This section details creating a custom CFS category entry. CFS allows the administrator not
only to create custom Policies, but also allows for custom domain name entries to the existing CFS rating categories. This allows for insertion of custom CFS-managed content into the existing and very flexible category structure.
To create a new CFS custom category:
|
Step 1
|
Navigate to the
Security Services > Content Filter
page in the SonicOS management interface.
|
|
Step 3
|
Click the
Accept
button to save your changes and enable the Custom Category feature.
|
|
Step 1
|
Again in the
Security Services > Content Filter
page, scroll down to the CFS Custom
Category
section and click the Add...
button.
|
|
Step 5
|
Click the
OK
button to add this custom entry.
|
The following sections describe how to configure the settings on the
Security Services >
Content Filter
page using legacy Cotent Filtering methods.
If ADTRAN CFS is activated, the
Content Filter Status
section displays the status of the Content Filter Server, as well as the date and time that your subscription expires. The expiration date and time is displayed in Universal Time Code (UTC) format.
You can also access the
ADTRAN CFS URL Rating Review Request
form by clicking on the here
link in If you believe that a Web site is rated incorrectly or you wish to submit a new
URL, click here
.
If ADTRAN CFS is not activated, you must purchase a license subscription for full content
filtering functionality, including custom CFS Policies. If you do not have an Activation Key, you must purchase ADTRAN CFS from a ADTRAN reseller or from your NetVanta Security Portal account (limited to customers in the USA and Canada).
If you have an Activation Key for your ADTRAN CFS subscription, follow these steps to activate
ADTRAN CFS:
|
Step 1
|
Click the
ADTRAN Content Filtering Subscription
link on the Security Services > Content
Filtering
page. The NetVanta Security Portal account Login
page is displayed.
|
|
Step 3
|
Click
Activate
or Renew
in the Manage Service
column in the Manage Services Online
table. Type in the Activation Key in the New License Key
field and click Submit
. Your ADTRAN CFS subscription is activated on your ADTRAN.
|
You can try a FREE TRIAL of ADTRAN CFS by following these steps:
|
Step 1
|
Click the
FREE TRIAL
link on the Security Services > Content Filter
page. The NetVanta
Security Portal account Login
page is displayed.
|
|
Step 3
|
Click
FREE TRIAL
in the Manage Service
column in the Manage Services Online
table. Your ADTRAN CFS trial subscription is activated on your ADTRAN.
|
|
Step 4
|
Select
Security Services > Content Filter
to display the Content Filter page for configuring your ADTRAN Content Filtering Service settings.
|
There are three types of content filtering available on the firewall. These options are available
from the Content Filter Type
menu.
|
|
•
|
ADTRAN CFS
- Selecting ADTRAN CFS
as the Content Filter Type
allows you to access ADTRAN CFS functionality that is included with SonicOS Enhanced, and also to configure custom CFS Policies that are available only with a valid subscription.
|
|
|
•
|
Websense Enterprise
- Websense Enterprise is also a third party content filter list supported by firewalls.
|
Clicking the
Network > Zones
link in Note: Enforce the Content Filtering per zone from the
Network > Zone page
, displays the Network > Zones
page for enabling ADTRAN Content Filtering Service on network zones.
Restrict Web Features
enhances your network security by blocking potentially harmful Web applications from entering your network.
Restrict Web Features
are included with SonicOS. Select any of the following applications to block:
|
|
•
|
ActiveX
- ActiveX is a programming language that embeds scripts in Web pages. Malicious programmers can use ActiveX to delete files or compromise security. Select the ActiveX
check box to block ActiveX controls.
|
|
|
•
|
Java
- Java is used to download and run small programs, called applets, on Web sites. It is safer than ActiveX since it has built-in security mechanisms. Select the Java
check box to block Java applets from the network.
|
|
|
•
|
Cookies
- Cookies are used by Web servers to track Web usage and remember user identity. Cookies can also compromise users' privacy by tracking Web activities. Select the Cookies
check box to disable Cookies.
|
|
|
•
|
Access to HTTP Proxy Servers
- When a proxy server is located on the WAN, LAN users can circumvent content filtering by pointing their computer to the proxy server. Check this box to prevent LAN users from accessing proxy servers on the WAN.
|
Trusted Domains can be added to enable content from specific domains to be exempt from
Restrict Web Features
.
If you trust content on specific domains and want them to be exempt from
Restrict Web
Features
, follow these steps to add them:
|
Step 1
|
Select the
Do not block Java/ActiveX/Cookies to Trusted Domains
checkbox.
|
|
Step 2
|
Click
Add
. The Add Trusted Domain Entry
window is displayed.
|
|
Step 4
|
Click
OK
. The trusted domain entry is added to the Trusted Domains
table.
|
To keep the trusted domain entries but enable Restrict Web Features, uncheck
Do not block
Java/ActiveX/Cookies to Trusted Domains
. To delete an individual trusted domain, click on the Delete
icon for the entry. To delete all trusted domains, click Delete All
. To edit a trusted domain entry, click the Edit
icon.
IP address ranges can be manually added to or deleted from the CFS Exclusion List. For traffic
from IP addresses in the CFS Exclusion List, content filtering is disabled and the traffic is allowed access through any firewall access rules that are set to allow only certain users without requiring the user to be authenticated. If Single Sign On is enabled, that traffic will not initiate SSO. These address ranges are treated as trusted domains. Select Enable CFS Exclusion
List
to enable this feature.
The
Do not bypass CFS blocking for the administrator
checkbox controls content filtering for administrators. By default, when the administrator (“admin” user) is logged into the SonicOS management interface from a system, CFS blocking is suspended for that system’s IP address for the duration of the authenticated session. If you prefer to provide content filtering and apply CFS policies to the IP address of the administrator’s system, select the Do not bypass CFS
blocking for the administrator
checkbox.
To add a range of IP addresses to the CFS Exclusion List, perform these tasks:
|
Step 1
|
Select the
Enable CFS Exclusion List
checkbox.
|
|
Step 2
|
Click
Add
. The Add CFS Range Entry
window is displayed.
|
|
Step 5
|
Click
Accept
on the Security Services > Content Filter
page. The IP address range is added to the CFS Exclusion List.
|
To modify or temporarily disable the CFS Exclusion List, perform these tasks:
To configure a custom CFS policy for a range of IP addresses, perform these tasks:
|
Step 1
|
Scroll down to the
CFS Policy per IP Address Range
section and select the Enable Policy
per IP Address Range
checkbox.
|
|
Step 2
|
Click
Add
. The Add CFS Policy per IP Address Range
window is displayed.
|
You can fully customize the web page that is displayed to the user when access to a blocked
site is attempted. To revert to the default page, click the Default Blocked Page
button.
For information on setting up Content Filter Properties, see
Configuring Legacy ADTRAN Filter Properties
.