WFilter Deployment

1. Introduction

You only need to install WFilter in ONE computer to monitor a whole network. However, the WFilter computer must be deployed at a single location in the network where it can monitor all internet traffic.

There are two different kinds of deployment solutions:

  1. Pass-by mode: the WFilter computer is connected to a mirroring port in your switch/router.
  2. Pass-through mode: deploy WFilter in a windows gateway, network bridge, or proxy server.

2. Pass-by deployment

a. Pros

Pass-by deployment has the minimal influence to your current network.

  • Integrated with your current hardware, network topology can remain unchanged.
  • No influence to your network performance. In pass-by mode, WFilter analyse copies of network packets and does not delay the original packets. So your internet speed will not be affected.
  • Internet access is still available even if the WFilter computer crash or power off.

b. Cons

  • Requires "port mirroring" feature of your switch or router.
  • In pass-by mode, WFilter sends RST packets to terminate tcp connections. But it can not block udp traffic, so you also need to block certain udp ports in your router or firewall. Please check: How to block certain UDP ports in router/firewall?

Network topology diagram(the router shall support "port mirroring" feature):


  1. Cisco RVS4000

Network topology diagram(the switch shall support "port mirroring" feature):


  1. Huawei Quidway S5012P
  2. Cisco 2950
  3. DLink 3226
  4. DLink DES-1210-28
  5. DLink DES-1226G
  6. Linksys SRW224G4
  7. Netgear GS748AT
  8. HP Procurve1800
  9. Dell Powerconnect 2848

You're recommended to install the "Pass-by Deployment Helper" plugin to get a pass-by deployment solution for your network.

3. Pass-through deployment

a. Pros

  • Do not require a "port mirroring" device.
  • UDP traffic can also be filtered in pass-through mode.

b. Cons

  • More complicated to setup.
  • You might need to change your network current topology.
  • If the gateway/bridge server dies, you will lose internet access.

With a transparent network bridge, you can deploy WFilter transparently, without any change to current network topology and client device settings. Network topology diagram:


  1. Deploy WFilter with a windows 8 network bridge
  2. Deploy WFilter with a windows XP network bridge

Setting up a windows gateway and install WFilter in this gateway to do monitoring and filtering. Network topology diagram:


  1. Deploy WFilter with a windows 2003 gateway
  2. Deploy WFilter with a windows 2012 gateway
  3. Deploy WFilter with a win7 gateway and a wireless AP

4. WFilter Topics

More topics of "blocking UDP in pass-by deployment", "WFilter installation in virtual machines", "active directory integration", "monitoring by MAC addresses" and "wifi network monitoring solutions" are also available: