I want to deploy WFilter in a new office without a manageable switch.
I want to confirm whether "port mirroring" is required for WFilter, because I saw another product claims they don't need a manageable switch.
I see another program does not require manageable switch.
Moderators: imfirewall, gengw2000
I see another program does not require manageable switch.
1. A manageable switch is not required.
The simplest way to deploy WFilter is to enable "port mirroring" in your switch/router. This pass-by filtering mode is easy to setup and does no influence to your network. Therefore it's recommended.
In case a manageable switch is unavailable, WFilter can also be deployed in "pass-through" mode. This mode needs a computer with two NICs to work as a network bridge. The deployment is a little complicated. Please check this topic for details: Deploy WFilter in a network bridge.
2. Why some other products can enable monitoring without a manageable switch?
1). Maybe this program works in pass-through mode too.
2). Some programs have "arpspoof" integrated. When enabled, it can send arp spoof packets to make itself acting as a network bridge. This behavior can slow down your network, and it can not monitor computers with anti-arp firewalls.
3). If you already have an arpspoof tool(eg: open source arpspoof tool, WFilter also can work with it. Please notice, the monitoring mode of WFilter shall be "by IP address". Again: ARP Spoof is harmful to your network, use it with caution.
The simplest way to deploy WFilter is to enable "port mirroring" in your switch/router. This pass-by filtering mode is easy to setup and does no influence to your network. Therefore it's recommended.
In case a manageable switch is unavailable, WFilter can also be deployed in "pass-through" mode. This mode needs a computer with two NICs to work as a network bridge. The deployment is a little complicated. Please check this topic for details: Deploy WFilter in a network bridge.
2. Why some other products can enable monitoring without a manageable switch?
1). Maybe this program works in pass-through mode too.
2). Some programs have "arpspoof" integrated. When enabled, it can send arp spoof packets to make itself acting as a network bridge. This behavior can slow down your network, and it can not monitor computers with anti-arp firewalls.
3). If you already have an arpspoof tool(eg: open source arpspoof tool, WFilter also can work with it. Please notice, the monitoring mode of WFilter shall be "by IP address". Again: ARP Spoof is harmful to your network, use it with caution.
IMFirewall Software provides solutions for web content filtering software, business internet filtering software, business internet usage monitoring software.
Who is online
Users browsing this forum: No registered users and 2 guests