WFilter can monitor and filter computers internet activities in your network. In WFilter, two monitoring modes are available: "by ip address" and "by MAC address". In "by ip address" monitoring mode, WFilter identifies a computer based on its ip address, while it identifies a computer based on its MAC address in "by mac address" monitoring mode.
However, if computers ip addresses are not fixed in your network. You might have trouble to identify a computer to set its monitoring/blocking policy.
This tutorial will introduce you several solutions to identify computers in your network in WFilter.
1. Monitor and block by AD users
Since WFilter can be integrated with Microsoft active directory, you don't need to face the trouble of identifying computers if you have an available AD.
With "account monitoring" enabled, you can set blocking policy based on AD users, despite which computers they are using.
Please check this document for more details about "account monitoring": How to do monitoring based on user accounts?
2. Identify computers by MAC addresses
With "by mac address" monitoring mode, WFilter identifies a computer by its MAC address. MAC address is assigned by the manufacturer of a network interface card (NIC) and are stored in its hardware. It won't change unless the NIC hardware is replaced.
When you set a recording policy or blocking policy to one computer in "user-computer table", certain settings will be bound to its mac address. Even its ip address is changed, certain settings will not be lost.
However, "By MAC address" monitoring mode is only available for single-segment networks, because a computer's mac address can not be retrieved when it's located behind a router.
Therefore, in a single-segment network, "by mac addresses" will be a good choice if your ip addresses are dynamic.
3. Identify computers by IP addresses
If your network is multi-segments, you only can use "by ip address" monitoring mode. Therefore, we recommend you to make ip addresses static in a multi-segments network. If you want to leave the ip addresses as dynamic, the only solution left is "Monitor and block by AD users" as discussed above.
More information, please check "WFilter Enterprise".
Other related links:
How to block internet
downloading?
How to monitor
internet usage on company networks?
Internet monitoring
software for business
How to
filter web surfing?
How to block
websites and restrict internet access?
How to block HTTPS
websites on my network?
How to setup ip-mac binding in WFilter?
How to block facebook at work of network computers?
How WFilter works to monitor and archive internet activities?WFilter is an enterprise Internet filtering software program. A business or
organization can implement its Internet communication policy into
WFilter and let it perform the work.
WFilter intercepts, records and monitors Internet behaviors of users
on a network, for the purpose of ensuring policy compliance, or
measurement on job performance in an organization. A mirroring port replicates the data from other ports or VLAN's. To monitor all internet activity, WFilter needs to be connected to a mirroring port of your switch. And the mirroring port shall be configured to mirror your internet traffic. When connected to a mirroring port, WFilter gets packet copies of all internet traffic, then decodes and saves them into log files. This is how WFilter works to monitor internet usage. For more information about how to setup port mirroring, please check: WFilter Deployment Examples.To check whether your port mirroring is properly configured, please check: How to check whether port mirroring is properly configured?If you don't have a manageable switch, you need to setup a windows gateway or proxy server to do monitoring, please check: How to monitor internet usage without a manageable switch?How WFilter works to block internet connections?Many users had asked: "Since WFilter only handles packet copies and the original packets don't pass through WFilter machine, how WFilter works to block internet connections?" Actually, there are two filtering technology: pass-through filtering and pass-by filtering. With a pass-through filtering solution, packets shall pass through the filtering product; if a packet needs to be blocked, the filtering product just drop it. However, a pass-by filtering product only handles copies of network packets, it can not hold the original packets. Therefore, it sends RST packets to terminate TCP connections. This is how WFilter works to block connections. Please notice: 1. Since WFilter needs to send RST packets to block a connection, the "blocking adapter" of WFilter shall be able to access your network. The blocking adapter shall be configured in "System Settings"->"Monitoring Settings" of WFilter. 2. Some switches do not allow outgoing traffic on the mirroring port, if so, you need to setup a separate NIC as the blocking adapter. Even outgoing traffic is allowed on the mirroring port, we recommend you to use a secondary NIC for blocking when you're managing over 100 computers. Otherwise, the monitoring adapter will be overloaded. 3. If you have multiple VLANs, the blocking adapter shall belong to a VLAN which can communicate with other VLANs. 4. Sometimes you might need to set "Automatic Metric" of the blocking adapter for windows to recognize this adapter as the primary adapter. Please check this blog topic: Blocking adapter doesn't work when using two network cards with WFilter.For more information about difference of the two filtering solutions, please check: What's the difference between Pass-by filtering and Pass-through filtering?More details about WFilter filtering technology, please check: WFilter Technologies and Security
There are a lot of products for you to manage your network: firewall, content filtering, web filtering proxy... Some users might get confused to choose them. Since more and more customers had requested a comparison of WFilter to other similar products, I wrote this guide to list some important differences. WFilter is a passby internet monitoring and filtering software program. It monitors network traffic from a mirroring port in your switch. When a TCP connection needs to be blocked, WFilter will send 1-2 RST packets to reset this connection. This is called "Passby Filtering". More technical details of WFilter can be found at: WFilter TechnologiesWFilter VS firewall program/applianceAdvantages:1. WFilter monitor and archive most internet activities, while firewalls don't keep internet usage details. 2. WFilter parses protocols at the application layer, it can recognize 100+ common protocols according to their signatures and behaviors. Most firewall program/application filters packets based on ports or ip addresses. 3. WFilter analyse copies of internet packets from a mirroring port of your switch. It is easy to be deployed, without any delay of your network. However, a firewall program/appliance needs to be deployed at the edge of your network. And since each packet goes through the firewall program/appliance, there will be a slight delay. 4. If the WFilter server goes down, the Internet connection stays alive. If the firewall program/appliance hangs, you will not be able to access internet. 5. WFilter is a content filtering product. It is designed to monitor and filter internet usage of employees to raise your productivity. However, a firewall program/appliance is designed to filter network packets and protect your network. Disadvantages:1. WFilter can not block UDP packets. So you also need to block UDP ports in your router/firewall. 2. WFilter consumes more memory and disk space of your computer. If you archive all internet activity, it might consume 2-3M disk space for each monitored computer every day. WFilter VS open source web filtering projectsSome open source projects, like "SQUID" and "dansguardian", also provide web filtering solutions. Below I list some major differences: 1. Most open source projects work as a proxy server. It requires you to change your internet access to proxy mode. 2. Most open source projects are web filtering only. Blocking of p2p traffic, internet monitoring/archieving are not supported. 3. Lack of statistics and reports for open source projects. 4. Lack of support for open source projects. Since protocols are changing, live update/support is required to keep your pattern database up to date, while most open source projects don't have such support. In IMFirewall protocol lab, to keep our pattern database up to date, we have a system to monitor most common internet products/protocols, so when a new version of certain product is released, our team will work on it immediately. Try "WFilter Enterprise" by yourself: http://www.imfirewall.us/WFilter.htm
Sometimes, on an indeterminate problem of using WFilter, we might need a packet dump file for diagnosis. WFilter has a packet dump tool named "dumpPacket.exe", which will dump packets on the monitoring adapter.
This tutorial will guide you to generate a packet dump file using "dumpPacket.exe".
First, lauch "dumpPacket.exe" from "Start"->"IMFirewall WFilter"->"Tools". If you didn't install WFilter shortcuts, you can find this tool in WFilter directory.
 It will ask you to enter a testing ip address. For example, if
you need to check a monitoring problem for ip "192.168.1.20", you can
input "192.168.1.20" here. If you just want to capture some packet
samples, you may just press "enter" here! Press "enter" means dumping
packets for all computers.
 Close the dumping window. If you're doing a certain test, you need to wait until the test is done. For example, sending an email message. If you're dumping packets for all computers, you only need to wait for 3-5 seconds because the dump file can be very large. If the dumping file is too large, you can do the test again in a shorter time.  The dump.cap file can be found in "temp" directory of WFilter. The dump.cap file is pcap format, which can be opened by wireshark and other pcap applications. 
To make WFilter work, you need to setup port mirroring in your switch. However, sometimes you might still cannot monitor other computers even port mirroring is configured. It has several possibilities: 1. WFilter computer shall be connected directly to the mirroring port. 2. Configured ports does not match real ports. 3. Both outbound and inbound traffic is required by WFilter. If you only mirror one direction packets, WFilter can not work properly. 4. Incorrect WFilter settings. (wrong ip segment or monitoring adapter...) 5. Firewall/anti-virus programs blocks non-local packets. For example, nod32 will block non-local packets, so even port mirroring settings are correct, the mirrored traffic still can not reach WFilter. We recommend you to shutdown your firewall and anti-virus programs for checking. To locate the problem, first we need to confirm whether packets are mirrored to WFilter computer. It can be checked in a simple way following below steps:   Upon successful mirroring, the "Received" packets number shall be much larger than the "Sent" packets. If not, you need to check certain mirroring settings or cable connections.
WFilter supports online activation and Email activation.
If
you choose to activate your product over the Internet, upon your
submisson the activation wizard will detect your Internet connection
and connect to a secure server to transfer your register key to us. The
registration is passed back to you, automatically activating WFilter,
if the register key is valid.
If you choose to activate your
product by email activation, you should input the register key in text
box and click the "confirm". You will get an activation code. Please
send them to the support email box. The validation code will be sent
back to you within 24 hours. Please copy them in the valiation code
textbox to activate your product. 1. Steps of Online ActivationOnline activation requires an available internet connection to connect to WFilter activation server. 1). In "Help"->"About" of WFilter, click "Product Activation".  2). Input your key number and use "online activation" to do online activation.  3). Successful activation.   2. Steps of Email ActivationOnline activation requires an available internet connection. If you can not connect to WFilter activation server, you also can use "Email Activation". 1). Input your key number and use "email activation" to do online activation.  2). In "Email Activation", copy the activation code and send to support email address.   3) It might take several hours to receive the reply email since the response email is sent manually.  4). In "Help"->"About" of WFilter, you need to enter the received validation code into WFilter.   3. De-activationSometimes, you might want to move the key to another computer. You need to de-activate this key first. Click "deactivate" in "Help"->"About" to de-activate the key.
Unmanaged internet downloading can consume most of your bandwidth, In practice, many, often most, of the files shared on peer-to-peer
networks are copies of copyrighted popular music and movies.
So, it is important for corporations to manage, control and block p2p traffic and block unwanted file downloading. Files can be downloaded via various ways as described below: 1. Downloading from HTTP/FTP websites. 2. Downloading from p2p networks.
3. Downloading from instant messenger buddies. For security purpose, downloading from p2p networks shall be completely forbidden in company networks. And only HTTP/FTP downloading from trusted websites can be allowed. Instant messenger file transfer makes it convenient to share files with our friends. It is fast and secure. However, because IM is so popular, virus writers can use it to spread malicious programs. These viruses are spread, in most cases, when a person clicks a link or opens an infected file that was sent in an instant message that appeared to come from a friend. Therefore, messenger file transfer also put your network in danger. "WFilter Enterprise" makes it simple to manage file transfers between local network and the internet. Using WFilter, you may: 1. Limit file downloading size. 2. Block web downloading by file type. 3. Block web downloading by content type. (Mime type) 4. Block p2p traffic. 5. Block file transfer via messengers. Figures: 
 Other related links: How to monitor internet bandwidth?Internet blockingHow to filter web surfing?How to monitor internet usage on company network?Internet monitoring software for businessInternet monitoring software
Unmanaged internet access is harmful to your business. Without proper internet monitoring and filtering, you may suffer from: 1. Lower productivity. Your employees might take hours for web surfing, chatting and watching videos. 2. Slow internet speed. P2P programs or IPTV programs can easily consume most of your bandwidth. So normal business will not have enough available bandwidth. 3. Unmanaged downloading will bring virus, worms and spyware, which is harmful to your network. 4. Leaking of business documents and materials. Therefore, it is important for you to monitor and manage employees internet activity. This guide will introduce you several aspects of deployment and usage of internet monitoring and filtering software. Please be aware that I am only going to talk about internet access monitoring, which does not include screen monitoring, USB forbiding and keystroke recording. The latter requires you to install a client agent in every computer. And internet monitoring only needs to be installed near the internet entrance. How to deploy internet monitoring software? Though internet monitoring only needs to be installed near internet entrance, it is quite different for different network topologies. For "Router<->Switch<->Computers" networks, you need to setup a mirroring port in the switch to enable monitoring. If you are using ISA or wingate proxy server, you can do monitoring right in the proxy server. How to monitor internet bandwidth? Upon properly deployed, you can easily monitor internet bandwidth and activities using internet monitoring software. Below let me take "WFilter Enterprise" as an example: Use WFilter's "Active Connections" feature, you can have a clear view of all connections in your network.  Connections of a particular computer, you can kill established connections if you want. 
For more details about "monitor internet bandwidth", please refer to: How to monitor internet bandwidth?
How to monitor internet usage?In "Online computers" of WFilter, click the numbers under each title to view detailed records.  
How to block downloading?To save bandwidth, inproper downloading shall be blocked. The below figure shows blocking of large size files and blocking by video files. Blocking of video files. For more details, please refer to "How to block downloading?".
Internet can be a benefit to business when used properly, but internet
is often abused by employees and poses significant liability and
security risks. In today's internet, P2P programs and IPTV applications can easily consume most of your bandwidth. Therefore, monitoring of internet activity and monitoring of bandwidth usage is important to keep your business efficient. Below I list several aspects to monitor internet usage on company network. How to monitor internet usage? You can not monitor other computers internet usage in a network unless you have access to their network traffic. There have two ways to see other computers internet traffic: 1. Configure a span port(port mirroring) in your switch. 2. Do monitoring in the gateway or proxy. If you already setup a computer as the gateway or proxy server, you just need to install internet monitoring software in the server to do monitoring. Since many networks are using a router as the gateway, using a port mirroring switch is a good choice. Port mirroring allows you to setup a port in the switch to receive packets of other ports. Setting up a mirror port does no change to your network topology, and it will not affect your network speed. A broadcasted hub can also help you to do monitoring, however, broadcasted hubs can only work in 10M bit mode, and it is not so stable. Therefore I recommend you not to use a broadcasted hub to do monitoring. Read this example for details to setup port mirroring: Deploy internet monitoring using a port mirror switch . How to monitor internet connections? Once you've setup the span port, you can easily monitor internet connections using internet monitor software. Here we take "WFilter Enterprise" as an example: Monitor all computers internet connections Use WFilter's "Active Connections" feature, you can have a clear view of all connections in your network. Monitor a computer's internet connectionsConnections of a particular computer, you can kill established connections if you want. How to monitor internet activity?
In "Online computers", click the numbers under each title to view detailed records.
Browsing history: Other related links: How to monitor internet bandwidth?Internet blocking
|
Copyright © 2012 IMFirewall Software. All rights reserved.
DasBlog 'Portal' theme by Johnny Hughes.
Pick a theme:
|
|