Monthly Archives: March 2020

WFilter WebVPN introduction and example

WebVPN allows a user to securely access resources on the corporate LAN from anywhere with a web browser. The client user must authenticates itself before access any resources.
Compare to other VPN services, WebVPN is easier to deploy and operate. Client users don’t need to install any software clients or settings.

In this guide, I will demonstrate you how to setup and use the WebVPN service of WFilter NG firewall.

First, you need a domain.

Domain shall be mapped to your network public ip address.


Enable the “WebVPN” service, setup domain name, port and authentication.


Add local web services.


Edit the webvpn portal.


Setup “port forwarding” to forward internet access to webvpn port.


Now, let’s check how WebVPN works from client side.

You need to authenticate yourself.

After successful authentication, the web portal shows up. Then you can click a link to visit internal web service.


How to whitelist websites in WFilter?

In WFilter NG firewall, whitelist a website is very simple. You simply need to put the domain in the allowed list of “web filter”. Screenshot as below:


However, real world webpages can be complicated. For example, webpage A also includes resources from website B. So webpage A can not display correctly unless website B is also whitelisted.

To find out the domains of website B, you have to solutions:

Solution one: check the blocking events in WFilter.



In “realtime bandwidth”, click the bandwidth number of the testing client. You will be able to check the “blocking events”. All recent blocked domains/IP will be listed. So, you can find out the external domains.

Solution two: check network activites in browser.

By press F12, you will be able to check network activites of your browser. So you know which resources/urls are not loaded.


With the above two solutions, you can find the extra domains to be whitelisted. You need to add these domains to the allowed list in web filter.