Security Services > Client CF Enforcement

Dell SonicWALL Client CF Enforcement provides protection and productivity policy enforcement for businesses, schools, libraries and government agencies. Dell SonicWALL has created a revolutionary content filtering architecture, utilizing a scalable, dynamic database to block objectionable and unproductive Web content.

Client CF Enforcement provides the ideal combination of control and flexibility to ensure the highest levels of protection and productivity. Client CF Enforcement prevents individual users from accessing inappropriate content while reducing organizational liability and increasing productivity. Web sites are rated according to the type of content they contain. The Content Filtering Service (CFS) blocks or allows access to these web sites based on their ratings and the policy settings for a user or group.

Businesses can typically control web surfing behavior and content when the browsing is initiated within the perimeter of the security appliance by setting filter policies on the appliance. But when the same device exits the perimeter, the control is lost. Client CF Enforcement kicks into action to address this gap, by blocking objectionable and unproductive Web content outside the security appliance perimeter.

Dell SonicWALL security appliances working in conjunction with Client CF Enforcement automatically and consistently ensure all endpoints have the latest software updates for the ultimate network protection. The client is designed to work with both Windows and Mac PCs.

Client CF Enforcement consists of the following three main components:

•	A Network Security Appliance running SonicOS whose role is to facilitate and verify licencing of CFS and to enable or disable enforcement and configure exclusions and other settings.

•	Automatic triggering to install the Client CF Enforcement of any client attempting to access the Internet without the client software installed will be blocked from accessing Websites until it is installed.

•	Administration of client policies and client groups using the cloud-based EPRS server accessed from MySonicWALL or from SonicOS running on the appliance.

Topics:

•	Enabling and Configuring Client CF Enforcement

•	Enabling Client CFS in Network Zones

Enabling and Configuring Client CF Enforcement

This section describes how to enable and configure settings for Client CF Enforcement in SonicOS.

Client CF Enforcement must be enabled on the Dell SonicWALL appliance before users will be presented with a Website block page, which prompts the user to install the Client CF Enforcement.

NOTE: If the Content Filtering Client (CFS) is not activated on MySonicWALL, you must activate it to enforce client content filtering polices on client systems.

Configuring Client CF Enforcement in Security Services

To configure settings for Client CF Enforcement, perform the following steps on your Dell SonicWALL appliance:

1	Log in to your Dell SonicWALL security appliance.

2	Navigate to the Security Services > Client CF Enforcement page.

3	Under the Client CF Enforcement Policies section, select the number of days from the drop-down list for the Grace Period during which CFS enforcement policies remain valid.

The Client CF Enforcement Lists section contains a table including the Client CFS Enforcement List and the Excluded from Client CF Enforcement List.

To configure either of these tables, click the Configure icon for the list you wish to configure. The Edit Address Object Group window displays. Select from the available list the values to include/not include for the group.

4	For the Client CF Enforcement List and Excluded from Client CF Enforcement List. If you have made any entries in these lists, you can click the arrow next to the list title to display the entries. To add entries to either list, click the Configure icon in that row.

5

For the field labeled For computers whose addresses do not fall in any of the above lists, the default enforcement is, select Client CF Enforcement from the drop-down list. This is located below the Client CF Enforcement Lists section. Selecting this will prompt all other computers connecting to the Internet through the appliance to install the Enforced Client. You can select None from the drop-down list if you only want to enforce the service on computers that you have configured.

6	Click Accept.