cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
kevinme
New Contributor

url filtering help needed

Jump to solution

i have a few hundred people on the wisp network. i would like to block say  20 websites in url filtering. is there a way to allow a few users to use those blocked sites

ive tried everything i can think of but cant make it work

i can block the url just. i just want a few people to still get to those sites....we use static ip addresses on the network devices

thanks

kevin

0 Kudos
1 Solution

Accepted Solutions
Anonymous
Not applicable

Re: url filtering help needed

Jump to solution

:

Thank you for asking this question in the support community.  It may be cumbersome to make a configuration that fits your needs in the command line interface (CLI), but I believe this can be achieved by adding an additional NAT statement matching the specific IP address(es) and putting it above the "match-all NAT."  Also, the keyword no-alg will need to be added to that statement.  Here is an example:

ip access-list extended PRESIDENT

  permit ip host <president's IP> any

!

ip access-list extended MATCH-ALL

permit ip any any

!

ip policy-class PRIVATE

  nat source list PRESIDENT interface eth 0/1 overload no-alg

  nat source list MATCH-ALL interface eth 0/1 overload

I hope that makes sense, but please, do not hesitate to reply with any questions.  I will be happy to help in any way I can.

Levi

View solution in original post

0 Kudos
5 Replies
Anonymous
Not applicable

Re: url filtering help needed

Jump to solution

I have tried this same thing with the NV4430 as well. I was told you it is a all or nothing filter, not a per user or group. I ended up using some DNS filtering from another source to accomplish my needs.

kevinme
New Contributor

Re: url filtering help needed

Jump to solution

thats kinda what i figured but was hoping it want true.

thanks

what dns solution you use? opendns?

Anonymous
Not applicable

Re: url filtering help needed

Jump to solution

Either that or Norton. OpenDns has changed their price structure as of late though. Norton Dns by itself will not block specific websites but I have found the categories accurate. Its nice because you do not have to run any of their software to use these.

The following three pre-defined content filtering policies are available for home and personal use:Policy 1: Security (198.153.192.40 and 198.153.194.40) This policy blocks all sites hosting malware, phishing sites, and scam sites.


To use Policy 1, you should configure the DNS settings of your home router or Web-enabled device to use the following Norton ConnectSafe IP addresses: 198.153.192.40 and 198.153.194.40.


Policy 2: Security + Pornography (198.153.192.50 and 198.153.194.50) In addition to blocking unsafe sites, this policy also blocks access to sites that contain sexually explicit material. To use Policy 2, you should configure the DNS settings of your home router or Web-enabled device to use the following Norton ConnectSafe IP addresses: 198.153.192.50 and 198.153.194.50.Policy 3: Security + Pornography + Non-Family Friendly (198.153.192.60 and 198.153.194.60) This policy is ideal for families with young children. In addition to blocking unsafe sites and pornography sites, this policy also blocks access to sites that feature mature content, abortion, alcohol, crime, cults, drugs, gambling, hate, sexual orientation, suicide, tobacco or violence.


To use Policy 3, you should configure the DNS settings of your home router or Web-enabled device to use the following Norton ConnectSafe IP addresses: 198.153.192.60 and 198.153.194.60.

Anonymous
Not applicable

Re: url filtering help needed

Jump to solution

:

Thank you for asking this question in the support community.  It may be cumbersome to make a configuration that fits your needs in the command line interface (CLI), but I believe this can be achieved by adding an additional NAT statement matching the specific IP address(es) and putting it above the "match-all NAT."  Also, the keyword no-alg will need to be added to that statement.  Here is an example:

ip access-list extended PRESIDENT

  permit ip host <president's IP> any

!

ip access-list extended MATCH-ALL

permit ip any any

!

ip policy-class PRIVATE

  nat source list PRESIDENT interface eth 0/1 overload no-alg

  nat source list MATCH-ALL interface eth 0/1 overload

I hope that makes sense, but please, do not hesitate to reply with any questions.  I will be happy to help in any way I can.

Levi

0 Kudos
Anonymous
Not applicable

Re: url filtering help needed

Jump to solution

:

I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post and unmark it and select another in its place with the applicable buttons.  If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.

Thanks,

Levi