icon for the entry. To delete all trusted domains, click Delete All
. To edit a trusted domain entry, click the Edit
icon.The Security Services > Content Filter page allows you to configure the Restrict Web Features and Trusted Domains settings, which are included with SonicOS Enhanced. You can activate and configure SonicWALL Content Filtering Service (SonicWALL CFS) as well as two third-party Content Filtering products from the Security Services > Content Filter page.
|
Note
|
SonicWALL Content Filtering Service is a subscription service upgrade.
You can try a FREE
TRIAL of SonicWALL directly from your SonicWALL management interface. See
“Activating a SonicWALL CFS FREE TRIAL”
.
|
For complete SonicWALL Content Filtering Service documentation, see the SonicWALL
Content Filtering Service Administrator’s Guide available at
http://www.sonicwall.com/us/Support.html
.
This chapter contains the following sections:
SonicWALL Content Filtering Service (CFS) enforces protection and productivity policies for businesses, schools and libraries to reduce legal and privacy risks while minimizing administration overhead. SonicWALL CFS utilizes a dynamic database of millions of URLs, IP addresses and domains to block objectionable, inappropriate or unproductive Web content. At the core of SonicWALL CFS is an innovative rating architecture that cross references all Web sites against the database at worldwide SonicWALL co-location facilities. A rating is returned to the SonicWALL security appliance and then compared to the content filtering policy established by the administrator. Almost instantaneously, the Web site request is either allowed through or a Web page is generated by the SonicWALL security appliance informing the user that the site has been blocked according to policy.
With SonicWALL CFS, network administrators have a flexible tool to provide comprehensive filtering based on keywords, time of day, trusted and forbidden domain designations, and file types such as Cookies, Java™ and ActiveX® for privacy. SonicWALL CFS automatically updates the filters, making maintenance substantially simpler and less time consuming.
SonicWALL CFS can also be customized to add or remove specific URLs from the blocked list and to block specific keywords. When a user attempts to access a site that is blocked by the SonicWALL security appliance, a customized message is displayed on the user’s screen. SonicWALL security appliance can also be configured to log attempts to access sites on the SonicWALL Content Filtering Service database, on a custom URL list, and on a keyword list to monitor Internet usage before putting new usage restrictions in place.
SonicWALL CFS Premium blocks 56 categories of objectionable, inappropriate or unproductive Web content. SonicWALL CFS Premium provides network administrators with greater control by automatically and transparently enforces acceptable use policies. It gives administrators the flexibility to enforce custom content filtering policies for groups of users on the network. For example, a school can create one policy for teachers and another for students.
|
Note
|
For complete SonicWALL Content Filtering Service documentation, see the SonicWALL
Content Filtering Service Administrator’s Guide available at http://www.sonicwall.com/us/Support.html
|
The following sections describe how to configure the settings on the Security Services > Content Filter page:
If SonicWALL CFS is activated, the Content Filter Status section displays the status of the Content Filter Server, as well as the date and time that your subscription expires. The expiration date and time is displayed in Universal Time Code (UTC) format.
You can also access the SonicWALL CFS URL Rating Review Request form by clicking on the here link in If you believe that a Web site is rated incorrectly or you wish to submit a new URL, click here .
If SonicWALL CFS is not activated, you must purchase a license subscription for full content filtering functionality, including custom CFS Policies. If you do not have an Activation Key, you must purchase SonicWALL CFS from a SonicWALL reseller or from your mysonicwall.com account (limited to customers in the USA and Canada).
If you have an Activation Key for your SonicWALL CFS subscription, follow these steps to activate SonicWALL CFS:
|
Warning
|
You must have a mysonicwall.com account and your SonicWALL security appliance
must be registered to activate SonicWALL Client Anti-Virus.
|
|
Step 1
|
Click the
SonicWALL Content Filtering Subscription
link on the Security Services >
Content Filtering
page. The mysonicwall.com Login
page is displayed.
|
|
Step 2
|
Enter your mysonicwall.com account username and password in the
User Name
and Password
fields, then click Submit
. The System > Licenses
page is displayed. If your SonicWALL security appliance is already connected to your mysonicwall.com account, the System > Licenses
page appears after you click the SonicWALL Content Filtering
Subscription
link.
|
|
Step 3
|
Click
Activate
or Renew
in the Manage Service
column in the Manage Services Online
table. Type in the Activation Key in the New License Key
field and click Submit
. Your SonicWALL CFS subscription is activated on your SonicWALL.
|
|
Step 4
|
When you activate SonicWALL CFS at mysonicwall.com, the SonicWALL CFS activation is
automatically enabled on your SonicWALL within 24-hours or you can click the Synchronize
button on the Security Services > Summary
page to update your SonicWALL.
|
You can try a FREE TRIAL of SonicWALL CFS by following these steps:
|
Step 1
|
Click the
FREE TRIAL
link on the Security Services > Content Filter
page. The mysonicwall.com Login
page is displayed.
|
|
Step 2
|
Enter your mysonicwall.com account username and password in the
User Name
and Password
fields, then click Submit
. The System > Licenses
page is displayed. If your SonicWALL is already connected to your mysonicwall.com account, the System > Licenses
page appears after you click the FREE TRIAL
link.
|
|
Step 3
|
Click
FREE TRIAL
in the Manage Service
column in the Manage Services Online
table. Your SonicWALL CFS trial subscription is activated on your SonicWALL.
|
|
Step 4
|
Select
Security Services > Content Filter
to display the Content Filter page for configuring your SonicWALL Content Filtering Service settings.
|
There are three types of content filtering available on the SonicWALL security appliance. These options are available from the Content Filter Type menu.
|
•
|
SonicWALL CFS
- Selecting SonicWALL CFS
as the Content Filter Type
allows you to access SonicWALL CFS functionality that is included with SonicOS Enhanced, and also to configure custom CFS Policies that are available only with a valid subscription. You can obtain more information about SonicWALL Content Filtering Service at
http://www.sonicwall.com/products/cfs.html |
|
•
|
Websense Enterprise
- Websense Enterprise is also a third party content filter list supported by SonicWALL security appliances.
|
Clicking the Network > Zones link in Note: Enforce the Content Filtering per zone from the Network > Zone page , displays the Network > Zones page for enabling SonicWALL Content Filtering Service on network zones.
Restrict Web Features enhances your network security by blocking potentially harmful Web applications from entering your network.
Restrict Web Features are included with SonicOS. Select any of the following applications to block:
|
•
|
ActiveX
- ActiveX is a programming language that embeds scripts in Web pages. Malicious programmers can use ActiveX to delete files or compromise security. Select the ActiveX
check box to block ActiveX controls.
|
|
•
|
Java
- Java is used to download and run small programs, called applets, on Web sites. It is safer than ActiveX since it has built-in security mechanisms. Select the Java
check box to block Java applets from the network.
|
|
•
|
Cookies
- Cookies are used by Web servers to track Web usage and remember user identity. Cookies can also compromise users' privacy by tracking Web activities. Select the Cookies
check box to disable Cookies.
|
|
•
|
Access to HTTP Proxy Servers
- When a proxy server is located on the WAN, LAN users can circumvent content filtering by pointing their computer to the proxy server. Check this box to prevent LAN users from accessing proxy servers on the WAN.
|
Trusted Domains can be added to enable content from specific domains to be exempt from Restrict Web Features .
If you trust content on specific domains and want them to be exempt from Restrict Web Features , follow these steps to add them:
|
Step 1
|
Select the
Do not block Java/ActiveX/Cookies to Trusted Domains
checkbox.
|
|
Step 2
|
|
Step 3
|
Enter the trusted domain name in the
Domain Name
field.
|
|
Step 4
|
To keep the trusted domain entries but enable Restrict Web Features, uncheck
Do not block
Java/ActiveX/Cookies to Trusted Domains
. To delete an individual trusted domain, click on the Delete
icon for the entry. To delete all trusted domains, click Delete All
. To edit a trusted domain entry, click the Edit
icon.
IP address ranges can be manually added to or deleted from the CFS Exclusion List. Content filtering is disabled for IP addresses in the CFS Exclusion List. These address ranges are treated as trusted domains. Select Enable CFS Exclusion List to enable this feature.
The Do not bypass CFS blocking for the administrator checkbox controls content filtering for administrators. By default, when the administrator (“admin” user) is logged into the SonicOS management interface from a system, CFS blocking is suspended for that system’s IP address for the duration of the authenticated session. If you prefer to provide content filtering and apply CFS policies to the IP address of the administrator’s system, select the Do not bypass CFS blocking for the administrator checkbox.
To add a range of IP addresses to the CFS Exclusion List, perform these tasks:
|
Step 1
|
Select the
Enable CFS Exclusion List
checkbox.
|
|
Step 2
|
|
Step 3
|
Enter the first IP address in the range in the
IP Address From:
field and the last address in the IP Address To:
field.
|
|
Step 4
|
Click
OK
.
|
|
Step 5
|
Click
Accept
on the Security Services > Content Filter
page. The IP address range is added to the CFS Exclusion List.
|
To modify or temporarily disable the CFS Exclusion List, perform these tasks:
|
Step 1
|
To keep the CFS Exclusion List entries but temporarily allow content filtering to be applied to
these IP addresses, uncheck the Enable CFS Exclusion List
checkbox.
|
|
Step 2
|
|
Step 3
|
|
Step 4
|
To delete all trusted domains, click
Delete All
.
|
To configure a custom CFS policy for a range of IP addresses, perform these tasks:
|
Step 1
|
Scroll down to the
CFS Policy per IP Address Range
section and select the Enable Policy
per IP Address Range
checkbox.
|
|
Step 2
|
|
Step 3
|
Enter the first IP address in the range in the
IP Address From:
field and the last address in the IP Address To:
field.
|
|
Step 4
|
Select the CFS policy to apply to this IP address range in the
CFS Policy:
pulldown window.
|
|
Step 5
|
Optionally add a comment about this IP address range in the
Comment:
field.
|
|
Step 6
|
Click
OK
.
|
You can fully customize the web page that is displayed to the user when access to a blocked site is attempted. To revert to the default page, click the Default Blocked Page button.
For information on setting up Content Filter Properties, see Configuring SonicWALL Filter Properties .