I have tried this same thing with the NV4430 as well. I was told you it is a all or nothing filter, not a per user or group. I ended up using some DNS filtering from another source to accomplish my needs.
thats kinda what i figured but was hoping it want true.
what dns solution you use? opendns?
Either that or Norton. OpenDns has changed their price structure as of late though. Norton Dns by itself will not block specific websites but I have found the categories accurate. Its nice because you do not have to run any of their software to use these.
The following three pre-defined content filtering policies are available for home and personal use:Policy 1: Security (220.127.116.11 and 18.104.22.168) This policy blocks all sites hosting malware, phishing sites, and scam sites.
To use Policy 1, you should configure the DNS settings of your home router or Web-enabled device to use the following Norton ConnectSafe IP addresses: 22.214.171.124 and 126.96.36.199.
Policy 2: Security + *********** (188.8.131.52 and 184.108.40.206) In addition to blocking unsafe sites, this policy also blocks access to sites that contain sexually explicit material. To use Policy 2, you should configure the DNS settings of your home router or Web-enabled device to use the following Norton ConnectSafe IP addresses: 220.127.116.11 and 18.104.22.168.Policy 3: Security + *********** + Non-Family Friendly (22.214.171.124 and 126.96.36.199) This policy is ideal for families with young children. In addition to blocking unsafe sites and *********** sites, this policy also blocks access to sites that feature mature content, abortion, alcohol, crime, cults, drugs, gambling, hate, sexual orientation, suicide, tobacco or violence.
To use Policy 3, you should configure the DNS settings of your home router or Web-enabled device to use the following Norton ConnectSafe IP addresses: 188.8.131.52 and 184.108.40.206.
Thank you for asking this question in the support community. It may be cumbersome to make a configuration that fits your needs in the command line interface (CLI), but I believe this can be achieved by adding an additional NAT statement matching the specific IP address(es) and putting it above the "match-all NAT." Also, the keyword no-alg will need to be added to that statement. Here is an example:
ip access-list extended PRESIDENT
permit ip host <president's IP> any
ip access-list extended MATCH-ALL
permit ip any any
ip policy-class PRIVATE
nat source list PRESIDENT interface eth 0/1 overload no-alg
nat source list MATCH-ALL interface eth 0/1 overload
I hope that makes sense, but please, do not hesitate to reply with any questions. I will be happy to help in any way I can.
I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post and unmark it and select another in its place with the applicable buttons. If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.