Category     

Manual: Network Settings → Content Filtering

« Go Back

Information

 
Content

Content Filtering


You have two main options for filtering content for local networks.

  1. WebFilter Rules: Create a list of websites that will be either disallowed or allowed. Customize the filter settings for each network and/or each MAC address. (These rules will not block HTTPS websites.)
  2. Cloud Based Filtering/Security: Allows several options for filtering and security using third-party services:
    • Umbrella by OpenDNS
    • Zscaler

Network WebFilter Rules

image

Network WebFilter Rules allow you to control access from your network to external domains or websites. Rules are assigned to a specific LAN network (or all networks). The highest priority rule will have precedence when there is a conflict. Addresses can be added by URL/Domain name or by IP address.

Exceptions to existing rules can be created by adding another rule with higher priority. For example, if access to espn.go.com is desired but go.com is blocked with a priority of 50, the addition of an “Allow” rule for espn.go.com with a priority of 51 or greater will allow access.

When creating rules keep in mind that some sites use multiple domains, so each domain may need a rule added to produce the desired behavior.

NOTE: Websites that use HTTPS will not be blocked by these rules. You will need to use OpenDNS to block HTTPS websites.

Click Add or Edit to open the Filter Rule Editor.

image

  • Assigned Network: Select either “All Networks” or one of your LAN networks from the dropdown list.
  • Domain/URL/IP: Enter the Domain Name or URL (address) of the website you wish to control access for, e.g. www.google.com. To make sure the full domain is blocked, enter the most inclusive domain (e.g. google.com will effectively block www.google.com as well as maps.google.com and images.google.com). Alternatively you can use an IP address, e.g. 8.8.8.8, or address range written in CIDR notation, e.g. 8.8.8.0/24.
  • Filter Action: Select Block or Allow.
  • Rule Priority: Higher number rules overrule lower number rules.
  • Enabled: A rule can be enabled or disabled by selecting or deselecting the checkbox.

Click Submit to save your rule changes.

Default Network Filter Settings

image

Use Default Network Filter Settings together with Network WebFilter Rules to control website access. All of your networks are set to allow website access by default. Select a network and click Edit to change the default filter settings.

image

Default Action: Select from the following dropdown options:

  • Allow Access (default)
  • Block Access

When a network is set to Allow Access, it will allow access to sites not specifically blocked in the WebFilter Rules.
When a network is set to Block Access, it will block access to sites not specifically allowed in the WebFilter Rules.

Filter URLs by IP Address: (Default: No) Changing this option to “Yes” will cause the router to perform a DNS lookup on URL entries, and the IP addresses will be appended to the appropriate block/allow list. This can have the side effect of being very strict; sites that are hosted across many domains may need every domain added to the list for full functionality.

MAC Address WebFilter Rules

MAC Address WebFilter Rules allow you to control access from a specific MAC address to external domains or websites.

image

The settings for the MAC Address WebFilter Rules section match those for the Network WebFilter Rules, except that you must assign a MAC address instead of a network to each rule.

image

See the Network WebFilter Rules section (above) for more configuration details.

MAC Address WebFilter Defaults

image

Use MAC Address WebFilter Defaults together with MAC Address WebFilter Rules to control website access for specific MAC addresses. By default, each MAC address is allowed website access. Click Add/Edit to change this setting for a MAC address.

image

Input the MAC address and default action you would like to apply to that MAC address.

Default Action: Select from the following dropdown options:

  • Allow Access (default)
  • Block Access

When a network is set to Allow Access, it will allow access to sites not specifically blocked in the WebFilter Rules.
When a network is set to Block Access, it will block access to sites not specifically allowed in the WebFilter Rules.

Cloud Based Filtering/Security

Select a third-party Cloud Provider from the dropdown list.

  • Umbrella by OpenDNS
  • Zscaler

Umbrella by OpenDNS

Umbrella by OpenDNS is a cloud-based web filtering and security solution that protects you online by filtering websites. Go to http://www.opendns.com/ for information about Umbrella.

Enter your Umbrella account information in order to use these content filtering settings.

image

Force All DNS Requests To Router: Enabling this will redirect all DNS requests from LAN clients to the router's DNS server. This will allow the router even more control over IP Addresses even when the client might have their own DNS servers statically set.

OpenDNS ISP Filter Bypass Algorithm: It is possible that your Internet Service Provider (ISP) uses the port that OpenDNS is configured to access, port 53, which will prevent OpenDNS filtering. If OpenDNS does not appear to be working correctly, enabling this will attempt to bypass those ports when using an OpenDNS content filtering level.

Zscaler

Zscaler is a cloud based web filtering and security provider that offers several plan options. Depending on your Zscaler implementation, this could include:

  • Global Cloud Platform
  • Real-Time Reporting
  • Behavioral Analysis
  • URL Filtering
  • Advanced Threat Protection
  • Inline Anti-Virus & Anti-Spyware
  • Web 2.0 Control
  • Data Loss Prevention
  • Bandwidth Management
  • Web Access Control
  • And more…

NOTE: Zscaler requires a feature license. Go to System Settings → Feature Licenses to enable this feature.

IMPORTANT NOTE: When the Zscaler functionality is enabled within a Cradleponit router, the Cradlepoint will modify the EDNS portion of the packets in compliance with RFC 6891 in order to allow Zscaler to apply their filtering service to the each LAN behind the Cradleponit.  Currently, we have seen some very specific servers lack the ability to route packets when a packet's EDNS field has been modified.  Please make sure your server can handle this type of traffic before purchasing the full product.

image

Enter your Zscaler account information to enable these settings. Input local network information (Network Address and Netmask) to assign your Zscaler implementation to one or more local network(s).

This article not have what you need?  Not find what you were looking for?  Think this article can be improved?  Please let us know at suggestions@cradlepoint.com


 
Knowledge Home | Product