I see another program does not require manageable switch.

General discussion about WFilter ICF features, problems, configuration issues etc.

Moderators: imfirewall, gengw2000

barak
Posts: 6
Joined: Mon Sep 21, 2009 6:30 pm

I see another program does not require manageable switch.

Postby barak » Mon Jan 07, 2013 6:06 am

I want to deploy WFilter in a new office without a manageable switch.



I want to confirm whether "port mirroring" is required for WFilter, because I saw another product claims they don't need a manageable switch.

gengw2000
Posts: 281
Joined: Mon Sep 07, 2009 11:11 pm

I see another program does not require manageable switch.

Postby gengw2000 » Mon Jan 07, 2013 6:17 am

1. A manageable switch is not required.



The simplest way to deploy WFilter is to enable "port mirroring" in your switch/router. This pass-by filtering mode is easy to setup and does no influence to your network. Therefore it's recommended.



In case a manageable switch is unavailable, WFilter can also be deployed in "pass-through" mode. This mode needs a computer with two NICs to work as a network bridge. The deployment is a little complicated. Please check this topic for details: Deploy WFilter in a network bridge.



2. Why some other products can enable monitoring without a manageable switch?



1). Maybe this program works in pass-through mode too.



2). Some programs have "arpspoof" integrated. When enabled, it can send arp spoof packets to make itself acting as a network bridge. This behavior can slow down your network, and it can not monitor computers with anti-arp firewalls.



3). If you already have an arpspoof tool(eg: open source arpspoof tool, WFilter also can work with it. Please notice, the monitoring mode of WFilter shall be "by IP address". Again: ARP Spoof is harmful to your network, use it with caution.




Return to “WFilter ICF”

Who is online

Users browsing this forum: No registered users and 18 guests