Pass-by or Pass-through, which WFilter deployment mode shall I choose?

4.0

Author:
IMFirewall Software
HomePage:
http://www.imfirewall.us

1. Introduction

WFilter supports two kinds of deployment mode: pass-by mode and pass-through mode.

In pass-by mode, you need to setup a mirroring port in your switch/router, and connect the WFilter computer to the mirroring port to do monitoring/filtering. In this mode, WFilter analyse copies of the network packets and does not delay the original packets. Network topology diagram:



Pass-by mode

In pass-through mode, WFilter shall be installed in a windows gateway, bridge, or proxy server. Network topology diagram:



Pass-through mode

2. Advantages and disadvantages

2.1 Pass-by mode

2.1.1 Advantages

  1. Pass-by mode is easier to setup. You can do it simply by setting up a mirroring port, without any change to your network topology. However, pass-through mode requires more effort to setup a gateway/bridge/proxy server.
  2. In pass-by mode, WFilter analyse copies of the network packets and does not delay the original packets. So your internet speed will not be affected. However, in pass-through mode, because all network packets pass through the monitoring server, there might be a slight delay.
  3. In pass-by mode, if the WFilter computer crash or power off, your internet access is still available. However, in pass-through mode, your internet will be disconnected if a gateway/bridge/proxy device stops working.

2.1.2 Disadvantages

  1. Your switch or router needs to support port mirroring.
  2. In pass-by mode, WFilter sends RST packets to terminate tcp connections. But it can not block udp traffic, so you also need to block certain udp ports in your router or firewall. Please check How to block certain UDP ports in router/firewall?

2.2 Pass-through mode

2.2.1 Advantages

  1. A port mirroring switch or router is not required. You only need a PC to setup a windows gateway/bridge/proxy.
  2. UDP traffic can also be blocked in pass-through mode.

2.2.2 Disadvantages

  1. It is more complicated to setup, sometimes you need to change your network topology and settings.
  2. It will slightly affect your internet speed if you have many client computers, depending on hardware performance of the monitoring server.

In summary, to choose a suitable deployment mode, you need to consider the following aspects: stability, hardware conditions, and technical capacity. For more information, please check WFilter Deployment Examples.