DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

WCF/Cyren VPN on 2962

  • johnpa7
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
31 Aug 2023 10:43 #102796 by johnpa7
WCF/Cyren VPN on 2962 was created by johnpa7
Hi I managed with the assistance of Draytek Tech support, to install NORDVPN on 2962 router. I have a Cyren WCF installed. As a simple test I have setup block gambling gambling. I then try to access a gambling site. When I enable VPN I can access the gambling sites. It would appear VPN bypass WCF filters. Is there anyway to use both?

Please Log in or Create an account to join the conversation.

More
31 Aug 2023 13:39 #102797 by HodgesanDY
Replied by HodgesanDY on topic Re: WCF/Cyren VPN on 2962
Hi Johnpa7,

Have you tried creating a 'Firewall Filter Rule' for the direction your traffic is flowing in; this is separate to the Firewall >> General Setup >> Default Rule page?

If you are connecting from inside your LAN to a VPN externally, you should be able to create a 'FW Filter rule' in that direction:

Firewall >> Filter Setup >> Edit Filter Set# >> Rule#:

Direction: LAN/RT/VPN -> LAN/RT/VPN
Advanced button: LAN? -> VPN (which LAN(s) to VPN)

Application Action/Profile
Filter: 'Pass if no further match'
Web Content Filter: 'Your WCF Profile'


Please also remember to check the 'Next Filter Set#' order, at the bottom right corner of each 'Set Page'; if not checked, your rules may not run.

(If I am understanding your particular setup correctly)

Please Log in or Create an account to join the conversation.

  • johnpa7
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
31 Aug 2023 15:38 #102798 by johnpa7
Replied by johnpa7 on topic Re: WCF/Cyren VPN on 2962
Hi I shall investigate your suggestion, thanks

Please Log in or Create an account to join the conversation.

  • johnpa7
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
31 Aug 2023 21:16 #102799 by johnpa7
Replied by johnpa7 on topic Re: WCF/Cyren VPN on 2962
I have setup firewall rule as follows

Direction LAN/RT/VPN -> WAN

Filter Pass Immediately

Web Content Filter 1-Default
DNS Filter 1-DNS Filter

If I try for example a betting site, I get the blocked message

If enable LAN to LAN VPN then I can access the betting site

Please Log in or Create an account to join the conversation.

More
31 Aug 2023 23:12 #102800 by HodgesanDY
Replied by HodgesanDY on topic Re: WCF/Cyren VPN on 2962
Hi Johnpa7,

Ok, so you have a LAN-to-LAN VPN established, that’s good.

The filter rule you’ve created doesn’t match what you’re trying to achieve when it comes to the LAN-to-LAN traffic.

You want to block traffic travelling from your LAN to the VPN(LAN), which means you need to choose “LAN/RT/VPN -> LAN/RT/VPN” as your direction. Then, in the ‘Advanced’ button window, select the LAN’s tick-box (your local LAN, most likely LAN1) on the left pane and the VPN tick-box on the right pane.

If you set it to “LAN/RT/VPN -> WAN” that will only block/pass traffic travelling from your LAN -> WAN (your local internet connection), you want to block the traffic using the VPN internet connection; which isn’t classed as a WAN in this scenario, it’s a VPN (a VPN-WAN you could say).



(Also, try using ‘Advanced Mode’ rather than ‘Wizard Mode’ to set up your filter rules, it will present you with all the options clearly.)

Please Log in or Create an account to join the conversation.

  • johnpa7
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
01 Sep 2023 08:36 #102802 by johnpa7
Replied by johnpa7 on topic Re: WCF/Cyren VPN on 2962
HodgesanDY, thanks so much. Followed your instruction CYREN/ WCS working on VPN.
I must admit I find it difficult to get my head around Firewall rules

I take it you mean the Advanced in the Direction selection.

Clicking on advanced at the bottom of the page, only permits selection on codepage ANSI

Please Log in or Create an account to join the conversation.

Moderators: Sami