Pax8 Partner Guides

OTG for Windows Frequently Asked Questions

How do I know if OTG is working?

Can users manually change their DNS settings and bypass OTG?

How can I stop and restart OTG?

Where are the OTG logs?

How can I uninstall OTG from the command line?

How does OTG work with a VPN?

How does OTG behave with Captive Portals?

How do I know if OTG is working?

There are a number of ways to check if OTG is working:

  • If the OTG icon is configured to show in the system tray, you can roll over the WTC-OTG-icon.jpg icon to see its status:

    WTC-OTG-status.jpg

  • Perform a command line nslookup on a domain that is known to be blocked by your policy. If the lookup returns the IP of WebTitan Cloud (which is its block page), then filtering is working.

  • When filtering, your network card’s IPv4 properties will have the DNS server settings changed to 127.0.0.3.

Can users manually change their DNS settings and bypass OTG?

Once a user has administrative privileges to their machine, they can manually change their DNS settings and bypass any filtering system.

How can I stop and restart OTG?

If you have admin access, you can start or stop OTG in Windows Services. To do this:

  1. Open a run box by pressing Win key + R.

  2. Type services.msc and press Enter. The Services window displays:

    WTC-OTG-services-window.jpg

  3. Locate and click WebTitan Cloud OTG to show the Stop and Restart options. Right-mouse click for further options, e.g. Resume. Stopping this service will also stop the Unbound service.

Where are the OTG logs?

Logs and post-install config files are located at:

c:\ProgramData\WebTitan Cloud OTG\

How can I uninstall OTG from the command line?

  1. Open a command prompt with administrative privileges.

  2. Stop the OTG service using this command: 

    net stop "WtcOtg"

  3. Uninstall OTG using the msiexec /x command, providing the exact path that OTG was originally installed from, e.g.: 

    msiexec /x c:\temp\OTC\1.5.12\setup.msi /quiet /qn

How does OTG work with a VPN?

Normally OTG manages the DNS settings for all network adapters and assigns them a DNS IP of 127.0.0.3. However, OTG is bypassed on VPN adapters. If OTG detects a VPN adapter, it will not change its settings.

Therefore, if DNS requests are going through a VPN, they are unfiltered and the DNS server at the end of the VPN tunnel must be configured to apply filtering as required.

How does OTG behave with Captive Portals?

A captive portal is a page that a user of a public-access network must view and interact with before further access is allowed. For example, when a user connects to Wi-Fi in a coffee shop and must complete a form before being granted external web access.

WebTitan Cloud OTG detects this situation and backs off until the connection is made, returning the network DNS settings to their previous values.

After an external connection is made, it will take over again and change the DNS settings to point at WebTitan Cloud.

In certain situations, where firewall rules in an organization rewrite/divert all DNS traffic to a different DNS server, WebTitan Cloud OTG will not provide filtering.

In this section: