In the last version of WFilter NG firewall(2017.09.01), we’ve added ip mac history for all network clients. With this feature, you will be able to:
- Query ip and mac address history of all network clients.
- Gateway and bridge deployment are supported. You can record ip-mac activities even in bridge mode.
- When “mac address detector” is enabled, you’re able to record ip-mac information in multi-subnet networks.
Below are some screenshots:
WFilter NGF has a built-in API library for developers to manipulate the entire system or integrate WFilter features. With APIs, you’re able to:
- 1. Get bandwidth history.
- 2. Get online users, including ip, mac, account, live connections.
- 3. Terminate user connections, kick off user…
- 4. Add/remove user from virtual group to apply policies.
- 5. Extend user expire date.
In this post, I will use an API example to demonstate the API library usage of WFilter NGF. The requirement is simple: “a API call to set access policy and bandwidth rate limit for an ip address”.
1. First, we need to setup WFilter NGF.
Because “access policy” and “bandwidth shaper” are separate modules in WFilter NGF, we need to setup a virtual group with policies applied. In the API call, we only need to add IP addresses into the virtual group to apply the rules.
1.1) New a “limited access” virtual group.
1.2) Setup policies to this group.
2. Use php to call WFilter API.
Now, we’ve setup policies for the virtual group. To implement policies to an IP address, we only need to add this IP into this group. We have a php SDK, you need to include the WFilterNGF.php to call the API functions.
Isn’t it simple? You may check more details in WFilter API. If you have any suggestions or requirement, please feel free to contact us.
You may have an old desktop PC sitting in a closet or somewhere. Did you know that you still can make it useful? In this guide, I will demonstrate the steps to turn your old pc into a network firewall appliance.
1. First, please check what you need to prepare.
1.1) an old desktop pc.
1.2) a gigabit ethernet adapter.
1.3) a usb stick.
2. Mount the ethernet adapter and connect the cables.
There is only one onboard ethernet adapter, so I need to add another PCI adapter.
The green chip on left is the new added ethernet adapter.
Now let’s connect the cables.
3. Install WFilter NGF system.
Now you can install WFilter NGF with your usb stick. Please check a more detailed guide at here: WFilter NG Firewall Installation Guide
You shall be able to the console upon successful installation.
Set your laptop to “dynamic ip address” and open http://192.168.10.1 in browser, you can access webUI to set the system up.
4. See what I get.
The CPU is “Intel Pentium Dual CPU E2160 1.8G”, 2GB DDR2 RAM, 160G harddisk.
Let’s check the performance. Wow, it can handle 200+ clients with 20K concurrent connections. Isn’t it amazing?
For more features of WFilter NGF, please check: WFilter NG firewall
Free license of WFilter NG firewall is now available in the last build of WFilter NGF(1.1.2017.06.05). Except remote support, free license has all features of WFilter for 50 users. You can use this license in any networks, including business.
Now let’s see what we can do with this free license.
1. Choose “free license” on first time login.
2. Powerful reports and statistics.
3. Archive web browsing and email history.
Web activity recording
Email activity recording
4. Deploy internet content filtering policies
With the free license, you also can get “website black&white list”, “website category filtering”, “application control”, “IP-mac binding”, “Web content pushing”…
5. Bandwidth optimization and rate limit
Free solutions for bandwidth priority optimization, bandwidth rate limiter and multiple WAN load-balancing and WAN fail-over.
6. Various user authentication.
Local accounts, active directory integration, PPPoE, web authentication(facebook WiFi).
And the “ISP management” module, a total solution for users/bandwidth management.
7. VPN tunnels
Now let’s check the license: life-time free for 50 users.
Isn’t it exciting? You won’t be able to find any better solution for small networks.
Download WFilter NG firewall now!
In this weekend, WannaCry swept Europe and Asia quickly, locking up critical systems like the UK’s National Health Service, a large telecom in Spain, several universities in China and other businesses and institutions around the world. Once infected, the infected computer denies access, and demands the equivalent of around $300 in bitcoin for decryption.
In this post, I would introduce the important tips to block WannaCry attack.
1. Install Security Patches. Microsoft has released security patches that fix SMB flaw currently being exploited by the WannaCry ransomware, with most version of Windows supported — including Windows XP, Vista, Windows 8, Server 2003 and 2008.
2. Block incoming connections on TCP port 445 in your router/firewall. This rule blocks attacks from internet.
3. For windows DMZ hosts, you also need to block TCP port 445 in firewall settings.
4. To protect VLANs being attacked by an infected VLAN, you can block TCP port 445 in VLAN ACL rules of your core switch.
Using the “network health checker” extension of WFilter, you also can check whether there are “Suspicious Hosts ” in your LAN network. Hosts with massive connections will be identified as “Suspicious”.
There are dozens of open source firewall systems to download. Some are complete free, some provides limited free features. Does “free” sound attractive? but they have dis-advantages. In this post, I would like to discuss the comparsion of WFilter NGF with open source firewall systems.
Disadvantages of open source firewalls
- Limited features. Most open source firewalls does not have other enterprise-level features, such as “ usage recording/reports” , “domain integration”…
- Lack of support. Most systems only have forum support, unless paid.
- Slow response. Bugs may need months to be fixed.
WFilter NGF is designed for business networks, with a lot enterprise-level features. In case you want a free solution, open source firewalls can help. However, if you need more features and better support, you’d better choose some commerical products. Below is a list of WFilter NGF advantages comparing to open source firewalls:
- Designed for business networks.
- Enterprise-level features: usage recording, powerful report system, AD integration…
- 7 * 24 dedicated support via email/phone/skype/teamviewer.
- Faster response. Improvements and bugs will be fixed ASAP.
Internet filtering appliances(UTM) are very popular in business networks. In this article, I would discuss the difference of WFilter NGF with internet filtering appliances.
Comparing to WFilter NGF, appliances are easier to be deployed. You don’t need to install the system by yourself.
Advantages of appliances
- Easier to be deployed.
- No hardware compatiablity issue.
Disadvantages of appliances
- Most appliances can only work for 2-3 years.
- Bad expansion. In case you have more network clients, you need to buy new appliances.
- Very expensive. Even upgrade is not free.
Despite of the above disadvantages, Internet filtering appliances are ideal for business network security. With WFilter NGF, you need to test hardware and install the system by yourself. However, it also has below advantages:
- You can DIY your own appliance.
- License is upgradable and movable.
- Free upgrade for lifetime.
- Most cost-effective.
So if you like WFilter NGF features, or prefer a more cost-effective solution, please choose “WFilter NG firewall”.
WFilter internet content filter(ICF) is a windows software internet filtering solution for business networks. As an IT administrator, you may face several choices when deploying internet filtering in your network. In this topic, I will try to provide a comparison of WFilter ICF and other solutions.
As we have highlighted in WFilter homepage, WFilter can be deployed in pass-by mode, with minimal change to network topology. It requires no client installation. Please also check:
1. WFilter ICF vs. client & browser plugin internet filtering solutions.
2. WFilter ICF vs. dns internet filtering solutions.
3. WFilter ICF vs. internet filtering appliances.
4. WFilter ICF vs. proxy-based internet filtering solutions.
5. WFilter ICF vs. WFilter NG firewall.
WFilter is also very cost-effective, please check: WFilter price list.
Facebook Wi-Fi lets customers check in to participating businesses on Facebook for free Wi-Fi access. When people check in to your Page, you can share offers and other announcements with them. Official Facebook Wi-Fi guide can be found at here.
A recent update of WFilter NG firewall added support of “Facebook Wi-Fi”. Together with “wechat WiFi”, WFilter provides a solution for social network marketing of your business.
This post demonstrates the steps to enable “Facebook Wi-Fi”.
1. Add a local user for facebook checkin.
2. Enable “Facebook Wi-Fi” in “Web Auth”->”Thirdparty Auth”.
3. Click “Register Facebook Page” to associate WFilter with your business facebook page.
4. Now client devices will be redirected to the login page.
On visits to http webpage, clients will be redirected.
5. Click “check in“ to continue web browsing.
A more detailed guide can be found at here: Webauth of WFilter NG Firewall.