System Settings >> Monitoring Settings

Settings of monitoring mode, monitoring devices, IP ranges...

System Status

Current monitor service status. You can stop/start monitor by clicking "Start" or "Stop".

Monitoring Device Settings

2.1 Monitoring Mode

"Monitoring Mode" defines the way of identifying a computer. "By MAC Address" identifies a computer by its MAC address.

It is recommended to use "By MAC Address" mode in single segment networks. However, in a multi-segments network, you need to use "By IP Address" mode because MAC addresses can not be retrieved behind a router.

2.2 Blocking Mode

Two blocking/filtering mode are supported: Pass-by mode and Pass-through mode. Please check this guide for more details: which WFilter deployment mode shall I choose?.

2.3 Internet Bandwidth

Available internet bandwidth. A proper internet bandwidth is required for "Real-time Bandwidth" diagram, "Bandwidth Management", "Bandwidth Alert" to work effectively.

2.4 Monitoring Adapter

The monitoring adapter is usually connected to a mirroring port of your switch to capture and analysis internet traffic.

If WFilter is installed in a gateway/proxy server, please choose the internal adapter as the monitoring adapter.

If the monitoring adapter is not correct, you will not be able to monitor correctly. If you can only monitor yourself, it is mostly because the monitoring adapter can not receive other computers traffic.

2.5 Blocking Adapter

WFilter need to send block packets to block connections on the blocking adapter. It is ok for you to use a same blocking adapter with the monitoring adapter. However, if your switch does not allow outgoing traffic on a mirroring port or WFilter is filtering more than 50 computers, you're recommended to use a different blocking adapter. If you have multiple vlans, the blocking adapter shall be able to communicate with other vlans.

Network Definition

3.1 IP Segments

"IP Segments" defines the subnet to be monitored. Monitoring adapter's ip segment will be used if the "IP Segments" is blank. Once configured, WFilter will only monitor computers in the configured ip segments. Multiply IP segements are separated by commas. For example: "192.168.1.0,192.168.2.0/24", "/24" is the submask(means:255.255.255.0). If you do not enter a submask, it is 24 by default.

3.2 Local Servers Settings

By default, WFilter only monitor internet traffic. To monitor local servers like local email server, you need to configure local servers IP addresses here. Multiple IP addresses are supported(seperated by commas), for example: 192.168.1.101,192.168.2.103.

Notice

  1. If your switch does not allow outgoing traffic on a mirroring port or WFilter is filtering more than 50 computers, you're recommended to use a separated blocking adapter.
  2. If WFilter is installed in a gateway/proxy server, please choose internal adapter as the monitoring adapter.
  3. If you're using a local proxy server to access internet, please add the proxy server ip address into "Local Servers".
  4. Both outbound and inbound traffic needs to be mirrored, if you only see incoming or outgoing packets in the "System Status", please modify your port mirroring settings to mirror both outbound and inbound traffic.