Blocking adapter won't accept default gateway, therefore I can't block.

[jesperhjelm1983]

Hello,



I'm testing this great piece of software and everything so far seems to fit our needs, but I have run into a little problem after the installation and configuration.

-------------------------------------------------

I can monitor all online computers on different't subnets and all, but I can't block, because the adapter can't/or won't accept the gateway address.

------------------------------------------------

I run the tool under system settings->check settings and everything I have tried so far to get it to accept the gateway has failed :(

----------------------------------------------

I have made the testsetup on a pc with 2 adapters, 1 for monitoring and 1 for blocking.



The monitor port is done trough port mirroring, but I'm nothing 100 hundred procent sure what about to do with the blocking adapter, I have tried several things, read all your guides and read every 31 posts in your supportforum, and tried the trick with changing the metric value on the nics.



----------------------------------------------

I have tried set the blocking adapter into several of our Vlan's even our management Vlan, but nothing has helped, it still comes up "red" for blocking adapter with the words "can not get the gateway ip address".

----------------------------------------------

I have also tried to put the monitoring adapter in same Vlan as the one where I want to block internet access for a testpc. "so the traffic doesn't have to travel over subnets"



I hope you can help me, I'm all up for suggestions :)





Kind regards

Jesper Hjelm

[admin]

Are you using the last version of WFilter? In old versions of WFilter, we did have this problem for some Windows servers. However it has been fixed since version "en.3.3.165".



If your WFilter version is not recent, please download the last version, launch the installation package and choose "Upgrade" to perform the update.



If your WFilter version is already the last version, let me know your windows version.

[jesperhjelm1983]

I have the most recent one ver. 3.3.169



I'm running Wfilter on a Win XP Pro. with SP3



I have disabled windows firewall and disabled the antivirus prog, even tried uninstall the antivirus prog.





I can see traffic going in and out and monitor all computers, but the blocking adapter still receives the red mark saying "can not get the gateway ip address".



/Jesper Hjelm

[admin]

Are you using DHCP or static ip address for the blocking adapter? If you're using DHCP, please set a static ip address for the blocking adapter to make a try.



WFilter gets the default gateway parameters from system registration table, with path: "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServices{****-****-****-****-******}ParametersTcpip".

Can you send me a screenshot of this registration table? (as in the attached screenshot).

Attached files

[jesperhjelm1983]

Hi again,



Finally, the blocking adapter is working now.



I had assigned it a static address already, and tried with several of our Vlans with their address ranges and gateway, but nothing has worked.



The solution was to assign the gateway address of the blocking adapter to the IP address of the ISA server.

I thought that I already had tried that, but apparently not.



We'll, now it looks like that we are only one step from having the solution we need.



Thank you very much for your time.





I still have one more question :)



Do you want me to make a new tread with a new question or post it here ?



It's regarding 801.1x authentication with a Radius server and Microsoft IAS for our wireless users.



I can't see their userlogon in Wfilter, so blocking them by user selection doesn't have any affect.



I maybe need some parameters in the Radius server or IAS, so the username can be seen in Wfilter ?

I haven't found any useful information about the problem/subject.



Kind regards

Jesper

[admin]

Glad to hear that. However, I am still a little confused:

1. Is the ISA server in the same vlan as the WFilter computer?

2. What is the original gateway IP?

Please tell me more about your network topology, so we can setup a such network to reproduce your issue and fix it.



For the "Radius server" and "Microsoft IAS" userlogon monitoring, I am afraid WFilter can not support it yet. Currently, WFilter only supports "account monitoring" for Microsoft Active Directory. Sorry for that. (Maybe we will add this kind of feature in later versions of WFilter)

[jesperhjelm1983]

Hi again,



Our general infrastructure looks like this:



1. Backbone switch - ISA server 2006 ->Internet router ->www



2. Wfilter is monitoring the switch port that goes to the ISA server



3. Our vlans all have their own default gateway (of course), where all outgoing traffic is going to the ISA with a static route defined in the backbone.





Our wireless setup:



Students, get's validated through a RADIUS server which against MS IAS with a policy rule, that need the user to be member of a specific group.



The students validate themself by a builtin website to the radius, and they type in their domain username and password.



Our problem:



We can't block the students in Wfilter by username or group, since we can't see their username in Wfilter.

We can only see the ip and mac-address of their pc's.



If we look at the event manager log on the IAS server, then we can see the userlogin and time of authentication.



I hope you can point us in the right direction so we can get this solved :)



Maybe we should try validate through Ldap in AD ?



Kind regards

Jesper Hjelm

[admin]

Thanks for your detailed information.

However, WFilter can not support retrieving usernames from "RADIUS server" yet. For monitoring and blocking by username, a windows Active Directory is required. For how to integrate WFilter with "Active directory", please check "How to do monitoring based on user accounts".



We will add "RADIUS server" support in WFilter later.