DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
Schedule content filtering - step by step
- nickbooth
- Topic Author
- Offline
- New Member
Less
More
- Posts: 2
- Thank you received: 0
12 Feb 2010 08:40 #60490
by nickbooth
Schedule content filtering - step by step was created by nickbooth
Hello all
I have a 2820n and wanted to allow employees to use Facebook (and similar sites) before work, at lunchtime, and after work but block those sites during working hours. Reading the forums it seems a few people want to do the same. I struggled for a long time to get it set up but with advice from Draytek I have got it cracked. You need to do the following:
1) In Applications / Schedule set up the times you want to block the sites. Enable schedule 1. Put in a date before today. Put the start time (e.g. 8:00) and duration (e.g. 4:00 to block 8am to 12pm). Set Action to "Force On" then choose the weekdays it should operate. I set schedule 1 to the above and schedule 2 in the same way but from 13:00 for 4:00 duration.
2) In Objects setting / Keyword Objects add a word per item (e.g. I have facebook as 1, youtube as 2, hotmail aas 3, ebay as 4 etc.)
3) In Objects setting / Keyword Group, set up a group and add all those keywords you added in step 2 to the group and call it say ("work block
")
4) In CSM / URL Content Filter Profile click on 1 to set up the first profile. Call it anything e.g. "block stuff". Set priority to Both:Block tick Enable URL Access Control and Prevent web access from IP address. Then click Edit underneath Group/Object Selections and add your keyword group "work block") to it.
5) In Firewall / Filter setup click on default data filter and add Rule 2 to it. Tick Enable the filter rule. Call it something "block in work hours" in Index in Schedule Setup put 1 in the first box and 2 in the second (this makes this rule kick in during those schedules). Direction is LAN > WAN. Leave Source IP, Destination IP and Servicet type as Any. Set Filter as Pass Immediately. Then in the drop down box for URL Content Filter, chosse "block stuff" that you created in step 4. Leave the IMP2P and Web content filters as None (once the URL filtering works you can go back to set up those filters in a similar way and then add them later)
The above should then work. It didn't initially for me so i went into Firewall / General setup and found that while i had been playing i had put a URL content filter in the general setup (that was working all the time rather than just to schedules). So i reset URL Content Filter to None and it worked perfectly.
Once that is all set up it became easy to do the same for Web Content Filter as well as the URL filter.
I hope this helps others who want to do this.
regards
nick
I have a 2820n and wanted to allow employees to use Facebook (and similar sites) before work, at lunchtime, and after work but block those sites during working hours. Reading the forums it seems a few people want to do the same. I struggled for a long time to get it set up but with advice from Draytek I have got it cracked. You need to do the following:
1) In Applications / Schedule set up the times you want to block the sites. Enable schedule 1. Put in a date before today. Put the start time (e.g. 8:00) and duration (e.g. 4:00 to block 8am to 12pm). Set Action to "Force On" then choose the weekdays it should operate. I set schedule 1 to the above and schedule 2 in the same way but from 13:00 for 4:00 duration.
2) In Objects setting / Keyword Objects add a word per item (e.g. I have facebook as 1, youtube as 2, hotmail aas 3, ebay as 4 etc.)
3) In Objects setting / Keyword Group, set up a group and add all those keywords you added in step 2 to the group and call it say ("work block
")
4) In CSM / URL Content Filter Profile click on 1 to set up the first profile. Call it anything e.g. "block stuff". Set priority to Both:Block tick Enable URL Access Control and Prevent web access from IP address. Then click Edit underneath Group/Object Selections and add your keyword group "work block") to it.
5) In Firewall / Filter setup click on default data filter and add Rule 2 to it. Tick Enable the filter rule. Call it something "block in work hours" in Index in Schedule Setup put 1 in the first box and 2 in the second (this makes this rule kick in during those schedules). Direction is LAN > WAN. Leave Source IP, Destination IP and Servicet type as Any. Set Filter as Pass Immediately. Then in the drop down box for URL Content Filter, chosse "block stuff" that you created in step 4. Leave the IMP2P and Web content filters as None (once the URL filtering works you can go back to set up those filters in a similar way and then add them later)
The above should then work. It didn't initially for me so i went into Firewall / General setup and found that while i had been playing i had put a URL content filter in the general setup (that was working all the time rather than just to schedules). So i reset URL Content Filter to None and it worked perfectly.
Once that is all set up it became easy to do the same for Web Content Filter as well as the URL filter.
I hope this helps others who want to do this.
regards
nick
Please Log in or Create an account to join the conversation.
- prefuse
- Offline
- New Member
Less
More
- Posts: 9
- Thank you received: 0
12 Feb 2010 17:00 #60497
by prefuse
Replied by prefuse on topic Schedule content filtering - step by step
Thanks for that it was a bit of a mind bender!
Paul -
Paul -
Please Log in or Create an account to join the conversation.
- middling
- Offline
- Junior Member
Less
More
- Posts: 35
- Thank you received: 0
12 Feb 2010 21:47 #60498
by middling
Replied by middling on topic Schedule content filtering - step by step
There's just one problem with your method: The Draytek firewall doesn't block already established connections. So if an employee logged onto Facebook at 07:59 they could continue using it beyond 08:00 until the connection times out and they have to establish a new one.
The length of time it takes a connection to time out is dependant on the service (using your example an employee wouldn't be able to change or refresh their Facebook page, but Facebook chat would still work, and so would any Flash-based games they were playing).
For some services it's a relatively short timeout, other's it's long (IM is a particular problem with Yahoo Messenger able to continue to work through the firewall for several hours).
The length of time it takes a connection to time out is dependant on the service (using your example an employee wouldn't be able to change or refresh their Facebook page, but Facebook chat would still work, and so would any Flash-based games they were playing).
For some services it's a relatively short timeout, other's it's long (IM is a particular problem with Yahoo Messenger able to continue to work through the firewall for several hours).
Please Log in or Create an account to join the conversation.
- qwibbles
- Offline
- New Member
Less
More
- Posts: 3
- Thank you received: 0
12 Jun 2010 22:25 #62325
by qwibbles
Replied by qwibbles on topic Schedule content filtering - step by step
You should configure rules to 'force on' and 'force off' for the schedule. I.e. 4 scheduled periods.
I would personally not
The draytek has always blocked established connections for me? Maybe it's the way I set it up?
Oh, almost forgot, and most users have mobile broadband on there phones these days so they do not even need to bother using the network ... then you have to install mobile phone jammers:twisted:
I would personally not
most likely you know the source IP Address range and could setup an IP Group Object for it. You also probably only want to give them web access via port 80 and therefore you could set the service type.Leave Source IP, Destination IP and Service type as Any
The draytek has always blocked established connections for me? Maybe it's the way I set it up?
Oh, almost forgot, and most users have mobile broadband on there phones these days so they do not even need to bother using the network ... then you have to install mobile phone jammers
Please Log in or Create an account to join the conversation.
- middling
- Offline
- Junior Member
Less
More
- Posts: 35
- Thank you received: 0
13 Jun 2010 07:27 #62326
by middling
What router are you using?
I've only experience of the 2820 series (and from the poor quality of the firmware i'll never willingly have experience of any other Draytek) and it definitely doesn't cut through established connections.
Replied by middling on topic Schedule content filtering - step by step
The draytek has always blocked established connections for me? Maybe it's the way I set it up?qwibbles wrote:
What router are you using?
I've only experience of the 2820 series (and from the poor quality of the firmware i'll never willingly have experience of any other Draytek) and it definitely doesn't cut through established connections.
Please Log in or Create an account to join the conversation.
- robathome
- Offline
- Junior Member
Less
More
- Posts: 53
- Thank you received: 0
18 Jul 2010 10:06 #62913
by robathome
Replied by robathome on topic Schedule content filtering - step by step
I found this very useful - thanks. The manual is quite shocking in this area, and a pretty poor translation, which doesn't reflect well on draytek and SEG.
Would be interested if someone finds a solution to the problem where it won't cut off existing users when the schedule kicks on
Would be interested if someone finds a solution to the problem where it won't cut off existing users when the schedule kicks on
Please Log in or Create an account to join the conversation.
Moderators: Chris, Sami
Copyright © 2024 DrayTek