WFilter’s SD-WAN service is an integration of the ZeroTier networking. With SD-WAN, you are able to build secure site-to-site VPN tunnels without needing a static public IP address.  This guide will show you the necessary steps using WFilter NGF.

1. Network topology

As shown in the above topology diagram, headquarter and two branches all use WFilter NGF as gateway. By adding each gateway into the SD-WAN network, you will be able to setup secure site-to-site VPN tunnels.

2. SD-WAN subnet settings

First setup a SD-WAN network in the WFilter cloud service.

3. Join every WFilter into the SD-WAN network

4. Assign SD-WAN ip and setup routing

Assign static SD-WAN ip addresses to every WFilter, for example: WFilter A(10.200.188.1), WFilter B(10.200.188.2), WFilter C(10.200.188.3). Then you can setup SD-WAN routing policy to forward LAN traffic.

After the above setups, each local area network can directly access each other. To restrict access, you also can setup firewall rules in WFilter’s firewall->Rules.

1. Register on the Wfilter cloud service

2. Configure the endpoint WFilter to join the cloud service

As shown in the figure below, record the cloud service network ID, and setup SD-WAN to join this network in the SD-WAN of the WFilter. In the Wfilter cloud service, copy sdwan network ID.

In Wfilter web-UI, join cloud network.

3. Add WFilter client in the cloud platform

The third step is to add the Wfilter client device in the cloud platform. As shown in the figure below, add client’s SD-WAN secret in “Devices” in the cloud platform.

After the above steps, you are able to manage the added Wfilter clients in the Wfilter cloud service, including:

• View device address, system version, IP address, and alert information
• Synchronize configurations in different Wfilter devices
• Access the management interface via Internet

 

WebVPN allows a user to securely access resources on the corporate LAN from anywhere with a web browser. The client user must authenticates itself before access any resources.
Compare to other VPN services, WebVPN is easier to deploy and operate. Client users don’t need to install any software clients or settings.

In this guide, I will demonstrate you how to setup and use the WebVPN service of WFilter NG firewall.

First, you need a domain.

Domain shall be mapped to your network public ip address.

Enable the “WebVPN” service, setup domain name, port and authentication.

Add local web services.

Edit the webvpn portal.

Setup “port forwarding” to forward internet access to webvpn port.

Now, let’s check how WebVPN works from client side.

You need to authenticate yourself.

After successful authentication, the web portal shows up. Then you can click a link to visit internal web service.

In “how to block file uploading to internet in business networks“, I’ve introduced a windows software solution using “wfilter internet content filter” program. However, this solution does not work for https webpages. In this guide, I will introduce a new feature in WFilter NG firewall, which can block all uploads including https webpages.

In “App Control” of WFilter NG firewall, you can enable “block sessions when outgoing traffic exceeds N” option. This option will check the outgoing traffic of every connection. If outgoing traffic exceeds the choosen limit, this connection will be terminated.

Now let’s check the blocking effects.

“Email attachments” will be blocked(https).

“Blog and forum attachments” will also be blocked(http).

And you also be able to see the “uploading detected” blocking events in WFilter.

Please also note: this option blocks uploading according to outgoing traffic checking, so there will be false positives. For example, a video conference will also be blocked due to high outgoing traffic. In this case, you may add “Exceptions” to avoid over-blocking.

Emails sent or received through a company email account are generally not considered private.  As an internet filtering and monitoring software program, WFilter is able to monitor and archieve network emails.

This guide will demonstrate you how to track and monitor emails of network clients with WFilter NG firewall. Please note that we’re talking about emails sent/received via email clients, not web-based emails. Email clients in computer/laptop/smart phones can all be monitored.

1. Plain text pop3/smtp/imap can be directly recorded.

When WFilter NG firewall is deployed, plain text text pop3/smtp/imap can be directly archieved.

2. “SSL Inspection” shall be enabled to monitor SSL protected emails.

If email connections are “SSL enabled”, you need to enable “SSL Inspection” to decode and parse SSL protected emails.

SSL protected emails can also be recorded.

Some users might use tor browser to bypass the control of company firewall, and makes your firewall useless. In this topic, I will guide you to block tor browser traffic in your network with WFilter ICF(internet content filter).

1. Define tor browser protocol

New a “torbrowser” protocol in “System Settings”->”Protocols”.

New pattern, choose “TLS2″ type, “Offset” as “0″, “Pattype” as “Regular Expression”. Patterns: “\x01\x02\x02\x02\x03\x00\x0F\x00\x01\x01$”.

Save settings and apply the changes.

2. Deploy a tor blocking policy

Add a blocking policy, set “Torbrowser” to “Deny” in “applications”.

Apply this policy to certain client devices.

3. Test and checking

After above steps, the tor browser shall not be able to establish a tor network connection.

In “live connections” of WFilter, you can see “tor browser”  being blocked.

Internet Download Manager (IDM) is a Multi-threaded application that
breaks a file into many small parts and starts to simultaneously
download all of these parts. It can consume a lot of your bandwidth when downloading multiple large files.

With WFilter, you can block IDM downloading completely.

The settings are very simple. You only need to edit your blocking policy, and set “IDM” to “Deny” in “Applications”.

In “Connections”, you will see IDM connections are “terminating”.

IDM will report failure in a few seconds.

A protocol description of IDM can be found at: How to block IDM, IDM port and protocol description. Please note that downloading from https with IDM can also be blocked.

This article will introduce the “punish group” feature of WFilter NG firewall. The punish group is a virtual group, which enables you to:

• 1. Set punish policies to punished clients. For example: disallow entertainment sites, rate limits to 20K.
• 2. Add an user to the “punish group” for a limited time.
• 3. Add multiple users to the “punish group” by WFilter extensions.

Set policies to the punish group

You can set policies to the punish group in “Access Policy” and “Bandwidth”.

“Punish group” is a virtual group. You also can define your own virual group for various temp rules.

The “Proxy Scanner” plugin in WFilter is a additional function that you can scan proxy servers in local network. And this article will guide you to use the plugin in WFilter.

1. Download “Proxy Scanner” in “System Settings-Plugins”.

2. Scan proxy servers.

2.1 Scan proxy servers by “Local Subnet Computers”.

2.2 Scan proxy servers by “IP Address Range”.

In the latest version of WFilter 4.1(216), you can limit bandwidth in pass-through mode. And in this artical I will show you how to config in WFilter 4.1.

1.Select pass-through mode in “System Settings-Monitoring Settings”

2.Install WFilter IMNPTF driver, please refer How to install WFilter IMNPTF driver?

3.Check driver was installed successfully in “System Settings->Check Settings”

4.New a blocking level in “Policy Settings->Blocking Levels”

5.Apply this blocking level to computer in “Policy Settings->User-device List”

6.Check result