Author Archives: WFilter

DIY a firewall appliance for your network.

As WFilter NG firewall released a free 50-user license, there is an opportunity for small business and home users to DIY powerful firewall appliances. ou may read this post first to take a sight of the free license: Free license of WFilter NG firewall is now available


In this post, I will guide you certain steps to build a firewall appliance.

1. First, you need to buy an appliance box and a harddisk.



1). A 4/6 interfaces atom D525 networking appliance. (Less than $200)

2). A Seagate 1TB disk.

3). One usb stick.

2. Mount the disk.


3. Get a display monitor, and burn WFilter ISO into the usb stick.

Here is a guide for installation:



Console terminal after installation:install02_en

4. Now connect your laptop to LAN interface and setup basic networking parameters.

Set laptop to “obtain ip address automatically”, then open in your browser.install03_en

Choose the free license:install04_en

5. Connect all the cables.


6. Done, now you can setup more policies to speed up your internet access.




Isn’t it exciting? You won’t be able to find any better solution for small networks.

Download WFilter NG firewall now!

Free license of WFilter NG firewall is now available.

Free license of WFilter NG firewall is now available in the last build of WFilter NGF(1.1.2017.06.05). Except remote support, free license has all features of WFilter for 50 users. You can use this license in any networks, including business.


Now let’s see what we can do with this free license.

1. Choose “free license” on first time login.


2. Powerful reports and statistics.


3. Archive web browsing and email history.

Web activity recording


Email activity recording


SSL inspector


4. Deploy internet content filtering policies

With the free license, you also can get “website black&white list”, “website category filtering”, “application control”, “IP-mac binding”, “Web content pushing”…


5. Bandwidth optimization and rate limit

Free solutions for bandwidth priority optimization, bandwidth rate limiter and multiple WAN load-balancing and WAN fail-over.


6. Various user authentication.

Local accounts, active directory integration, PPPoE, web authentication(facebook WiFi).


And the “ISP management” module, a total solution for users/bandwidth management.


7. VPN tunnels


8. Extensions


9. License

Now let’s check the license: life-time free for 50 users.


Isn’t it exciting? You won’t be able to find any better solution for small networks.

Download WFilter NG firewall now!

Tips to stop WannaCry ransomware in your network.

In this weekend, WannaCry swept Europe and Asia quickly, locking up critical systems like the UK’s National Health Service, a large telecom in Spain, several universities in China and other businesses and institutions around the world. Once infected, the infected computer denies access, and demands the equivalent of around $300 in bitcoin for decryption.


In this post, I would introduce the important tips to block WannaCry attack.

1. Install Security Patches. Microsoft has released security patches that fix SMB flaw currently being exploited by the WannaCry ransomware, with most version of Windows supported — including Windows XP, Vista, Windows 8, Server 2003 and 2008.
2. Block incoming connections on TCP port 445 in your router/firewall. This rule blocks attacks from internet.
3. For windows DMZ hosts, you also need to block TCP port 445 in firewall settings.
4. To protect VLANs being attacked by an infected VLAN, you can block TCP port 445 in VLAN ACL rules of your core switch.


Using the “network health checker” extension of WFilter, you also can check whether there are “Suspicious Hosts ” in your LAN network. Hosts with massive connections will be identified as “Suspicious”.


Powerful networking diagnose tool sets for IT professionals.

As a network professional, when things go wrong in your network, the right tools are required to minimize network downtime.
In this post, I will reveal you the extension system in WFilter, a powerful tool sets for networking issues.

At a first galance


All WFilter systems have an “extension” library, which contains a powerful free tool sets for IT administrators. Most extensions are free. Even supported in WFilter free, a freeware for network internet filtering and monitoring.

Now let’s see what we can do with WFilter extensions:

1. Scan client devices in network

With “network scan” extension, you can get a complete list of network clients, including IP, MAC, manufactor and open ports…

2. Discover and scan DHCP services in network

The “Network DHCP discover plugin” of WFilter can scan DHCP services in your network by a single click. It will list all dhcp servers ip addresses, MAC addresses and MAC manufactures.

3. Detect NAT sharing services in network

Detect illegal NAT sharing in network.

4. Check network health of availability, IP conflict, ARP spoof and broadcast storm

This extension can:

  1. check availability and ping performance of dns servers.
  2. check availability and ping performance of internet sites.
  3. check availability and ping performance of local network hosts.
  4. check whether there is ip conflict in local network.
  5. check whether there is arp spoof running in local network.
  6. check whether there is broadcast storm in local network.

5. Scan proxy servers in network

6. Graph ping performance of multiple hosts

With this plugin, you can get ping performance and graph reports for multiple hosts in a period of time.

A complete extesions list can be found at here: WFilter extensions. And more will come. The most important thing is that most extension are free, supported in “WFilter internet content filter(commercial)”, “WFilter NG firewall” and “WFilter Free”.

Isn’t it exicting? Download WFilter Now!

Monitor network bandwidth with cisco switch.

In this post, I will bring you a bandwidth monitoring solution based on your cisco switch. In case your router/firewall does not have bandwidth monitoring features, or you need more detailed reports, this solution can help you.

First, the network topology diagram:


Most cisco switch supports “port mirroring(SPAN)” feature. You may use below commands to enable it:

1. Set source port

Switch(config)#monitor session 1 source interface Fa0/23

2. Set target port

Switch(config)#monitor session 1 destination interface Fa0/22 ingress vlan 1

Then, you need to install a passby filtering program(ie: WFilter internet content filter) in a windows PC, and connect this PC to the “target port”. So you can monitor internet bandwidth and live connections of network clients.

The new diagram:


Now let’s check what you can monitor with WFilter:
1. Clients List

2. Live Connections

3. Bandwidth Reports




How to deploy a passby internet content filter with your cisco switch?

You don’t need to buy a expensive firewall or UTM appliance to do internet content filtering and usage monitoring.
In this post, I will guide you to deploy a passby internet content filter simply with a cisco switch.

First, suppose you have a cisco switch with below network diagram.


Most cisco switch supports “port mirroring(SPAN)” feature. You may use below commands to enable it:

1. Set source port

Switch(config)#monitor session 1 source interface Fa0/23

2. Set target port

Switch(config)#monitor session 1 destination interface Fa0/22 ingress vlan 1

Then, you need to install a passby filtering program(ie: WFilter internet content filter) in a windows PC, and connect this PC to the “target port”. So you can monitor and filter internet access of network clients. Please note: “ingress” must be enabled for filtering to work.

The new diagram:


Pass-by filtering can also be as powerful as a pass-through UTM device, except for bandwidth rate limiting. For more information, please check: WFilter deployment.

How to block website category in WFilter ICF?

This post will demonstrate the steps to block website categories of network clients, with WFilter internet content filter(WFilter ICF 4.1).

WFilter contains an integrated URL database, which includes about 60 website categories. With website category filtering features, you can block certain categories by a few clicks. This website category filtering feature is also available in WFilter NG firewall.

1. Add a new blocking policy

New a blocking policy in “Policy Settings”->”Blocking Levels”. In “Category”, you need to check “Block webpages by categories”. Then click “New…” in the dropdown list.


2. Block certain categories.

To block a website category, you simply need to set “Access Policy” to “Deny” . In this example, we set “Sexual” sites to “Deny”.


3. Apply this blocking policy.

In “user-device list”, set default “blocking policy” to the new added “block websites category” policy. So all network clients will be blocked.


4. Check the blocking.


How to bind ip address with mac address in network?

IP and MAC address binding is usually configured in network switch or router(gateway). An effective IP-MAC binding solution needs to:
1. Be able to integrate with the DHCP server to assign static IPs to clients.
2. Have option to block or allow internet for un-bound devices.
3. Be able to do IP-MAC binding in multi-subnet networks.

In this post, I will demonstrate the “IP-MAC binding” feature in WFilter NG firewall. For IP-MAC binding in “WFilter internet content filter”, please check: “WFilter IP-MAC binding solution“.

1. IP-MAC Binding List

You can define the IP-MAC binding list in “Modules”->”Access Policy”->”IP-MAC Binding”. When listed, these devices will always be assigned with static IP addresses when using dynamic IP address.


2. Settings

Below options are available in the “IP-MAC binding” module:
1. For unlisted IP addresses, you can choose “Allow all”, “Block all” or “Block below IP ranges”.
2. For unlisted MAC addresses(devices), you can configure whether to assign IP address or not.


3. Multi-subnet IP-MAC binding solution

Your network is multi-subnet? No worry. With “MAC address detector”, WFilter NGF is able to retrieve MAC addresses from your core switch. So you can bind IP address with MAC address, even in a multi-subnet network.


A guide of “IP-MAC binding” in WFilter NGF can be found at: IP-MAC binding.

Difference between WSG appliance models

WSG(WFilter Security Gateway) appliance has two series of models: professional and enterprise. For example, WSG-100P means WSG professional for 100 users; while WSG-100E means WSG enterprise for 100 users.
WSG enterprise has full the features of WFilter NG firewall. Compare to WFilter enterprise, WSG professional is lack of some enterprise-level features: “Internet Usage”, “AD Integration”, “ISP”, and “Hot Standby”.

Hardware difference

Since WSG professional does not record internet usage which requires a lot disk space, WSG professional appliance only have a small harddisk(8GB) for reports only. And the RAM is also less.

WSG professional and WSG enterprise have the same box appearance.

Software difference

WSG professional has no “Internet Usage”, “AD Integration”, “ISP Management”, and “Hot Standby”. Other features are all the same. Please check the screenshots.



Isp user01.png


So in case you don’t need usage recording and other enterprise-level features, you can choose WSG professional, which is much more cost-effective.

WFilter NGF vs. open source firewall systems.

There are dozens of open source firewall systems to download. Some are complete free, some provides limited free features. Does “free” sound attractive? but they have dis-advantages. In this post, I would like to discuss the comparsion of WFilter NGF with open source firewall systems.

Disadvantages of open source firewalls

  1. Limited features. Most open source firewalls does not have other enterprise-level features, such as “ usage recording/reports” , “domain integration”…
  2. Lack of support. Most systems only have forum support, unless paid.
  3. Slow response. Bugs may need months to be fixed.


WFilter NGF is designed for business networks, with a lot enterprise-level features. In case you want a free solution, open source firewalls can help. However, if you need more features and better support, you’d better choose some commerical products. Below is a list of WFilter NGF advantages comparing to open source firewalls:

  1. Designed for business networks.
  2. Enterprise-level features: usage recording, powerful report system, AD integration…
  3. 7 * 24 dedicated support via email/phone/skype/teamviewer.
  4. Faster response. Improvements and bugs will be fixed ASAP.