NxFilter Tutorial
Tutorial Index

NxProxy and Remote Filtering
NxFilter provides a remote filtering client software that is NxProxy. Once you install NxProxy on a user system, you can filter and monitor the Internet activity from the user system regardless of user location.

You need to open TCP/80, TCP/443 port on NxFilter.


Install NxProxy on Windows
When you install it using its installer, you will see its setup program (C:/Program Files/nxproxy/setup.exe) running. There are 'Server Address' and 'Login Token' parameters for you to set up with your own values.

On NxFilter, every user has a unique login token.

After you modify the config values, test your setup first and then start it. You can see if it is working by viewing 'Logging > Signal' on NxFilter GUI. There will be signals from NxProxy.

You can add multiple server IP addresses or domains separated by commas if you run a cluster of NxFilter.


Uninstall NxProxy on Windows
To prevent uninstalling by your user, NxProxy doesn't provide its uninstaller on 'Add/Remove programs' in Windows control panel. When you uninstall NxProxy, you need to do it manually with the following steps.

1. Run C:/Program Files/nxproxy/bin/unstsvc.bat.
2. Delete C:/Program Files/nxproxy' folder


Silent install on Windows
For those of you wanting to install NxProxy on multiple PCs using GPO or PDQ deployment, we have silent install options.

For silent install,

/silent : Runs the installer in silent mode (The progress window will be displayed).
/verysilent : Very silent mode. No windows will be displayed.

And you can specify Server Address and Login Token,

/server=192.168.0.100
/token=GKSYEJYG

This is the final form of the command.


		nxproxy-1.0.1.exe /verysilent /server=192.168.0.100 /token=GKSYEJYG
	


Install, uninstall NxProxy on macOS
We have a macOS package for NxProxy. You can download it from download page and install it as you do with the Windows version of NxProxy. One difference is that you need to have Java or JRE installed before installing NxProxy.

We recommend AdoptOpenJDK. They provide macOS packages that are properly signed and notarized by macOS security requirements.

Your NxProxy will be installed into /Library/nxproxy. To run its setup program,


		/Library/nxproxy/setup-mac.sh
	

To uninstall it,


		/Library/nxproxy/uninstall-mac.sh
	


Signals of NxProxy
We defined several signals with which you can find out what is happening on a user system. NxProxy sends these signals.

  • START : When NxProxy starts, it sends START signal to NxFilter.
  • STOP : When NxProxy stops, it sends STOP signal to NxFilter.
  • PING : NxProxy sends PING signal to NxFilter every 5 minutes.

You can view these signals on 'Logging > Signal' on NxFilter GUI.


Fail-safe measure for NxProxy
When NxProxy can't connect to its server, it bypasses filtering temporarily before it gets the connection restored. This is because your users need to be able to use the Internet anyway. If you use clustering, you can use multiple server addresses for redundancy.


Auto-switch to local filtering
You may want to stop NxProxy filtering while it's in your local network as you already have filtering by NxFilter or NxCloud there/. In that case, enable Auto-switch on 'Policy > NxProxy.

You need v1.0.5 or later of NxProxy and v4.3.8.5 or later of NxFilter or NxCloud for auto-switch.


Disabling Firefox, Chrome DoH
Since you don't want to allow people bypassing NxProxy using DoH (DNS over HTTPS), NxProxy will try to block your users using DoH with Firefox and Chrome. When it detects the DoH settings of Firefox enabled, it will disable the settings and kill the Firefox process. For Chrome, we only detects its DoH settings by startup parameters and kill its process. The DoH settings through Chrome setup page or GUI respect your system DNS settings.

We defined two special domains to alert you about disabling DoH settings of your user browsers. You will have block log data for the following domains when NxProxy blocks a browser using DoH.

  • firefox.doh.app
  • chrome.doh.app