this document for more details about “account monitoring”: How to do monitoring based on user accounts?

2. Identify computers by MAC addresses

With “by mac address” monitoring mode, WFilter identifies a computer by its MAC address. MAC address is assigned by the manufacturer of a network interface card (NIC) and are stored in its hardware. It won’t change unless the NIC hardware is replaced.

When you set a recording policy or blocking policy to one computer in “user-computer table”, certain settings will be bound to its mac address. Even its ip address is changed, certain settings will not be lost.

However, “By MAC address” monitoring mode is only available for single-segment networks, because a computer’s mac address can not be retrieved when it’s located behind a router.

Therefore, in a single-segment network, “by mac addresses” will be a good choice if your ip addresses are dynamic.

3. Identify computers by IP addresses

If your network is multi-segments, you only can use “by ip address” monitoring mode. Therefore, we recommend you to make ip addresses static in a multi-segments network. If you want to leave the ip addresses as dynamic, the only solution left is “Monitor and block by AD users” as discussed above.

More information, please check “WFilter Enterprise”.

Other related links:

How to block internet
downloading?
How to monitor
internet usage on company networks?
Internet monitoring
software for business
How to
filter web surfing?
How to block
websites and restrict internet access?
How to block HTTPS
websites on my network?
How to setup ip-mac binding in WFilter?
How to block facebook at work of network computers?

How to block facebook at work of network computers?

Leave a reply

Facebook is a social utility that connects people with friends and others who work, study and live around them. However, employees might spend too much time on this website during working hours.

This tutorial will guide you to setup an internet policy to block facebook access at work with WFilter 3.3 version.

You can block facebook access at different levels: