Page 126 / 139
Scroll up to view Page 121 - 125
126
Leave static client IP empty (could also be set to eg 192.168.1.200. If no IP is set
here the IP pool from the PPTP server settings are used).
Click
Apply
6.
Click
Activate
and wait for the firewall to restart.
This example will allow
all
traffic from the client to the main office network. To get a more
secure solution read the
Settings for the Main office
part of
A more secure LAN-to-LAN
VPN solution
section in this chapter.
Page 127 / 139
Content filtering
To enable content filtering, follow these steps:
1.
Update the content filtering settings,
Firewall->Content Filtering
:
Select what content that should be filtered out. ActiveX, Java applets, JavaScript/VBScript
and cookies can be blocked or filtered out. Note that some web pages don’t work very well if
these options are enabled.
Pages that are safe or trusted can be added to the whitelist by clicking
Edit global URL
whitelist
. To enable all subdomains of eg google.com (eg gmail.google.com) and all possible
pages on that site, enter *
.google.com/
* in this list. This will allow for example
www.google.com/about.html and gmail.google.com.
In the same way servers can be blocked by adding them to the blacklist. Click
Edit global
URL blacklist
and add the sites that should be blocked. File extensions can also be blocked.
If you for example don’t want users to be able to download executable files add
*.exe
in this
list.
Page 128 / 139
128
2.
Make sure the http-outbound service exists and is using the HTTP ALG,
Firewall->Services
:
Find the
http-outbound
service in the list and click
Edit
. If there is no service with
that name you will have to create one by clicking
Add new
at the bottom of the list.
TCP / UDP Service
should be selected and protocol should be set to
TCP
.
Set destination port to
80
.
Select
HTTP/HTML Content Filtering
in the ALG dropdown.
Click
Apply
3.
Now add a policy rule that uses this service,
Firewall->Policy
:
Click
LAN->WAN
Click
Add new
Page 129 / 139
4.
Edit the new policy we just created
Name the rule
allow_http
Enter position
2
Select action
Allow
Select service
http-outbound
Select schedule
Always
Click
Apply
Page 130 / 139
130
The new policy should now be added to position two in the list (if not, it can be
moved to the right position by clicking on the up and down arrows).
5.
Click
Activate
and wait for the firewall to restart.