IMFirewall Blog

How to block facebook game using WFilter?

Administrator — Mon, 08 Mar 2010 01:27:31 GMT

Sometimes you may want to block facebook games during working hours. This tutorial will guide you to block facebook games using "WFilter Enterprise".

First, add a website black list.

Second, choose this website black list in certain blocking policy.

Third, apply this blocking policy to certain computers.

Now, facebook game is blocked.

How to block google talk and gmail chat on company network?

Administrator — Fri, 22 Jan 2010 03:22:27 GMT

Google Talk (GTalk) is a free Windows and web-based application for instant messaging and voice over internet protocol (VOIP), offered by Google Inc. You may use "Google Talk" to send instant messages, transfer files, make PC-to-PC calls and audio conferencing.

However, sometimes you may want to block usage of google talk on company network. This tutorial will guide you to block google talk using WFilter.

Though instant messaging between the Google Talk servers and its clients uses an open protocol XMPP, it is more complicated and flexible than XMPP.
Google talk uses several ports to connect to its server:

1). Using Jabber standard tcp port 5222.
2). Using TLS port 443.
3). Using web chatting on port 80 in gmail.

So you can not block Google talk by simply blocking Jabber standard port. WFilter makes it simple to block google talk. Google talk connections can be identified and blocked by signature matching.

The below examples demonstrates blocking of google talk.

1. Blocking of Google talk and gmail chat

Set a blocking policy in WFilter to block jabber and google talk:

Blocked Google talk:

2. Block file transfer of Google talk

You also can block file transfer of Google Talk in WFilter. This will block file transfer of google talk without blocking of normal google talk text messaging.

More information, please check "WFilter Enterprise".
Other related links:
How to block internet downloading?
How to monitor internet usage on company network?
Internet monitoring software for business
How to filter web surfing?
How to block websites and restrict internet access?
How to Block Bittorrent and bitcomet?
How to block msn file transfer?
How to block certain websites to save your productivity?
How to block AIM using WFilter?

How to block bbc iplayer on company network?

Administrator — Wed, 20 Jan 2010 03:26:22 GMT

BBC iPlayer (formerly known as Integrated Media Player (iMP), Interactive Media Player, and MyBBCPlayer) is an internet television service, P2P, cable television, and several mobile devices developed by the BBC to extend its existing RealPlayer-based "Radio Player" and other streamed video clip content.

As online iPlayer may consume much internet bandwidth, this tutorial will guide you to block BBC iPlayer using WFilter. We suppose WFilter is already properly installed and is capable of monitoring/blocking other computers, if not, please read How to monitor internet usage on company network first.

WFilter's "website black list" is based on website domains, so we can not use "website black list" to block iPlayer, since iPlayer is a subfolder of www.bbc.co.uk without a individual domain. However, we still can use "URL Keywords Filtering" feature to block url with certain keywords.

The below example demonstrates blocking of url with keyword "iplayer".

1. Create a blocking policy, and enable "URL Keywords Filtering".

2. Choose "Streaming Media" category and click the edit icon to edit its keywords list.

Please notice: WFilter already has some default keywords(the default keywords are hidden). For example, "video" is already included in the "Streaming Media" category. If you only want to block "iplayer", you can add a new category in "Category Settings"->"Customize Categories" of WFilter.

In this example, we need to add "iplayer" to the keywords list:

3. Apply this blocking policy to certain computers.

4. By now, urls with keywords "iplayer" will be blocked.

More information, please check "WFilter Enterprise".
Other related links:
How to block internet downloading?
How to monitor internet usage on company network?
Internet monitoring software for business
How to filter web surfing?
How to block websites and restrict internet access?
How to Block Bittorrent and bitcomet?
How to block msn file transfer?
How to block certain websites to save your productivity?
How to block AIM using WFilter?

How to upgrade wfilter manually?

Administrator — Fri, 15 Jan 2010 02:32:33 GMT

It's very simple to update your WFilter to the last version. This tutorial will guide you to update your WFilter manually.
Please follow below steps:

1. Download the last version from our website.

2. Uncompress the downloaded package and launch it.

3. Choose "Reinstall/Upgrade".

Please notice: Reinstallation/upgrade will not change/delete your settings or monitored data.

Download url: http://www.imfirewall.us/download_trial.htm

How to block sending emails with attachment on company network?

Administrator — Wed, 13 Jan 2010 01:33:56 GMT

WFilter can be used to block sending/receiving emails, block sending attachments and filter email accounts. And you only need to install WFilter in one computer to monitor all computers in your network.

This tutorial will guide you to block outgoing emails with attachments.

1. Block outgoing emails with attachment(s)

This feature can block sending of emails with attachments via SMTP protocol.

1.1 Add a new blocking level, as in the below figure:

1.2 Set a proper "Level Name" and "Level Desc", check "Block sending emails with attachment(s)", as in Figure 2:

1.3 Apply this new blocking level to certain users in "User-computer Table", as in the below figure:

1.4 Emails with attachment(s) will be blocked, as in Figure 4:

Blocking adapter doesn't work when using two network cards with WFilter.

Administrator — Thu, 24 Dec 2009 03:49:48 GMT

Some switches does not allow outgoing traffic on a mirroring port. In this case, WFilter needs a separate blocking adapter to send blocking packets. And if you're monitoring and filtering more than 100 computers, we recommend you to use a different blocking adapter as the monitoring adapter.

When the two network cards are installed, we will want the Windows system to use the blocking adapter to access your network. However, sometime the Windows system might pick up the monitoring adapter and fails to connect to your network. This problem can be resolved by the "Automatic Metric" setting in Windows.

A metric is a value that is assigned to an IP route for a particular network interface that identifies the cost that is associated with using that route. The Automatic Metric feature is configured independently for each network interface in the network. This feature is useful in situations where you have more than one network interface of the same speed, for example, when each network interface has been assigned a default gateway. In this situation, you may want to manually configure the metric on one network interface, and enable the Automatic Metric feature to configure the metric of the other network interface. This setup can enable you to control the network interface that is used first in the routing of IP traffic.

In our case, the "Automatic Metric" of the blocking adapter shall be smaller than the monitoring adapter. So by setting "Automatic Metric" of the blocking adapter to "1", and the monitoring adapter to "2", Windows system will use the blocking adapter to access your network.

Use dumpPacket.exe of WFilter to generate a packet dump file.

Administrator — Thu, 17 Dec 2009 02:43:14 GMT

Sometimes, on an indeterminate problem of using WFilter, we might need a packet dump file for diagnosis. WFilter has a packet dump tool named "dumpPacket.exe", which will dump packets on the monitoring adapter.

This tutorial will guide you to generate a packet dump file using "dumpPacket.exe".

First, lauch "dumpPacket.exe" from "Start"->"IMFirewall WFilter"->"Tools". If you didn't install WFilter shortcuts, you can find this tool in WFilter directory.

It will ask you to enter a testing ip address. For example, if you need to check a monitoring problem for ip "192.168.1.20", you can input "192.168.1.20" here. If you just want to capture some packet samples, you may just press "enter" here! Press "enter" means dumping packets for all computers.

Close the dumping window. If you're doing a certain test, you need to wait until the test is done. For example, sending an email message. If you're dumping packets for all computers, you only need to wait for 3-5 seconds because the dump file can be very large. If the dumping file is too large, you can do the test again in a shorter time.

The dump.cap file can be found in "temp" directory of WFilter. The dump.cap file is pcap format, which can be opened by wireshark and other pcap applications.

How to check whether port mirroring settings are correct?

Administrator — Wed, 16 Dec 2009 07:15:24 GMT

To make WFilter work, you need to setup port mirroring in your switch. However, sometimes you might still cannot monitor other computers even port mirroring is configured. It has several possibilities:

1. Misconfigured port mirroring. (wrong port, incorrect settings...)
2. Cable problem.
3. Network card problem.
4. Incorrect WFilter settings. (wrong ip segment or monitoring adapter...)

To locate the problem, first we need to confirm whether packets are mirrored to WFilter computer. It can be checked in a simple way following below steps:

Upon successful mirroring, the "Received" packets number shall be much larger than the "Sent" packets. If not, you need to check certain mirroring settings or cable connections.

How to block limewire downloading on company network?

Administrator — Sat, 12 Dec 2009 02:50:53 GMT

LimeWire is a free peer-to-peer file sharing (P2P) client for Windows, Mac OS X, Linux, and other operating systems supported by the Java software platform. It uses the Gnutella network and also the BitTorrent protocol.

Using Limewire, users can easily download copies of copyrighted materials and illegal or objectionable content. In LimeWire versions prior to 5.0, users could accidentally configure the software to allow access to any file on their computer, including documents with personal information. Though recent versions of LimeWire do not allow unintentional sharing of documents or applications, it still opens a share directory to share downloaded files by default.

Therefore, to save your bandwidth and keep your network safe, you might want to block limewire program on your network.

However, though the default TCP port of Gnutella2 is 6346. You can not block limewire only by blocking this port in your router or firewall, because Limewire allow users to change its default port.

This tutorial will guide you to block limewire downloading using WFilter. WFilter blocks Limewire traffic based on signature matching despite which port it is using. Limewire can be blocked only by a single click.

Blocked limewire:

Blocking logs of limewire in WFilter:

WFilter homepage: http://www.imfirewall.us/WFilter.htm

How to control internet bandwidth usage on network?

Administrator — Sat, 28 Nov 2009 04:37:19 GMT

Traffic Shaping and Prioritization is becoming more and more common in the corporate market. Most companies with remote offices are now connected via a WAN (Wide Area Network). Applications tend to become centrally hosted at the head office and remote offices are expected to pull data from central databases and server farms. As applications become more hungry in terms of bandwidth and prices of dedicated circuits being relatively high in most areas of the world, instead of increasing the size of their WAN circuits, companies feel the need to properly manage their circuits to make sure business-oriented traffic gets priority over best-effort traffic. Traffic shaping is thus a good means for companies to avoid purchasing additional bandwidth while properly managing these resources.

With a linux gateway, you have a very rich set of tools for managing and manipulating the transmission of packets. More details can be found at: http://linux-ip.net/articles/Traffic-Control-HOWTO/index.html, However, sometimes it might be difficult for you to deploy a linux gateway server.

This tutorial will guide to implement a passby bandwidth management solution, which enables you to manage internet bandwidth through a mirroring port on your switch. Port mirroring allows you to setup a port in the switch to receive packets of other ports. Setting up a mirror port does no change to your network topology, and it will not affect your network speed.

Let's take WFilter as an example:

First, setup a mirroring port.

When the port mirroring is properly setup, WFilter will be able to monitor all computers internet activities.

Bandwidth Management Settings

Using WFilter's bandwidth management feature, you can set a maximum accumulating bandwidth of each computer for a period time. In this example, each user can have 200M internet bandwidth every day. Only messengers and emails are allowed when the bandwidth limit is reached.

You also can setup a policy to block certain users when available internet bandwidth of the entire network is not enough. For example, When entire network traffic exceeds 80% of available internet bandwidth, p2p traffic will be blocked.

Bandwidth Alert Settings

And the bandwidth alert feature will send you an alert email when the accumulating bandwidth of a computer is too large.

More information, please check "WFilter Enterprise".
Other related links:
How to block websites at work during working hours?
How to block video streaming on company network?
How to block internet downloading?
How to monitor internet bandwidth?
How to monitor internet usage on company network?
How to block instant messaging on company network?
How to filter websites and restrict website access?