Content Filtering with Destination NAT Policies
How to create content filtering policies using destination NAT (network address translation), which proxy user traffic through an external "net nanny" server for safe browsing.
Log into SputnikNet, then navigate to network policies overview.
Configure a content filtering policy.
Fill out the following fields to create a content filtering policy:
- Name: name your policy
- Action: select "Destination NAT"
- Protocol: select "TCP" (or "TCP and UDP")
- Match destination hostname: leave blank
- Is dynamic: leave blank
- Match Destination IP or Network/Netmask: leave blank
- TCP or UDP Port: enter 80 (for web traffic)
- Redirect to IP: enter the IP address of the proxy server that you will redirect traffic through
- Redirect to Port: enter the port of the proxy server that you will redirect traffic through
Click "Add Policy" to save your settings.
Review your content filtering policy.
Select an authentication system.
Edit the "all" group.
Add the content filtering policy to the "all" group.
Apply the authentication system to captive portals.
Click on "Captive Portals" from the "CONFIG" menu, then click on the name of the captive portal you want to apply the authentication system to.
Click "Walled Garden and Authentication" from the "Captive Portal Properties" menu. Click the checkbox next to the name of the authentication system containing the content filtering policy.
Click "Update" to save settings.
Apply captive portals to Sputnik-powered devices.
Click on "Routers" from the "CONFIG" menu, click on the name of the Sputnik-powered device ("router") that you want to apply the captive portal to, then select the captive portal from the "Portal" pop-up list. Click "Save Settings" to do just that.
Scroll down to the bottom of the "Edit Settings" page. Under "Network Policies" you will see a list of policies that apply to users of that Sputnik-powered device (router).
Network policy chain.
In this example, users log into the Sputnik-powered device named "Gourmet Store 41" through the "Gourmet Selections" captive portal, which uses the "Gourmet Select Customers" authentication system, which in turn inherits the "Safe Browsing" policy for all authenticated users. Once users log in, they are content filtered when they browse the web.