Why blocking doesn't work?

General discussion about WFilter ICF features, problems, configuration issues etc.

Moderators: imfirewall, gengw2000

admin
Site Admin
Posts: 137
Joined: Wed Nov 23, 2016 12:08 pm

Why blocking doesn't work?

Postby admin » Wed Sep 09, 2009 8:28 pm

To make block work, please check by below steps:



1. Only clients being monitored can be blocked. It means the computers you want to block shall appear in "Online Computers". In the trial version, you can only monitor 8 computers, you can apply more by clicking "Request Monitoring of More Computers".



2. Check the "Control Settings"->"User-computer Table" to make sure that "Enable Monitor" and "Blocking Rules" are applied to computers you want to block.



3. Check certain block level settings.



4. If above are all correct, when your activities are blocked, you can see "blocked" activities in "Current Activities" of WFilter.



5. If still can not block, please check the "Blocking Adapter" in "Monitor Settings" of "System Settings". The blocking adapter shall be an available adapter which can reach computers to be blocked because WFilter needs to send blocking packets to these computers for blocking.



6. If the "Blocking Adapter" is correct, it is possible that your firewall program forbid sending of blocking packets. And it is only related to the firewall program in the computer with WFilter installed in. Runing firewall in the client computers will not affect the blocking function.

admin
Site Admin
Posts: 137
Joined: Wed Nov 23, 2016 12:08 pm

Why blocking doesn't work?

Postby admin » Wed Sep 01, 2010 7:02 pm

Some switches(eg: cisco 2950) do not allow outgoing traffic on a mirroring port in default. In this case, blocking feature is not working because WFilter can not send RST packets on the mirroring port.



You may check "System Settings"->"Check Settings" to check whether the blocking adapter can work.



If your switch does not allow outgoing traffic, you have two solutions:



1. Modify switch settings to allow outgoing traffic on the mirroring port. For example, cisco switch has a parameter "ingress" to allow outgoing traffic.



2. Use two NICs in the WFilter computer. One for monitoring only, another NIC is used for blocking. We recommend this solution when you have more than 100 computers.


Return to “WFilter ICF”

Who is online

Users browsing this forum: No registered users and 2 guests