To get it working, you need to use the “ntdsutil” tool to modify “MaxPageSize”. The below screenshot demonstrates the steps to set “MaxPageSize” to 5000. No reboot is required. The new setting is applied after “commit changes”.
A more detailed step can be found at: https://support.microsoft.com/en-us/kb/315071
After enlarge the “maxpagesize”, WFilter is able to sync AD users.
Nowadays, most business networks provide WiFi service. However, WiFi makes it more difficult for IT administrator, as described in below:
- Much more devices in network.
- Various operation system(IOS, Andriod, Windows).
- Most wifi clients have dynamic ip addresses.
- Can not distinguish pc and mobile phone.
- Can not identify mobile users.
WFilter can help you to override these issues, and get your WiFi network manageable.
1. Identity Client Operation System
In “realtime bandwidth”, “online users” of WFilter, you can get a clients list, with IP, MAC, OS…
2. Various Authentication Solutions
- IP-MAC Binding, only bound ip-mac pairs have internet access. Please check: IP-MAC Binding
- Web Authentication, only authenticated users have internet access. Please check: Web Auth
3. Blocking, filtering and recording
You can set internet access policy by IP addresses, MAC addresses and usernames. In a DHCP network, you can set policy based on MAC addresses, so changing of IP has no influence.
In the recording feature of WFilter, you also can track internet usage( web activities, email activies) of Wi-Fi clients. Even mobile phone brand and model can be detected.
WFilter extentions also help for WiFi network mangement. For example:
- Network clients scan extension: scan the list of network clients.
- Nat discover: discover clients who are sharing their internet.
In general, we recommend:
- a). Reasonable network topology, separate IP ranges of PC and WiFi.
- b). IP bindings to WiFi clients or enable user authentication. Unauthorized access shall be forbidden.
- c). Use “nat discover” extension to forbid internet sharing.
Facebook Wi-Fi lets customers check in to participating businesses on Facebook for free Wi-Fi access. When people check in to your Page, you can share offers and other announcements with them. Official Facebook Wi-Fi guide can be found at here.
A recent update of WFilter NG firewall added support of “Facebook Wi-Fi”. Together with “wechat WiFi”, WFilter provides a solution for social network marketing of your business.
This post demonstrates the steps to enable “Facebook Wi-Fi”.
1. Add a local user for facebook checkin.
2. Enable “Facebook Wi-Fi” in “Web Auth”->”Thirdparty Auth”.
3. Click “Register Facebook Page” to associate WFilter with your business facebook page.
4. Now client devices will be redirected to the login page.
On visits to http webpage, clients will be redirected.
5. Click “check in“ to continue web browsing.
A more detailed guide can be found at here: Webauth of WFilter NG Firewall.
An email client receives emails via POP/IMAP protocols, sends emails via SMTP protocol. In today, SSL encryption is widely used for email clients. There are two kinds of SSL encryption: “SSL Connection” and “STARTTLS”.
WFilter Enterprise is an internet content monitoring and filtering software program, which can monitor a whole network from one pc, without the need to install any client agent.
With WFilter, you can monitor employee emails usage of plain SMTP/POP/IMAP.
1. Click “Emails” number in “Online Users”.
2. You will see a list of sent/received emails.
Click the “Subject” link will be able to check the email content.
3. Query email history in “Query History Logs”.
Please note that “WFilter Enterprise” can only monitor plain pop3/smtp/imap emails. To monitor SSL emails, you need to check SSL Email Inspection feature of “WFilter NG Firewall“.
“Auto update” feature of WFilter NG firewall can upgrade “protocol pattern database” and “url category database” automatically. By default, WFilter NG firewall has “auto update” enabled.
However, “auto update” can not perform fireware upgrade. When a new version comes out, you need to manually perform the system fireware upgrade.
This guide demonstrates the steps to perform a fireware upgrade of WFilter NG firewall.
1. Click “Check Update now”.
2. Found a new version, then click “Upgrade”.
3. Downloading the new firmware.
4. Confirm the upgrade.
At lease one reboot is required during the upgrading. All settings and data will persist after the upgrading.
The ISP module of “WFilter NG firewall” designed for ISPs to manage users and bandwidth plans.
Beside “user web portal”, a recent update of “WFilter NG Firewall” added “Email Notification” feature. So users can get email notification of their bandwidth usage.
As shown in the above diagram, you can set different email alert frequency for “valid users” and “cap exceeded users”, with different email contents.
This feature will be helpful for ISPs who prefer use email alert rather web portal.
Many users asked about email monitoring and recording features of WFilter. Actually, WFilter, including “WFilter Enterprise” and “WFilter NG firewall”, all are able to record SMTP, POP3, IMAP and web-based emails on network. However, there are some limitations of this feature.
This post will discuss WFilter’s email monitoring features and solutions.
1. Monitoring of email clients
An email client receives emails via POP/IMAP protocols, sends emails via SMTP protocol. In today, SSL encryption is widely used for email clients. There are two kinds of SSL encryption: “SSL Connection” and “STARTTLS”. With WFilter, you can:
- Monitoring emails via plain SMTP/POP/IMAP.
- Email attachments can also be recorded.
For SMTP/POP/IMAP over SSL, you have two solutions:
Solution 1: block SSL email connections to force email clients using plain email protocols.
When blocking is applied, email clients need to be re-configured to disable SSL encryption.
Solution 2: Enable “SSL Email Inspection” with “WFilter NG Firewall”.
This feature can intercept SSL connections and record SSL emails. However, “STARTTLS” still can not be recorded, even “SSL Email Inspection” is enabled. Please check: SSL Email Inspection
2. Monitoring of Web Emails
Web email means receiving and sending emails within a web browser. Please note that web emails received can not be recorded, while http outgoing emails can be recorded by WFilter. Please note:
- Outgoing http web emails can be recorded.
- Https web emails can not be recorded.
- Not all http attachments can be recorded. It depends on the uploading protocol.
- For http web emails not recorded, you may contact us for a web email format upgrade.
Sometimes you will come to the following solutions when your internet bandwidth is insufficient:
- Use more than one broadband connection.
- Block applications which consume much bandwidth. For example, you might use “WFilter Enterprise passby internet content filter windows software” to block downloading and online streaming.
- Limit the real-time bandwidth rate for clients. This can be done in your router of firewall.
However, these solutions have disadvantages:
- Without access control, using multiple broadband connections can not bring better experience. It because downloading and streaming can easily consume most of your bandwidth.
- “Application blocking” can save your bandwidth. However, users experience are impacted. Users will complain about no streaming or downloading.
- Rate limiting does not optimize your bandwidth. Users will still complain about slow internet speed.
WFilter NG Firewall brings total solutions for bandwidth optimization.
1. Powerful access control policy
With “Access Policy” modules, you can block p2p downloading, online streaming, streaming websites. Please check: Access Policy
2. Multi-WAN load balancing and routing
In case you have multiple broadband connections, WFilter NG Firewall’s “Multi-WAN” module can help you to:
- Load balancing on multiple broadband connections.
- Setup routing policies. For example, a). business servers are routed to a dedicated connection, b). video sites are routed to another connection.
For more details, please check: Muti-WAN
3. Bandwidth priority
With the “Priority” module, traffic with higher priority goes first. For example, you can set business servers traffic to the highest priority. So even the network is extremly busy, servers bandwidth won’t be influenced.
When installed, there are default rules: email > web > p2p and streaming. You also can customize your own rules.
For more details, please check: bandwidth priority
4. Bandwidth shaper
This module is for you to set bandwidth rate for clients. You can set the rate to ip ranges, user group or department.
Each group have a “maximum bandwidth rate” and “minimum bandwidth rate”. The minimum rate ensures the clients to have this bandwidth rate even the line is busy.
For more details, please check: bandwidth shaper
Try WFilter NG Firewall now: WFilter NG Firewall
In this article, I’m going to walk you through setting up a two-VLAN network with a Layer 3 switch(Cisco 3550). I am also going to setup WFilter NG Firewall as the gateway to routing for this VLANs.
As in the above network topology diagram:
- There are two VLANs in the Cisco 3550 swith( Vlan2 – 192.168.2.0/24, and VLAN3 – 192.168.3.0/24).
- WFilter NG Firewall is in subnet 192.168.1.0/24.
- The uplink port of Cisco 3550 has IP address 192.168.1.5.
Configuring the Cisco switch
Commands to setup the Cisco 3550 switch:
Setup port VLAN
Switch(config-if)#switchport mode trunk
Switch(config-if)#switchport access vlan 2
Setup VLAN IP and subnet
Switch(config)#interface vlan 2
Switch(config-if)#ip address 192.168.2.1 255.255.255.0
Setup the uplink port
Switch(config-if)#ip address 192.168.1.5 255.255.255.0
Enable IP Routing
Configuring WFilter NG Firewall
For WFilter NG Firewall to route VLANs traffic, you need to add VLAN subnets in “Routing” of WFilter NG Firewall.
IP conflict in local network is annoying. When it happens, it will cause intermittently connections, and it’s difficult for an IT administrator to locate the conflicted devices.
With WFilter, you can do much more.
First, you can block the conflicted IP address with a message. So the client might fix this issue by himself. As shown in below figure, you can send a message “Your ip address conflicts with our server, please correct it ASAP”. This message will show up when browsing http sites.
Also, you can run the “Network Health Checker” extension, which can test ip conflicts in your network. Please check the below screenshots:
Now you may talk to the person with “HuaWei” mobile to fix this issue.
Extension home page: “Network Health Checker”
Wiki page: Check network health of availability, IP conflict, ARP spoof and broadcast storm