Category Archives: Settings

Settings of WFilter NG Firewall

WFilter integrates with active directory — solution of content filtering with domain users.

Filtering by IP address and MAC address is enough for most networks. However, in networks with dynamic IP addresses or BYOD networks, you may not identify clients by IP or MAC. In this case, AD integration is a widely adopted solution for internet content filtering.

Both “WFilter Enterprise” and “WFilter NG Firewall” provides “AD integration” solution, which enables you to do reporting, monitoring and filtering with domain users.

1. AD Integration in “WFilter Enterprise”.

More details can be found at: Active directory Integration of WFilter Enterprise

2. WFilter NG Firewall

With WFilter NG Firewall, not only you can do “AD integration”,  you also can add “Local accounts” for monitoring, filtering and VPN access.

Faq en adconf001.png

Faq en adconf003.png

Please check: WFilter NG Firewall Active directory Integration Solutions

How to monitor internet bandwidth usage in lan network?

Internet bandwidth is always not enough if clients in your network have unrestricted internet access. Torrent, downloading, online videos can eaisly consume most of your bandwidth.

As an IT administrator, to protect your internet bandwidth from being abused, you need to have full control of your network.

WFilter provides a total solution to monitor and manage internet bandwidth usage in lan network, with below features:

1. Monitoring live connections bandwidth

In “real-time bandwidth”, you can get a list of client devices, including IPs, MAC addresses, operator system and bandwidth rate. You also can get live connections of client devices.

monitorbandwidth01
monitorbandwidth02

2.  Bandwidth shaper and priority optimize

monitorbandwidth03

 

A complete guide of bandwidth optimization can be found at here: WFilter NG Firewall bandwidth optimization solutions

3. Bandwidth usage reports

monitorbandwidth04

monitorbandwidth05

WFilter NG firewall needs to be deployed as  gateway or network bridge of your network. If you prefer pass-by bandwidth monitoring solutions, please check: WFilter Enterprise.

A youtube video of internet bandwidth monitoring of WFilter Enterprise can be found at: How to monitor internet bandwidth usage on network?

 

How to add clients to penalty box in WFilter NG firewall?

WFilter NG firewall has a built-in group “punish group”. With this punish group, you can add clients to the penalty box for a period of time.

Please note, “punish group” is a virutal group, you also can add your own virtual group, eg: “expired users” or “trial users”…

1. Add a client into the punish group.

In realtime bandwidth, by click “kill” icon in “connections”, you can add a client into the punish group for a period of time. Your own virtual group will also appears here.

2. Clients in the punish group.

punishgroup01

3. Remove a client from the penalty box

To remove a client from the penalty box, you can wait for punish timeout, or click “reset default” in “unblock and reset”.

punishgroup02

4. Set “access policy” and “bandwidth” policy for the punish group.

In “Access Policy” and “Bandwidth”, you can set policy for the punish group. For example, set “bandwidth shaper” for “punish group” to have only 20kb download rate limit.

 

How to fix “size limit exceeded” issue of “AD Intergration” in WFilter?

 

adsizelimit1

To get it working, you need to use the “ntdsutil” tool to modify “MaxPageSize”. The below screenshot demonstrates the steps to set “MaxPageSize” to 5000. No reboot is required. The new setting is applied after “commit changes”.

A more detailed step can be found at: https://support.microsoft.com/en-us/kb/315071

adsizelimit2

After enlarge the “maxpagesize”, WFilter is able to sync AD users.

adsizelimit3

Wifi network monitoring solutions of WFilter NGF

Nowadays, most business networks provide WiFi service. However, WiFi makes it more difficult for IT administrator, because:

  1. There are much more devices in network.
  2. Various operation system(IOS, Andriod, Windows).
  3. Most wifi clients have dynamic ip addresses.
  4. Can not distinguish pc and mobile phone.
  5. Can not identify mobile users.

WFilter can help you to override these issues, and get your WiFi network manageable.

1. Identity Client Operation System

In “realtime bandwidth”, “online users” of WFilter, you can get a clients list, with IP, MAC, OS…

wifi1

wifi2

2. Various Authentication Solutions

    1. IP-MAC Binding, only bound ip-mac pairs have internet access. Please check:  IP-MAC Binding
    2. Web Authentication, only authenticated users have internet access. Please check:  Web Auth

3. Blocking, filtering and recording

You can set internet access policy by IP addresses, MAC addresses and usernames. In a DHCP network, you can set policy based on MAC addresses, so changing of IP has no influence.

In the recording feature of WFilter, you also can track internet usage( web activities, email activies) of Wi-Fi clients. Even mobile phone brand and model can be detected.

WFilter NGF also have a powerful report&statistics system to get detailed web/bandwidth reports.

ngf_report01

5. ISP Management.

The ISP management module of WFilter integrates user authentication, bandwidth rate limit, accounting, and notification features. With this ISP module, you can get your ISP business running without the need of other products. For details, please check: ISP management in WFilter NGF.

6. Extentions.

WFilter extentions also help for WiFi network mangement. For example:

  1. Network clients scan extension: scan the list of network clients.
  2. Nat discover: discover clients who are sharing their internet.plugin_nat_02_en

WFilter NG firewall added support of Facebook Wi-Fi.

Facebook Wi-Fi lets customers check in to participating businesses on Facebook for free Wi-Fi access. When people check in to your Page, you can share offers and other announcements with them. Official Facebook Wi-Fi guide can be found at here.

A recent update of WFilter NG firewall added support of “Facebook Wi-Fi”. Together with “wechat WiFi”, WFilter provides a solution for social network marketing of your business.

This post demonstrates the steps to enable “Facebook Wi-Fi”.

1. Add a local user for facebook checkin.

fb_user

2. Enable “Facebook Wi-Fi” in “Web Auth”->”Thirdparty Auth”.

fb_wifi1

3. Click “Register Facebook Page” to associate WFilter with your business facebook page.

fbsetup

4. Now client devices will be redirected to the login page.

On visits to http webpage, clients will be redirected.

fb_wifi2

5. Click “check in“  to continue web browsing.

fb_checkin

 

A more detailed guide can be found at here: Webauth of WFilter NG Firewall.

 

How to monitor employee emails usage in business networks?

An email client receives emails via POP/IMAP protocols, sends emails via SMTP protocol. In today, SSL encryption is widely used for email clients. There are two kinds of SSL encryption: “SSL Connection” and “STARTTLS”.

WFilter Enterprise is an internet content monitoring and filtering software program, which can monitor a whole network from one pc, without the need to install any client agent.

 

With WFilter, you can monitor employee emails usage of  plain SMTP/POP/IMAP.

1. Click “Emails” number in “Online Users”.

howto_viewMail_today01

2. You will see a list of sent/received emails.

howto_viewMail_today02

Click the “Subject” link will be able to check the email content.

3.  Query email history in “Query History Logs”.

howto_viewMail_history01

Please note that “WFilter Enterprise” can only monitor plain pop3/smtp/imap emails. To monitor SSL emails, you need to check SSL Email Inspection feature of “WFilter NG Firewall“.

 

How to upgrade WFilter NG Firewall?

“Auto update” feature of WFilter NG firewall can upgrade “protocol pattern database” and “url category database” automatically. By default,  WFilter NG firewall has “auto update” enabled.

However, “auto update” can not perform fireware upgrade. When a new version comes out, you need to manually perform the system fireware upgrade.

This guide demonstrates the steps to perform a fireware upgrade of WFilter NG firewall.

1. Make a backup of current settings.

Please note that upgrade may fail on power supply issue, disk issue… So at first, please export current settings to a backup file in “Config”->”Backup”. In case when you’re unlucky, you don’t need to re-configure the whole system.

2. Click “Check Update now”.

checkupdate2

3. Found a new version, then click “Upgrade”.

checkupdate3

4. Downloading the new firmware.
checkupdate4

5. Confirm the upgrade.
checkupdate5

 

At lease one reboot is required during the upgrading.  All settings and data will persist after the upgrading.

 

WFilter added “Email Notification” in the ISP module.

The ISP module of “WFilter NG firewall” designed for ISPs to manage users and bandwidth plans.

Beside “user web portal”, a recent update of “WFilter NG Firewall” added “Email Notification” feature. So users can get email notification of their bandwidth usage.

isp_emai_notification

As shown in the above diagram, you can set different email alert frequency for “valid users” and “cap exceeded users”, with different email contents.

This feature will be helpful for ISPs who prefer use email alert rather web portal.

WFilter email monitoring solutions for business networks.

Many users asked about email monitoring and recording features of WFilter. Actually, WFilter, including “WFilter Enterprise” and “WFilter NG firewall”, all are able to record SMTP, POP3, IMAP and web-based emails on network. However, there are some limitations of this feature.

This post will discuss WFilter’s email monitoring features and solutions.

1. Monitoring of email clients

An email client receives emails via POP/IMAP protocols, sends emails via SMTP protocol. In today, SSL encryption is widely used for email clients. There are two kinds of SSL encryption: “SSL Connection” and “STARTTLS”. With WFilter, you can:

  • Monitoring emails via plain SMTP/POP/IMAP.
  • Email attachments can also be recorded.

For SMTP/POP/IMAP over SSL, you have two solutions:

Solution 1: block SSL email connections to force email clients using plain email protocols.

block_ssl_mail_en

When blocking is applied, email clients need to be re-configured to disable SSL encryption.

block_ssl_mail_en2

Solution 2: Enable “SSL Email Inspection” with “WFilter NG Firewall”.

This feature can intercept SSL connections and record SSL emails. However, “STARTTLS” still can not be recorded, even “SSL Email Inspection” is enabled. Please check: SSL Email Inspection

2. Monitoring of Web Emails

Web email means receiving and sending emails within a web browser. Please note that web emails received can not be recorded, while http outgoing emails can be recorded by WFilter. Please note:

  1. Outgoing http web emails can be recorded.
  2. Https web emails can not be recorded.
  3. Not all http attachments can be recorded. It depends on the uploading protocol.
  4. For http web emails not recorded, you may contact us for a web email format upgrade.