Category Archives: Installation

Installation of WFilter NG Firewall

How to bind ip address with mac address in network?

IP and MAC address binding is usually configured in network switch or router(gateway). An effective IP-MAC binding solution needs to:
1. Be able to integrate with the DHCP server to assign static IPs to clients.
2. Have option to block or allow internet for un-bound devices.
3. Be able to do IP-MAC binding in multi-subnet networks.

In this post, I will demonstrate the “IP-MAC binding” feature in WFilter NG firewall. For IP-MAC binding in “WFilter internet content filter”, please check: “WFilter IP-MAC binding solution“.

1. IP-MAC Binding List

You can define the IP-MAC binding list in “Modules”->”Access Policy”->”IP-MAC Binding”. When listed, these devices will always be assigned with static IP addresses when using dynamic IP address.

ipbound01

2. Settings

Below options are available in the “IP-MAC binding” module:
1. For unlisted IP addresses, you can choose “Allow all”, “Block all” or “Block below IP ranges”.
2. For unlisted MAC addresses(devices), you can configure whether to assign IP address or not.

ipbound02

3. Multi-subnet IP-MAC binding solution

Your network is multi-subnet? No worry. With “MAC address detector”, WFilter NGF is able to retrieve MAC addresses from your core switch. So you can bind IP address with MAC address, even in a multi-subnet network.

Maccd00.jpg

A guide of “IP-MAC binding” in WFilter NGF can be found at: IP-MAC binding.

Difference between WSG appliance models

WSG(WFilter Security Gateway) appliance has two series of models: professional and enterprise. For example, WSG-100P means WSG professional for 100 users; while WSG-100E means WSG enterprise for 100 users.
WSG enterprise has full the features of WFilter NG firewall. Compare to WFilter enterprise, WSG professional is lack of some enterprise-level features: “Internet Usage”, “AD Integration”, “ISP”, and “Hot Standby”.

Hardware difference

Since WSG professional does not record internet usage which requires a lot disk space, WSG professional appliance only have a small harddisk(8GB) for reports only. And the RAM is also less.

WSG professional and WSG enterprise have the same box appearance.

Software difference

WSG professional has no “Internet Usage”, “AD Integration”, “ISP Management”, and “Hot Standby”. Other features are all the same. Please check the screenshots.

usage

ad_integration

Isp user01.png

 

So in case you don’t need usage recording and other enterprise-level features, you can choose WSG professional, which is much more cost-effective.

WFilter NGF vs. open source firewall systems.

There are dozens of open source firewall systems to download. Some are complete free, some provides limited free features. Does “free” sound attractive? but they have dis-advantages. In this post, I would like to discuss the comparsion of WFilter NGF with open source firewall systems.

Disadvantages of open source firewalls

  1. Limited features. Most open source firewalls does not have other enterprise-level features, such as “ usage recording/reports” , “domain integration”…
  2. Lack of support. Most systems only have forum support, unless paid.
  3. Slow response. Bugs may need months to be fixed.

Comparison

WFilter NGF is designed for business networks, with a lot enterprise-level features. In case you want a free solution, open source firewalls can help. However, if you need more features and better support, you’d better choose some commerical products. Below is a list of WFilter NGF advantages comparing to open source firewalls:

  1. Designed for business networks.
  2. Enterprise-level features: usage recording, powerful report system, AD integration…
  3. 7 * 24 dedicated support via email/phone/skype/teamviewer.
  4. Faster response. Improvements and bugs will be fixed ASAP.

Comparison of WFilter ICF and other internet filtering solutions

WFilter internet content filter(ICF) is a windows software internet filtering solution for business networks. As an IT administrator, you may face several choices when deploying internet filtering in your network. In this topic, I will try to provide a comparison of WFilter ICF and other solutions.

As we have highlighted in WFilter homepage, WFilter can be deployed in pass-by mode, with minimal change to network topology. It requires no client installation. Please also check:

1. WFilter ICF vs. client & browser plugin internet filtering solutions.

2. WFilter ICF vs. dns internet filtering solutions.

3. WFilter ICF vs. internet filtering appliances.

4. WFilter ICF vs. proxy-based internet filtering solutions.

5. WFilter ICF vs. WFilter NG firewall.

WFilter is also very cost-effective, please check: WFilter price list.

Difference between WFilter ICF and WFilter NG firewall.

Some users get confused about “WFilter ICF”(WFilter Enterprise) and “WFilter NG firewall”, so in this topic I would like to discuss the difference about these two products.

Though they are all named as “WFilter xxx”,  ”WFilter ICF” is a pass-by web filtering software for windows pc, while “WFilter NG firewall” is a linux-based firewall system which shall be installed in a dedicated x86 pc.

WFilter NG Firewall

  • 1. A total solution for bandwidth optimize, access control, VPN.(UTM and NG firewall)
  • 2. Deployment: gateway, bridge.
  • 3. Installation: x86 PC or virtual machine
  • 4. License: 30-day free trial

WFilter Internet Content Filter(ICF)

  • 1. Pass-by monitoring windows software solution.
  • 2. Recommend deployment: pass-by
  • 3. Installation: shall be installed in a windows PC.
  • 4. License: 30-day free trial

How to choose?

The first, you need to confirm your requirement. If you only need “internet access control”, both “WFilter ICF” and “WFilter NG firewall” can satisfy you. If you need “bandwidth shaper” or VPN features, you need to choose “WFilter NG Firewall”.

The second, you need to choose the prefered deployment. In case you don’t want to change current network topology or add a new network device, you need to choose “WFilter ICF” which can be deployed with your current topology unchanged. If you agree to replace your current router/firewall, or add a transparent network bridge, please choose “WFilter NG firewall”.

The third, please be aware that WFilter ICF is a windows software program, which can be installed instantly. While WFilter NG firewall is an operation system, you need a dedicated PC and burn a CD or usb stick to install it.

How to monitor employee emails usage in business networks?

An email client receives emails via POP/IMAP protocols, sends emails via SMTP protocol. In today, SSL encryption is widely used for email clients. There are two kinds of SSL encryption: “SSL Connection” and “STARTTLS”.

WFilter Enterprise is an internet content monitoring and filtering software program, which can monitor a whole network from one pc, without the need to install any client agent.

 

With WFilter, you can monitor employee emails usage of  plain SMTP/POP/IMAP.

1. Click “Emails” number in “Online Users”.

howto_viewMail_today01

2. You will see a list of sent/received emails.

howto_viewMail_today02

Click the “Subject” link will be able to check the email content.

3.  Query email history in “Query History Logs”.

howto_viewMail_history01

Please note that “WFilter Enterprise” can only monitor plain pop3/smtp/imap emails. To monitor SSL emails, you need to check SSL Email Inspection feature of “WFilter NG Firewall“.

 

How to upgrade WFilter NG Firewall?

“Auto update” feature of WFilter NG firewall can upgrade “protocol pattern database” and “url category database” automatically. By default,  WFilter NG firewall has “auto update” enabled.

However, “auto update” can not perform fireware upgrade. When a new version comes out, you need to manually perform the system fireware upgrade.

This guide demonstrates the steps to perform a fireware upgrade of WFilter NG firewall.

1. Make a backup of current settings.

Please note that upgrade may fail on power supply issue, disk issue… So at first, please export current settings to a backup file in “Config”->”Backup”. In case when you’re unlucky, you don’t need to re-configure the whole system.

2. Click “Check Update now”.

checkupdate2

3. Found a new version, then click “Upgrade”.

checkupdate3

4. Downloading the new firmware.
checkupdate4

5. Confirm the upgrade.
checkupdate5

 

At lease one reboot is required during the upgrading.  All settings and data will persist after the upgrading.