No announcement yet.

Understanding the policy application system of NxFilter.

This is a sticky topic.
  • Filter
  • Time
  • Show
Clear All
new posts

  • Understanding the policy application system of NxFilter.

    If you're an experienced systems administrator, you might already be familiar with many of NxFilter's features, as they are common in other network security solutions. However, for those less experienced with such technologies, NxFilter's policy decision system might not be as straightforward. This is particularly true for home network users.

    -- Default policy

    When you install NxFilter for the first time, there is only one policy, which is the 'Default' policy. All the traffic will be managed under this default policy. If you don't need separate policies for different users, then this default setting might be all you need.

    -- User based policy

    Imagine you want to prevent your children from accessing inappropriate websites without imposing the same restrictions on yourself. You can achieve this by creating an additional policy named 'For kids' on 'Policy > Policy' section. In this policy, you would block the Porn category.

    But how do you apply this new policy specifically to your children's internet access? This is where User Authentication plays a crucial role.

    First, enable User Authentication in the 'System > Setup' section. Then, create a user 'kid', on 'User > User'. On the user's edit page, set both the work-time and free-time policies to 'For kids'. Next, link your children's IP addresses or IP ranges to this user account on the same edit page.

    Considering that your children's devices might use dynamic IP addresses, it might be practical to set a password for the 'kid' user. Your children can then log into NxFilter with this password through its login page (http://your-nxfilter-ip/login).

    ** Note: There are other options like CxLogon to automatically log your children in without needing the login page. However, User Authentication in NxFilter is a comprehensive topic. For more details, visit

    -- Group based policy

    You may have 2 or 3 kids and you can create a user for each kid and set that 'For kids' policy to them. But what if you have more? And their ages are different and requires different filtering policies? Then you need to create groups. You can create 'kid1', 'kid2', 'kid3' and then you create a group 'kids' on 'Group > Group'. You can put your kids into the group on the edit page of the group.

    Now you can set a policy to the group. However, there's one thing you need to know about how group policy works. User policy comes before group policy. If you want to apply group policy the members of the group should have 'Default' policy as their user poicy.

    ** Note: You might not need groups for just a few children. But NxFilter is designed to handle several thousand users, like in big companies or schools. When there are a lot of users, using groups helps manage everyone more easily.

    -- Time based policy

    NxFilter offers Dual Policy feature, allowing you to define separate policies for work-time and free-time for both users and groups. To set up free-time, navigate to 'Policy > Free Time' in the NxFilter GUI. Any time outside the defined free-time range is considered work-time.

    ** For more information, read

    -- When a user in multiple groups

    When you create users on NxFilter GUI, they can belong to only one group. However, when importing users and groups from Active Directory, there may be users beloning to multiple groups and even nested group relations. This complexity makes setting up group based policies challenging. To address this, NxFilter uses a system called Policy Points. If there are multiple policies from multiple groups then the policy having the highest priority points takes precedence and is applied.

    -- Finding out the current policy

    Due to the numerous factors involved, such as user policy, group policy, work-time and free-time policies and multiple group relationships, determining which policy NxFilter applies to a user can be complex. To assist with this, a test page feature is available for users. On the user list, you will find 'TEST' button featuring an eye icon. Clicking this button reveals the currently applied policy for the user.
    Last edited by support200; 03-21-2024, 04:22 AM.