WFilter 4.0 version will be released soon after nearly two years development.
The new version made a lot improvement and optimization of current features. Also a series of new features are added, such as "WFilter Dashboard", "Central Management of WFilter servers", "WFilter Local Account", "Multi-adapter Monitoring", and several new alert types. Below is a brief introduction to these new features:
1. WFilter Dashboard
WFilter Dashboard allow you to check the monitoring status, log storage status, system warnings from a central dashboard.
2. WFilter Servers Management
This feature enables you to manage several WFilter servers from a central localtion.
3. Default IP Policy
The "Default IP Policy" feature enables you to set different policies to different ip ranges, when a new computer found it's default ip policy will be applied.
4. Search of Network Computers
You can use the "Search Computers" feature to search computers in your network. It's more convenient than the passive computer finding in the old version.
5. More Alert Types
More alert types are added: disk space alert, new computer alert, ip address changing alert...
6. More Powerful Account Monitoring
WFilter's "account monitoring" feature can integrate WFilter with your active directory. So you can deploy monitoring based on user accounts. The new version added "WFilter local accounts" feature. When you don't have an available active directory, you also can use "WFilter local account" feature to monitor/filter by user accounts.
6.1 Integrate Active Directory
6.2 WFilter local account
7. Multi-adapters Monitoring
WFilter 4.0 can support monitoring on multiple adapters to support complicated networkings.
Routing and Remote Access is a network service in Microsoft Windows Server 2008, Windows Server 2003, and Windows 2000 Server that can provides Network address translator (NAT) for connecting a private network to the Internet. An example network topology is as below: 
Since all internet traffic goes through the RRAS server, it's very simple for you to monitor and filter internet activities: "just install WFilter in this server."
The RRAS server has two adapters: the internal NIC and external NIC, you shall be able to see two adapters in the "monitoring adapter settings" of "System Settings"->"Monitoring Settings". 
We recommend you to choose the internal NIC as the monitoring and blocking adapter, because you will be able to monitor, block and report on individual network computers.
However, if you choose the external NIC as the monitoring and blocking adapter, WFilter will treat the whole network as one computer, because the RRAS server will translate all subnet ip addresses to its public ip address.
We have noticed that some users prefer to monitor on the internal NIC to save license number, because you only need ONE 1-user license to monitor the public ip address. However, we recommend you not to do it, because this is not WFilter designed to work, and there might have an over-blocking issue for some p2p protocols.
More information, please check "WFilter Enterprise".
Other related links:
How to block UDP ports in RRAS windows server 2003?
How to block internet downloading?
How to monitor internet usage on company network?
Internet monitoring software for business
How to filter web surfing?
How to block websites and restrict internet access?
How to block HTTPS websites on my network?
WFilter can monitor and filter computers internet activities in your network. In WFilter, two monitoring modes are available: "by ip address" and "by MAC address". In "by ip address" monitoring mode, WFilter identifies a computer based on its ip address, while it identifies a computer based on its MAC address in "by mac address" monitoring mode.
However, if computers ip addresses are not fixed in your network. You might have trouble to identify a computer to set its monitoring/blocking policy.
This tutorial will introduce you several solutions to identify computers in your network in WFilter.
1. Monitor and block by AD users
Since WFilter can be integrated with Microsoft active directory, you don't need to face the trouble of identifying computers if you have an available AD.
With "account monitoring" enabled, you can set blocking policy based on AD users, despite which computers they are using.
Please check this document for more details about "account monitoring": How to do monitoring based on user accounts?
2. Identify computers by MAC addresses
With "by mac address" monitoring mode, WFilter identifies a computer by its MAC address. MAC address is assigned by the manufacturer of a network interface card (NIC) and are stored in its hardware. It won't change unless the NIC hardware is replaced.
When you set a recording policy or blocking policy to one computer in "user-computer table", certain settings will be bound to its mac address. Even its ip address is changed, certain settings will not be lost.
However, "By MAC address" monitoring mode is only available for single-segment networks, because a computer's mac address can not be retrieved when it's located behind a router.
Therefore, in a single-segment network, "by mac addresses" will be a good choice if your ip addresses are dynamic.
3. Identify computers by IP addresses
If your network is multi-segments, you only can use "by ip address" monitoring mode. Therefore, we recommend you to make ip addresses static in a multi-segments network. If you want to leave the ip addresses as dynamic, the only solution left is "Monitor and block by AD users" as discussed above.
More information, please check "WFilter Enterprise".
Other related links:
How to block internet
downloading?
How to monitor
internet usage on company networks?
Internet monitoring
software for business
How to
filter web surfing?
How to block
websites and restrict internet access?
How to block HTTPS
websites on my network?
How to setup ip-mac binding in WFilter?
How to block facebook at work of network computers?
Facebook is a social utility that connects people with friends and others who work, study and live around them. However, employees might spend too much time on this website during working hours.
This tutorial will guide you to setup an internet policy to block facebook access at work with WFilter 3.3 version.
You can block facebook access at different levels:
- Block facebook website completely.
- Allow facebook website, but block facebook chatting.
- Allow facebook website, but block facebook applications and games.
1. Block facebook website completely
1). Block facebook website by "Website Black/White List".
Add "*.facebook.com" into a website black list. 
Now HTTP access of facebook will be blocked. 
2). Block https facebook by "HTTPS Black/White List"
Since facebook also provide https access, for complete blocking, you also need to block https facebook by "HTTPS Black/White List". 
Add "*.facebook.com" into a HTTPS black list.  
Please notice, reopening of your browser is required for the HTTPS black list to work.
2. Block facebook IM chatting
You may use WFilter to block "facebook IM" directly in "Blocking Level Settings"->"Messengers". 
You will not be able to send a message when facebook IM is blocked.  
3. Block facebook applications and games
Facebook applications and games will be blocked simply by adding "apps.facebook.com" into a website black list.  
More information, please check "WFilter Enterprise".
Other related links:
How to block internet downloading?
How to monitor internet usage on company networks?
Internet monitoring software for business
How to filter web surfing?
How to block websites and restrict internet access?
How to block HTTPS websites on my network?
To monitor internet activities of all computers in your network, the WFilter computer shall be connected to a mirroring port of your switch, or install WFilter into a gateway computer. Some inexperienced users might don't know whether a switch can support port mirroring. Hence we list how to check whether port mirroring is supported by your switch. First, check the features list of your switch."Port mirroring" is also called as "port SPAN", "port monitoring". A port mirroring switch is usually called "a manageable switch" or "managed switch". If you can find certain keywords in your switch features list or manual, "port mirroring" is supported. Example 1: description of cisco 2950. Example 2: feature list of NETGEAR GS108T. Second, check switch Web UI to find mirroring options.Most manageable switches provide you a web UI or console interface for you to change it settings. If you can find "port mirroring" or "port monitoring" options in its Web UI, certainly port mirroring is supported.
Example 1: Web UI of dlink 3226. Example 2: Web UI of netgear GS748AT. For more information, please check: Why WFilter can only monitor itself? How to monitor other computers in network?
1. What is the Mail.Ru Agent?
Mail.Ru is the leading Internet portal in Russia in communication and entertainment. Its key product is the biggest communication portal for Russian speaking audience that includes the largest free webmail service, instant messenger Mail.Ru Agent, national social network Moi Mir@Mail.Ru and search engine Poisk@Mail.Ru, Mail.Ru headquarters is in Moscow.
Also Mail.Ru is the leader in online game publishing with over 50 percent market share in Russia. The company is a publisher of more than 100 game titles in Russia, Europe, Asia, including such popular original titles as Troetsarstvie, Legend: Legacy of the Dragons, Allods Online as well as successful international licenses such as Perfect World II, Lord of the Rings Online. Also Mail.Ru owns 50 percent in NIKITA.ONLINE.
This turtorial will guide you to block Mail.Ru Agent in your network.
2. How to block Mail.Ru Agent and Web-Mail.Ru?
2.1. First, add a new Custom Protocol
Because "Mail.Ru Agent" is not in Wfilter default pattern database, you need to add a custom protocol.
The first pattern:
Name: Mail.Ru_TCP
Desc: Mail.Ru_TCP
Type: TCP SEND
Offset: 0
Format: 0
Content: ^\xef\xbe\xad\xde
The second pattern:
Name: Mail.Ru_HTTP
Desc: Mail.Ru_HTTP
Type: HTTP SEND
Offset: 0
Format: Host
Content: ^(mra|webagent)\.mail\.ru
The third pattern:
Name: Mail.Ru_TCP_2
Desc: Mail.Ru_TCP_2
Type: TCP RECV
Offset: 0
Format: 0
Content: ^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:2041\x0a$
2.2. Enable blocking of "Mail.ru Agent" in certain blocking policy.
Apply this blocking policy to certain computers.
3. Now Mail.Ru Agent will be completely blocked.
4. Web-Mail.Ru is also blocked.
More information, please check "WFilter Enterprise".
Other related links:
How to block internet downloading?
How to monitor internet usage on company network?
Internet monitoring software for business
How to filter web surfing?
How to block websites and restrict internet access?
How to block HTTPS websites on my network?
WFilter blocking denial page presents a blocking message to blocked users when a web page is blocked. Sometimes, you may want to add your logo image into WFilter blocking denial page. This tutorial will guide you to add a logo image with "WFilter Enterprise 3.3". 1. It is simple to add your logo when you have a website with this image. As you can see in below figures, just click "Add image" and input your logo url when editing a denial page.   2. However, if you don't have an available website, you need to upload your image file to WFilter "image" directory for WFilter to find it. Please follow below steps: 1). Copy your image file to "www/image" directory of WFilter. 2). Click "Add image" in certain denial page, please notice you need to input full url address of your logo here. For example, if the IP address of WFilter computer is "192.168.1.20", you need to input "http://192.168.1.20:9090/image/yourlogo" here. Do not use "http://localhost:9090/image/yourlogo".  Webpage being blocked:  3. If you're familiar with HTML code, you also can edit the
denial page source manually in "config/Denypage" directory of WFilter. More information, please check "WFilter Enterprise".
Other related links: How to block internet downloading?How to monitor internet usage on company network?Internet monitoring software for businessHow to filter web surfing?How to block websites and restrict internet access?
There are a lot of products for you to manage your network: firewall, content filtering, web filtering proxy... Some users might get confused to choose them. Since more and more customers had requested a comparison of WFilter to other similar products, I wrote this guide to list some important differences. WFilter is a passby internet monitoring and filtering software program. It monitors network traffic from a mirroring port in your switch. When a TCP connection needs to be blocked, WFilter will send 1-2 RST packets to reset this connection. This is called "Passby Filtering". More technical details of WFilter can be found at: WFilter TechnologiesWFilter VS firewall program/applianceAdvantages:1. WFilter monitor and archive most internet activities, while firewalls don't keep internet usage details. 2. WFilter parses protocols at the application layer, it can recognize 100+ common protocols according to their signatures and behaviors. Most firewall program/application filters packets based on ports or ip addresses. 3. WFilter analyse copies of internet packets from a mirroring port of your switch. It is easy to be deployed, without any delay of your network. However, a firewall program/appliance needs to be deployed at the edge of your network. And since each packet goes through the firewall program/appliance, there will be a slight delay. 4. If the WFilter server goes down, the Internet connection stays alive. If the firewall program/appliance hangs, you will not be able to access internet. 5. WFilter is a content filtering product. It is designed to monitor and filter internet usage of employees to raise your productivity. However, a firewall program/appliance is designed to filter network packets and protect your network. Disadvantages:1. WFilter can not block UDP packets. So you also need to block UDP ports in your router/firewall. 2. WFilter consumes more memory and disk space of your computer. If you archive all internet activity, it might consume 2-3M disk space for each monitored computer every day. WFilter VS open source web filtering projectsSome open source projects, like "SQUID" and "dansguardian", also provide web filtering solutions. Below I list some major differences: 1. Most open source projects work as a proxy server. It requires you to change your internet access to proxy mode. 2. Most open source projects are web filtering only. Blocking of p2p traffic, internet monitoring/archieving are not supported. 3. Lack of statistics and reports for open source projects. 4. Lack of support for open source projects. Since protocols are changing, live update/support is required to keep your pattern database up to date, while most open source projects don't have such support. In IMFirewall protocol lab, to keep our pattern database up to date, we have a system to monitor most common internet products/protocols, so when a new version of certain product is released, our team will work on it immediately. Try "WFilter Enterprise" by yourself: http://www.imfirewall.us/WFilter.htm
TeamViewer is a computer software package for remote control, desktop sharing, and file transfer between computers. The software operates with Microsoft Windows, Mac OS X, iOS, and Linux. It is possible to access a machine running TeamViewer with a web browser.
With TeamViewer, it will be very convenient for employees to access computers in their homes, transfer files to remote computers. So for security purpose, sometimes you may want to block TeamViewer on your network. This tutorial will guide you to block TeamViewer with "WFilter Enterprise 3.3". Because blocking of Teamviewer is not supported by default in WFilter, in this example, we uses "Customize Protocols " feature of WFilter to define TeamViewer protocol.
First, Add "TeamViewer" Protocol.
. TeamViewer has two patterns: 1. "teamviewer01": Type -- "HTTP SEND" Format -- "X-IM-URL" Content --- "s=.*\&(p|id)=.*\&client=.*" 2. "teamviewer02": Type -- "TCP ALL" Format -- "0" Content -- "^\x17\x24[\x00-\xff]{2}\x00" Second, Enable blocking of teamViewer in certain blocking levels. And apply this blocking policy to certain computers.  Now, TeamViewer will be blocked.WFilter blocking events:  Failure connection of teamViewer.  More information, please check "WFilter Enterprise".
Other related links: How to block internet downloading?How to monitor internet usage on company network?Internet monitoring software for businessHow to filter web surfing?How to block websites and restrict internet access?
WFilter can be used to block sending/receiving emails, block sending attachments and filter email accounts. And you only need to install WFilter in one computer to monitor all computers in your network. This tutorial will guide you to block outgoing emails with attachments.
This feature can block sending of emails with attachments via SMTP protocol.
1.1 Add a new blocking level, as in the below figure:
 1.2 Set a proper "Level Name" and "Level Desc", check "Block sending emails with attachment(s)", as in Figure 2:  1.3 Apply this new blocking level to certain users in "User-computer Table", as in the below figure:  1.4 Emails with attachment(s) will be blocked, as in Figure 4:  
Some switches does not allow outgoing traffic on a mirroring port. In this case, WFilter needs a separate blocking adapter to send blocking packets. And if you're monitoring and filtering more than 100 computers, we recommend you to use a different blocking adapter as the monitoring adapter. When the two network cards are installed, we will want the Windows system to use the blocking adapter to access your network. However, sometime the Windows system might pick up the monitoring adapter and fails to connect to your network. This problem can be resolved by the "Automatic Metric" setting in Windows. A metric is a value that is assigned to an IP route for a particular
network interface that identifies the cost that is associated with
using that route. The Automatic Metric feature is configured independently for each network interface in the network. This feature is useful in situations where you have more than one
network interface of the same speed, for example, when each network
interface has been assigned a default gateway. In this situation, you
may want to manually configure the metric on one network interface, and
enable the Automatic Metric feature to configure the metric of the
other network interface. This setup can enable you to control the
network interface that is used first in the routing of IP traffic. In our case, the "Automatic Metric" of the blocking adapter shall be smaller than the monitoring adapter. So by setting "Automatic Metric" of the blocking adapter to "1", and the monitoring adapter to "2", Windows system will use the blocking adapter to access your network.   
You may assign static ip addresses to computers manually or in your DHCP server. However, it is difficult to prevent users from changing their ip addresses or mac addresses. Though it is more reasonable to setup ip-mac binding in routers or switches, software solution is also a good option, as it is easier to setup and manage.
This tutorial will guide you to bind ip addresses to mac addresses in WFilter, an internet filtering and monitoring software product.
First, you need to setup a mirror port in your switch to do monitoring.
For how to deploy internet monitoring and filtering, check this guide: How to monitor internet usage?
Second, in "Control Settings"->"IP Management" of WFilter, you can setup ip-mac binding just by a few clicks.
 i
When ip-mac binding is setup, internet access will be blocked when the user tries to change ip address or mac address.
Please notice: "ip-mac binding" feature of WFilter only works for single segment networks. It is because the real MAC addresses of computers can not be retrieved in a multiple-segments network.
WFilter supports online activation and Email activation.
If
you choose to activate your product over the Internet, upon your
submisson the activation wizard will detect your Internet connection
and connect to a secure server to transfer your register key to us. The
registration is passed back to you, automatically activating WFilter,
if the register key is valid.
If you choose to activate your
product by email activation, you should input the register key in text
box and click the "confirm". You will get an activation code. Please
send them to the support email box. The validation code will be sent
back to you within 24 hours. Please copy them in the valiation code
textbox to activate your product. 1. Steps of Online ActivationOnline activation requires an available internet connection to connect to WFilter activation server. 1). In "Help"->"About" of WFilter, click "Product Activation".  2). Input your key number and use "online activation" to do online activation.  3). Successful activation.   2. Steps of Email ActivationOnline activation requires an available internet connection. If you can not connect to WFilter activation server, you also can use "Email Activation". 1). Input your key number and use "email activation" to do online activation.  2). In "Email Activation", copy the activation code and send to support email address.   3) It might take several hours to receive the reply email since the response email is sent manually.  4). In "Help"->"About" of WFilter, you need to enter the received validation code into WFilter.   3. De-activationSometimes, you might want to move the key to another computer. You need to de-activate this key first. Click "deactivate" in "Help"->"About" to de-activate the key.
Instant Messaging can be a benefit to business when used properly,
but IM is often abused by employees and poses significant liability and
security risks.
The free consumer IM client
programs in widest use, such as AIM, ICQ, Yahoo and MSN Messenger, pose many
security concerns. More than text-based chat, IM programs also include peer to peer file
transfer capabilities, which can pose security risks in two ways.
Internal users can send documents that may be confidential out of your
network, circumventing your network's perimeter defenses against file
sharing programs or e-mail attachments. On the other hand, external
users can send files that might contain viruses or malicious code to
users on the internal network. In addition, a liability risk arises if
employees use the file transfer feature to share copyrighted music,
movie or software files in violation of the law. To make your business efficient, it is necessary for you to monitor, filter and block instant messaging in your network. You may want to apply an internet messenger usage policy like this: 1. Only authrozied users can use certain IM tools. 2. File transfer via messengers shall be blocked. 3. Only work-related IM accounts can be used. As most firewall programs do not support that kind of feature, you need an internet monitoring and filtering program like "WFilter Enterprise". "WFilter Enteprise" enables you to monitor, manage and block internet access of all computers on a mirroring port. For internet messaging blocking, WFilter supports: 1. Blocking certain messenger protocols. 2. Blocking file transfer via messengers. 3. Blocking certain messenger account using black/white list. Figures:  Block file transfer in messengers:  MSN black/white list:  More information, please check "WFilter Enterprise". Other related links: How to block websites at work during working hours?How to block video streaming on company network?How to block internet downloading?How to monitor internet bandwidth?How to monitor internet usage on company network?Internet monitoring software for businessHow to filter web surfing?
Unmanaged websites surfing is killing your productivity. Employees may spend hours to read news, watch online video and play online web games. So, to save productivity, it is necessary for organizations to block certain websites and restrict internet access. You need to implement an internet policy as: 1. Only work-related websites are allowed during work time. 2. Destructive websites like violence, adult, shall be blocked always. 3. Downloading websites shall be blocked to save bandwidth if you are suffering from slow internet speed. However, in today's internet, a website can not be blocked only by blocking its ip address or domain. It is still accessable by: 1. Open proxy servers. 2. Third party tunneling proxy service. 3. Tunnel VPN service. To make your blocking effecient, you also need to block certain proxy/tunneling protocols. WFilter makes it simple to block websites and proxy service. 1. Filter certain websites
You can filter certain websites by "website black/white list" and "website category":   2. Block Proxy Service and VPN protocols.WFilter supports proxy protocol transparently. No addtional setting is required to block open proxy server. You may setup a "HTTPS black/white list" to block unwanted VPN.  More information, please check "WFilter Enterprise". Other related links: How to block video streaming on company network?How to block internet downloading?How to monitor internet bandwidth?How to monitor internet usage on company network?Internet monitoring software for businessHow to filter web surfing?
Unmanaged internet access is harmful to your business. Without proper internet monitoring and filtering, you may suffer from: 1. Lower productivity. Your employees might take hours for web surfing, chatting and watching videos. 2. Slow internet speed. P2P programs or IPTV programs can easily consume most of your bandwidth. So normal business will not have enough available bandwidth. 3. Unmanaged downloading will bring virus, worms and spyware, which is harmful to your network. 4. Leaking of business documents and materials. Therefore, it is important for you to monitor and manage employees internet activity. This guide will introduce you several aspects of deployment and usage of internet monitoring and filtering software. Please be aware that I am only going to talk about internet access monitoring, which does not include screen monitoring, USB forbiding and keystroke recording. The latter requires you to install a client agent in every computer. And internet monitoring only needs to be installed near the internet entrance. How to deploy internet monitoring software? Though internet monitoring only needs to be installed near internet entrance, it is quite different for different network topologies. For "Router<->Switch<->Computers" networks, you need to setup a mirroring port in the switch to enable monitoring. If you are using ISA or wingate proxy server, you can do monitoring right in the proxy server. How to monitor internet bandwidth? Upon properly deployed, you can easily monitor internet bandwidth and activities using internet monitoring software. Below let me take "WFilter Enterprise" as an example: Use WFilter's "Active Connections" feature, you can have a clear view of all connections in your network.  Connections of a particular computer, you can kill established connections if you want. 
For more details about "monitor internet bandwidth", please refer to: How to monitor internet bandwidth?
How to monitor internet usage?In "Online computers" of WFilter, click the numbers under each title to view detailed records.  
How to block downloading?To save bandwidth, inproper downloading shall be blocked. The below figure shows blocking of large size files and blocking by video files.  Blocking of video files.  For more details, please refer to "How to block downloading?".
Introduction
WFilter supports various ways to filter web surfing activity:
- Block Web Surfing Completely
- Enable Website Black/White List
- Enable URL Keywords Filtering
- Enable Website Category Access Policy
- Websites Exception List
- Enable HTTPS Black/White List
When enabled, all HTTP web surfing will be blocked, except for domains in the "Websites Exception List".
1.1 Add a new blocking level, as in the below figure:
 Figure 1 1.2 Set a proper "Level Name" and "Level Desc", check the "Block Web Surfing". If you want to display a blocking page when blocked, you need to enable "Display a Deny Page When Blocking", as in Figure 2:  Figure 2 1.3 Apply this new blocking level to certain users in "User-computer Table", as in the below figure:
 Figure 3 1.4 Websites will be blocked, as in Figure 4:  Figure 4  Figure 5 Website black/white list can set black list or white list for websites based on domain name.
When black list is enabled, websites in the black list will be blocked. When white list is enabled, only websites in the white list can be visited.
2.1 Add a new blocking level, as in the below figure:
Figure 6 2.2 Set a proper "Level Name" and "Level Desc", check the "Enable Website black/white list", as in Figure 7: Figure 7 2.3 Add certain websites into a black list, as in Figure 8:  Figure 8 2.4 Apply this new blocking level to certain users in "User-computer Table", as in the below figure:
Figure 9 2.5 Websites in the black list will be blocked, as in Figure 10: Figure 10 Figure 11 URL keywords filtering can filter webpages by url address. Using this feature, you can block searching for certain keywords in search engines.
3.1 Add a new blocking level, as in the below figure:
Figure 12
3.2 Set a proper "Level Name" and "Level Desc", check the "Enable URL Keywords Filtering", as in Figure 13: Figure 13 3.3 Check the keywords category to be blocked, as in Figure 14:  Figure 14 3.4 Apply this new blocking level to certain users in "User-computer Table", as in the below figure:
Figure 15 3.5 In this example, searching for "game" will be blocked, as in Figure 16 and Figure 17: Figure 16  Figure 17 Website category access rules can filter websites based on websites categories. Four filtering modes are supported: "Allow", "Deny", "Warn" and "Time Quota".
4.1 Add a new blocking level, as in the below figure:
Figure 18 4.2 Set a proper "Level Name" and "Level Desc", check the "Enable web category rule", as in Figure 19:  Figure 19 4.3 Set certain filtering mode for certain categories, as in Figure 20:  Figure 20 4.4 Apply this new blocking level to certain users in "User-computer Table", as in the below figure:
Figure 21 4.6 In this example, time quota is enabled for "Game" websites, as in Figure 22:
 Figure 22 Websites in the exception list will not be blocked by other rules.
 Figure 23 Above functions can only filter HTTP websites, to block HTTPS websites, you need to enable the "HTTPS Black/White List".
6.1 Add a new blocking level, as in the below figure:
Figure 24 6.2 Set a proper "Level Name" and "Level Desc", check the "Enable HTTPS Black/White List", as in Figure 25: Figure 25 6.3 Add certain websites into a HTTPS Black list, as in Figure 26:  Figure 26 6.4 Apply this new blocking level to certain users in "User-computer Table", as in the below figure:
Figure 27 6.5 As in Figure 28 and 29, certain HTTPS websites will be blocked.  Figure 28  Figure 29 |
WFilter Monitoring Performance
WFilter is designed to monitor a network with no more than 1000 computers, and the available internet bandwidth of the entire network shall be no more than 100Mbit/s. Since WFilter is software, the performance depends a lot on the hardware performance. Higher bandwidth requires faster CPU, and more monitored computers require more RAM. Therefore, we recommend you to provide 1M available RAM for each monitored computer. Below is a performance test result for HTTP request of WFilter 3.3 file-based version:
| # | Computers | Bandwidth | Total HTTP Requests | Recorded Percent | CPU | Memory |
|---|
| 1 | 50 | 37.2M | 16000 | 100% | 35% | 260,298K |
| 2 | 100 | 35M | 20000 | 100% | 38% | 280,576K |
| 3 | 200 | 31M | 40000 | 100% | 58% | 294,561K |
| 4 | 400 | 33M | 80000 | 100% | 68% | 372,786K |
| 5 | 600 | 32.3M | 120000 | 100% | 80% | 540,151K |
| 6 | 1000 | 32.6M | 200000 | 60% | 99% | 540,664K |
As we can see from the above table, when monitored computers number reachs 1000, the "recorded percent" decreased to 60% suddenly. And we noticed the memory only slightly increased, so it shall because lack of memory. Therefore we added the monitoring computer RAM to 2G, and do the test again:
| # | Computers | Bandwidth | Total HTTP Requests | Recorded Percent | CPU | Memory |
|---|
| 7 | 1000 | 32.7M | 200000 | 100% | 90% | 820,640K |
And the test of WFilter 3.3 database version(SQL Server) performance has the similar result:
| # | Computers | Bandwidth | Total HTTP Requests | Recorded Percent | CPU | Memory |
|---|
| 1 | 50 | 34.9M | 10000 | 100% | 45% | 197,392K |
| 2 | 100 | 34.9M | 20000 | 100% | 45% | 210,196K |
| 3 | 200 | 31M | 40000 | 100% | 45% | 270,960K |
| 4 | 400 | 32.9M | 80000 | 100% | 45% | 364,234K |
| 5 | 1000 | 28.6M | 200000 | 58.84% | 100% | 540,664K |
The performance of 1000-user can also be improved by adding RAM of the monitoring computer.
Test Environment
| 1 | Network | 100M ethernet |
| 2 | Test Client | Intel(R) pentium(R) Dual 1.80+1.80GHz , 1G RAM |
| 3 | Test Monitoring Server | Intel(R) Celeron(R) 2.66GHz, 1G RAM |
| 4 | WFilter Version | WFilter 3.3 |
| 5 | Switch | Tplink TL-SF1008 |
WFilter 3.3 is under alpha testing now. The new version will add "Bandwidth limit", "Url keywords blocking", "Website visit quota" and other exciting features. 1. "Bandwidth limit". You can set bandwidth limit for each computer, or blocking certain internet traffic when internet bandwidth is too high. This feature can help you to manage company bandwidth flexibly. 2. "Url Keywords Blocking", blocking url/webpage by keywords category. You may use this feature to block certain keywords from being searched in search engines. 3. "Website visit quota", by this feature, you are able to set visit time quota for each website category. For example, "news" websites can be limited to "1 hour" for each day.
Some websites, like facebook, youtube, are rather time consumable.
If you do nothing to filter certain websites, your employees may spend several hours a day on web surfing.
So How to block certain websites to save your productivity?
1. Some router/gateway might have the ability to block certain websites.
2. Firewall appliances, like cisco PIX, will also be a good choice.
3. The third, you can choose internet filtering software to do web filter and blocking.
Most employees waste more than an hour on browsing web pages. Even worse, someone will not be able to concentrate on their work during work time.
So, to save productivity, it is necessary for organizations to block certain websites and restrict internet access.
In my opinion, things should be done from several aspects:
1. Only work-related websites are allowed during work time.
2. Destructive websites like violence, adult, shall be blocked always.
3. Downloading websites shall be blocked to save bandwidth if you are suffering from slow internet speed.
For those companies who are very strict with websites browsing, you can implement a website whitelist, by which, only websites in the whitelist can be visited.
More information, please refer to internet blocking and internet monitoring.
IMFirewall P2P Classify Engine Introduction
1 Introduction
IMFirewall Software is a professional Internet filtering software provider. We focus on Internet information security and providing customers with a comprehensive approach to manage the Internet usage of enterprise network since founded in 2004. By 2007-10, protocols number supported in our pattern database has reached over 90. And our pattern analysis team is monitoring and analyzing protocols everyday.
2 Supported Pattern Type
Three pattern types are supported:
1. Signature Pattern
You may call it digit signature. As most p2p programs do not has a fix port range nor central servers. The only way to match them is by signature match. IMFirewall pattern matching engine scans every connection for signature of existing protocols..
2. Port Pattern
IMFirewall pattern matching engine can also recognize protocols by port or port range.
3. HTTP Pattern
Because more and more protocols are using HTTP protocol or HTTP tunnel to communicate, our pattern-matching engine also checks http mime-header for signatures. HTTP pattern is powerful to recognize http-based protocols.
3 Pattern Matching Speed
We test the speed of each pattern when new pattern found, the standard speed is 20,000 matches in 1 second.
4 Quick Response for New (Updated) Protocols
As protocols may vary from time to time, it is necessary to keep the pattern database up to date in time.
We have a protocol/programs monitoring system, which will monitor the website and files on official websites of each protocol. Once there is a change, the system will notify our protocol analysis team to test it.
This makes us a quick response for new (updated) protocols. Usually, a updated protocol can be added to our pattern database in 2-3 business days.
Links: Supported protocols list of WFilter
Here we've added some configuration examples of wfilter:
AOL Instant Messenger (often referred to as "AIM") is an instant messaging application that allows registered users to communicate in real time via text, voice, and video transmission over the Internet. It is maintained by AOL LLC. The official website is www.aim.com.
AIM is widely used all over the world. However, employees are using AIM to chat privacy topics, send and receive files, which will decrease working productivity, waste time and raise security risk.
So it is important to block AIM in enterprise network.
How to block AIM in your network?
AIM messenger can connect in several ways. Default is TCP port 5190. However, if you block AIM port 5190 in your firewall. It will turn to use port 80, 443 instead. And also, AIM messenger can use a HTTP/SOCK4/SOCK5 proxy server to reach the server. Even the worth, AIM traffics through port 80 using HTTP protocol, if you allow your employees to browser website, the 80 port must be available. And AIM has official clients, and many unofficial clients like gaim, trillian are also popular.
So, is blocking AIM mission impossible?
Of course not, but professional internet filter tools are needed. To block aim traffic, it needs the blocking aim tool has the ability to pick up aim traffic from large amount of connections.
I recommend you use WFilter to block aim, block msn and block messenger.
WFilter related features:
- Monitor AIM and ICQ messenger usage.
- Record chat contents of AIM and ICQ.
- Record files transfered by AIM/ICQ.
- Implement a policy to block AIM/ICQ or certain AIM/ICQ accounts.
- Block AIM file transfers, block icq file transfers.
- Support offical messenger client and other third party clients like gaim, trillian.
WFilter other monitor features:
Chat Monitor, MSN Messenger Chat Monitor, Yahoo Chat Monitor and other instant messenger monitor, block MSN, block Yahoo, block AIM, and other instant messenger block, block p2p, block p2p traffic, filter internet, block internet, internet monitor, monitor employee internet activity...
An URL database contains about 50 catalogs will be available in WFilter next release coming in this September.
WFilter 3.1 version now can only support URL white list and black list based on URL keywords match. This is not enough, a URL database will make you able to add rule for each catalog easily.
|
Copyright © 2012 IMFirewall Software. All rights reserved.
DasBlog 'Portal' theme by Johnny Hughes.
Pick a theme:
|
|