locked
Decision RRS feed

  • Question

  • Hi,

    We currently have a TMG web filter which monitors/filters the HTTP traffic in a network. The filtering is not done only on HTTP headers, it also scans the content.

    Now our requirements have changed, and we need:

    1. Make the HTTP monitoring/filtering without TMG (still for a network and not for a single computer)
    2. Add support for other applications which connect to the Internet using other protocols (e.g. instant messengers, file sharing applications…)
    3. We want to support Windows Vista and above.

    We are putting all our money on WFP to achieve this.

    The first challenge is to route the network traffic into our user mode application, which does the actual monitoring/filtering. From what we’ve learned until now, we have the following options (assuming a server with two network cards):

    1. Ask our users to use the RRAS (Routing and Remote Access) / ICS (Internet connection sharing) on a gateway on which our WFP callout driver will be running. Our callout driver should redirect the packages already altered by RRAS/ICS to the user mode application. From the tests we’ve made we can get the original packages at the Forward layer and we can see the changed packages by RRAS at the Transport Outbound level (with the IPs changed).
    2. Not depend on RRAS/ICS and implement our own NAT/redirection. To do this we should most probably register at the Forward and IP Inbound layers and work our magic from there.

    We are still learning WFP, so I’m turning to you guys, the experts. Which option would you choose in these conditions? Are there other/better options?

    Can we achieve our requirements over RRAS/ICS? Is there going to be a big overhead to do it over RRAS/ICS? Does it worth it to implement our own NAT/redirection?

    Any help is going to be really appreciated.

    Thanks!

    Friday, August 17, 2012 2:56 PM

All replies

  • No reply yet L Are we heading in the wrong direction by trying to use WFP for this?

    Thursday, August 23, 2012 7:17 AM