Content Filtering using Domain-based Routing
Difficulty: Beginner
Minimum firmware version: 18.10.225.15
Goal
To use the Digi ACL device's cellular modem in tandem with its primary WAN Ethernet port, but block traffic to a particular domain/website.
Setup
This article assumes the LAN ports are operating under default settings, which provide DHCP connectivity to devices connected to the ACL device's LAN ports. For more details on the default settings of the ACL device, see the Default Settings section of the User's Manual.
For this setup, you will need the ACL device setup with both a primary WAN Ethernet connection, and a cellular modem connection.
Sample
The sample configuration below shows Digi ACL router (in this example, a 6350-SR) with two Internet connections: a cellular-based WAN connection through the 6350-SR's modem, and a broadband-based WAN connection through the 6350-SR's WAN Ethernet port.
This setup shows two client devices on a 6350-SR's LAN ports, a smartphone and a laptop. The smartphone and the laptop receive their IP address via DHCP from the 6350-SR.
The domain-based routing we are going to setup will accomplish the following.
- The 6350-SR uses the Ethernet WAN as its primary interface.
- The 6350-SR has a cellular modem connection, used as a secondary WAN interface.
- The 6350-SR drops any traffic destined for youtube.com by redirecting it to its own loopback interface.
Sample Configuration
Open the configuration profile for the 6350-SR and make the following changes.
- Under Network -> Routes -> Policy-based routing, setup a new policy with the following settings:
- Interface: Loopback
- Source address -> Type: Zone (this is the default)
- Source address -> Zone: Any (this is the default)
- Destination address -> Type: Domain
- Destination address -> Domains: youtube.com
- Save the configuration.
If you would like to setup additional domains to be blocked in the same way, you can add more domains by clicking on the Add button next to Add Domain, then enter in the additional domain site.