Policies_ContentFilter_Settings_Snwls

Configuring Content Filter Settings

The settings page is used to configure whether access to restricted content, sites, and features is blocked or logged, if and when users can access blocked material, and the message that will be displayed when users attempt to access blocked material.

SonicWALL offers two types of content filtering and supports two third-party content filtering packages: N2H2 and Websense Enterprise. To configure filtering options for N2H2 or Websense, view the documentation that came with the software package.

To configure the Content Filter settings, perform the following steps:

1. In the left pane, select the global icon, a group, or a SonicWALL appliance.
2. Click the Policies tab.
3. In the center pane, navigate to the Content Filter > Settings page.

Content Filter Type

4. Select the content filtering type that you will use.





• SonicWALL CFS—Enables the CFS SonicWALL filtering package based on the firmware version of the SonicWALL appliance.
• N2H2—To use N2H2, you must have the N2H2 software package running on a server in your network. For more information, visit www.n2h2.com.
• Websense—To use Websense, you must have the Websense Enterprise software package running on a server in your network. For more information, visit www.websense.com.

If you select N2H2 or Websense, make sure to configure the appropriate filtering options. For more information, refer to the N2H2 and Websense Content Filtering.

5. To apply content filtering and Web feature restrictions to the LAN port (WorkPort), select LAN.
6. To apply content filtering and Web feature restrictions to the WLAN interface, select WLAN.

Note: To enforce the CFS per zone, refer to the Network > Zones page.

Trusted Domains

7. A trusted domain is a domain that is allowed to use Web features such as Java, ActiveX, and cookies. To create a list of trusted domains, select the Don't block Java/ActiveX/Cookies to Trusted Domains check box.





8. Select trusted domains from the Domain list, or add/import trusted domains by clicking the Add New Trusted Domain or Import links.
   If adding a trusted domain, enter one or more domains name in the Trusted Domains field and click Add. The scheduler displays. Multiple domains should be separated by a “;” semicolon. Enter the domain name only. For example, “yahoo.com.” Do not include “http://.” Entering “yahoo.com” will also allow access to www.yahoo.com, my.yahoo.com, sports.yahoo.com, and so on.
   Importing a .txt file with one domain name per line is the easiest way to add multiple domains to a Trusted Domains list. Click the Import... button to add multiple domains from a text file.
9. Configure existing trusted domains by clicking the configure icon for the desired domain.
10. Delete a trusted domain by selecting the checkbox for the trusted domain and then clicking the Delete Trusted Domain(s) link. You can also delete multiple trusted domains at one time.

Note: This feature will only enable Web features for the selected domains. To make the domain available for unrestricted browsing, add it to the Allowed Domains list. For more information, refer to the Configuring a Custom List.

Web Page to Display when Blocking

11. Enter the message that will be displayed when users attempt to access restricted content, sites, and features. For example, “This Web site is blocked and restricted. Get back to work.”





12. When you are finished, click Update. The scheduler displays.

CFS Settings

13. To enable content filtering, click the Enable HTTPS Content Filtering checkbox. HTTPS content filtering is IP address and hostname based. While HTTP content filtering can perform redirects to enforce authentication or provide a block page, HTTPS filtered pages will be silently blocked.





14. To enable CFS server failover, click the CFS Server Failover checkbox.
15. Specify the number of seconds of server inactivity before traffic is blocked or allowed. This defines what action is taken if the Websense Enterprise server is unavailable. The default value for timeout of the server is 5 seconds, but you can enter a value between 1 and 10 seconds

Selecting the Block traffic to all Web sites option blocks traffic to all Web sites except Allowed Domains until the Websense Enterprise server is available.

Selecting the Allow traffic to all Web sites option allows traffic to all Web sites without Websense Enterprise server filtering. However, Forbidden Domains and Keywords, if enabled, are still blocked.

16. If the server marks the URL as “blocked” then you can block and/or log access to that URL. Select the Block Access to URL and/or the Log Access to URL radio button(s).

URL Cache

17. Enter the desired cache size (in KB) in the Cache Size text-field. If you are not sure of the supported range for your appliance, click the available link for the valid ranges.
18. Click the Update button.

Web Usage Consent

The consent feature allows organizations to specify computers that are always filtered and computers that are filtered by user request. This feature is popular in libraries, Internet cafes, and other public Internet systems.

Note: This feature is not available if you select N2H2 or Websense content filtering. For information on configuring filtering options for these software packages, refer to their documentation.

T






19. Check the Require Consent check box to require consent. Users can choose if they want filtering or not.
20. Enter the maximum time (in minutes) a user can access the Internet in the Maximum Web Usage field.
21. Specify the maximum amount of time (in minutes) a connection may remain idle before the user is logged out and must agree to the consent agreement again in the User Idle Timeout field.
22. Enter the URL of the Web page from which users choose to enable filtering in the Consent Page URL (Optional Filtering) field. This page displays when users first attempt to access the Internet and must contain a link for choosing unfiltered access and a link for choosing filtered access. The link for unfiltered access is IPaddress/iAccept.html. The link for filtered access is IPaddress/iAcceptFilter.html. IPaddress is the LAN (WorkPort) IP address of the SonicWALL appliances.
23. Enter the URL of the page that displays when users choose to access the Internet without content filtering in the “Consent Accepted” URL (Filtering Off) field. This page must be accessible on the LAN (WorkPort).
24. Enter the URL of the page that displays when users access the Internet with content filtering enabled in the “Consent Accepted” URL (Filtering On) field. This page must be accessible on the LAN (WorkPort).

Mandatory IP Filtering






25. When a user opens a Web browser on a computer with mandatory content filtering they will be shown a consent page. Enter the URL for the consent page in the Consent Page URL (Mandatory Filtering) field. You will need to create this Web page. It usually contains an Acceptable Use Policy and a notification that violations will be logged or blocked.

This Web page must reside on a Web server that is accessible as a URL by LAN (WorkPort) users. This page must also contain a link that tells the SonicWALL appliance that the user agrees to having filtering enabled. To do this, create the following link:

IPaddress/iAcceptFilter.html

where IPaddress is the LAN (WorkPort) IP address of the SonicWALL appliance.

26. To enforce content filtering for a specific computer on the LAN, enter the IP address in the IP Addresses field of the Mandatory Filtered IP Addresses section and click Add. Up to 128 IP addresses can be entered.
27. To remove a computer from the list of computers to be filtered, click the checkbox in the trash can column for the IP address.
28. When you are finished, click Update. The scheduler displays.