This document is intended to assist a field engineer with configuring a Series 3 CradlePoint router with multiple content filtering instances for different VLANs. These directions demonstrate how each IP network may be configured with its own content filtering settings to allow or prevent access to designated URLs or IP addresses.
Enabling multiple content filtering instances allows the CradlePoint to filter unencrypted content based on IP addresses or URLs only, on each VLAN independently. For the ability to do board category-based content filtering, please consult the following articles:
- NCOS: How to Configure OpenDNS Content Filtering
- NCOS: Configuring Zscaler Internet Security
- NCOS: Zscaler Secure Web Gateway
Rule Priority – used to determine the order rules are evaluated. Higher priority rules (smaller numbers) are evaluated first and the first one to match has its assigned action taken. Exceptions to existing rules can be created by adding another rule with a higher priority. For example, if access to maps.google.com is desired, but google.com is blocked with a priority of 50. The addition of an allow rule for maps.google.com with a priority of 49 or lower will allow access.
Configuration Difficulty: Intermediate
- Step 1: Log into the router’s NCOS Page. For help with logging in please click here.
- Step 2: Click on the Security tab and select Content Filtering from the drop-down menu.
- Note: The “Default Filter Settings” are configured by default to allow access to all URLs and IP addresses.
- Step 3: Select Network Web Filter Rules, then click Add within the Network Web Filter Rules section to create a new rule.
- Step 4: Set the Assigned Network to the LAN you would like the rule to apply to.
- Step 5: In the Domain/URL/IP field, type the URL or IP Address that you would like to create a rule for.
- Step 6: Set the Filter Action to Block or Allow, depending on the purpose of your rule.
- Step 7: Set the “Rule Priority” to a value between 1 & 100.
- Note: Rules with a lower priority take precedence over rules with higher priority. 1 is highest priority, 100 is lowest.
- This example shows how to create a rule that would block video streaming traffic out of the Guest LAN.
- Step 8: Click Save to add the rule.
- Step 9: You will now see the new rule in the Network Web Filter Rules section for the network the rule is assigned to.
- Step 10: The default behavior for each network filter is to Allow Access (i.e. ignore web filter rules) to all URLs. To change this behavior, select the network within the Default Network Filter Settings, then click Edit.
- Step 11: Change the Default Action to Block Access, then click Save.
- Step 12: Repeat steps 3 through 8 for each website to be blocked (or allowed).