LANCOM Support Knowledgebase Document No. 1006.1810.2316.LHEL - V1.60

Using multiple content filter profiles


Description:
This document shows how to make effective use of a number of content filter profiles and the settings that are of relevance.
The LANCOM Content Filter allows you to configure several content filter profiles. This option can be used to create, for example, one content filter profile for the company employees and another content-filter profile for trainees. When a company employs trainees under the age of eighteen this may not only be useful but even a legal requirement.


Requirements:


Procedure:

Step 1: Activating the LANCOM Content Filter under Configuration -> Content Filter -> General.



Step 2: Create your content filter profiles under Configuration -> Content-Filter -> Profiles.

Step 3: Create one or more category profiles under Category-Profiles and assign a name to them. For example, if you wish to allow or forbid your employees to access a different set of websites during working hours than in their free time, you could create the category profiles WORK_CATEGORIES and BASIC_CATEGORIES, for example.

You can also create the category profile TRAINEE_CATEGORIES for your trainees. You determine which categories or groups should be used to evaluate web sites for each category profile. You can allow or forbid the individual categories or activate the override function for each of the 15 groups.





Step 4: You then create your content filter profiles under Profiles. A content-filter profile assigns the relevant category profiles and optional blacklists and whitelists to different timeframes. The firewall refers to this content-filter profile.

Step 5: Enter the Name EMPLOYEES for the content filter profile EMPLOYEES. Under Timeframe select the time when the category profile should apply, e.g. “ALWAYS”. One profile may have several lines with different timeframes. The timeframes in different lines should supplement one another, i.e. if you define a timeframe for WORKTIME it makes sense to also specify a timeframe FREETIME. The timeframes “ALWAYS” and “NEVER” are predefined. You can configure further timeframes (e.g. for staff working time and free time) under Configuration -> Date/time -> General -> Timeframes.

Step 6: A blacklist or whitelist that you created previously can be selected under Blacklisted or Whitelisted, e.g. Blacklist_Employees and Whitelist_Employees. You can select the category profile that is to apply for this content filter profile in the selected timeframe under Category-Profiles, in this example EMPLOYEES. This completes the settings for the content filter profile EMPLOYEES in the content filter, and you can create further content filter profiles in the same way if needed.



Step 7: After you have created content filter profiles for your employees and for your trainees, the overview of content filter profiles could look like this:



If you have created different content filter profiles, you will have to modify the settings in the firewall.

Step 8: A firewall rule must be created in the firewall for each content-filter profile. An action object that selects the content-filter profile must be assigned to each firewall rule. One action object may be assigned to several firewall rules. You can find the action object and the firewall rules under Configuration -> Firewall/QoS -> Rules.

Step 9: The example below shows the settings that you can make in the firewall for your content-filter profile EMPLOYEES:
    Add a new action object with the name "CONTENT FILTER EMPLOYEES" to the Action-Objects and, under Actions, assign it to the content-filter profile EMPLOYEES:

Step 10: Define a rule for the action object CONTENT-FILTER-EMPLOYEES:



Step 11: Under Actions assign the action object CONTENT-FILTER-EMPLOYEES to the rule CF-EMPLOYEES:



Completion: You should now specify further details for the rule, e.g. whether the rule should apply to a certain IP range. To make this setting, click on Stations and specify a range of IP addresses to which this rule should apply.
    Information:
    These details in the firewall rule determine the criteria used to allocate users to a certain content-filter profile. The criteria you use here are those which enable you to differentiate between the various user groups.



This completes the settings for your content filter profile EMPLOYEES. You can configure your content filter profile TRAINEES in the same way.


Notice:
  • Each item is described by popup help text. Just click on the question mark at the top right of the dialog.


Catchwords:
Please review this document! This document was helpful This document was not helpful