Category Archives: monitor wireless users

SMS Wi-Fi authentication solutions

In previous posts, we’ve discussed various method of Wi-Fi authentication, including “username & password authentication”, “wechat Wi-Fi” and “facebook Wi-Fi”…

SMS Wi-Fi requires clients to input a mobile phone number to receive an access code before visiting internet. So the internet provider can record clients phone numbers for marketing or security purpose.

In this post, I will guide you to enable SMS Wi-Fi authentication in WFilter NG firewall.

First, you need to setup a SMS service.

WFilter send SMS messages via web API, so you need to setup a SMS web service at first. The SMS web service can be in locale or internet.

In this practice, I setup an alibaba cloud account and downloaded the php SDK. The SDK is setup in a local web service.  I also modified the SDK demo to get “phone” and “code” from web POST parameters.

smsblog01

Second, enable SMS authentication in WFilter.

In “Web Auth”, you need to choose “SMS” auth type. The “SMS API URL” is configured as the local SDK demo URL.

sms01_en

When a client want to visit internet, a web portal will appear. The client needs to input a correct phone number to receive the access code.

smsblog02

In WFilter account login history, you will be able to see the ip address, mac address and phone number of Wi-Fi clients.

smsblog03

Clients internet activities will also be recorded.

smsblog04

More details about “web authentication” can be found at here: http://wiki.wfilterngf.com/Webauth

Wireless authentication solutions for business network.

Most business networks are now providing WiFi access for employees and customers. Since everyone can access WiFi network, unauthorized access will bring virus attack and intruders. So you need to pay more attention to your network security.

wifi_auth_solution01_en

Usually, you have below options:

  1. Set WiFi users in a separator VLAN, which shall only have limited access to enterprise resources. This is the first door to keep intruders out.
  2. Enable user authentication for WiFi users.
  3. Enable ip-mac binding for WiFi users.
  4. Record internet usage history for WiFi users, including IP, MAC, visited websites.

In this post, I will introduce the “Web Auth” feature of WFilter NG firewall. For WiFi clients, the most widely used authentication is “Web Authentication”(Portal Authentication). Clients won’t have internet access until authenticated in a web portal. For IOS and windows, the web portal will show up automatically.

1. User & Pass Authentication

When enabled, WiFi clients will be required for username and password.

Faq en webauth002.jpg

Various authentication method are supported, including “Local Auth”, “Email Auth”, “Ldap Auth” and “Radius Auth”.

  • If you have an existing ldap domain, you can authenticate with domain users.
  • Users also can authenticate with email accounts.
  • You also can define local users in WFilter for authentication.
  • Remote radius server is also supported.

You can set internet access policy, query history and reports based on usernames.

2. Third Party Auth

“Third party authentication” is designed for marketing purpose. You have “wechat WiFi” and “facebook WiFi” in default. When enabled, users shall checkin in your facebook page to access internet.


Download WFilter NG firewall now!

How to monitor wireless users in network with WFilter?

Since most wireless devices obtain IP addresses dynamically, management of wireless devices has become a challenge to network administrators. It’s not easy to identify wireless devices by IP addresses or MAC addresses. However, with WFilter, you can identify wireless devices by users.

When enabled, mobile users need to authenticate themselves to access internet. Both active directly authentication and WFilter local authentication are supported. Then you can check devices and users in WFilter console in a few clicks.

In this example, I will guide you to enable AD account monitoring for wireless devices.

1.Enable Domain account monitoring

In “Account Monitoring “, choose “Windows Active Directory”, click “Enabled”, add a Domain Controller.

2.Advanced Settings

Click “Advanced Settings”, choose “Require web authentication for devices which do not log into the domain”, Save Settings. You also can choose “Block all internet access when web authentication is required”and “Require re-authentication when an user has no internet activity for 30 minute(s)”.

3.Web authentication

Users will not be able to access internet until they’re authenticated. When user authentication web page will show up when browser is open as shown in below figure.

4.Online Users

In WFilter’s “Online Users”, you can get a list of online devices and users.