This note will demonstrate how to use URL Filter to block most of the websites from some hosts and allow only a few. while other LAN clients can access the Internet without restriction. This application is ideal for organizations like libraries providing computers at their lobby for the visitor to search for resource and services on their websites, but don't want the visitor to use those computers for other uses.
1. Create Keyword Object for the company's homepage: Go to Objects Setting >> Keyword Object, click on an Index number to edit.
2. Similarly, create another Keyword Object for Google services.
3. Create a URL Filter to pass websites of which URL contains the keyword: Go to CSM > URL Content Filter Profile, click on a profile Index to edit.
4. Create a DNS Filter profile to filter HTTPS websites: Go to CSM >> DNS Filter Profile, click on a profile number to edit,
5. Apply the URL Filter to Firewall Filter Rule: Go to Firewall >> Filter Setup >> Data Filter Set (Set 2), click on a Filter Rule Index to edit.
6. After the above configuration, the router will block most of the websites.
However, the websites of which URL contains the specific keywords are still available.
Go to Configuration > Objects > Keyword Object, and add a keyword
Go to Security > Firewall Filters > Default Filters
Go to IAM > IAM Policies > Group Policies, and add a group policy
Go to IAM > IAM Policies > Apply Policies to LAN, and select the group policy for individual VLAN.
Vigor is blocking the most of the websites except, gmail and by either methods above.
1. Create an IP Object for the IP address in the lobby. Go to Objects Setting >> IP Object, click Add to create a new profile.
2. Create a Keyword Object for the URL to pass. Go to Objects Setting >> Keyword Object. Click Add to create a new one.
3. Set an IP Filter to block all the pages if the packet is from the lobby's IP address. Go to Firewall>> Filter Setup >> IP Filter, click Add to create a new Group. Enter the Group's name and click Apply to save.
4. In the Group created in the previous step, add a new profile:
5. Set a URL/Web Category Filter to allow accessing a specific website. Go to Firewall >> Filter Setup >> URL/Web Category Filter, click Add to create a new profile.
With this configuration, for LAN client whose IP address is in the range between to, which should be the computers at the lobby, the connection will be fine when they try to access the website with URL containing the keyword.
But when trying to access other pages, an error message will appear.
On the other hand, if the LAN client's IP address is not in the range of to, they will be able to access the Internet without restriction.
Published On: 2017-10-03
Was this helpful?