Bridge Mode - Working Web Filter Settings

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Bridge Mode - Working Web Filter Settings

Wisiwyg
You guys running in Bridge mode, how do you have your Web Filter system set up? I've seen some hints and brief how-to's, but I haven't been successful in getting it going. It has been easier for me to just rely on the DNS filtering available in my Asus router. While that works, it doesn't give a fine-toothed control over the filtering, it's either all or none of the 1-3 of options from selected pre-defined filtering providers. Or, I could go the route of using custom filtering provided by OpenDNS if I set up an account and created the filter definitions.

So a couple of questions....

Does it work for you - with 'work' defined as low / no impact to throughput and the filtering functions as expected to prevent navigation to the listed sites?

If so, how are you implementing it? I know you have to redirect the router to use the xx.xx.xx.111 IP for it to work, but my biggest confusion is where that is imput. I have WAN DNS options, LAN DNS options, DNS Filtering DNS Options, WAN DDNS Options, etc. I've tried in the WAN, then DNS Filtering and it doesn't seem to work.

Is it worth the effort to get it figured out? Note I could just as well expend the effort and follow how-tos on customization of iptables in the router to achieve the same thing. Its a level of effort question...

TIA  
Shield Pro v1, Chaos Calmer, FW 1.51 SP1, v8.3.2, Bridge Mode
Reply | Threaded
Open this post in threaded view
|

Re: Bridge Mode - Working Web Filter Settings

user8446
Administrator
I tried it and it works but it added a ton of latency to DNS resolution. I wouldn't recommend it. I would rather have the shield processor reserved for IPS only. I use OpenDNS for content/malware filtering and it's lightning fast.

Go to network>interfaces>lan>advanced settings>use custom DNS servers and enter your preferred recursive DNS provider. Pick your content filtering categories in services>web filter. Now just use your shield address x.x.x.111 for your DNS server on your endpoints or router.
Running in bridge mode, 1.51 SP1 fw
Reply | Threaded
Open this post in threaded view
|

Re: Bridge Mode - Working Web Filter Settings

Wisiwyg
Thank you for the feedback! As I suspected, it adds a lot of overhead. I'll stick with what I have, or go an alternate route.

For those of you running in Router mode and suffering with lousy throughput, have you tried to test whether Web Filter on/off makes a difference? If so, it would probably be worth one of the free DNS filter services like OpenDNS to offload the Web Filter tasks.
Shield Pro v1, Chaos Calmer, FW 1.51 SP1, v8.3.2, Bridge Mode