Category Archives: Installation

Installation of WFilter NG Firewall

Turn your old PC into a firewall appliance.

You may have an old desktop PC sitting in a closet or somewhere. Did you know that you still can make it useful? In this guide, I will demonstrate the steps to turn your old pc into a network firewall appliance.

diy_wfilter_cover

1. First, please check what you need to prepare.

diy_wfilter01

1.1) an old desktop pc.
1.2) a gigabit ethernet adapter.
1.3) a usb stick.

2. Mount the ethernet adapter and connect the cables.

There is only one onboard ethernet adapter, so I need to add another PCI adapter.

diy_wfilter02

The green chip on left is the new added ethernet adapter.

diy_wfilter03

Now let’s connect the cables.

diy_wfilter04

3. Install WFilter NGF system.

Now you can install WFilter NGF with your usb stick. Please check a more detailed guide at here: WFilter NG Firewall Installation Guide

You shall be able to the console upon successful installation.
diy_wfilter05

Set your laptop to “dynamic ip address” and open http://192.168.10.1 in browser, you can access webUI to set the system up.

4. See what I get.

The CPU is “Intel Pentium Dual CPU E2160 1.8G”, 2GB DDR2 RAM, 160G harddisk.

diy_wfilter06

Let’s check the performance. Wow, it can handle 200+ clients with 20K concurrent connections. Isn’t it amazing?

diy_wfilter07

 

For more features of WFilter NGF, please check: WFilter NG firewall

DIY a firewall appliance for your network.

As WFilter NG firewall released a free 50-user license, there is an opportunity for small business and home users to DIY powerful firewall appliances. ou may read this post first to take a sight of the free license: Free license of WFilter NG firewall is now available

all

In this post, I will guide you certain steps to build a firewall appliance.

1. First, you need to buy an appliance box and a harddisk.

all

 

1). A 4/6 interfaces atom D525 networking appliance. (Less than $200)

2). A Seagate 1TB disk.

3). One usb stick.

2. Mount the disk.

mountdisk

3. Get a display monitor, and burn WFilter ISO into the usb stick.

Here is a guide for installation: http://wiki.wfilterros.com/Installation_of_WFilter_ROS

usb

install01_en

Console terminal after installation:install02_en

4. Now connect your laptop to LAN interface and setup basic networking parameters.

Set laptop to “obtain ip address automatically”, then open http://192.168.10.1 in your browser.install03_en

Choose the free license:install04_en

5. Connect all the cables.

rack

6. Done, now you can setup more policies to speed up your internet access.

dashboard_en

 

freelicense07

Isn’t it exciting? You won’t be able to find any better solution for small networks.

Download WFilter NG firewall now!

Tips to stop WannaCry ransomware in your network.

In this weekend, WannaCry swept Europe and Asia quickly, locking up critical systems like the UK’s National Health Service, a large telecom in Spain, several universities in China and other businesses and institutions around the world. Once infected, the infected computer denies access, and demands the equivalent of around $300 in bitcoin for decryption.

StQ0-fyfeutp8502656

In this post, I would introduce the important tips to block WannaCry attack.

1. Install Security Patches. Microsoft has released security patches that fix SMB flaw currently being exploited by the WannaCry ransomware, with most version of Windows supported — including Windows XP, Vista, Windows 8, Server 2003 and 2008.
2. Block incoming connections on TCP port 445 in your router/firewall. This rule blocks attacks from internet.
3. For windows DMZ hosts, you also need to block TCP port 445 in firewall settings.
4. To protect VLANs being attacked by an infected VLAN, you can block TCP port 445 in VLAN ACL rules of your core switch.

virus_en01

Using the “network health checker” extension of WFilter, you also can check whether there are “Suspicious Hosts ” in your LAN network. Hosts with massive connections will be identified as “Suspicious”.

virus_en02

How to bind ip address with mac address in network?

IP and MAC address binding is usually configured in network switch or router(gateway). An effective IP-MAC binding solution needs to:
1. Be able to integrate with the DHCP server to assign static IPs to clients.
2. Have option to block or allow internet for un-bound devices.
3. Be able to do IP-MAC binding in multi-subnet networks.

In this post, I will demonstrate the “IP-MAC binding” feature in WFilter NG firewall. For IP-MAC binding in “WFilter internet content filter”, please check: “WFilter IP-MAC binding solution“.

1. IP-MAC Binding List

You can define the IP-MAC binding list in “Modules”->”Access Policy”->”IP-MAC Binding”. When listed, these devices will always be assigned with static IP addresses when using dynamic IP address.

ipbound01

2. Settings

Below options are available in the “IP-MAC binding” module:
1. For unlisted IP addresses, you can choose “Allow all”, “Block all” or “Block below IP ranges”.
2. For unlisted MAC addresses(devices), you can configure whether to assign IP address or not.

ipbound02

3. Multi-subnet IP-MAC binding solution

Your network is multi-subnet? No worry. With “MAC address detector”, WFilter NGF is able to retrieve MAC addresses from your core switch. So you can bind IP address with MAC address, even in a multi-subnet network.

Maccd00.jpg

A guide of “IP-MAC binding” in WFilter NGF can be found at: IP-MAC binding.

Difference between WSG appliance models

WSG(WFilter Security Gateway) appliance has two series of models: professional and enterprise. For example, WSG-100P means WSG professional for 100 users; while WSG-100E means WSG enterprise for 100 users.
WSG enterprise has full the features of WFilter NG firewall. Compare to WFilter enterprise, WSG professional is lack of some enterprise-level features: “Internet Usage”, “AD Integration”, “ISP”, and “Hot Standby”.

Hardware difference

Since WSG professional does not record internet usage which requires a lot disk space, WSG professional appliance only have a small harddisk(8GB) for reports only. And the RAM is also less.

WSG professional and WSG enterprise have the same box appearance.

Software difference

WSG professional has no “Internet Usage”, “AD Integration”, “ISP Management”, and “Hot Standby”. Other features are all the same. Please check the screenshots.

usage

ad_integration

Isp user01.png

 

So in case you don’t need usage recording and other enterprise-level features, you can choose WSG professional, which is much more cost-effective.

WFilter NGF vs. open source firewall systems.

There are dozens of open source firewall systems to download. Some are complete free, some provides limited free features. Does “free” sound attractive? but they have dis-advantages. In this post, I would like to discuss the comparsion of WFilter NGF with open source firewall systems.

Disadvantages of open source firewalls

  1. Limited features. Most open source firewalls does not have other enterprise-level features, such as “ usage recording/reports” , “domain integration”…
  2. Lack of support. Most systems only have forum support, unless paid.
  3. Slow response. Bugs may need months to be fixed.

Comparison

WFilter NGF is designed for business networks, with a lot enterprise-level features. In case you want a free solution, open source firewalls can help. However, if you need more features and better support, you’d better choose some commerical products. Below is a list of WFilter NGF advantages comparing to open source firewalls:

  1. Designed for business networks.
  2. Enterprise-level features: usage recording, powerful report system, AD integration…
  3. 7 * 24 dedicated support via email/phone/skype/teamviewer.
  4. Faster response. Improvements and bugs will be fixed ASAP.

Comparison of WFilter ICF and other internet filtering solutions

WFilter internet content filter(ICF) is a windows software internet filtering solution for business networks. As an IT administrator, you may face several choices when deploying internet filtering in your network. In this topic, I will try to provide a comparison of WFilter ICF and other solutions.

As we have highlighted in WFilter homepage, WFilter can be deployed in pass-by mode, with minimal change to network topology. It requires no client installation. Please also check:

1. WFilter ICF vs. client & browser plugin internet filtering solutions.

2. WFilter ICF vs. dns internet filtering solutions.

3. WFilter ICF vs. internet filtering appliances.

4. WFilter ICF vs. proxy-based internet filtering solutions.

5. WFilter ICF vs. WFilter NG firewall.

WFilter is also very cost-effective, please check: WFilter price list.

Difference between WFilter ICF and WFilter NG firewall.

Some users get confused about “WFilter ICF”(WFilter Enterprise) and “WFilter NG firewall”, so in this topic I would like to discuss the difference about these two products.

Though they are all named as “WFilter xxx”,  ”WFilter ICF” is a pass-by web filtering software for windows pc, while “WFilter NG firewall” is a linux-based firewall system which shall be installed in a dedicated x86 pc.

WFilter NG Firewall

  • 1. A total solution for bandwidth optimize, access control, VPN.(UTM and NG firewall)
  • 2. Deployment: gateway, bridge.
  • 3. Installation: x86 PC or virtual machine
  • 4. License: 30-day trial, free license(optional)

WFilter Internet Content Filter(ICF)

  • 1. Pass-by monitoring windows software solution.
  • 2. Recommend deployment: pass-by
  • 3. Installation: shall be installed in a windows PC.
  • 4. License: 30-day free trial

How to choose?

The first, you need to confirm your requirement. If you only need “internet access control”, both “WFilter ICF” and “WFilter NG firewall” can satisfy you. If you need “bandwidth shaper” or VPN features, you need to choose “WFilter NG Firewall”.

The second, you need to choose the prefered deployment. In case you don’t want to change current network topology or add a new network device, you need to choose “WFilter ICF” which can be deployed with your current topology unchanged. If you agree to replace your current router/firewall, or add a transparent network bridge, please choose “WFilter NG firewall”.

The third, please be aware that WFilter ICF is a windows software program, which can be installed instantly. While WFilter NG firewall is an operation system, you need a dedicated PC and burn a CD or usb stick to install it.

How to monitor employee emails usage in business networks?

An email client receives emails via POP/IMAP protocols, sends emails via SMTP protocol. In today, SSL encryption is widely used for email clients. There are two kinds of SSL encryption: “SSL Connection” and “STARTTLS”.

WFilter Enterprise is an internet content monitoring and filtering software program, which can monitor a whole network from one pc, without the need to install any client agent.

 

With WFilter, you can monitor employee emails usage of  plain SMTP/POP/IMAP.

1. Click “Emails” number in “Online Users”.

howto_viewMail_today01

2. You will see a list of sent/received emails.

howto_viewMail_today02

Click the “Subject” link will be able to check the email content.

3.  Query email history in “Query History Logs”.

howto_viewMail_history01

Please note that “WFilter Enterprise” can only monitor plain pop3/smtp/imap emails. To monitor SSL emails, you need to check SSL Email Inspection feature of “WFilter NG Firewall“.

 

How to upgrade WFilter NG Firewall?

“Auto update” feature of WFilter NG firewall can upgrade “protocol pattern database” and “url category database” automatically. By default,  WFilter NG firewall has “auto update” enabled.

However, “auto update” can not perform fireware upgrade. When a new version comes out, you need to manually perform the system fireware upgrade.

This guide demonstrates the steps to perform a fireware upgrade of WFilter NG firewall.

1. Make a backup of current settings.

Please note that upgrade may fail on power supply issue, disk issue… So at first, please export current settings to a backup file in “Config”->”Backup”. In case when you’re unlucky, you don’t need to re-configure the whole system.

2. Click “Check Update now”.

checkupdate2

3. Found a new version, then click “Upgrade”.

checkupdate3

4. Downloading the new firmware.
checkupdate4

5. Confirm the upgrade.
checkupdate5

 

At lease one reboot is required during the upgrading.  All settings and data will persist after the upgrading.