Definition of monitoring mode, monitoring adaptor, IP ranges...

2.1 Monitoring Adaptor

The monitoring adaptor is mostly connected to a mirror port to capture and analysis Internet traffic. If the monitoring adaptor is not correct, you will not be able to monitor correctly. If you can only monitor yourself, it is mostly because the monitoring adaptor can not get other computers traffic.

2.2 Blocking Adaptor

WFilter need to send block packets to block connections on the blocking adaptor. It is ok for you to use a same blocking adaptor with the monitoring adaptor. However, if your switch does not allow outgoing traffic on a mirroring port or WFilter is filtering many computers, you need to use a different blocking adaptor.

2.3 Monitoring Mode

Two monitor modes are available: "By MAC address" and "By IP address". If you use "By MAC address" mode, the monitored log and configuration will be bind to the MAC address. And "By IP address" mode by ip address. "MAC address", also called as "hardware address" is unchangeable while "IP address" can be changed.

However, in a multi-segments network, MAC addresses can not be got behind a router. So we recommend you can use "By MAC address" mode in a single segment network while "By IP address" mode in a multi-segments network. More information, please refer to the "Deployment Guide".

3.1 IP Segments

"IP Segments" defines the subnet to be monitored. Monitoring adaptor's ip segment will be used if blank. Once configured, WFilter will only monitor computers in the configured ip segments. Multiply IP segements are separated by commas. For example: "192.168.1.0,192.168.2.0/24", "/24" is the submask(means:255.255.255.0). If you do not enter a submask, it is 24 by default.

3.2 Local Servers Settings

By default, WFilter only monitor internet traffics. To monitor local servers like local email server, you need to configure local servers IP addresses here. Multiple IP addresses are supported(seperated by a comma), for example: 192.168.1.101,192.168.2.103.