Configuring Cyber Shield Domain Filtering
Cyber Shield, a part of OpenVPN Cloud, analyzes the domain names in DNS queries received from WPC clients only when domain filter monitoring is turned on. When Monitoring is active, Cyber Shield checks which content category each domain name being queried belongs in. If a domain name is matched to a category that is configured to be blocked, the domain name is not resolved as expected and a “This site can’t be reached” page is displayed.
Cyber Shield effectively blocks traffic bound for the intended destination even if the traffic isn’t passing through the WPC. By not returning the IP address of the true destination as a response to the DNS query, domain filters can block all WPC and non-WPC traffic.
Note: Domain Filtering is turned off by default. With Domain Filtering turned on, you can choose whether you only monitor domain queries that match content categories, or if you may also block domain queries based on content category. Cyber Shield Top 10 Dashboard reports and displays statistics only for domain names that match content categories. Follow these steps to configure OpenVPN Cloud Shield Domain Filtering:
- Access the Cyber Shield page from the Administration portal and on the Domain Filtering pane turn Monitoring ON.
- This enables you to monitor domain traffic.
- After monitoring is activated and if you want to block content categories, click on the edit (pencil) icon.
- The Domain Filtering window is displayed.
- Select the domain filter categories that you want to block.
- As a test case for step 5, select Basic Protection / Malware.
- Click the Save button to save the changes and click X to exit.
- Confirm that you are connected to the WPC using the same profile from the configured account.
- Open a separate incognito browser tab and navigate to the sample domain:
- The incognito browser should display “This site can’t be reached”. This confirms the domain has been blocked.
- Confirm from the Top 10 Dashboard bubble graph that the number of blocked domains has increased by 1 for Malware.
- Add additional filters as needed.
Note: Domain blocking depends on DNS records' TTL timeout and may take up to 24 hours to take effect.