As a network professional, when things go wrong in your network, the right tools are required to minimize network downtime.
In this post, I will reveal you the extension system in WFilter, a powerful tool sets for networking issues.
At a first galance
All WFilter systems have an “extension” library, which contains a powerful free tool sets for IT administrators. Most extensions are free. Even supported in WFilter free, a freeware for network internet filtering and monitoring.
Now let’s see what we can do with WFilter extensions:
1. Scan client devices in network
With “network scan” extension, you can get a complete list of network clients, including IP, MAC, manufactor and open ports…
2. Discover and scan DHCP services in network
The “Network DHCP discover plugin” of WFilter can scan DHCP services in your network by a single click. It will list all dhcp servers ip addresses, MAC addresses and MAC manufactures.
3. Detect NAT sharing services in network
Detect illegal NAT sharing in network.
4. Check network health of availability, IP conflict, ARP spoof and broadcast storm
This extension can:
- check availability and ping performance of dns servers.
- check availability and ping performance of internet sites.
- check availability and ping performance of local network hosts.
- check whether there is ip conflict in local network.
- check whether there is arp spoof running in local network.
- check whether there is broadcast storm in local network.
5. Scan proxy servers in network
6. Graph ping performance of multiple hosts
With this plugin, you can get ping performance and graph reports for multiple hosts in a period of time.
A complete extesions list can be found at here: WFilter extensions. And more will come. The most important thing is that most extension are free, supported in “WFilter internet content filter(commercial)”, “WFilter NG firewall” and “WFilter Free”.
Isn’t it exicting? Download WFilter Now!
IP and MAC address binding is usually configured in network switch or router(gateway). An effective IP-MAC binding solution needs to:
1. Be able to integrate with the DHCP server to assign static IPs to clients.
2. Have option to block or allow internet for un-bound devices.
3. Be able to do IP-MAC binding in multi-subnet networks.
In this post, I will demonstrate the “IP-MAC binding” feature in WFilter NG firewall. For IP-MAC binding in “WFilter internet content filter”, please check: “WFilter IP-MAC binding solution“.
1. IP-MAC Binding List
You can define the IP-MAC binding list in “Modules”->”Access Policy”->”IP-MAC Binding”. When listed, these devices will always be assigned with static IP addresses when using dynamic IP address.
Below options are available in the “IP-MAC binding” module:
1. For unlisted IP addresses, you can choose “Allow all”, “Block all” or “Block below IP ranges”.
2. For unlisted MAC addresses(devices), you can configure whether to assign IP address or not.
3. Multi-subnet IP-MAC binding solution
Your network is multi-subnet? No worry. With “MAC address detector”, WFilter NGF is able to retrieve MAC addresses from your core switch. So you can bind IP address with MAC address, even in a multi-subnet network.
A guide of “IP-MAC binding” in WFilter NGF can be found at: IP-MAC binding.
Proxy-based internet filtering solution requires you to setup a proxy server, either transparent or non-transparent, then you can setup policies to filter web access. There are a lot open source or free products. This solution has below advantages and disadvantages.
- Free or open source.
- Can filter websites.
- Most are linux-based. You need a linux pc to setup the proxy.
- No support.
- Less features. Only for domain filtering.
- Add network latency.
Proxy-based internet filtering solution is similar to the “website black list” in your router/firewall. If you only need to block some sites, it’s an option.
With WFilter ICF, you will get:
- Enterprise-level internet monitoring and filtering features.
- Dedicated support.
- No influence to network performance.
- Easier to be deployed.
With rich enterprise-level features, internet filtering appliances(UTM) are very popular in business networks. In this article, I would discuss the difference of WFilter ICF internet content filtering solution with internet filtering appliances solutions. Internet filtering appliances have below advantages and disadvantages.
- More features. UTM appliances integerate more features, including web filter, VPN, firewall, anti-virus…
- Easier to be deployed.
- Most appliances can only work for 2-3 years.
- Bad expansion. In case you have more network clients, you need to buy new appliances.
- Very expensive. Even upgrade is not free.
Despite of the above disadvantages, Internet filtering appliances are ideal for business network security. Though it is more difficult to be deployed with less features, WFilter ICF software also has below advantages:
- Software solution without additional device, can be deployed with minimal change to network topology.
- License is upgradable and movable.
- Free upgrade for lifetime.
- Most cost-effective.
- If you prefer UTM solutions, please also check our: WFilter NG firewall.
DNS internet filtering solution provides you a configurable dns server. Dns query to a blocked domain will be redirected to a denial page. This solution has below advantages and disadvantages.
- Easier to be deployed. You only need to change your dns server to get filtered.
- Can filter domains via a black list or url category.
- Can provide usage history and reports.
- The filtering dns server may not be as fast as public domain servers.
- Clients can break filtering by modifying dns servers.
- All clients can only share a same blocking policy.
- Can not block applications.
- Can only record dns query quest. No bandwidth reports or visited url reports.
Compared to this internet filtering solutions, WFilter ICF is more difficult to be deployed. However, WFilter is much more powerful:
- When pass-by deployed, WFilter has no influence to your network performance.
- Client can not bypass filtering because WFilter inspects all network packets.
- You can set individual blocking policy for each client.
- More filtering features, including web filtering, web downloading blacklist, url keywords filtering, application control, ip-mac binding…
- More monitoring features and reports. WFilter can record visited domains, url, bandwidth… You can get various reports and statistics.
So if you only need to filter some domains or categories for the whole network, dns filtering would be a good choice. If you need more detailed reports or more dedicated blocking policy, WFilter ICF can be more helpful.
Client or browser plugin internet filtering solutions require you to install a client agent or browser plugin in client pc to filter websites. This solution has below advantages and disadvantages.
- Easier to be deployed. You can install client agent or plugin instantly.
- Can block domains or filter websites via cloud-based url category database.
- Can not filter smart phones internet access.
- Need to be installed in every client pc.
- Clients can break filtering by changing browser, or killing the agent process.
Compared to this internet filtering solutions, WFilter ICF is more difficult to be deployed. However, WFilter is more powerful and easier for maintaince:
- WFilter can filter the whole network by one installation.
- All type of clients can be filtered, including smartphone, andriod, mac, windows, linux.
- No client installation is required.
- More features: internet usage monitoring and reporting, application control, web filter…
So, for personal/family usage, client & browser plugin web filtering solution might be a good choice. But when you need to manage a business network, WFilter ICF provides a better solution.
Online storage solutions provide client applications and webpages for uploading and downloading files to and from their service. To stop business sensitive data being uploaded, you may want to block file storage websites and certain kind of applications.
In this post, I will try to explain the detailed steps with WFilter Enterprise.
First you need to install WFilter and make a correct deployment. Then you can add blocking policies.
1. Block online storage websites.
To block websites by categories, you need to enable “Block webpages by categories” and click “New…” in the dropdown list to create a category filtering rule. Then set “online storage” to “Deny”.
This option enables you to block most online storage websites, including both http and https sites.(ie: wetransfer.com)
2. Block file transfer applications.
To block file transfer applications, please click “edit” in “Applications” of your blocking policy. Then set certain protocols in “File transfers” to “Deny”. This option blocks pc and mobile applications clients. A supported protocol list can be found at WFilter supported protocols list.
Please note that the supported protocols and websites of WFilter can not cover all file transfer types. If you want to block an application not in the supported list, please feel free to contact us. We will add it for you by free.
Also, for complete blocking of file transfers, you’re recommended to enable “website whitelist” of WFilter, so only work related websites can be accessed. And you also need to forbid usb and bluetooth devices.
Some users asked about how to prevent non-domain devices to have internet access in business network. So this is the guide, using WFilter Enterprise.
As you know, WFilter can be integrated with microsoft active directory. So you can monitor and filter internet usage by domain usernames. For details, please check: Active directory Integration of WFilter
To stop non-domain devices, please follow below steps:
1. Set a restricted policy to devices in “Default IP Policy” of “user-device list”.
So devices will only have restricted internet access.
2. Set real policy to domain users in “Users” of “user-device list”.
3. Modify the “Policy Apply” option.
In “Advanced Settings” of “Account Monitoring Settings”, you need to set “Policy Apply” to “User Policy First”. So user policy will overwrite device policy.
Following upbove steps, non-domain devices have restricted internet access only. When logged with a domain user, user policy will be applied.
Sometimes, you might want to block facebook video streaming to save your bandwidth. There is predefined protocol named “facebook videos” in WFilter, which can help you to block facebook video by a few clicks. Here is the protocol description: facebook videos protocol and ports.
In another post, I’ve demonstrated how to block facebook videos with WFilter Enterprise. In this post, I will guide you to block facebook videos with “WFilter NG firewall”, which is a linux NG firewall designed for business networks.
1. New a block facebook policy in “App Control”.
2. Set “facebook videos” to “Deny” in “streaming”.
3. That’s all. Now facebook videos will be blocked.
Please note, because short/small videos come from a same source as images, so blocking of facebook video does not short video cuts. Only medium or large size videos can be blocked.
Hotspot shield is a popular VPN service, with free version available. When launched, it will try to connect a lot TLS sites for traffic relaying. If you do packet sniffer with wireshark, you will see traffic from famous sites like “google.com, baidu.com…”. But in fact, it’s hotspot vpn traffic in the camouflage of normal TLS.
Anyway, our team has worked out a protocol pattern to block Hotspot shield traffic completely in your network. WFilter identifies Hotspot via signature matching, so no matter in which transfer type or client version, all Hotspot traffic can be blocked. Here is a protocol description of hotspot shield VPN: protocol and port range of Hotspot shield.
Below are the steps with WFilter NG firewall:
1. New a “block hotspot” app control policy.
2. Set “Hotspot shield” to “Deny”.
3. That’s all. Now hotspot shield will never be able to connect.
4. The blocking event in WFilter NG firewall.
Please note: all WFilter products can support blocking of hotspot shield, including WFilter NG firewall and WFilter Enterprise.