Category Archives: Settings

Settings of WFilter NG Firewall

How to block online file storage websites and file transfer applications?

Online storage solutions provide client applications and webpages for uploading and downloading files to and from their service. To stop business sensitive data being uploaded, you may want to block file storage websites and certain kind of applications.

In this post, I will try to explain the detailed steps with WFilter Enterprise.

First you need to install WFilter and make a correct deployment. Then you can add blocking policies.

1. Block online storage websites.

To block websites by categories, you need to enable “Block webpages by categories” and click “New…” in the dropdown list to create a category filtering rule. Then set “online storage” to “Deny”.

This option enables you to block most online storage websites, including both http and https sites.(ie: wetransfer.com)

block_filestorage01 block_filestorage02

2. Block file transfer applications.

To block file transfer applications, please click “edit” in “Applications” of your blocking policy. Then set certain protocols in “File transfers” to “Deny”. This option blocks pc and mobile applications clients. A supported protocol list can be found at WFilter supported protocols list.

block_filestorage03

Please note that the supported protocols and websites of WFilter can not cover all file transfer types.  If you want to block an application not in the supported list, please feel free to contact us. We will add it for you by free.

Also, for complete blocking of file transfers, you’re recommended to enable “website whitelist” of WFilter, so only work related websites can be accessed. And you also need to forbid usb and bluetooth devices.

 

 

 

How to block non-domain devices to access internet in network?

Some users asked about how to prevent non-domain devices to have internet access in business network. So this is the guide, using WFilter Enterprise.

As you know,  WFilter can be integrated with microsoft active directory. So you can monitor and filter internet usage by domain usernames. For details, please check: Active directory Integration of WFilter

To stop non-domain devices, please follow below steps:

1. Set a restricted policy to devices in “Default IP Policy” of “user-device list”.

So devices will only have restricted internet access.

block_non_domain01_en

2. Set real policy to domain users in “Users” of “user-device list”.block_non_domain02_en

3. Modify the “Policy Apply” option.

In “Advanced Settings” of “Account Monitoring Settings”, you need to set “Policy Apply” to “User Policy First”. So user policy will overwrite device policy.

block_non_domain03_en

 

Following upbove steps,  non-domain devices have restricted internet access only. When logged with a domain user, user policy will be applied.

 

How to block facebook videos streaming with WFilter NG firewall?

Sometimes, you might want to block facebook video streaming to save your bandwidth. There is predefined protocol named “facebook videos” in WFilter, which can help you to block facebook video by a few clicks. Here is the protocol description: facebook videos protocol and ports.

In another post, I’ve demonstrated how to block facebook videos with WFilter Enterprise. In this post, I will guide you to block facebook videos with “WFilter NG firewall”, which is a linux NG firewall designed for business networks.

1. New a block facebook policy in “App Control”.blockfb_video01

2. Set “facebook videos” to “Deny” in “streaming”.
blockfb_video02

3. That’s all. Now facebook videos will be blocked.
blockfb_video1 blockfb_video2

Please note, because short/small videos come from a same source as images, so blocking of facebook video does not short video cuts. Only medium or large size videos can be blocked.

How to block hotspot shield VPN in network with WFilter NG firewall?

Hotspot shield is a popular VPN service, with free version available.  When launched, it will try to connect a lot TLS sites for traffic relaying. If you do packet sniffer with wireshark, you will see  traffic  from famous sites like “google.com, baidu.com…”. But in fact, it’s hotspot vpn traffic in the camouflage of normal TLS.

Anyway, our team has worked out a protocol pattern to block Hotspot shield traffic completely in your network. WFilter identifies Hotspot via signature matching, so no matter in which transfer type or client version, all Hotspot traffic can be blocked. Here is a protocol description of hotspot shield VPN: protocol and port range of Hotspot shield.

Below are the steps with WFilter NG firewall:

1. New a “block hotspot” app control policy.

block_hotspot_01

2. Set “Hotspot shield” to “Deny”.block_hotspot_02

3. That’s all. Now hotspot shield will never be able to connect.

hotspot_blocked

4. The blocking event in WFilter NG firewall.

block_hotspot_03

Please note: all WFilter products can support blocking of hotspot shield, including WFilter NG firewall and WFilter Enterprise.

Integrate paypal payment with your ISP service.

The ISP module of WFilter NG firewall provides a total solution of bandwidth rate limiting, cap limiting and reporting of ISP users.  In this topic, I would like to introduce a paypal integration solution for your ISP service to run automatically. It works like this:

  1. Users get email/web portal notification of ISP account expire date.
  2. Users can click “renew” to make payment online via paypal.
  3. Upon receiving of a payment, payal will call a callback script to extend users’ expire date.

The whole process can all be done automatically. Below is a demonstration of certain steps:

The first, you need create payment buttons in your paypal business account.

paypal1 paypal2 paypal3

The second, you need to have an order landing page in your website.

When users click “renew” in their userportal or email notification, they will be redirected to the landing page. The landing page shall parse the “token” field to get username, expire date and current bandwidth policy. So you can calculate the costs for renewing. You can find an example of the landing page in WFilter_paypal_sdk.

paypal6.1 paypal6

The third, you need to enable “Instand payment notifications” in your paypal profile for callback.

When enabled, paypal will call the callback url for WFilter NG firewall to extend user date. paypal4 paypal5

 

The full php SDK soure code can be downloaded at here: WFilterNGF_Paypal_SDK_1_0.zip

Please note, we only provide a simple callback example. To make it work, you need to do below modifications at least:

  • Customize the landing page. For example, provide “1 month” and “2 months” choices.
  • Customize the callback php script. The default script extend this user for one month only.

For any question, please feel free to contact IMFirewall Support. We’re always will to help.

Understanding the bandwidth shaper feature of WFilter NG Firewall

In a recent update of WFilter NG firewall, we have re-designed the “bandwidth shaper” feature. Now “bandwidth shaper” becomes easier to be understood and configured.

Let’s take a look.

The shaper rules list:

Ros ipcontrol 001.png

Bandwidth shaper policy:

Ipcontrol set en.png

In each policy, you need to define total UP and DOWNLOAD bandwidth for this rule. If this rule is applied to multiple clients, all the clients share the defined TOTAL bandwidth. Please note: “ the minimum bandwidth defines the static allocated bandwidth, while the maximum bandwidth is dynamic allocated.”

All clients applied by this rule have fair bandwidth sharing. You may also enable “client maximum rate” if you want to limit bandwidth rate for each IP.

In “ISP” module, the “Rate Limit” policy has the same settings as “bandwidth shaper”, as described in above.

isp_ratelimit01

Youtube videos about WFilter

Below is a list of videos about WFilter in youtube.

How to monitor network traffic and bandwidth usage?

How to monitor internet activities in lan network?

How to monitor internet bandwidth usage on network?

How to block and filter websites in network using software?

How to track internet usage of network clients?

How to block porn websites in network?

How to block youtube videos in network?

How to scan DHCP Server with WFilter?

How to scan network devices with WFilter free?

How to block torrent downloading with WFilter Free?

How to block facebook on network with WFilter free?

WFilter integrates with active directory — solution of content filtering with domain users.

Filtering by IP address and MAC address is enough for most networks. However, in networks with dynamic IP addresses or BYOD networks, you may not identify clients by IP or MAC. In this case, AD integration is a widely adopted solution for internet content filtering.

Both “WFilter Enterprise” and “WFilter NG Firewall” provides “AD integration” solution, which enables you to do reporting, monitoring and filtering with domain users.

1. AD Integration in “WFilter Enterprise”.

More details can be found at: Active directory Integration of WFilter Enterprise

2. WFilter NG Firewall

With WFilter NG Firewall, not only you can do “AD integration”,  you also can add “Local accounts” for monitoring, filtering and VPN access.

Faq en adconf001.png

Faq en adconf003.png

Please check: WFilter NG Firewall Active directory Integration Solutions

How to monitor internet bandwidth usage in lan network?

Internet bandwidth is always not enough if clients in your network have unrestricted internet access. Torrent, downloading, online videos can eaisly consume most of your bandwidth.

As an IT administrator, to protect your internet bandwidth from being abused, you need to have full control of your network.

WFilter provides a total solution to monitor and manage internet bandwidth usage in lan network, with below features:

1. Monitoring live connections bandwidth

In “real-time bandwidth”, you can get a list of client devices, including IPs, MAC addresses, operator system and bandwidth rate. You also can get live connections of client devices.

monitorbandwidth01
monitorbandwidth02

2.  Bandwidth shaper and priority optimize

monitorbandwidth03

 

A complete guide of bandwidth optimization can be found at here: WFilter NG Firewall bandwidth optimization solutions

3. Bandwidth usage reports

monitorbandwidth04

monitorbandwidth05

WFilter NG firewall needs to be deployed as  gateway or network bridge of your network. If you prefer pass-by bandwidth monitoring solutions, please check: WFilter Enterprise.

A youtube video of internet bandwidth monitoring of WFilter Enterprise can be found at: How to monitor internet bandwidth usage on network?

 

How to add clients to penalty box in WFilter NG firewall?

WFilter NG firewall has a built-in group “punish group”. With this punish group, you can add clients to the penalty box for a period of time.

Please note, “punish group” is a virutal group, you also can add your own virtual group, eg: “expired users” or “trial users”…

1. Add a client into the punish group.

In realtime bandwidth, by click “kill” icon in “connections”, you can add a client into the punish group for a period of time. Your own virtual group will also appears here.

2. Clients in the punish group.

punishgroup01

3. Remove a client from the penalty box

To remove a client from the penalty box, you can wait for punish timeout, or click “reset default” in “unblock and reset”.

punishgroup02

4. Set “access policy” and “bandwidth” policy for the punish group.

In “Access Policy” and “Bandwidth”, you can set policy for the punish group. For example, set “bandwidth shaper” for “punish group” to have only 20kb download rate limit.