WFilter added “Email Notification” in the ISP module.

The ISP module of “WFilter NG firewall” designed for ISPs to manage users and bandwidth plans.

Beside “user web portal”, a recent update of “WFilter NG Firewall” added “Email Notification” feature. So users can get email notification of their bandwidth usage.


As shown in the above diagram, you can set different email alert frequency for “valid users” and “cap exceeded users”, with different email contents.

This feature will be helpful for ISPs who prefer use email alert rather web portal.

Facebook Comments

WFilter email monitoring solutions for business networks.

Many users asked about email monitoring and recording features of WFilter. Actually, WFilter, including “WFilter Enterprise” and “WFilter NG firewall”, all are able to record SMTP, POP3, IMAP and web-based emails on network. However, there are some limitations of this feature.

This post will discuss WFilter’s email monitoring features and solutions.

1. Monitoring of email clients

An email client receives emails via POP/IMAP protocols, sends emails via SMTP protocol. In today, SSL encryption is widely used for email clients. There are two kinds of SSL encryption: “SSL Connection” and “STARTTLS”. With WFilter, you can:

  • Monitoring emails via plain SMTP/POP/IMAP.
  • Email attachments can also be recorded.

For SMTP/POP/IMAP over SSL, you have two solutions:

Solution 1: block SSL email connections to force email clients using plain email protocols.


When blocking is applied, email clients need to be re-configured to disable SSL encryption.


Solution 2: Enable “SSL Email Inspection” with “WFilter NG Firewall”.

This feature can intercept SSL connections and record SSL emails. However, “STARTTLS” still can not be recorded, even “SSL Email Inspection” is enabled. Please check: SSL Email Inspection

2. Monitoring of Web Emails

Web email means receiving and sending emails within a web browser. Please note that web emails received can not be recorded, while http outgoing emails can be recorded by WFilter. Please note:

  1. Outgoing http web emails can be recorded.
  2. Https web emails can not be recorded.
  3. Not all http attachments can be recorded. It depends on the uploading protocol.
  4. For http web emails not recorded, you may contact us for a web email format upgrade.


Facebook Comments

Optimize bandwidth of your network with WFilter NG Firewall.

Sometimes you will come to the following solutions when your internet bandwidth is insufficient:

  1. Use more than one broadband connection.
  2. Block applications which consume much bandwidth. For example, you might use “WFilter Enterprise passby internet content filter windows software” to block downloading and online streaming.
  3. Limit the real-time bandwidth rate for clients. This can be done in your router of firewall.

However, these solutions have disadvantages:

  1. Without access control, using multiple broadband connections can not bring better experience. It because downloading and streaming can easily consume most of your bandwidth.
  2. “Application blocking” can save your bandwidth. However, users experience are impacted. Users will complain about no streaming or downloading.
  3. Rate limiting does not optimize your bandwidth. Users will still complain about slow internet speed.

WFilter NG Firewall brings total solutions for bandwidth optimization.

1. Powerful access control policy

With “Access Policy” modules, you can block p2p downloading, online streaming, streaming websites. Please check: Access Policy

2. Multi-WAN load balancing and routing

In case you have multiple broadband connections, WFilter NG Firewall’s “Multi-WAN” module can help you to:

  • Load balancing on multiple broadband connections.
  • Setup routing policies. For example, a). business servers are routed to a dedicated connection, b). video sites are routed to another connection.

For more details, please check: Muti-WAN

3. Bandwidth priority

With the “Priority” module, traffic with higher priority goes first. For example, you can set business servers traffic to the highest priority. So even the network is extremly busy, servers bandwidth won’t be influenced.

When installed, there are default rules: email > web > p2p and streaming. You also can customize your own rules.

For more details, please check: bandwidth priority

4. Bandwidth shaper

This module is for you to set bandwidth rate for clients. You can set the rate to ip ranges, user group or department.

Each group have a “maximum bandwidth rate” and “minimum bandwidth rate”. The minimum rate ensures the clients to have this bandwidth rate even the line is busy.

For more details, please check: bandwidth shaper
Try WFilter NG Firewall now: WFilter NG Firewall

Facebook Comments

How to setup WFilter NG Firewall to work with a three layer switch in a multiple VLANs network?

In this article, I’m going to walk you through setting up a two-VLAN network with a Layer 3 switch(Cisco 3550). I am also going to setup WFilter NG Firewall as the gateway to routing for this VLANs.

Network Topology


As in the above network topology diagram:

  1. There are two VLANs in the Cisco 3550 swith( Vlan2 –, and VLAN3 –
  2. WFilter NG Firewall is in subnet
  3. The uplink port of Cisco 3550 has IP address

Configuring the Cisco switch

Commands to setup the Cisco 3550 switch:

Setup port VLAN

Switch#configure terminal

Switch(config)#interface fa0/12

Switch(config-if)#switchport mode trunk

Switch(config-if)#switchport access vlan 2


Setup VLAN IP and subnet

Switch#configure terminal

Switch(config)#interface vlan 2

Switch(config-if)#ip address


Setup the uplink port

Switch#configure terminal

Switch(config)#interface fa0/1

Switch(config-if)#no switchport

Switch(config-if)#ip address

Enable IP Routing

Switch#configure terminal

Switch(config)#ip routing


Configuring WFilter NG Firewall

For WFilter NG Firewall to route VLANs traffic, you need to add VLAN subnets in “Routing” of WFilter NG Firewall.

threelayer_vlan_ros2_en threelayer_vlan_ros1_en


Facebook Comments

How to detect and fix ip conflicts in your network?

IP conflict in local network is annoying. When it happens, it will cause intermittently connections, and it’s difficult for an IT administrator to locate the conflicted devices.

With WFilter, you can do much more.

First, you can block the conflicted IP address with a message. So the client might fix this issue by himself. As shown in below figure, you can send a message “Your ip address conflicts with our server, please correct it ASAP”. This message will show up when browsing http sites.
Also, you can run the “Network Health Checker” extension, which can test ip conflicts in your network. Please check the below screenshots:

Now you may talk to the person with “HuaWei” mobile to fix this issue.

Extension home page: “Network Health Checker”

Wiki page: Check network health of availability, IP conflict, ARP spoof and broadcast storm

Facebook Comments

The ISP module of WFilter NG Firewall, a total solution for ISP management.

For ISP network management, you will need:

  1. User authentication.
  2. Monitor and filter of internet activities.
  3. Bandwidth shaper.
  4. Accounting and statistics.

Usually, you will need several systems to achieve this goal. Today, WFilter NG Firewall, a linux based next generation firewall provides a total solution for ISP network management, with below features:

  1. Two types of authentication: “Web Auth” and “PPPoE Auth”.
  2. An “Internet Usage” module to record web surfing, downloading activities.
  3. Rich internet access control policies: web filter, application control, ip-mac binding …
  4. Bandwidth policies of realtime rate limit and monthly bandwidth cap limit.
  5. Bandwidth optimize solutions.
  6. Internet usage and bandwidth statistics.
  7. A web push feature to push statistics, web page and advertise.

All these features can be configured in the “WFilter ISP module“.

Some screenshots:


User settings

User Portal

More details can be found at here: WFilter NG Firewall ISP Module

Facebook Comments

Do not forget to block QUIZ to block youtube and other google sites.

In google chrome, a new protocol named QUIZ, is implemented. The protocol description can be found at

It says QUIZ can improve website performance by 3%. However, because QUIZ is an UDP based encrypted protocol,  domains support QUIZ will not be blocked with WFilter’s web filter.

This issue happens in Chrome browser to Google sites only(including youtube). To make web filter working, you’re recommended to block QUIZ completely.

In pass-by deployment with WFilter Enterprise, you’re recommended to block udp ports “443 -65534″ in your firewall and router.

In WFilterROS, you can block QUIZ in the “app control” module.

Demonstrations of blocking youtube.

When QUIZ is not blocked, you can only see QUIZ traffic when visiting of youtube with chrome.


Block QUIZ in app control.


Now “QUIZ” connections are all blocked, and youtube can be blocked by WFilter.



Facebook Comments