Category Archives: News

News of WFilter NG Firewall

API overview of WFilter NGF.

WFilter NGF has a built-in API library for developers to manipulate the entire system or integrate WFilter features. With APIs, you’re able to:

  • 1. Get bandwidth history.
  • 2. Get online users, including ip, mac, account, live connections.
  • 3. Terminate user connections, kick off user…
  • 4. Add/remove user from virtual group to apply policies.
  • 5. Extend user expire date.

In this post, I will use an API example to demonstate the API library usage of WFilter NGF. The requirement is simple: “a API call to set access policy and bandwidth rate limit for an ip address”.

1. First, we need to setup WFilter NGF.

Because “access policy” and “bandwidth shaper” are separate modules in WFilter NGF,  we need to setup a virtual group with policies applied. In the API call, we only need to add IP addresses into the virtual group to apply the rules.

1.1) New a “limited access” virtual group.

api01 api02

1.2) Setup policies to this group.

api03

2. Use php to call WFilter API.

Now, we’ve setup policies for the virtual group. To implement policies to an IP address, we only need to add this IP into this group.  We have a php SDK, you need to include the WFilterNGF.php to call the API functions.

api04

Isn’t it simple? You may check more details in WFilter API. If you have any suggestions or requirement, please feel free to contact us.

 

 

 

Turn your old PC into a firewall appliance.

You may have an old desktop PC sitting in a closet or somewhere. Did you know that you still can make it useful? In this guide, I will demonstrate the steps to turn your old pc into a network firewall appliance.

diy_wfilter_cover

1. First, please check what you need to prepare.

diy_wfilter01

1.1) an old desktop pc.
1.2) a gigabit ethernet adapter.
1.3) a usb stick.

2. Mount the ethernet adapter and connect the cables.

There is only one onboard ethernet adapter, so I need to add another PCI adapter.

diy_wfilter02

The green chip on left is the new added ethernet adapter.

diy_wfilter03

Now let’s connect the cables.

diy_wfilter04

3. Install WFilter NGF system.

Now you can install WFilter NGF with your usb stick. Please check a more detailed guide at here: WFilter NG Firewall Installation Guide

You shall be able to the console upon successful installation.
diy_wfilter05

Set your laptop to “dynamic ip address” and open http://192.168.10.1 in browser, you can access webUI to set the system up.

4. See what I get.

The CPU is “Intel Pentium Dual CPU E2160 1.8G”, 2GB DDR2 RAM, 160G harddisk.

diy_wfilter06

Let’s check the performance. Wow, it can handle 200+ clients with 20K concurrent connections. Isn’t it amazing?

diy_wfilter07

 

For more features of WFilter NGF, please check: WFilter NG firewall

Free license of WFilter NG firewall is now available.

Free license of WFilter NG firewall is now available in the last build of WFilter NGF(1.1.2017.06.05). Except remote support, free license has all features of WFilter for 50 users. You can use this license in any networks, including business.

freelicense01

Now let’s see what we can do with this free license.

1. Choose “free license” on first time login.

freelicense02

2. Powerful reports and statistics.

freelicense03

3. Archive web browsing and email history.

Web activity recording

freelicense04

Email activity recording

freelicense05

SSL inspector

freelicense06

4. Deploy internet content filtering policies

With the free license, you also can get “website black&white list”, “website category filtering”, “application control”, “IP-mac binding”, “Web content pushing”…

freelicense07

5. Bandwidth optimization and rate limit

Free solutions for bandwidth priority optimization, bandwidth rate limiter and multiple WAN load-balancing and WAN fail-over.

freelicense08

6. Various user authentication.

Local accounts, active directory integration, PPPoE, web authentication(facebook WiFi).

freelicense09

And the “ISP management” module, a total solution for users/bandwidth management.

freelicense10

7. VPN tunnels

freelicense11

8. Extensions

freelicense12

9. License

Now let’s check the license: life-time free for 50 users.

freelicense13

Isn’t it exciting? You won’t be able to find any better solution for small networks.

Download WFilter NG firewall now!

Tips to stop WannaCry ransomware in your network.

In this weekend, WannaCry swept Europe and Asia quickly, locking up critical systems like the UK’s National Health Service, a large telecom in Spain, several universities in China and other businesses and institutions around the world. Once infected, the infected computer denies access, and demands the equivalent of around $300 in bitcoin for decryption.

StQ0-fyfeutp8502656

In this post, I would introduce the important tips to block WannaCry attack.

1. Install Security Patches. Microsoft has released security patches that fix SMB flaw currently being exploited by the WannaCry ransomware, with most version of Windows supported — including Windows XP, Vista, Windows 8, Server 2003 and 2008.
2. Block incoming connections on TCP port 445 in your router/firewall. This rule blocks attacks from internet.
3. For windows DMZ hosts, you also need to block TCP port 445 in firewall settings.
4. To protect VLANs being attacked by an infected VLAN, you can block TCP port 445 in VLAN ACL rules of your core switch.

virus_en01

Using the “network health checker” extension of WFilter, you also can check whether there are “Suspicious Hosts ” in your LAN network. Hosts with massive connections will be identified as “Suspicious”.

virus_en02

WFilter NGF vs. open source firewall systems.

There are dozens of open source firewall systems to download. Some are complete free, some provides limited free features. Does “free” sound attractive? but they have dis-advantages. In this post, I would like to discuss the comparsion of WFilter NGF with open source firewall systems.

Disadvantages of open source firewalls

  1. Limited features. Most open source firewalls does not have other enterprise-level features, such as “ usage recording/reports” , “domain integration”…
  2. Lack of support. Most systems only have forum support, unless paid.
  3. Slow response. Bugs may need months to be fixed.

Comparison

WFilter NGF is designed for business networks, with a lot enterprise-level features. In case you want a free solution, open source firewalls can help. However, if you need more features and better support, you’d better choose some commerical products. Below is a list of WFilter NGF advantages comparing to open source firewalls:

  1. Designed for business networks.
  2. Enterprise-level features: usage recording, powerful report system, AD integration…
  3. 7 * 24 dedicated support via email/phone/skype/teamviewer.
  4. Faster response. Improvements and bugs will be fixed ASAP.

WFilter NGF vs. internet filtering appliances.

Internet filtering appliances(UTM) are very popular in business networks. In this article, I would discuss the difference of WFilter NGF with internet filtering appliances.

Comparing to WFilter NGF, appliances are easier to be deployed. You don’t need to install the system by yourself.

Advantages of appliances

  1. Easier to be deployed.
  2. No hardware compatiablity issue.

Disadvantages of appliances

  1. Most appliances can only work for 2-3 years.
  2. Bad expansion. In case you have more network clients, you need to buy new appliances.
  3. Very expensive. Even upgrade is not free.

Comparison

Despite of the above disadvantages, Internet filtering appliances are ideal for business network security.  With WFilter NGF,  you need to test hardware and install the system by yourself. However, it also has below advantages:

  1. You can DIY your own appliance.
  2. License is upgradable and movable.
  3. Free upgrade for lifetime.
  4. Most cost-effective.

So if you like WFilter NGF features, or prefer a more cost-effective solution, please choose “WFilter NG firewall”.

Comparison of WFilter ICF and other internet filtering solutions

WFilter internet content filter(ICF) is a windows software internet filtering solution for business networks. As an IT administrator, you may face several choices when deploying internet filtering in your network. In this topic, I will try to provide a comparison of WFilter ICF and other solutions.

As we have highlighted in WFilter homepage, WFilter can be deployed in pass-by mode, with minimal change to network topology. It requires no client installation. Please also check:

1. WFilter ICF vs. client & browser plugin internet filtering solutions.

2. WFilter ICF vs. dns internet filtering solutions.

3. WFilter ICF vs. internet filtering appliances.

4. WFilter ICF vs. proxy-based internet filtering solutions.

5. WFilter ICF vs. WFilter NG firewall.

WFilter is also very cost-effective, please check: WFilter price list.

Youtube videos about WFilter

Below is a list of videos about WFilter in youtube.

How to monitor network traffic and bandwidth usage?

How to monitor internet activities in lan network?

How to monitor internet bandwidth usage on network?

How to block and filter websites in network using software?

How to track internet usage of network clients?

How to block porn websites in network?

How to block youtube videos in network?

How to scan DHCP Server with WFilter?

How to scan network devices with WFilter free?

How to block torrent downloading with WFilter Free?

How to block facebook on network with WFilter free?

WFilter NG firewall added support of Facebook Wi-Fi.

Facebook Wi-Fi lets customers check in to participating businesses on Facebook for free Wi-Fi access. When people check in to your Page, you can share offers and other announcements with them. Official Facebook Wi-Fi guide can be found at here.

A recent update of WFilter NG firewall added support of “Facebook Wi-Fi”. Together with “wechat WiFi”, WFilter provides a solution for social network marketing of your business.

This post demonstrates the steps to enable “Facebook Wi-Fi”.

1. Add a local user for facebook checkin.

fb_user

2. Enable “Facebook Wi-Fi” in “Web Auth”->”Thirdparty Auth”.

fb_wifi1

3. Click “Register Facebook Page” to associate WFilter with your business facebook page.

fbsetup

4. Now client devices will be redirected to the login page.

On visits to http webpage, clients will be redirected.

fb_wifi2

5. Click “check in“  to continue web browsing.

fb_checkin

 

A more detailed guide can be found at here: Webauth of WFilter NG Firewall.

 

Optimize bandwidth of your network with WFilter NG Firewall.

Sometimes you will come to the following solutions when your internet bandwidth is insufficient:

  1. Use more than one broadband connection.
  2. Block applications which consume much bandwidth. For example, you might use “WFilter Enterprise passby internet content filter windows software” to block downloading and online streaming.
  3. Limit the real-time bandwidth rate for clients. This can be done in your router of firewall.

However, these solutions have disadvantages:

  1. Without access control, using multiple broadband connections can not bring better experience. It because downloading and streaming can easily consume most of your bandwidth.
  2. “Application blocking” can save your bandwidth. However, users experience are impacted. Users will complain about no streaming or downloading.
  3. Rate limiting does not optimize your bandwidth. Users will still complain about slow internet speed.

WFilter NG Firewall brings total solutions for bandwidth optimization.

1. Powerful access control policy

With “Access Policy” modules, you can block p2p downloading, online streaming, streaming websites. Please check: Access Policy

2. Multi-WAN load balancing and routing

In case you have multiple broadband connections, WFilter NG Firewall’s “Multi-WAN” module can help you to:

  • Load balancing on multiple broadband connections.
  • Setup routing policies. For example, a). business servers are routed to a dedicated connection, b). video sites are routed to another connection.

For more details, please check: Muti-WAN

3. Bandwidth priority

With the “Priority” module, traffic with higher priority goes first. For example, you can set business servers traffic to the highest priority. So even the network is extremly busy, servers bandwidth won’t be influenced.

When installed, there are default rules: email > web > p2p and streaming. You also can customize your own rules.

For more details, please check: bandwidth priority

4. Bandwidth shaper

This module is for you to set bandwidth rate for clients. You can set the rate to ip ranges, user group or department.

Each group have a “maximum bandwidth rate” and “minimum bandwidth rate”. The minimum rate ensures the clients to have this bandwidth rate even the line is busy.

For more details, please check: bandwidth shaper
Try WFilter NG Firewall now: WFilter NG Firewall