Content Filtering with Destination NAT Policies
How to create content filtering policies using destination NAT (network address translation), which proxy user traffic through an external "net nanny" server for safe browsing.
Log into SputnikNet, then navigate to network policies overview.
To create a new content filtering/destination NAT policy, click on "Policies" from the "MANAGE" menu.
Add a new network policy.
Click on the + icon to create a new network policy.
Configure a content filtering policy.
Fill out the following fields to create a content filtering policy:
- Name: name your policy
- Action: select "Destination NAT"
- Protocol: select "TCP" (or "TCP and UDP")
- Match destination hostname: leave blank
- Is dynamic: leave blank
- Match Destination IP or Network/Netmask: leave blank
- TCP or UDP Port: enter 80 (for web traffic)
- Redirect to IP: enter the IP address of the proxy server that you will redirect traffic through
- Redirect to Port: enter the port of the proxy server that you will redirect traffic through
Click "Add Policy" to save your settings.
Review your content filtering policy.
Your new content filtering policy will appear in the network policy list.
Select an authentication system.
Click on "Authentication" from the "CONFIG" menu, then select the authentication system you want to apply the policy to.
Edit the "all" group.
Click on "Group Policies" from the "Authentication System" menu. Click on "[Edit]" for the group you want to apply the policy to. In this case, "all" will apply the policy to all authenticated users.
Add the content filtering policy to the "all" group.
Click the checkbox next to the name of the content filtering policy just created, and click "Update Policies" to save your changes.
Review group policies.
Your content filtering policy will appear in the group policies list.
Apply the authentication system to captive portals.
Click on "Captive Portals" from the "CONFIG" menu, then click on the name of the captive portal you want to apply the authentication system to.
Click "Walled Garden and Authentication" from the "Captive Portal Properties" menu. Click the checkbox next to the name of the authentication system containing the content filtering policy.
Click "Update" to save settings.
Apply captive portals to Sputnik-powered devices.
Click on "Routers" from the "CONFIG" menu, click on the name of the Sputnik-powered device ("router") that you want to apply the captive portal to, then select the captive portal from the "Portal" pop-up list. Click "Save Settings" to do just that.
Scroll down to the bottom of the "Edit Settings" page. Under "Network Policies" you will see a list of policies that apply to users of that Sputnik-powered device (router).
Network policy chain.
In this example, users log into the Sputnik-powered device named "Gourmet Store 41" through the "Gourmet Selections" captive portal, which uses the "Gourmet Select Customers" authentication system, which in turn inherits the "Safe Browsing" policy for all authenticated users. Once users log in, they are content filtered when they browse the web.