Category Archives: Uncategorized

WFilter WebVPN introduction and example

WebVPN allows a user to securely access resources on the corporate LAN from anywhere with a web browser. The client user must authenticates itself before access any resources.
Compare to other VPN services, WebVPN is easier to deploy and operate. Client users don’t need to install any software clients or settings.

In this guide, I will demonstrate you how to setup and use the WebVPN service of WFilter NG firewall.

First, you need a domain.

Domain shall be mapped to your network public ip address.

webvpn00

Enable the “WebVPN” service, setup domain name, port and authentication.

webvpn01

Add local web services.

webvpn02

Edit the webvpn portal.

webvpn03

Setup “port forwarding” to forward internet access to webvpn port.

webvpn04

Now, let’s check how WebVPN works from client side.

You need to authenticate yourself.
webvpn05

After successful authentication, the web portal shows up. Then you can click a link to visit internal web service.
webvpn06

webvpn07

How to block uploading to https webpages?

In “how to block file uploading to internet in business networks“, I’ve introduced a windows software solution using “wfilter internet content filter” program. However, this solution does not work for https webpages. In this guide, I will introduce a new feature in WFilter NG firewall, which can block all uploads including https webpages.

blockup_en01

In “App Control” of WFilter NG firewall, you can enable “block sessions when outgoing traffic exceeds N” option. This option will check the outgoing traffic of every connection. If outgoing traffic exceeds the choosen limit, this connection will be terminated.

Now let’s check the blocking effects.

“Email attachments” will be blocked(https).

blockup_en02

“Blog and forum attachments” will also be blocked(http).

blockup_en03

And you also be able to see the “uploading detected” blocking events in WFilter.

blockup_en04

Please also note: this option blocks uploading according to outgoing traffic checking, so there will be false positives. For example, a video conference will also be blocked due to high outgoing traffic. In this case, you may add “Exceptions” to avoid over-blocking.

blockup_en05

 

Software to monitor and track emails of network clients.

Emails sent or received through a company email account are generally not considered private.  As an internet filtering and monitoring software program, WFilter is able to monitor and archieve network emails.

This guide will demonstrate you how to track and monitor emails of network clients with WFilter NG firewall. Please note that we’re talking about emails sent/received via email clients, not web-based emails. Email clients in computer/laptop/smart phones can all be monitored.

1. Plain text pop3/smtp/imap can be directly recorded.

When WFilter NG firewall is deployed, plain text text pop3/smtp/imap can be directly archieved.

Wfrecorder sermail en.jpg

Wfrecorder query1.png

Wfrecorder query3.png

2. “SSL Inspection” shall be enabled to monitor SSL protected emails.

ssl01

If email connections are “SSL enabled”, you need to enable “SSL Inspection” to decode and parse SSL protected emails.

ssl02

ssl03

SSL protected emails can also be recorded.

How to block tor browser in network?

Some users might use tor browser to bypass the control of company firewall, and makes your firewall useless. In this topic, I will guide you to block tor browser traffic in your network with WFilter ICF(internet content filter).

1. Define tor browser protocol

blocktor02

New a “torbrowser” protocol in “System Settings”->”Protocols”.

blocktor03

New pattern, choose “TLS2″ type, “Offset” as “0″, “Pattype” as “Regular Expression”. Patterns: “\x01\x02\x02\x02\x03\x00\x0F\x00\x01\x01$”.

Save settings and apply the changes.

2. Deploy a tor blocking policy

blocktor04

Add a blocking policy, set “Torbrowser” to “Deny” in “applications”.

blocktor05

Apply this policy to certain client devices.

3. Test and checking

After above steps, the tor browser shall not be able to establish a tor network connection.

blocktor01

In “live connections” of WFilter, you can see “tor browser”  being blocked.

blocktor06

How to block IDM in network? WFilter added support for blocking IDM.

Internet Download Manager (IDM) is a Multi-threaded application that
breaks a file into many small parts and starts to simultaneously
download all of these parts. It can consume a lot of your bandwidth when downloading multiple large files.

With WFilter, you can block IDM downloading completely.

The settings are very simple. You only need to edit your blocking policy, and set “IDM” to “Deny” in “Applications”.

In “Connections”, you will see IDM connections are “terminating”.


IDM will report failure in a few seconds.

A protocol description of IDM can be found at: How to block IDM, IDM port and protocol description. Please note that downloading from https with IDM can also be blocked.

How to use the “punish group” feature in WFilter NG firewall?

This article will introduce the “punish group” feature of WFilter NG firewall. The punish group is a virtual group, which enables you to:

  • 1. Set punish policies to punished clients. For example: disallow entertainment sites, rate limits to 20K.
  • 2. Add an user to the “punish group” for a limited time.
  • 3. Add multiple users to the “punish group” by WFilter extensions.

Set policies to the punish group

You can set policies to the punish group in “Access Policy” and “Bandwidth”.

“Punish group” is a virtual group. You also can define your own virual group for various temp rules.

How to scan proxy servers in local network?

The “Proxy Scanner” plugin in WFilter is a additional function that you can scan proxy servers in local network. And this article will guide you to use the plugin in WFilter.

1. Download “Proxy Scanner” in “System Settings-Plugins”.

2. Scan proxy servers.

2.1 Scan proxy servers by “Local Subnet Computers”.

2.2 Scan proxy servers by “IP Address Range”.

How to limit bandwidth in WFilter 4.1?

In the latest version of WFilter 4.1(216), you can limit bandwidth in pass-through mode. And in this artical I will show you how to config in WFilter 4.1.

1.Select pass-through mode in “System Settings-Monitoring Settings”

2.Install WFilter IMNPTF driver, please refer How to install WFilter IMNPTF driver?

3.Check driver was installed successfully in “System Settings->Check Settings”

4.New a blocking level in “Policy Settings->Blocking Levels”

5.Apply this blocking level to computer in “Policy Settings->User-device List”

6.Check result

How to uninstall WFilter?

This tutorial will demonstrator you the steps to uninstall WFilter.

1. Click the “Uninstall WFilter” shortcut

Click the “Uninstall WFilter” shortcut in windows programs list.

2. Confirm un-installation

3. Un-installation Success.

Wait until end of the un-installation.

How to block “Online Games” in WFilter 4.1?

This article introduce you to block “Online Games” in WFilter 4.1 .

1. New a blocking level in “Policy Settings->Blocking Levels”, enable ‘Block webpages by categories’ and click ‘New’:

2. Edit Webpage Category Policy :

3. Apply this blocking level to computer:

4. Check result(e.g http://www.4399.com):

And you can check blocking record in ‘Current Online-Realtime Blocking’.