XII. Firewall/Security Features

Firewall - Using the Web Content Filter on a Vigor 3900

Vigor 2960
Vigor 3900
Show all

The DrayTek Vigor 3900's WCF (Web Content Filter) can be used to control the content that the local network has access to on the Internet. This offers administrators the option to block content based on categories instead of blocking individual sites. Which makes it possible to block all "Social Networking" sites with a single firewall entry.

All DrayTek routers come with a 30 day WCF trial upon registration. Following this a 12 month license can be purchased. For more information on the WCF license please view this link

The example displayed in this guide will show how to block the local network from accessing all Social Networking websites by using the WCF. A whitelist entry will be created for the website Linkedin to demonstrate how to make specific sites exempt from the web content filtering where necessary.

Note: The 1.2.0 and later firmware makes significant changes to the functionality of the IP Filter of the firewall. If experiencing issues with Web Content Filtering, please read the Filter Rule Actions segment of this guide.

Configuration Setup Being Applied

1. Confirm setting of 3900's 'Default Policy' rule

2. Confirm 3900 has an active WCF license

3. Create 'Web Category Object' for content to be blocked

4. Create 'Keyword Object' for whitelist entry

5. Create 'WCF Filter' rule using the objects that have been configured

1. The Default Firewall rule is set to Pass all outbound traffic from the local network, confirm this setting is applied.

  • Menu: [Firewall] > [Filter Setup]
  • Select Default Policy tab

2. With an internet connection available on the DrayTek 3900, check that an active WCF license is applied.

  • Menu: [Objects] > [Web Category Object]
  • Select Content Filter License tab

If the DrayTek requires a license to be added, information can be found on this link for process required.

3. Create a Web category object, selecting the Social Networking category

  • Menu: [Objects] > [Web Category Object]
  • Select Web Category Object tab

4. Create Keyword Object which will be used to allow access to the website Linkedin

  • Menu: [Objects] > [Keyword/DNS Object]

When creating the keyword entry, click Add to create a new keyword entry in the keyword object, enter the keyword to be blocked in there, click Save then click Apply to finish configuring the Keyword Object.

5. Add a new WCF firewall rule using the objects that have been configured.

  • Menu: [Firewall] > [Filter Setup]
  • Select URL/Web Category Filter tab
  • Enable Firewall Rule
  • Enable HTTPS
  • Select object from Keyword Pass
  • Select object from Web Category Policy

The local users will now have full access to the website LinkedIn, but all other Social Networking websites will be blocked by the Web Content Filter.

How do you rate this article?

1 1 1 1 1 1 1 1 1 1