Knowledge Base | Firewall & Content Filtering

1. How to use multiple public IP addresses for clients and servers on the LAN

We will demonstrate how to setup Open Ports to achieve Multi-NAT and allow Internet users to access servers behind the router.

2. Block Facebook by APP Enforcement

APP Enforcement provides a simple and fast solution to block both the Facebook page and the Facebook App. This article is going to demonstrate how to configure it.

3. Add a LAN IP Address to DMZ

On the Vigor Router, each WAN interface has a DMZ (demilitarized zone), where you can add a LAN host (IP address) and make it completely exposed to the Internet. The DMZ host will be accessible by the IP address of the WAN interface, and the router will map all the unsolicited traffic on the WAN interface to it. It is the solution when you need to do forward traffic to a LAN server but cannot define the traffic by UDP or TCP ports.

4. Block Social Networking Websites by Web Content Filter

We may use URL Content Filter to block a specific website; however, if we want to block all the social networking websites, it will take a lot of time specifying each of the URLs, and this is when Web Content Filter (WCF) becomes a better option. Web Content Filter is a category-based filter, which helps network administrators efficiently control the types of websites that the LAN client allowed to visit. This article demonstrates how to use Web Content Filter to block all the social networking websites.

5. Finding Out the URL Keyword to Block

With Vigor Router, you can block access to a website or an application by URL Content Filter and DNS Filter. This article explains how to find out the keyword required for the configuration of URL Content Filter.

6. Blocking Windows Updates

To prevent unawareness Windows updates, we can use the Firewall with URL filter and DNS filter to block client's access to Windows update server. The idea is to use the firewall to block the domains which are related to the Windows update service. This note demonstrates the configuration required.

7. Force LAN Clients to use YouTube in Restricted Mode

Youtube provides Restricted Mode that helps screen out potentially objectionable content that you may prefer not to see or don't want others in your network to stumble across while enjoying YouTube. The example below shows how to configure Vigor Router to force LAN clients to use Youtube in Restricted mode.

8. Force LAN Clients to use Google Safesearch

SafeSearch is a Google service that helps you block inappropriate images from Google Search results. We can use LAN DNS feature to force LAN clients to use SafeSearch when they use Google Search.

9. Block FTP Service by Firewall

This article describes how to restrict FTP service from LAN clients by using the Firewall function to block the traffic on TCP port 21. In this example, we want to create a firewall rule for all the LAN clients. The configuration necessary is shown below.

Note: We only need to create firewall rules for the outgoing traffic (from LAN to WAN), since the router is already blocking all the incoming traffic by default

10. Changing the WCF Service Provider

Only one WCF service can be active at the same time. If you activate the wrong one, you can perform a service change at MyVigor portal. This article will walk you through the steps to change a WCF service provider.

11. Server Load Balancing by Vigor3900

With Server Load Balance, you can host multiple servers on the LAN for the same service to handle a larger amount of traffic, and the router will distribute the inbound NAT sessions among the servers.

12. Block Facebook Games Only

With URL Content Filter and DNS Filter, Vigor Router can block the LAN clients from Facebook games, while allowing them to access the Facebook main page and messenger.

13. How Firewall Filter Rules Work

This article explains how the firewall filter rules work on Vigor Router.

14. Redirect FTP Traffic to an Internal Server

This article explains how to redirect FTP traffic to a server on LAN. To redirect the FTP traffic to an internal server, it requires 1. Changing the router's FTP service port 2. Setting up NAT to forward traffic on port 21 to the internal server. Vigor Router supports FTP ALG (Application Layer Gateway), after open the FTP command port (TCP 21), the router will inspect the command packets to learn which port the FTP client will use for data transmitting, and then open the data port accordingly. However, the FTP ALG of Vigor Router only inspects the packets transferred on port 21, if the FTP server on LAN uses other command port, FTP ALG will not work, and transmitting data in passive mode may fail.

15. Redirect VoIP Traffic to an Internal Server

This article explains how to Redirect VoIP Traffic by open port settings.

16. Block YouTube Service for All the LAN Clients

This article describes how to block the YouTube website as well as mobile App with Vigor Router.

17. Blocking a Website by URL Content Filter and DNS Filter

This article demonstrates how to block a specific website by your router by the URL Content Filter feature. To use URL Filtering feature, you will need to 1) Create a Keyword Object 2) Create a URL Content Filter to use the Keyword Object, and (for DrayOS models) 3)Use the URL Content Filter in a Firewall Filter Rule. In this article, we will show an example of the necessary configuration for blocking the facebook site and apps.

18. Activate the Free Trial License for WCF Service

Every Vigor Router provides a free 30-day trial license for Web Content Filtering - the feature that allows the network administrator to filter websites based-on their category. This document demonstrates how to do the registration and start using the 30-day free trial license.

19. Redirect HTTPS Requests to an Internal Server

Vigor Router provides NAT settings, such as Port Redirection and Open Ports, to redirect connection requests on the WAN to an internal server on the LAN. However, when it comes to HTTPS requests, which uses TCP port 443, we need not only the NAT setup but also changing the router's HTTPS and SSL VPN service port, because those functions are also listening on TCP port 443 by default and they have higher priority than the NAT settings.  This article demonstrates how to redirect HTTPS requests to an internal server.

20. VPN Pass-Through Setup

This article shows how to set up VPN pass-through on Vigor Router.