NxFilter Tutorial
Tutorial Index

GUI - Policy
You can have multiple filtering policies in your network based on user and group.


Policy > Policy
When you install NxFilter, there is only one policy that is 'Default'. This policy will be applied to everybody if you don't make any change on NxFilter setup. If you want to apply a different policy for a specific user or group, you need to create another policy and enable authentication.

After you create a policy you can modify its properties.

- Priority Points
If there are multiple policies associated to one user then the policy having the biggest points will be applied.

- Enable Filter
If you disable this option there will be no blocking from the policy.

- Block All
Block everything on policy level.

- Block Unclassified
Block unclassified domains.

- Ad-remove
Block domains in 'Ads' category with a blank block page.

This is useful when you want to remove embedded adverts without showing NxFilter's block page.

- Max Domain Length
There are some malwares using domain name itself as a message protocol. These domains are abnormally long while the length of most domains are under 30 characters. You can set a limit for the length of a domain to block these abnormal domains. To prevent having false positives NxFilter doesn't apply 'Max Domain Length' against 100,000 well known domains.

- Block Covert Channel
Some malwares or botnets are using DNS protocol as their communication tool. They are using DNS queries and responses to communicate with each other.

- Block Mailer Worm
Normally, you are not supposed to see MX query from your client PC. When NxFilter finds MX type query from your client PC, it will be regarded from some malware trying to send emails.

- Allow 'A' Record Only
This is the most strict way of filtering malwares and botnets employing DNS protocol as their communication tool. If you are an ordinary office worker you don't need to use any special type of DNS query. With this option enabled, NxFilter allows A, AAAA, PTR, CNAME only and the other types of DNS queries will be blocked.

- Quota
NxFilter supports 'Quota Time' feature. You can allow your users to browse some websites for a certain amount of time.

- Quota All
Apply quota to all domains including unclassified domains.

- Bandwidth Limit
You can set a policy level bandwidth consumtion limit.

This feature requires to import NetFlow data from your router or firewall. To find out more, read Bandwidth control with NxFilter.

- Safe Search
Enforcing Safe Search against Google, Bing, Youtube.

At the moment, switching between 'Moderate' and 'Strict' makes difference only for Youtube.

- Block-time
You can set policy level block-time.

- Logging Only
Monitoring user activity without blocking them.

- Blocked Categories
You can block domains by categories.

- Quotaed Categories
If you check some categories in 'Quotaed Categories' then your users can access the websites in the categories for the amount of time you specified with 'Quota' above. When a user consumed up his/her quota the DNS requests for those sites will be blocked.


Policy > Free Time
Global free-time can be defined on 'Policy > Free Time'. If you assign a free-time policy to a user, it will be applied during the time defined here.

We have a group specific free-time and policy specific block-time. Make your own free-time policy based on these options.


Policy > NxClient
NxFilter supports Remote Filtering and Application Control by NxClient. For more details, read NxClient and Remote filtering