7 Replies Latest reply on Feb 20, 2013 1:13 PM by noor

    How to allow some clients to access blocked websites?

    ovais New Member

      Hi,

      I have recently received my NetVanta 3430 unit, I have configured it and everything is working very smooth. Just today i tried to use the web filtering feature to block some websites mostly social networking sites, i need to give my marketing department access to some blocked content in order to run some marketing campaigns. When i enable the web filter it blocks those websites for everyone, is there a way to exclude some clients? 

        • Re: How to allow some clients to access blocked websites?
          Employee

          ovais - Thanks for posting your question on the forum!

           

          There are two ways to exclude users from the URL filter. I will outline both suggestions below:

           

          1. Place the marketing department in a different VLAN from other users. You would need to configure a trunk between the NetVanta LAN interface and the switch connecting directly to it. On the NetVanta 3430, you would apply the URL filter to the sub-interface for your other users. The sub-interface for the marketing users would not have the URL filter applied to it. Below is a document on how to set up interVLAN routing on an AOS device:

           

          Configuring InterVLAN Routing in AOS - Quick Configuration Guide

           

          2. If you are unable to place the marketing users on a different subnet/VLAN, then the other option would be to statically assign these users an IP address. Once this is done, you can add a rule to the LAN access-policy that will allow these users to bypass the URLfilter. For example, say you want the CEO to bypass the URL filter. You would statically assign his computer an IP address such as 192.168.1.1. You would then add a NAT rule for this specific user that has the "no-alg" option enabled. You will want the rule to be placed above the NAT all rule that is configured. The CLI configuration snippet is shown below:

           

          ip access-list extended BypassURL

             permit ip host 192.168.1.1 any

          !

          ip access-list extended MatchAll

             permit ip any any

          !

          ip policy-class Private

             nat source list BypassURL int eth 0/1 overload no-alg

             nat source list MatchAll int eth 0/1 overload

          !

           

          Please do not hesitate to let us know if you have any questions.

           

          Thanks,

          Noor

          • Re: How to allow some clients to access blocked websites?
            ovais New Member

            Yes, i did make it work with 2nd option and it worked like a charm .

              • Re: How to allow some clients to access blocked websites?
                Employee

                ovais -

                I went ahead and flagged this post as “Assumed Answered.”  If any of the responses on this thread assisted you, please mark them as either Correct or Helpful answers with the applicable buttons.  This will make them visible and help other members of the community find solutions more easily.  If you still need assistance, I would be more than happy to continue working with you on this - just let me know in a reply.

                 

                Noor

                  • Re: How to allow some clients to access blocked websites?
                    Employee

                    I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post and unmark it and select another in its place with the applicable buttons.  If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.

                     

                    Thanks,

                    Noor