Category Archives: Uncategorized

Software to monitor and track emails of network clients.

Emails sent or received through a company email account are generally not considered private.  As an internet filtering and monitoring software program, WFilter is able to monitor and archieve network emails.

This guide will demonstrate you how to track and monitor emails of network clients with WFilter NG firewall. Please note that we’re talking about emails sent/received via email clients, not web-based emails. Email clients in computer/laptop/smart phones can all be monitored.

1. Plain text pop3/smtp/imap can be directly recorded.

When WFilter NG firewall is deployed, plain text text pop3/smtp/imap can be directly archieved.

Wfrecorder sermail en.jpg

Wfrecorder query1.png

Wfrecorder query3.png

2. “SSL Inspection” shall be enabled to monitor SSL protected emails.

ssl01

If email connections are “SSL enabled”, you need to enable “SSL Inspection” to decode and parse SSL protected emails.

ssl02

ssl03

SSL protected emails can also be recorded.

How to block tor browser in network?

Some users might use tor browser to bypass the control of company firewall, and makes your firewall useless. In this topic, I will guide you to block tor browser traffic in your network with WFilter ICF(internet content filter).

1. Define tor browser protocol

blocktor02

New a “torbrowser” protocol in “System Settings”->”Protocols”.

blocktor03

New pattern, choose “TLS2″ type, “Offset” as “0″, “Pattype” as “Regular Expression”. Patterns: “\x01\x02\x02\x02\x03\x00\x0F\x00\x01\x01$”.

Save settings and apply the changes.

2. Deploy a tor blocking policy

blocktor04

Add a blocking policy, set “Torbrowser” to “Deny” in “applications”.

blocktor05

Apply this policy to certain client devices.

3. Test and checking

After above steps, the tor browser shall not be able to establish a tor network connection.

blocktor01

In “live connections” of WFilter, you can see “tor browser”  being blocked.

blocktor06

How to block IDM in network? WFilter added support for blocking IDM.

Internet Download Manager (IDM) is a Multi-threaded application that
breaks a file into many small parts and starts to simultaneously
download all of these parts. It can consume a lot of your bandwidth when downloading multiple large files.

With WFilter, you can block IDM downloading completely.

The settings are very simple. You only need to edit your blocking policy, and set “IDM” to “Deny” in “Applications”.

In “Connections”, you will see IDM connections are “terminating”.


IDM will report failure in a few seconds.

A protocol description of IDM can be found at: How to block IDM, IDM port and protocol description. Please note that downloading from https with IDM can also be blocked.

How to use the “punish group” feature in WFilter NG firewall?

This article will introduce the “punish group” feature of WFilter NG firewall. The punish group is a virtual group, which enables you to:

  • 1. Set punish policies to punished clients. For example: disallow entertainment sites, rate limits to 20K.
  • 2. Add an user to the “punish group” for a limited time.
  • 3. Add multiple users to the “punish group” by WFilter extensions.

Set policies to the punish group

You can set policies to the punish group in “Access Policy” and “Bandwidth”.

“Punish group” is a virtual group. You also can define your own virual group for various temp rules.

How to scan proxy servers in local network?

The “Proxy Scanner” plugin in WFilter is a additional function that you can scan proxy servers in local network. And this article will guide you to use the plugin in WFilter.

1. Download “Proxy Scanner” in “System Settings-Plugins”.

2. Scan proxy servers.

2.1 Scan proxy servers by “Local Subnet Computers”.

2.2 Scan proxy servers by “IP Address Range”.

How to limit bandwidth in WFilter 4.1?

In the latest version of WFilter 4.1(216), you can limit bandwidth in pass-through mode. And in this artical I will show you how to config in WFilter 4.1.

1.Select pass-through mode in “System Settings-Monitoring Settings”

2.Install WFilter IMNPTF driver, please refer How to install WFilter IMNPTF driver?

3.Check driver was installed successfully in “System Settings->Check Settings”

4.New a blocking level in “Policy Settings->Blocking Levels”

5.Apply this blocking level to computer in “Policy Settings->User-device List”

6.Check result

How to uninstall WFilter?

This tutorial will demonstrator you the steps to uninstall WFilter.

1. Click the “Uninstall WFilter” shortcut

Click the “Uninstall WFilter” shortcut in windows programs list.

2. Confirm un-installation

3. Un-installation Success.

Wait until end of the un-installation.

How to block “Online Games” in WFilter 4.1?

This article introduce you to block “Online Games” in WFilter 4.1 .

1. New a blocking level in “Policy Settings->Blocking Levels”, enable ‘Block webpages by categories’ and click ‘New’:

2. Edit Webpage Category Policy :

3. Apply this blocking level to computer:

4. Check result(e.g http://www.4399.com):

And you can check blocking record in ‘Current Online-Realtime Blocking’.

How to block “Proxy Tunneling” software in WFilter 4.1?

This article introduce you to block “Proxy Tunneling” software in WFilter 4.1 . Tor is a popular Proxy Tunneling software, and I will guide you to block Tor.

Step 1. New a blocking level in “Policy Settings->Blocking Levels”, click “Edit” in Applications tab:

Step 2. Deny tor protocol and save setting:

Step 3. Apply this blocking level to computer:

Step 4. Open tor then it can’t connect to the server.

Step 5. You can see blocking records in “Current Online->Real-time Blocking”:

How to block snapchat in network?

Snapcaht is a popular chat software, this article will guide you to block snapchat in WFilter 4.1 .

Step 1. New a blocking level in “Policy Settings->Blocking Levels”, click “Edit” in Applications tab:

Step 2. Deny snapchat protocol and save setting:

Step 3. Apply this blocking level to computer:

Step 4. Visit snapchat website and check result:


Step 5. You can see blocking records in “Current Online->Real-time Blocking”: