WFilter Monitoring Performance

WFilter is designed to monitor a network with no more than 1000 computers, and the available internet bandwidth of the entire network shall be no more than 100Mbit/s.

Since WFilter is software, the performance depends a lot on the hardware performance. Higher bandwidth requires faster CPU, and more monitored computers require more RAM. Therefore, we recommend you to provide 1M available RAM for each monitored computer.

Below is a performance test result for HTTP request of WFilter 3.3 file-based version:

#	Computers	Bandwidth	Total HTTP Requests	Recorded Percent	CPU	Memory
1	50	37.2M	16000	100%	35%	260,298K
2	100	35M	20000	100%	38%	280,576K
3	200	31M	40000	100%	58%	294,561K
4	400	33M	80000	100%	68%	372,786K
5	600	32.3M	120000	100%	80%	540,151K
6	1000	32.6M	200000	60%	99%	540,664K

As we can see from the above table, when monitored computers number reachs 1000, the "recorded percent" decreased to 60% suddenly. And we noticed the memory only slightly increased, so it shall because lack of memory. Therefore we added the monitoring computer RAM to 2G, and do the test again:

#	Computers	Bandwidth	Total HTTP Requests	Recorded Percent	CPU	Memory
7	1000	32.7M	200000	100%	90%	820,640K

And the test of WFilter 3.3 database version(SQL Server) performance has the similar result:

#	Computers	Bandwidth	Total HTTP Requests	Recorded Percent	CPU	Memory
1	50	34.9M	10000	100%	45%	197,392K
2	100	34.9M	20000	100%	45%	210,196K
3	200	31M	40000	100%	45%	270,960K
4	400	32.9M	80000	100%	45%	364,234K
5	1000	28.6M	200000	58.84%	100%	540,664K

The performance of 1000-user can also be improved by adding RAM of the monitoring computer.

Test Environment

1	Network	100M ethernet
2	Test Client	Intel(R) pentium(R) Dual 1.80+1.80GHz , 1G RAM
3	Test Monitoring Server	Intel(R) Celeron(R) 2.66GHz, 1G RAM
4	WFilter Version	WFilter 3.3
5	Switch	Tplink TL-SF1008

  WFilter 3.3 is under alpha testing now. The new version will add "Bandwidth limit", "Url keywords blocking", "Website visit quota" and other exciting features.
  1. "Bandwidth limit". You can set bandwidth limit for each computer, or blocking certain internet traffic when internet bandwidth is too high. This feature can help you to manage company bandwidth flexibly.
  2. "Url Keywords Blocking", blocking url/webpage by keywords category. You may use this feature to block certain keywords from being searched in search engines.
  3. "Website visit quota", by this feature, you are able to set visit time quota for each website category. For example, "news" websites can be limited to "1 hour" for each day.


 

     It is said that Google talk uses Jabber protocol to communicate.
     However, Google talk has more flexible ways to connect:
     1. Using Jabber standard tcp port 5222.
     2. Using TLS port 443.
     3. Using web chatting on port 80.

     So you will not able to block Google talk by simply blocking Jabber standard port. And 443, 80 ports are essential internet ports which shall not be blocked.

     WFilter makes it simple to block google talk. Google talk connections can be identified and blocked by signature matching. And all these can be done just by one click as below:

     More information, please refer to: http://www.imfirewall.com/en/protocols/Jabber.htm.

Some websites, like facebook, youtube, are rather time consumable.

If you do nothing to filter certain websites, your employees may spend several hours a day on web surfing.

So How to block certain websites to save your productivity?

1. Some router/gateway might have the ability to block certain websites.

2. Firewall appliances, like cisco PIX, will also be a good choice.

3. The third, you can choose internet filtering software to do web filter and blocking.

 

 

 

Most employees waste more than an hour on browsing web pages. Even worse, someone will not be able to concentrate on their work during work time.
So, to save productivity, it is necessary for organizations to block certain websites and restrict internet access.

In my opinion, things should be done from several aspects:

1. Only work-related websites are allowed during work time.
2. Destructive websites like violence, adult, shall be blocked always.
3. Downloading websites shall be blocked to save bandwidth if you are suffering from slow internet speed.

For those companies who are very strict with websites browsing, you can implement a website whitelist, by which, only websites in the whitelist can be visited.

More information, please refer to internet blocking and internet monitoring.

Block MSN file transfer: impossible mission?

  It is convenient to transfer files via messengers like msn/live, yahoo, icq...  But it is also necessary for organizations to block unauthorized file transfers to keep their networks safe.

  However, messenger software uses several ways to avoid being blocked. They use dynamic ports, encrypted connections, variety connection type to bypass network firewall.

  Let me take msn as an example. By our test, there have four type of msn file transfer as described below:

  1. For two buddies, if one of them is connected to internet directly, direct connection will be established to transfer files. This is the quickest way. There has three type of direct connections with dynamic ports which is negotiated by two sides.

  1.1) Direct TCP connection.

  1.2) Direct TCP connection use TLS encryption.

  1.3) Direct UDP transmission.

  2. If direct connection can not be established, msn servers can act as a relay server to transfer files. The file transfer packets will be among with normal msn messages.

  As you can see from above, there is no way to block msn file transfer simply by blocking some ports in the firewall. The firewall should be smart enough to recognize msn file transfer direct connections, and it shall be able to pick up file transfer packets from normal msn messages.

  Block MSN File Transfer

  Internet Monitor

  Block P2P