The ISP module of WFilter NG firewall provides a total solution of bandwidth rate limiting, cap limiting and reporting of ISP users. In this topic, I would like to introduce a paypal integration solution for your ISP service to run automatically. It works like this:
- Users get email/web portal notification of ISP account expire date.
- Users can click “renew” to make payment online via paypal.
- Upon receiving of a payment, payal will call a callback script to extend users’ expire date.
The whole process can all be done automatically. Below is a demonstration of certain steps:
The first, you need create payment buttons in your paypal business account.
The second, you need to have an order landing page in your website.
When users click “renew” in their userportal or email notification, they will be redirected to the landing page. The landing page shall parse the “token” field to get username, expire date and current bandwidth policy. So you can calculate the costs for renewing. You can find an example of the landing page in WFilter_paypal_sdk.
The third, you need to enable “Instand payment notifications” in your paypal profile for callback.
When enabled, paypal will call the callback url for WFilter NG firewall to extend user date.
The full php SDK soure code can be downloaded at here: WFilterNGF_Paypal_SDK_1_0.zip
Please note, we only provide a simple callback example. To make it work, you need to do below modifications at least:
- Customize the landing page. For example, provide “1 month” and “2 months” choices.
- Customize the callback php script. The default script extend this user for one month only.
For any question, please feel free to contact IMFirewall Support. We’re always will to help.
WFilter NG firewall has an ISP module, which is designed as a total solution for ISP management. You can check the details at this post: the ISP module of WFilter NG Firewall, a total solution for ISP management, and a online guide at: ISP management.
I would like to demonstrate how you can manage expiring and expired users in the ISP module.
1. You can add expiring and expired to different groups.
When enabled, certain users will be added to groups automatically. So you add more policies to these groups in “Access Control” and “Bandwidth”. For example, you can:
a). Send expiring notification to expiring users with “Web Push” module. Users can renew online, and renew process can be complete automatically.
b). Restrict internet access of expired users. Please note that login is not allowed for expired PPPoE and WebAuth users.
2. Email notification to expiring users.
You can schedule email notification to expiring users at different time point(for example, 30 days before expiry). Users also can click the “order now” link in email to renew their account. Please check below screenshots.
A sample email received:
More details can be found at here: WFilter NG Firewall ISP Module
Some users get confused about “WFilter Enterprise” and “WFilter NG firewall”, so in this topic I would like to discuss the difference about these two products.
Though they are all named as “WFilter xxx”, ”WFilter Enterprise” is a pass-by web filtering software for windows pc, while “WFilter NG firewall” is a linux-based firewall system which shall be installed in a dedicated x86 pc.
WFilter NG Firewall
- 1. A total solution for bandwidth optimize, access control, VPN.(UTM and NG firewall)
- 2. Deployment: gateway, bridge.
- 3. Installation: x86 PC or virtual machine
- 4. License: 30-day free trial
- 1. Pass-by monitoring windows software solution.
- 2. Recommend deployment: pass-by
- 3. Installation: shall be installed in a windows PC.
- 4. License: 30-day free trial
How to choose?
The first, you need to confirm your requirement. If you only need “internet access control”, both “WFilter Enterprise” and “WFilter NG firewall” can satisfy you. If you need “bandwidth shaper” or VPN features, you need to choose “WFilter NG Firewall”.
The second, you need to choose the prefered deployment. In case you don’t want to change current network topology or add a new network device, you need to choose “WFilter Enterprise” which can be deployed with your current topology unchanged. If you agree to replace your current router/firewall, or add a transparent network bridge, please choose “WFilter NG firewall”.
The third, please be aware that WFilter Enterprise is a windows software program, which can be installed instantly. While WFilter NG firewall is an operation system, you need a dedicated PC and burn a CD or usb stick to install it.
In a recent update of WFilter NG firewall, we have re-designed the “bandwidth shaper” feature. Now “bandwidth shaper” becomes easier to be understood and configured.
Let’s take a look.
The shaper rules list:
Bandwidth shaper policy:
In each policy, you need to define total UP and DOWNLOAD bandwidth for this rule. If this rule is applied to multiple clients, all the clients share the defined TOTAL bandwidth. Please note: “ the minimum bandwidth defines the static allocated bandwidth, while the maximum bandwidth is dynamic allocated.”
All clients applied by this rule have fair bandwidth sharing. You may also enable “client maximum rate” if you want to limit bandwidth rate for each IP.
In “ISP” module, the “Rate Limit” policy has the same settings as “bandwidth shaper”, as described in above.
Filtering by IP address and MAC address is enough for most networks. However, in networks with dynamic IP addresses or BYOD networks, you may not identify clients by IP or MAC. In this case, AD integration is a widely adopted solution for internet content filtering.
Both “WFilter Enterprise” and “WFilter NG Firewall” provides “AD integration” solution, which enables you to do reporting, monitoring and filtering with domain users.
1. AD Integration in “WFilter Enterprise”.
More details can be found at: Active directory Integration of WFilter Enterprise
2. WFilter NG Firewall
With WFilter NG Firewall, not only you can do “AD integration”, you also can add “Local accounts” for monitoring, filtering and VPN access.
Please check: WFilter NG Firewall Active directory Integration Solutions
Torrent downloading can consume most of your bandwidth. It’s rather annoying for IT administrators.
With WFilter NG Firewall, you can detect torrent traffic, block torrent downloading and get bandwidth report of torrent traffic.
In this post, I will demonstrate the steps to block torrent in LAN network with WFilter NG Firewall. Please note that WFilter block torrent by protocol matching. So once you block bittorrent in WFilter, all other torrent clients, including bittorrent, utorrent, qtorrent will all be blocked.
1. New a blocking policy in “App Control”.
2. Name it “block torrent”, set “bittorrent” to “deny”.
3. Torrent clients being blocked.
Please note that all WFilter products can block torrent in Lan network. You may check other topics:
How to block utorrent downloading with WFilter 4.1?
How to block torrent downloading with WFilter free?
How to block BitTorrent traffic in your network?
In a previous blog How to monitor internet bandwidth usage in lan network?, I introduced features and steps to monitor lan bandwidth with WFilter NG Firewall.
We have another windows software program named “WFilter Enterprise”, which also can monitor clients bandwidth in pass-by deployment. The WFilter pc do not need to be a gateway or network bridge, it can do internet monitoring and filtering through a mirroring port in your switch or router(passby deployment). With pass-by deployment, you don’t need to change network topology or add new hardware to deploy an internet content filter.
In this guide, I will demonstrate the bandwidth monitoring features of WFilter Enterprise 4.1.
1. Realtime bandwidth shows clients list and real-time bandwidth rate.
2. Click bandwidth to get live connections of a client.
You also can terminate connections by clicking the red icon.
3. Bandwidth Report by protocols
The reports have pie, bar, line and data formats. You can do report by username, data, protocol name and protocol category.
4. Bandwidth Alert
Send an alert email when bandwidth threshold is reached.
Internet bandwidth is always not enough if clients in your network have unrestricted internet access. Torrent, downloading, online videos can eaisly consume most of your bandwidth.
As an IT administrator, to protect your internet bandwidth from being abused, you need to have full control of your network.
WFilter provides a total solution to monitor and manage internet bandwidth usage in lan network, with below features:
1. Monitoring live connections bandwidth
In “real-time bandwidth”, you can get a list of client devices, including IPs, MAC addresses, operator system and bandwidth rate. You also can get live connections of client devices.
2. Bandwidth shaper and priority optimize
A complete guide of bandwidth optimization can be found at here: WFilter NG Firewall bandwidth optimization solutions
3. Bandwidth usage reports
WFilter NG firewall needs to be deployed as gateway or network bridge of your network. If you prefer pass-by bandwidth monitoring solutions, please check: WFilter Enterprise.
A youtube video of internet bandwidth monitoring of WFilter Enterprise can be found at: How to monitor internet bandwidth usage on network?
WFilter NG firewall has a built-in group “punish group”. With this punish group, you can add clients to the penalty box for a period of time.
Please note, “punish group” is a virutal group, you also can add your own virtual group, eg: “expired users” or “trial users”…
1. Add a client into the punish group.
In realtime bandwidth, by click “kill” icon in “connections”, you can add a client into the punish group for a period of time. Your own virtual group will also appears here.
2. Clients in the punish group.
3. Remove a client from the penalty box
To remove a client from the penalty box, you can wait for punish timeout, or click “reset default” in “unblock and reset”.
4. Set “access policy” and “bandwidth” policy for the punish group.
In “Access Policy” and “Bandwidth”, you can set policy for the punish group. For example, set “bandwidth shaper” for “punish group” to have only 20kb download rate limit.