Web Filtering Issue on Guest Network

  • 1
  • Question
  • Updated 4 years ago
  • Answered
  • (Edited)
Here is my issue: I'm using a Guest SSID with a Guest User Profile with the Default Guest Internet Access Only IP Firewall Policy. Everything is working as expected (VLAN, DHCP, Internet-only, etc.) EXCEPT I have an on-site web filter (K-12) by M86 (now Trustwave). It is filtering because I tried going to unsafe sites and it won't resolve the name, the connection just times out. HOWEVER, it doesn't throw up a block page. I'm afraid when this goes live across all our schools, people may be confused (even though our filter is pretty dang open compared to most K-12 schools) and think it is a connection timeout rather than the fact that they are going to a site that they A) shouldn't be going to or B) should be going to but it got mis-categorized and I need to know so that I can un-block it.

Basically, how do I keep everything as is BUT allow my filter to serve the block page to the guest network?
Photo of Larry

Larry

  • 55 Posts
  • 1 Reply Like

Posted 4 years ago

  • 1
Photo of Andrew MacTaggart

Andrew MacTaggart, Champ

  • 483 Posts
  • 86 Reply Likes
insert a rule to allow guests to access the internal address of interface trustwave uses to display the block page.

this would go before the blocks of the internal addressing

Cheers
A
Photo of Larry

Larry

  • 55 Posts
  • 1 Reply Like
I did try that. But when I did it, it took four or five min for one device in an empty building to connect to the SSID.
Photo of Larry

Larry

  • 55 Posts
  • 1 Reply Like
Okay, when I said I tried that I did it as the destination. Now, I changed it to the Source IP (because the filter is throwing up the block page "it" is the source, right?). See screenshot below, is this right? Will this work?

Photo of Larry

Larry

  • 55 Posts
  • 1 Reply Like
I can confirm changing it to the screenshot like above doesn't work either.
Photo of Larry

Larry

  • 55 Posts
  • 1 Reply Like
Okay, I think I got it. I was on the right track the first time, the Filter IP should have been the destination. I wasn't performing a complete update with a reboot, after that, voila!