NxFilter Tutorial
Tutorial Index

NxClient and Remote Filtering
NxFilter provides a remote filtering client software that is NxClient. Once you install NxClient on a user system, you can filter and monitor the Internet activity from the user system regardless of user location.

You need to open TCP/80 port on NxFilter.


Installation of NxClient
When you install it using NxClient installer, you will see its setup program (C:/Program Files/nxclient/setup.exe) running. There are 'Server IP' and 'Login Token' parameters and you need to set them up with your own values.

On NxFilter, every user has a login token. You can find it on 'User > User > EDIT'.

After you modify the config values, test your setup first and then start it. You can check if it is working by viewing 'Logging > Signal' on NxFilter GUI. There will be signals from NxClient.

You can add multiple server IP addresses separated by commas if you run a cluster of NxFilter.


Signals of NxClient
We defined several signals with which you can find out what is happening on a user system. NxClient sends these signals.

  • START : When NxClient starts, it sends START signal to NxFilter.
  • STOP : When NxClient stops, it sends STOP signal to NxFilter.
  • PING : NxClient sends PING signal to NxFilter every 5 minutes.

You can view these signals on 'Logging > Signal' on NxFilter GUI.


Fail-safe measure for NxClient
When NxClient can't connect to its server, it bypasses filtering temporarily before it gets the connection restored. This is because your users need to be able to use the Internet anyway. If you use clustering, you can specify multiple server IP addresses on its setup for redundancy.


Auto-switch to local filtering
When you use NxClient on your mobile worker's laptop you might have a problem with your filtering policy when they are staying in the office. Your mobile worker might be filtered twice. One from NxClient, one from your local NxFilter.

To address this issue, NxClient does auto-switch between local filtering and remote filtering. This means that NxClient can find NxFilter in a local network. It bypasses its remote filtering when it is in your local network. Plus, it has its own NxLogon module doing single sign-on in your local network.

If you don't like this auto-switch behavior, you can add 'no_switch = 1' into C:/Program Files/nxclient/conf/cfg.properties.


Uninstalling NxClient
To prevent uninstalling by your user, NxClient doesn't provide its uninstaller on 'Add/Remove programs' in Windows control panel. When you uninstall NxClient, you need to do it manually with the following steps.

1. Run C:/Program Files/nxclient/bin/unstsvc.bat.
2. Delete C:/Program Files/nxclient' folder


Silent install
For those of you wanting to install NxClient on multiple PCs using GPO or PDQ deployment, we have silent install options.

For silent install,

/silent : Runs the installer in silent mode (The progress window will be displayed).
/verysilent : Very silent mode. No windows will be displayed.

And you can specify 'Server IP' and 'Login Token',

/server=192.168.0.100
/token=GKSYEJYG

This is the final form of the command.


		nxclient-9.1.5.exe /verysilent /server=192.168.0.100 /token=GKSYEJYG
	


Proxy filtering by NxClient
NxClient has a web proxy module and does HTTP/HTTPS filtering by setting up itself to be the system proxy of your user system.

To use proxy filtering by NxClient, you have to enable filtering on 'Policy > NxClient'.

These are the supported options,

1. Block IP Host
Blocking HTTP/HTTPS requests with an IP host in URLs.

2. Block Other Browsers
Currently, NxClient's proxy filtering supports Internet Explorer, Edge, Chrome, Firefox. So you want to block your users from using other browsers.

We block other browsers by the application control module of NxClient. If you want to bypass a program, add use 'Excluded keywords' on 'Application Control'.

3. IE Proxy Bypass
Since NxClient works as the system web proxy, you can use the bypass option on IE settings.

4. Query Cache TTL
NxClient keeps its filtering query results for 60 seconds at default for faster browsing. You can increase the value if you have a slow connection.

When you increase the value for 'Query Cache TTL', keep in mind that your policy change will be reflected after the cache expires.


Application control by NxClient
NxFilter supports Application Control by NxClient. You can block unwanted programs and find out who tried to run those blocked programs.

To use application control by NxClient, you have to enable filtering on 'Policy > NxClient'.

These are the supported options,

1. Block UltraSurf
NxCleint detects UltraSurf by port scanning.

2. Block Port
NxCleint detects Tor by port scanning.

3. Blocked Process Name
You can block a process by its name. When you add a blocked keyword here and NxClient finds a matching process name, it will kill the process.

4. Excluded Keywords
You can add process names or keywords to bypass NxClient's process blocking.

5. Execution Interval
You can decide how frequently execute NxClient's process blocking.


Logging blocked application
We defined some special domains and rules for showing the application control logging on NxFilter log view.

  • ultrasurf.port.app : UltraSurf has been blocked by port scanning.
  • tor.port.app : Tor has been blocked by port scanning.
  • chrome.exe.pname.app : Chrome has been blocked by its process name.