Domain Filtering Configuration Guide

Configure the Advanced Firewall's domain and category filtering, set up SSL certificate keys, and assign filter groups to VLANs.

Configuration Updated August 21, 2025

Domain Filtering is part of the Advanced Firewall add-on, which also includes Threat Analysis and Country Blocking. Enabling it increases the monthly invoice. Email sales@uplevelsystems.com with any add-on pricing questions.

Overview

Domain Filtering controls and restricts access to specific website categories and individual domains across the network. It is the right tool for enforcing acceptable-use policies, blocking known malicious destinations, and demonstrating regulatory due-diligence on web traffic.

Accessing Domain Filtering

In the Portal, navigate to Firewall › Domain Filtering.

Initial setup

Step 1: enable the feature

Tick Enable Domain Filtering. This activates the filtering engine across whichever network groups (VLANs) are selected later.

Step 2: configure the filter

The Filter section has three configuration areas:

Block Categories

Open Block Categories to see the full list of website categories. Tick whichever should be blocked. Categories include:

  • Security: Malware, Phishing/Fraud, Spyware and Malicious Sites
  • Productivity: Social Networking, Entertainment, Games, Shopping
  • Content-based: Adult content, Violence, Weapons, Illegal Drugs
  • Communication: Chat/IM, Web-based Email
  • Business: Job Search, Finance, News, Education

Block Domains

Block specific domains beyond what the category filters cover. Enter one domain or URL per line. Use <none> if no specific domains need blocking.

Allow Domains

Whitelist domains that should remain accessible even when their category is blocked. This is the right place to allow a specific business-critical site whose category is otherwise restricted. Use <none> if nothing needs whitelisting.

Step 3: save the selections

Review the chosen categories, then click Save. Click Cancel to discard changes.

SSL certificate management (Keys section)

HTTPS filtering needs SSL inspection, which in turn needs a trusted certificate installed on the client device. The Portal generates two keys:

Main access key

  • Purpose: the primary SSL certificate for domain filtering.
  • Notes: never expires.
  • Usage: install on client devices for seamless HTTPS filtering and white-labelled block pages. Installation is optional but recommended for the cleanest end-user experience.

Temporary access key

  • Purpose: temporary unfiltered internet access.
  • Lifetime: valid for one week from creation.
  • Use case: support engagements or other situations that need short-term full internet access.
  • Security: automatically expires after seven days; no manual revocation needed.

Certificate installation

Click the Instructions link in the Keys section for the current platform-specific install steps and troubleshooting guidance.

Filter groups

Configure which network segments domain filtering applies to:

  • Employees — standard user network, filtering on.
  • Guest — visitor network, typically heavily filtered.
  • Boss — executive access, lighter filtering as needed.
  • VoIP — voice devices, normally excluded from filtering.

Important notes

  • DNS is pushed via DHCP to devices in the selected groups. If the LAN uses static IPs, manually add 52.42.29.159 as the DNS server on those hosts so they pick up Uplevel filtering.
  • Exclude VLANs that don’t benefit from filtering — VoIP phones and IoT devices typically don’t need it and adding them can break expected behaviour.

Recommended workflow

Category selection

  • Start with security categories (Malware, Phishing, Adult content).
  • Add productivity categories incrementally, based on policy and business need.
  • Review the list periodically; new categories appear as the upstream feed evolves.

Monitoring and maintenance

  • Use the Statistics tab to monitor effectiveness.
  • Review the block and allow lists quarterly.
  • Update group assignments when the network topology changes.

Related articles