Product updates

NordLayer features in review: DPI & DNS filtering


Filter online traffic with Virtual Private Gateway

Modern workplaces must balance permissions to roam the internet freely and secure their assets from online threats. No matter the role within an organization, no one is protected against malicious web links. This could be enough to provide hackers an opening into the organization.

Therefore, in this article, we’ll look at how NordLayer provides traffic control over employees’ web activities and its benefits to your company’s security.

Why should a business control employee online traffic?

Having active access to the internet also means that employees could willingly or accidentally infect their endpoints, which in turn endangers the whole network ecosystem. This is one of the major business risks, which is also incredibly hard to control.

NordLayer provides two technologies for more in-depth employee traffic supervision:

Both give businesses more control over what content types can be accessed by their employees.

How does NordLayer DNS filtering work?

NordLayer uses a specifically configured DNS resolver acting as a filter. The resolver refuses to return queries for certain domains on the blocklist. It can be shared or highly personalized and unique for a specific client. When active, it denies all queries related to specific blocked categories, i.e., violence or adult content. This allows you to control the media landscape that your employees are accessing.

Scheme on how DNS filters work

An offshoot of the DNS filtering feature is NordLayer’s proprietary ThreatBlock solution. This is a DNS filter that’s focused entirely on blocking malicious domains. The solution uses various malware libraries, and opens deny lists that include malicious websites as soon as they pop up. Using this as a basis, ThreatBlock effectively runs every query to check against the blocklist to make sure that the website your employee is about to visit is safe. Even if a user clicks on a malicious link, the error message will be shown, indicating that this is a dangerous website.

How does NordLayer’s deep packet inspection work?

NordLayer offers network blocking for application categories using deep packet inspection or DPI technology. The feature is based on the nDPI open-source protocol classification engine.

The technology can identify application layer use of protocols independently of what port is used. Still, it’s one of the best methods to stop communications if forbidden keywords are detected. This solution can be a powerful addition against malware, ransomware, spam, and harmful websites.

How to make use of NordLayer’s traffic management tools?

For network administrators, DNS filtering and DPI functionalities greatly expand the arsenal of tools that could be applied to secure an organization. The features supplement the core systems in place. Namely, they become active after the user connects through Virtual Private Gateway. DNS filtering and DPI are applied at the network’s entrance points as all traffic is routed through them.

The traffic from employees’ endpoints to the gateway is encrypted, and NordLayer manages the used DNS resolver with sets of various filters that can be immediately applied. This can be used not only to increase performance but also to increase security standards across the enterprise.

How can users enable traffic filtering?

Enabling ThreatBlock, DNS filtering, or DPI (Lite) can be done from the administrator’s control panel. While ThreatBlock has its toggle, you’ll have to toggle DNS filtering or DPI (Lite) by filling out the request form. It’s possible to set up on any dedicated server you own and set up different filtering options for different servers.

All it takes is choosing a filtering option and selecting what website categories should be filtered out. Once you submit your request, you’ll get an email informing you that the change has been completed.


Head of Product


Share this post

Related Articles

What is Smart Remote Access
NordLayer Linux app release

Stay in the know

Subscribe to our blog updates for in-depth perspectives on cybersecurity.