Author Archives: WFilter

WFilter NG firewall added support of Facebook Wi-Fi.

Facebook Wi-Fi lets customers check in to participating businesses on Facebook for free Wi-Fi access. When people check in to your Page, you can share offers and other announcements with them. Official Facebook Wi-Fi guide can be found at here.

A recent update of WFilter NG firewall added support of “Facebook Wi-Fi”. Together with “wechat WiFi”, WFilter provides a solution for social network marketing of your business.

This post demonstrates the steps to enable “Facebook Wi-Fi”.

1. Add a local user for facebook checkin.

fb_user

2. Enable “Facebook Wi-Fi” in “Web Auth”->”Thirdparty Auth”.

fb_wifi1

3. Click “Register Facebook Page” to associate WFilter with your business facebook page.

fbsetup

4. Now client devices will be redirected to the login page.

On visits to http webpage, clients will be redirected.

fb_wifi2

5. Click “check in“  to continue web browsing.

fb_checkin

 

A more detailed guide can be found at here: Webauth of WFilter NG Firewall.

 

How to monitor employee emails usage in business networks?

An email client receives emails via POP/IMAP protocols, sends emails via SMTP protocol. In today, SSL encryption is widely used for email clients. There are two kinds of SSL encryption: “SSL Connection” and “STARTTLS”.

WFilter Enterprise is an internet content monitoring and filtering software program, which can monitor a whole network from one pc, without the need to install any client agent.

 

With WFilter, you can monitor employee emails usage of  plain SMTP/POP/IMAP.

1. Click “Emails” number in “Online Users”.

howto_viewMail_today01

2. You will see a list of sent/received emails.

howto_viewMail_today02

Click the “Subject” link will be able to check the email content.

3.  Query email history in “Query History Logs”.

howto_viewMail_history01

Please note that “WFilter Enterprise” can only monitor plain pop3/smtp/imap emails. To monitor SSL emails, you need to check SSL Email Inspection feature of “WFilter NG Firewall“.

 

How to upgrade WFilter NG Firewall?

“Auto update” feature of WFilter NG firewall can upgrade “protocol pattern database” and “url category database” automatically. By default,  WFilter NG firewall has “auto update” enabled.

However, “auto update” can not perform fireware upgrade. When a new version comes out, you need to manually perform the system fireware upgrade.

This guide demonstrates the steps to perform a fireware upgrade of WFilter NG firewall.

1. Make a backup of current settings.

Please note that upgrade may fail on power supply issue, disk issue… So at first, please export current settings to a backup file in “Config”->”Backup”. In case when you’re unlucky, you don’t need to re-configure the whole system.

2. Click “Check Update now”.

checkupdate2

3. Found a new version, then click “Upgrade”.

checkupdate3

4. Downloading the new firmware.
checkupdate4

5. Confirm the upgrade.
checkupdate5

 

At lease one reboot is required during the upgrading.  All settings and data will persist after the upgrading.

 

WFilter added “Email Notification” in the ISP module.

The ISP module of “WFilter NG firewall” designed for ISPs to manage users and bandwidth plans.

Beside “user web portal”, a recent update of “WFilter NG Firewall” added “Email Notification” feature. So users can get email notification of their bandwidth usage.

isp_emai_notification

As shown in the above diagram, you can set different email alert frequency for “valid users” and “cap exceeded users”, with different email contents.

This feature will be helpful for ISPs who prefer use email alert rather web portal.

WFilter email monitoring solutions for business networks.

Many users asked about email monitoring and recording features of WFilter. Actually, WFilter, including “WFilter Enterprise” and “WFilter NG firewall”, all are able to record SMTP, POP3, IMAP and web-based emails on network. However, there are some limitations of this feature.

This post will discuss WFilter’s email monitoring features and solutions.

1. Monitoring of email clients

An email client receives emails via POP/IMAP protocols, sends emails via SMTP protocol. In today, SSL encryption is widely used for email clients. There are two kinds of SSL encryption: “SSL Connection” and “STARTTLS”. With WFilter, you can:

  • Monitoring emails via plain SMTP/POP/IMAP.
  • Email attachments can also be recorded.

For SMTP/POP/IMAP over SSL, you have two solutions:

Solution 1: block SSL email connections to force email clients using plain email protocols.

block_ssl_mail_en

When blocking is applied, email clients need to be re-configured to disable SSL encryption.

block_ssl_mail_en2

Solution 2: Enable “SSL Email Inspection” with “WFilter NG Firewall”.

This feature can intercept SSL connections and record SSL emails. However, “STARTTLS” still can not be recorded, even “SSL Email Inspection” is enabled. Please check: SSL Email Inspection

2. Monitoring of Web Emails

Web email means receiving and sending emails within a web browser. Please note that web emails received can not be recorded, while http outgoing emails can be recorded by WFilter. Please note:

  1. Outgoing http web emails can be recorded.
  2. Https web emails can not be recorded.
  3. Not all http attachments can be recorded. It depends on the uploading protocol.
  4. For http web emails not recorded, you may contact us for a web email format upgrade.

 

Optimize bandwidth of your network with WFilter NG Firewall.

Sometimes you will come to the following solutions when your internet bandwidth is insufficient:

  1. Use more than one broadband connection.
  2. Block applications which consume much bandwidth. For example, you might use “WFilter Enterprise passby internet content filter windows software” to block downloading and online streaming.
  3. Limit the real-time bandwidth rate for clients. This can be done in your router of firewall.

However, these solutions have disadvantages:

  1. Without access control, using multiple broadband connections can not bring better experience. It because downloading and streaming can easily consume most of your bandwidth.
  2. “Application blocking” can save your bandwidth. However, users experience are impacted. Users will complain about no streaming or downloading.
  3. Rate limiting does not optimize your bandwidth. Users will still complain about slow internet speed.

WFilter NG Firewall brings total solutions for bandwidth optimization.

1. Powerful access control policy

With “Access Policy” modules, you can block p2p downloading, online streaming, streaming websites. Please check: Access Policy

2. Multi-WAN load balancing and routing

In case you have multiple broadband connections, WFilter NG Firewall’s “Multi-WAN” module can help you to:

  • Load balancing on multiple broadband connections.
  • Setup routing policies. For example, a). business servers are routed to a dedicated connection, b). video sites are routed to another connection.

For more details, please check: Muti-WAN

3. Bandwidth priority

With the “Priority” module, traffic with higher priority goes first. For example, you can set business servers traffic to the highest priority. So even the network is extremly busy, servers bandwidth won’t be influenced.

When installed, there are default rules: email > web > p2p and streaming. You also can customize your own rules.

For more details, please check: bandwidth priority

4. Bandwidth shaper

This module is for you to set bandwidth rate for clients. You can set the rate to ip ranges, user group or department.

Each group have a “maximum bandwidth rate” and “minimum bandwidth rate”. The minimum rate ensures the clients to have this bandwidth rate even the line is busy.

For more details, please check: bandwidth shaper
Try WFilter NG Firewall now: WFilter NG Firewall

How to setup WFilter NG Firewall to work with a three layer switch in a multiple VLANs network?

In this article, I’m going to walk you through setting up a two-VLAN network with a Layer 3 switch(Cisco 3550). I am also going to setup WFilter NG Firewall as the gateway to routing for this VLANs.

Network Topology

threelayer_vlan

As in the above network topology diagram:

  1. There are two VLANs in the Cisco 3550 swith( Vlan2 – 192.168.2.0/24, and VLAN3 – 192.168.3.0/24).
  2. WFilter NG Firewall is in subnet 192.168.1.0/24.
  3. The uplink port of Cisco 3550 has IP address 192.168.1.5.

Configuring the Cisco switch

Commands to setup the Cisco 3550 switch:

Setup port VLAN

Switch#configure terminal

Switch(config)#interface fa0/12

Switch(config-if)#switchport mode trunk

Switch(config-if)#switchport access vlan 2

Switch(config-if)#end

Setup VLAN IP and subnet

Switch#configure terminal

Switch(config)#interface vlan 2

Switch(config-if)#ip address 192.168.2.1 255.255.255.0

Switch(config-if)#end

Setup the uplink port

Switch#configure terminal

Switch(config)#interface fa0/1

Switch(config-if)#no switchport

Switch(config-if)#ip address 192.168.1.5 255.255.255.0

Enable IP Routing

Switch#configure terminal

Switch(config)#ip routing

Switch(config)#end

Configuring WFilter NG Firewall

For WFilter NG Firewall to route VLANs traffic, you need to add VLAN subnets in “Routing” of WFilter NG Firewall.

threelayer_vlan_ros2_en threelayer_vlan_ros1_en

Done.

How to detect and fix ip conflicts in your network?

IP conflict in local network is annoying. When it happens, it will cause intermittently connections, and it’s difficult for an IT administrator to locate the conflicted devices.

With WFilter, you can do much more.

First, you can block the conflicted IP address with a message. So the client might fix this issue by himself. As shown in below figure, you can send a message “Your ip address conflicts with our server, please correct it ASAP”. This message will show up when browsing http sites.
ipconflict_en
Also, you can run the “Network Health Checker” extension, which can test ip conflicts in your network. Please check the below screenshots:
ipconflict_en2
ipconflict_en3

Now you may talk to the person with “HuaWei” mobile to fix this issue.

Extension home page: “Network Health Checker”

Wiki page: Check network health of availability, IP conflict, ARP spoof and broadcast storm

How to detect ip conflicted devices in your network with WFilter?

IP conflict in local network can be annoying. When ip conflicts happens, it will cause connection issues. And it’s rather difficult for an IT administrator to locate the conflicted devices.

With WFilter, life is easier.

First, you can block the conflicted devices with a message. As shown in below figure, you can send a message “Your ip address conflicts with our server, please correct it ASAP”. This message will show up when browsing http sites. So the client can fix this issue by himself.

ipconflict_en

Second, you can run the “Network Health Checker” extension, which can test ip conflicts in your network. The screenshots:

ipconflict_en2
ipconflict_en3

Conflicted devices will be detected, with its mac address and manufacturer.

In this example, now you may talk to the person with “HuaWei” mobile to correct the conflict issue.

Extension home page: “Network Health Checker”

Wiki page: Check network health of availability, IP conflict, ARP spoof and broadcast storm

The ISP module of WFilter NG Firewall, a total solution for ISP management.

For ISP network management, you will need:

  1. User authentication.
  2. Monitor and filter of internet activities.
  3. Bandwidth shaper.
  4. Accounting and statistics.

Usually, you will need several systems to achieve this goal. Today, WFilter NG Firewall, a linux based next generation firewall provides a total solution for ISP network management, with below features:

  1. Two types of authentication: “Web Auth” and “PPPoE Auth”.
  2. An “Internet Usage” module to record web surfing, downloading activities.
  3. Rich internet access control policies: web filter, application control, ip-mac binding …
  4. Bandwidth policies of realtime rate limit and monthly bandwidth cap limit.
  5. Bandwidth optimize solutions.
  6. Internet usage and bandwidth statistics.
  7. A web push feature to push statistics, web page and advertise.

All these features can be configured in the “WFilter ISP module“.

Some screenshots:

Policies

User settings

User Portal

More details can be found at here: WFilter NG Firewall ISP Module