How to block non-domain devices to access internet in network?

Some users asked about how to prevent non-domain devices to have internet access in business network. So this is the guide, using WFilter Enterprise.

As you know,  WFilter can be integrated with microsoft active directory. So you can monitor and filter internet usage by domain usernames. For details, please check: Active directory Integration of WFilter

To stop non-domain devices, please follow below steps:

1. Set a restricted policy to devices in “Default IP Policy” of “user-device list”.

So devices will only have restricted internet access.

block_non_domain01_en

2. Set real policy to domain users in “Users” of “user-device list”.block_non_domain02_en

3. Modify the “Policy Apply” option.

In “Advanced Settings” of “Account Monitoring Settings”, you need to set “Policy Apply” to “User Policy First”. So user policy will overwrite device policy.

block_non_domain03_en

 

Following upbove steps,  non-domain devices have restricted internet access only. When logged with a domain user, user policy will be applied.

 

Facebook Comments

WFilter Pass-by deployment for multiple VLANs network.

WFilter Enterprise( WFilter internet content filter) supports monitoring and filtering of multiple VLANs clients from a central WFilter pc.

Below is the deployment diagram:wfilter-vlan

Please note:

  1. The WFilter pc shall have two network cards.
  2. NIC1 shall be connected to the mirroring port.
  3. NIC2 shall be connected to the management VLAN, which can communicate with other VLANs.
  4. The mirroring port shall be configure to monitor the uplink port. (Connected to the up-layer router or firewall)

In WFilter, you also need to setup the “mirroring adapter” and “blocking adapter” in “System Settings”->”Monitoring Settings”. The mirroring adapter shall be the adapter connected to the mirroring port, while the blocking adapter shall be connected to the management VLAN.

 

Facebook Comments

How to block facebook videos streaming with WFilter NG firewall?

Sometimes, you might want to block facebook video streaming to save your bandwidth. There is predefined protocol named “facebook videos” in WFilter, which can help you to block facebook video by a few clicks. Here is the protocol description: facebook videos protocol and ports.

In another post, I’ve demonstrated how to block facebook videos with WFilter Enterprise. In this post, I will guide you to block facebook videos with “WFilter NG firewall”, which is a linux NG firewall designed for business networks.

1. New a block facebook policy in “App Control”.blockfb_video01

2. Set “facebook videos” to “Deny” in “streaming”.
blockfb_video02

3. That’s all. Now facebook videos will be blocked.
blockfb_video1 blockfb_video2

Please note, because short/small videos come from a same source as images, so blocking of facebook video does not short video cuts. Only medium or large size videos can be blocked.

Facebook Comments

How to block hotspot shield VPN in network with WFilter NG firewall?

Hotspot shield is a popular VPN service, with free version available.  When launched, it will try to connect a lot TLS sites for traffic relaying. If you do packet sniffer with wireshark, you will see  traffic  from famous sites like “google.com, baidu.com…”. But in fact, it’s hotspot vpn traffic in the camouflage of normal TLS.

Anyway, our team has worked out a protocol pattern to block Hotspot shield traffic completely in your network. WFilter identifies Hotspot via signature matching, so no matter in which transfer type or client version, all Hotspot traffic can be blocked. Here is a protocol description of hotspot shield VPN: protocol and port range of Hotspot shield.

Below are the steps with WFilter NG firewall:

1. New a “block hotspot” app control policy.

block_hotspot_01

2. Set “Hotspot shield” to “Deny”.block_hotspot_02

3. That’s all. Now hotspot shield will never be able to connect.

hotspot_blocked

4. The blocking event in WFilter NG firewall.

block_hotspot_03

Please note: all WFilter products can support blocking of hotspot shield, including WFilter NG firewall and WFilter Enterprise.

Facebook Comments

Integrate paypal payment with your ISP service.

The ISP module of WFilter NG firewall provides a total solution of bandwidth rate limiting, cap limiting and reporting of ISP users.  In this topic, I would like to introduce a paypal integration solution for your ISP service to run automatically. It works like this:

  1. Users get email/web portal notification of ISP account expire date.
  2. Users can click “renew” to make payment online via paypal.
  3. Upon receiving of a payment, payal will call a callback script to extend users’ expire date.

The whole process can all be done automatically. Below is a demonstration of certain steps:

The first, you need create payment buttons in your paypal business account.

paypal1 paypal2 paypal3

The second, you need to have an order landing page in your website.

When users click “renew” in their userportal or email notification, they will be redirected to the landing page. The landing page shall parse the “token” field to get username, expire date and current bandwidth policy. So you can calculate the costs for renewing. You can find an example of the landing page in WFilter_paypal_sdk.

paypal6.1 paypal6

The third, you need to enable “Instand payment notifications” in your paypal profile for callback.

When enabled, paypal will call the callback url for WFilter NG firewall to extend user date. paypal4 paypal5

 

The full php SDK soure code can be downloaded at here: WFilterNGF_Paypal_SDK_1_0.zip

Please note, we only provide a simple callback example. To make it work, you need to do below modifications at least:

  • Customize the landing page. For example, provide “1 month” and “2 months” choices.
  • Customize the callback php script. The default script extend this user for one month only.

For any question, please feel free to contact IMFirewall Support. We’re always will to help.

Facebook Comments

How to manage expiring and expired users in WFilter for ISP?

WFilter NG firewall has an ISP module, which is designed as a total solution for ISP management. You can check the details at this post: the ISP module of WFilter NG Firewall, a total solution for ISP management, and a online guide at: ISP management.

I would like to demonstrate how you can manage expiring and expired users in the ISP module.

1. You can add expiring and expired to different groups.

isp_expire_setting

When enabled, certain users will be added to groups automatically. So you add more policies to these groups in “Access Control” and “Bandwidth”. For example, you can:

a). Send expiring notification to expiring users with “Web Push” module. Users can renew online, and renew process can be complete automatically.

b). Restrict internet access of expired users. Please note that login is not allowed for expired PPPoE and WebAuth users.

2. Email notification to expiring users.

You can schedule email notification to expiring users at different time point(for example, 30 days before expiry).  Users also can click the “order now” link in email to renew their account. Please check below screenshots.

isp_expire_setting2 isp_expire_setting3

A sample email received:

isp_expire_setting4

 

More details can be found at here: WFilter NG Firewall ISP Module

Facebook Comments

Difference between WFilter Enterprise and WFilter NG firewall.

Some users get confused about “WFilter Enterprise” and “WFilter NG firewall”, so in this topic I would like to discuss the difference about these two products.

Though they are all named as “WFilter xxx”,  ”WFilter Enterprise” is a pass-by web filtering software for windows pc, while “WFilter NG firewall” is a linux-based firewall system which shall be installed in a dedicated x86 pc.

WFilter NG Firewall

  • 1. A total solution for bandwidth optimize, access control, VPN.(UTM and NG firewall)
  • 2. Deployment: gateway, bridge.
  • 3. Installation: x86 PC or virtual machine
  • 4. License: 30-day free trial

WFilter Enterprise

  • 1. Pass-by monitoring windows software solution.
  • 2. Recommend deployment: pass-by
  • 3. Installation: shall be installed in a windows PC.
  • 4. License: 30-day free trial

How to choose?

The first, you need to confirm your requirement. If you only need “internet access control”, both “WFilter Enterprise” and “WFilter NG firewall” can satisfy you. If you need “bandwidth shaper” or VPN features, you need to choose “WFilter NG Firewall”.

The second, you need to choose the prefered deployment. In case you don’t want to change current network topology or add a new network device, you need to choose “WFilter Enterprise” which can be deployed with your current topology unchanged. If you agree to replace your current router/firewall, or add a transparent network bridge, please choose “WFilter NG firewall”.

The third, please be aware that WFilter Enterprise is a windows software program, which can be installed instantly. While WFilter NG firewall is an operation system, you need a dedicated PC and burn a CD or usb stick to install it.

Facebook Comments

Understanding the bandwidth shaper feature of WFilter NG Firewall

In a recent update of WFilter NG firewall, we have re-designed the “bandwidth shaper” feature. Now “bandwidth shaper” becomes easier to be understood and configured.

Let’s take a look.

The shaper rules list:

Ros ipcontrol 001.png

Bandwidth shaper policy:

Ipcontrol set en.png

In each policy, you need to define total UP and DOWNLOAD bandwidth for this rule. If this rule is applied to multiple clients, all the clients share the defined TOTAL bandwidth. Please note: “ the minimum bandwidth defines the static allocated bandwidth, while the maximum bandwidth is dynamic allocated.”

All clients applied by this rule have fair bandwidth sharing. You may also enable “client maximum rate” if you want to limit bandwidth rate for each IP.

In “ISP” module, the “Rate Limit” policy has the same settings as “bandwidth shaper”, as described in above.

isp_ratelimit01

Facebook Comments

Youtube videos about WFilter

Below is a list of videos about WFilter in youtube.

How to monitor network traffic and bandwidth usage?

How to monitor internet activities in lan network?

How to monitor internet bandwidth usage on network?

How to block and filter websites in network using software?

How to track internet usage of network clients?

How to block porn websites in network?

How to block youtube videos in network?

How to scan DHCP Server with WFilter?

How to scan network devices with WFilter free?

How to block torrent downloading with WFilter Free?

How to block facebook on network with WFilter free?

Facebook Comments

WFilter integrates with active directory — solution of content filtering with domain users.

Filtering by IP address and MAC address is enough for most networks. However, in networks with dynamic IP addresses or BYOD networks, you may not identify clients by IP or MAC. In this case, AD integration is a widely adopted solution for internet content filtering.

Both “WFilter Enterprise” and “WFilter NG Firewall” provides “AD integration” solution, which enables you to do reporting, monitoring and filtering with domain users.

1. AD Integration in “WFilter Enterprise”.

More details can be found at: Active directory Integration of WFilter Enterprise

2. WFilter NG Firewall

With WFilter NG Firewall, not only you can do “AD integration”,  you also can add “Local accounts” for monitoring, filtering and VPN access.

Faq en adconf001.png

Faq en adconf003.png

Please check: WFilter NG Firewall Active directory Integration Solutions

Facebook Comments