Hi,
I have recently received my NetVanta 3430 unit, I have configured it and everything is working very smooth. Just today i tried to use the web filtering feature to block some websites mostly social networking sites, i need to give my marketing department access to some blocked content in order to run some marketing campaigns. When i enable the web filter it blocks those websites for everyone, is there a way to exclude some clients?
- Thanks for posting your question on the forum!
There are two ways to exclude users from the URL filter. I will outline both suggestions below:
1. Place the marketing department in a different VLAN from other users. You would need to configure a trunk between the NetVanta LAN interface and the switch connecting directly to it. On the NetVanta 3430, you would apply the URL filter to the sub-interface for your other users. The sub-interface for the marketing users would not have the URL filter applied to it. Below is a document on how to set up interVLAN routing on an AOS device:
Configuring InterVLAN Routing in AOS - Quick Configuration Guide
2. If you are unable to place the marketing users on a different subnet/VLAN, then the other option would be to statically assign these users an IP address. Once this is done, you can add a rule to the LAN access-policy that will allow these users to bypass the URLfilter. For example, say you want the CEO to bypass the URL filter. You would statically assign his computer an IP address such as 192.168.1.1. You would then add a NAT rule for this specific user that has the "no-alg" option enabled. You will want the rule to be placed above the NAT all rule that is configured. The CLI configuration snippet is shown below:
ip access-list extended BypassURL
permit ip host 192.168.1.1 any
!
ip access-list extended MatchAll
permit ip any any
!
ip policy-class Private
nat source list BypassURL int eth 0/1 overload no-alg
nat source list MatchAll int eth 0/1 overload
!
Please do not hesitate to let us know if you have any questions.
Thanks,
Noor
- Thanks for posting your question on the forum!
There are two ways to exclude users from the URL filter. I will outline both suggestions below:
1. Place the marketing department in a different VLAN from other users. You would need to configure a trunk between the NetVanta LAN interface and the switch connecting directly to it. On the NetVanta 3430, you would apply the URL filter to the sub-interface for your other users. The sub-interface for the marketing users would not have the URL filter applied to it. Below is a document on how to set up interVLAN routing on an AOS device:
Configuring InterVLAN Routing in AOS - Quick Configuration Guide
2. If you are unable to place the marketing users on a different subnet/VLAN, then the other option would be to statically assign these users an IP address. Once this is done, you can add a rule to the LAN access-policy that will allow these users to bypass the URLfilter. For example, say you want the CEO to bypass the URL filter. You would statically assign his computer an IP address such as 192.168.1.1. You would then add a NAT rule for this specific user that has the "no-alg" option enabled. You will want the rule to be placed above the NAT all rule that is configured. The CLI configuration snippet is shown below:
ip access-list extended BypassURL
permit ip host 192.168.1.1 any
!
ip access-list extended MatchAll
permit ip any any
!
ip policy-class Private
nat source list BypassURL int eth 0/1 overload no-alg
nat source list MatchAll int eth 0/1 overload
!
Please do not hesitate to let us know if you have any questions.
Thanks,
Noor
Hi Noor,
Thanks for the help, i won't be able to test option 1 as i do not have managed switch, i will try the 2nd option and let you know.
Hi Noor,
Thanks for your help, i was able to make it work with the second option , soon i will have my managed switch and will do VLANs on it to try the first option as well.
thanks for the support, very spot on.
Yes, i did make it work with 2nd option and it worked like a charm .
I went ahead and flagged this post as “Assumed Answered.” If any of the responses on this thread assisted you, please mark them as either Correct or Helpful answers with the applicable buttons. This will make them visible and help other members of the community find solutions more easily. If you still need assistance, I would be more than happy to continue working with you on this - just let me know in a reply.
Noor
I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post and unmark it and select another in its place with the applicable buttons. If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.
Thanks,
Noor