DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

2820 and Commtouch filter - allow certain ip's to bypass.

More
10 Nov 2010 08:40 #64795 by raph
Hi,

Purchased a 2820 router and also a license for the Commtouch filter service to use with this. However having setup the router to block certain websites using the Commtouch filter (which worked very well) I have now been asked to allow certain PC's to bypass the filter, giving them full access to the web.
The PC's in question are on static IP's but I am having no sucess in getting this to work.

Did try the Firewall - Filter option instead of Firewall - General Setup but when I did the Webfilter failed to block.
I would have hoped that there would have been a simple option to enable or disable certain IP addys using this CMS.
Any ideas please

Please Log in or Create an account to join the conversation.

More
10 Nov 2010 11:30 #64797 by j03y
The method we use in our office is;

1) Create your list of allowed IPs under IP group.

2) Create a new CSM filter list under CSM > Web Content Filter Profile. Ban/allow/whitelist/blacklist as you please.

3) Add a new filter rule under by going into Firewall > Filter Setup; modify the "Default Data Rule". Click on the next free data rule number. Then do this;

Ensure "Check to enable the Filter Rule" is checked.

Direction is LAN > WAN.

Source IP; select your group of allowed IPs as made in step 1.

Web Content Filter; select your CSM filter as made in step 2.

Set other options as necessary and click ok then ok again.

Hope this helps. We have successfully used this method to create two rule sets. One is for total bans on internet for our worst internet use offenders and one is complete access for the Directors.[/img]

Please Log in or Create an account to join the conversation.

More
10 Nov 2010 23:14 #64809 by raph
Thanks J03y.
Will give it a go tomorrow and see if I can get it to work,
Just to clear things up. In the Filter rule set should the application filter be set to "Pass immediately" for the two rules set (one that bans internet and the other that allows the directors)

Thanks

Please Log in or Create an account to join the conversation.

More
11 Nov 2010 10:02 #64815 by j03y
I have used "Pass if no further match" on the Directors rule, either way should work, and "block immediately" on my total bans.

Please Log in or Create an account to join the conversation.

More
12 Nov 2010 11:45 #64840 by raph
Thanks again,

I'm still having difficulty trying to get this to work and think I might not have the Firewall General Setup setup right. I have the call and data filter enabled above (data on set 2) then below I have the
Actions for default rule:
Filter set to pass
IM/P2P Filter none
URL Content Filter none
Web Content Filter none

If I set the Web Content Filter from none to one or the other filter rules I have configured it blocks everybody including the directors or the other rule allows everybody.

Please Log in or Create an account to join the conversation.

More
12 Nov 2010 14:44 #64844 by j03y
Right. It sounds like you've missed something. We need to check you have got everything in order.

Start by checking your IP objects then IP group are correct. Also check your WCF rule (you may have selected "Pass" here when you may have meant "block").

Now go into Filter Setup > Default and check your rule for your directors. check the direction, your source IP list is specified and that you have given a less strict WCF rule.

On Firewall > General Rule; Setup the rules fopr the majority of your clients. In our office this is everyone who is given limited internet access. so I'm guessing in your situation the strict WCF rule applies.

Sorry if this sounds like I'm telling you over and over. It does sound like you've missed a little something somewhere!

Please Log in or Create an account to join the conversation.

Moderators: ChrisSami