Monthly Archives: March 2020

WFilter WebVPN introduction and example

WebVPN allows a user to securely access resources on the corporate LAN from anywhere with a web browser. The client user must authenticates itself before access any resources.
Compare to other VPN services, WebVPN is easier to deploy and operate. Client users don’t need to install any software clients or settings.

In this guide, I will demonstrate you how to setup and use the WebVPN service of WFilter NG firewall.

First, you need a domain.

Domain shall be mapped to your network public ip address.

webvpn00

Enable the “WebVPN” service, setup domain name, port and authentication.

webvpn01

Add local web services.

webvpn02

Edit the webvpn portal.

webvpn03

Setup “port forwarding” to forward internet access to webvpn port.

webvpn04

Now, let’s check how WebVPN works from client side.

You need to authenticate yourself.
webvpn05

After successful authentication, the web portal shows up. Then you can click a link to visit internal web service.
webvpn06

webvpn07

How to whitelist websites in WFilter?

In WFilter NG firewall, whitelist a website is very simple. You simply need to put the domain in the allowed list of “web filter”. Screenshot as below:

whitelist01

However, real world webpages can be complicated. For example, webpage A also includes resources from website B. So webpage A can not display correctly unless website B is also whitelisted.

To find out the domains of website B, you have to solutions:

Solution one: check the blocking events in WFilter.

whitelist02

whitelist03

In “realtime bandwidth”, click the bandwidth number of the testing client. You will be able to check the “blocking events”. All recent blocked domains/IP will be listed. So, you can find out the external domains.

Solution two: check network activites in browser.

By press F12, you will be able to check network activites of your browser. So you know which resources/urls are not loaded.

whitelist04

With the above two solutions, you can find the extra domains to be whitelisted. You need to add these domains to the allowed list in web filter.

whitelist05