Category Archives: Uncategorized

WFilter WebVPN introduction and example

WebVPN allows a user to securely access resources on the corporate LAN from anywhere with a web browser. The client user must authenticates itself before access any resources.
Compare to other VPN services, WebVPN is easier to deploy and operate. Client users don’t need to install any software clients or settings.

In this guide, I will demonstrate you how to setup and use the WebVPN service of WFilter NG firewall.

First, you need a domain.

Domain shall be mapped to your network public ip address.


Enable the “WebVPN” service, setup domain name, port and authentication.


Add local web services.


Edit the webvpn portal.


Setup “port forwarding” to forward internet access to webvpn port.


Now, let’s check how WebVPN works from client side.

You need to authenticate yourself.

After successful authentication, the web portal shows up. Then you can click a link to visit internal web service.


How to block uploading to https webpages?

In “how to block file uploading to internet in business networks“, I’ve introduced a windows software solution using “wfilter internet content filter” program. However, this solution does not work for https webpages. In this guide, I will introduce a new feature in WFilter NG firewall, which can block all uploads including https webpages.


In “App Control” of WFilter NG firewall, you can enable “block sessions when outgoing traffic exceeds N” option. This option will check the outgoing traffic of every connection. If outgoing traffic exceeds the choosen limit, this connection will be terminated.

Now let’s check the blocking effects.

“Email attachments” will be blocked(https).


“Blog and forum attachments” will also be blocked(http).


And you also be able to see the “uploading detected” blocking events in WFilter.


Please also note: this option blocks uploading according to outgoing traffic checking, so there will be false positives. For example, a video conference will also be blocked due to high outgoing traffic. In this case, you may add “Exceptions” to avoid over-blocking.



Software to monitor and track emails of network clients.

Emails sent or received through a company email account are generally not considered private.  As an internet filtering and monitoring software program, WFilter is able to monitor and archieve network emails.

This guide will demonstrate you how to track and monitor emails of network clients with WFilter NG firewall. Please note that we’re talking about emails sent/received via email clients, not web-based emails. Email clients in computer/laptop/smart phones can all be monitored.

1. Plain text pop3/smtp/imap can be directly recorded.

When WFilter NG firewall is deployed, plain text text pop3/smtp/imap can be directly archieved.

Wfrecorder sermail en.jpg

Wfrecorder query1.png

Wfrecorder query3.png

2. “SSL Inspection” shall be enabled to monitor SSL protected emails.


If email connections are “SSL enabled”, you need to enable “SSL Inspection” to decode and parse SSL protected emails.



SSL protected emails can also be recorded.

How to block tor browser in network?

Some users might use tor browser to bypass the control of company firewall, and makes your firewall useless. In this topic, I will guide you to block tor browser traffic in your network with WFilter ICF(internet content filter).

1. Define tor browser protocol


New a “torbrowser” protocol in “System Settings”->”Protocols”.


New pattern, choose “TLS2″ type, “Offset” as “0″, “Pattype” as “Regular Expression”. Patterns: “\x01\x02\x02\x02\x03\x00\x0F\x00\x01\x01$”.

Save settings and apply the changes.

2. Deploy a tor blocking policy


Add a blocking policy, set “Torbrowser” to “Deny” in “applications”.


Apply this policy to certain client devices.

3. Test and checking

After above steps, the tor browser shall not be able to establish a tor network connection.


In “live connections” of WFilter, you can see “tor browser”  being blocked.


How to block IDM in network? WFilter added support for blocking IDM.

Internet Download Manager (IDM) is a Multi-threaded application that
breaks a file into many small parts and starts to simultaneously
download all of these parts. It can consume a lot of your bandwidth when downloading multiple large files.

With WFilter, you can block IDM downloading completely.

The settings are very simple. You only need to edit your blocking policy, and set “IDM” to “Deny” in “Applications”.

In “Connections”, you will see IDM connections are “terminating”.

IDM will report failure in a few seconds.

A protocol description of IDM can be found at: How to block IDM, IDM port and protocol description. Please note that downloading from https with IDM can also be blocked.

How to use the “punish group” feature in WFilter NG firewall?

This article will introduce the “punish group” feature of WFilter NG firewall. The punish group is a virtual group, which enables you to:

  • 1. Set punish policies to punished clients. For example: disallow entertainment sites, rate limits to 20K.
  • 2. Add an user to the “punish group” for a limited time.
  • 3. Add multiple users to the “punish group” by WFilter extensions.

Set policies to the punish group

You can set policies to the punish group in “Access Policy” and “Bandwidth”.

“Punish group” is a virtual group. You also can define your own virual group for various temp rules.

How to scan proxy servers in local network?

The “Proxy Scanner” plugin in WFilter is a additional function that you can scan proxy servers in local network. And this article will guide you to use the plugin in WFilter.

1. Download “Proxy Scanner” in “System Settings-Plugins”.

2. Scan proxy servers.

2.1 Scan proxy servers by “Local Subnet Computers”.

2.2 Scan proxy servers by “IP Address Range”.

How to limit bandwidth in WFilter 4.1?

In the latest version of WFilter 4.1(216), you can limit bandwidth in pass-through mode. And in this artical I will show you how to config in WFilter 4.1.

1.Select pass-through mode in “System Settings-Monitoring Settings”

2.Install WFilter IMNPTF driver, please refer How to install WFilter IMNPTF driver?

3.Check driver was installed successfully in “System Settings->Check Settings”

4.New a blocking level in “Policy Settings->Blocking Levels”

5.Apply this blocking level to computer in “Policy Settings->User-device List”

6.Check result

How to uninstall WFilter?

This tutorial will demonstrator you the steps to uninstall WFilter.

1. Click the “Uninstall WFilter” shortcut

Click the “Uninstall WFilter” shortcut in windows programs list.

2. Confirm un-installation

3. Un-installation Success.

Wait until end of the un-installation.

How to block “Online Games” in WFilter 4.1?

This article introduce you to block “Online Games” in WFilter 4.1 .

1. New a blocking level in “Policy Settings->Blocking Levels”, enable ‘Block webpages by categories’ and click ‘New’:

2. Edit Webpage Category Policy :

3. Apply this blocking level to computer:

4. Check result(e.g

And you can check blocking record in ‘Current Online-Realtime Blocking’.