Content Filtering Doesn't Work for routed traffic

Product Discussion Peplink Balance
1

hi there,

We use a Peplink Balance 210 Rev.4 with firmware 7.1.0 build 3433

The Peplink acts as a network gateway with Lan subnet set to 172.16.31.0/24, but it doesn’t resides in the real internal network.
Instead it communicates with a router which is set as gateway for the real Lan 10.10.100.0/24
Thus the router is between networks 172.16.31.0/24 and 10.10.100.0/24 but it doesn’t perform NAT, just forwarding ip packets.
So Pepelink receives the traffic with the original source IP but the content filtering doesn’t work, the rules do not apply and the clients have normal Internet access.
At first i thought it fo some kind of bug where the Peplink doesn’t perform content filtering for IPs that do not belong to it’s Lan network.
But this is not the case. I removed the router and set the Peplink Lan directly to 10.10.100.0/24 net.
The content filtering does not work either.
The only case that it works fine is when I enable Peplink’s Lan DHCP server but this unfortunately cannot be implemented in my case because DHCP is served by my local Domain Controller.

Am I doing something wrong? Is there a fixup or some earlier firmware version that Content Filtering is working fine for all routed traffic?

kind Regards.

2

The problem is not related to routed or directly connected subnets accordingly to your explanation. Please confirm the website you wanted to block was listed in the database - Status > Device (screen capture below). If not, please enter the Customized Domains via Network > Content Blocking.

image
image1493×681 92.3 KB

1 Like
3

Thanks for your reply.
I’m not at the site right now, but I will be later.

Nevertheless I can confirm already, that the issue remains exactly the way I described it for custom domains.
I used the expression facebook.*
facebook site is blocked for some users and permitted for others.
The only pattern that I find is that Content Filtering works fine for the DHCP clients of Peplink’s lan but not for the others.

Later I can also check the content of .csv database. But as I said, that’s not the case. It’s a matter of working vs not working with custom domains for instance.

5

Hi,

We’ll follow up in the ticket that you raised with Peplink support.

1 Like