Until recently, I was the owner of an ancient 2600We.
I decided to upgrade myself to a 2710VN.
Boy, was I in for a shock !
The old model provided a very simple way of blocking URL's that didn't match the criteria needed - there was no need to link them into your access control lists / filters . It just works.
On the newer object-orientated models such as the 2710, this is all reworked such that you really need to think more carefully about how you assemble your firewall filters.
The way Draytek have gone about this seems to have started off well, but has all the signs of a solution rushed to meet a deadline i.e. not finished off at all well.
example : Why allow a URL/Web Content filter to be added to a filter with only a "Pass" rule. Weird ? - well certainly confusing for newbies I'll bet !!
The best ( maybe only ? ) way I've found is to ...
1. start off with hard blocks..
2. then add a "block if no further match" filter rule.
3. then add rules to allow through things like SMTP/POP etc.
4. then when you come to allow through Web/Port 80/443, stick in a "Pass If No Further Match" rule for Port 80/443, which branches off to another Filter set ( when it matches the web rule ) that does further checking for nasty stuff using the URL/Web settings you can manage under CSM.
Anyone found an easier way ?
