This section details creating a custom CFS category entry. CFS allows the administrator not
only to create custom Policies, but also allows for custom domain name entries to the existing CFS rating categories. This allows for insertion of custom CFS-managed content into the existing and very flexible category structure.
To create a new CFS custom category:
|
Step 1
|
Navigate to the
Security Services > Content Filter
page in the SonicOS management interface.
|
|
Step 3
|
Click the
Accept
button to save your changes and enable the Custom Category feature.
|
|
Step 1
|
Again in the
Security Services > Content Filter
page, scroll down to the CFS Custom
Category
section and click the Add...
button.
|
|
Step 5
|
Click the
OK
button to add this custom entry.
|
The following sections describe how to configure the settings on the
Security Services >
Content Filter
page using legacy Cotent Filtering methods.
If SonicWALL CFS is activated, the
Content Filter Status
section displays the status of the Content Filter Server, as well as the date and time that your subscription expires. The expiration date and time is displayed in Universal Time Code (UTC) format.
You can also access the
SonicWALL CFS URL Rating Review Request
form by clicking on the here
link in If you believe that a Web site is rated incorrectly or you wish to submit a
new URL, click here
.
If SonicWALL CFS is not activated, you must purchase a license subscription for full content
filtering functionality, including custom CFS Policies. If you do not have an Activation Key, you must purchase SonicWALL CFS from a SonicWALL reseller or from your mysonicwall.com account (limited to customers in the USA and Canada).
If you have an Activation Key for your SonicWALL CFS subscription, follow these steps to
activate SonicWALL CFS:
|
Step 1
|
Click the
SonicWALL Content Filtering Subscription
link on the Security Services >
Content Filtering
page. The mysonicwall.com Login
page is displayed.
|
|
Step 2
|
Enter your mysonicwall.com account username and password in the
User Name
and Password
fields, then click Submit
. The System > Licenses
page is displayed. If your SonicWALL security appliance is already connected to your mysonicwall.com account, the System > Licenses
page appears after you click the SonicWALL Content Filtering
Subscription
link.
|
|
Step 3
|
Click
Activate
or Renew
in the Manage Service
column in the Manage Services Online
table. Type in the Activation Key in the New License Key
field and click Submit
. Your SonicWALL CFS subscription is activated on your SonicWALL.
|
You can try a FREE TRIAL of SonicWALL CFS by following these steps:
|
Step 1
|
Click the
FREE TRIAL
link on the Security Services > Content Filter
page. The mysonicwall.com Login
page is displayed.
|
|
Step 3
|
Click
FREE TRIAL
in the Manage Service
column in the Manage Services Online
table. Your SonicWALL CFS trial subscription is activated on your SonicWALL.
|
|
Step 4
|
Select
Security Services > Content Filter
to display the Content Filter page for configuring your SonicWALL Content Filtering Service settings.
|
There are three types of content filtering available on the SonicWALL security appliance. These
options are available from the Content Filter Type
menu.
|
|
•
|
SonicWALL CFS
- Selecting SonicWALL CFS
as the Content Filter Type
allows you to access SonicWALL CFS functionality that is included with SonicOS Enhanced, and also to configure custom CFS Policies that are available only with a valid subscription. You can obtain more information about SonicWALL Content Filtering Service at
http://www.sonicwall.com/products/cfs.html
|
|
|
•
|
Websense Enterprise
- Websense Enterprise is also a third party content filter list supported by SonicWALL security appliances.
|
Clicking the
Network > Zones
link in Note: Enforce the Content Filtering per zone from the
Network > Zone page
, displays the Network > Zones
page for enabling SonicWALL Content Filtering Service on network zones.
Restrict Web Features
enhances your network security by blocking potentially harmful Web applications from entering your network.
Restrict Web Features
are included with SonicOS. Select any of the following applications to block:
|
|
•
|
ActiveX
- ActiveX is a programming language that embeds scripts in Web pages. Malicious programmers can use ActiveX to delete files or compromise security. Select the ActiveX
check box to block ActiveX controls.
|
|
|
•
|
Java
- Java is used to download and run small programs, called applets, on Web sites. It is safer than ActiveX since it has built-in security mechanisms. Select the Java
check box to block Java applets from the network.
|
|
|
•
|
Cookies
- Cookies are used by Web servers to track Web usage and remember user identity. Cookies can also compromise users' privacy by tracking Web activities. Select the Cookies
check box to disable Cookies.
|
|
|
•
|
Access to HTTP Proxy Servers
- When a proxy server is located on the WAN, LAN users can circumvent content filtering by pointing their computer to the proxy server. Check this box to prevent LAN users from accessing proxy servers on the WAN.
|
Trusted Domains can be added to enable content from specific domains to be exempt from
Restrict Web Features
.
If you trust content on specific domains and want them to be exempt from
Restrict Web
Features
, follow these steps to add them:
|
Step 1
|
Select the
Do not block Java/ActiveX/Cookies to Trusted Domains
checkbox.
|
|
Step 2
|
Click
Add
. The Add Trusted Domain Entry
window is displayed.
|
|
Step 4
|
Click
OK
. The trusted domain entry is added to the Trusted Domains
table.
|
To keep the trusted domain entries but enable Restrict Web Features, uncheck
Do not block
Java/ActiveX/Cookies to Trusted Domains
. To delete an individual trusted domain, click on the Delete
icon for the entry. To delete all trusted domains, click Delete All
. To edit a trusted domain entry, click the Edit
icon.
IP address ranges can be manually added to or deleted from the CFS Exclusion List. For traffic
from IP addresses in the CFS Exclusion List, content filtering is disabled and the traffic is allowed access through any firewall access rules that are set to allow only certain users without requiring the user to be authenticated. If Single Sign On is enabled, that traffic will not initiate SSO. These address ranges are treated as trusted domains. Select Enable CFS Exclusion
List
to enable this feature.
The
Do not bypass CFS blocking for the administrator
checkbox controls content filtering for administrators. By default, when the administrator (“admin” user) is logged into the SonicOS management interface from a system, CFS blocking is suspended for that system’s IP address for the duration of the authenticated session. If you prefer to provide content filtering and apply CFS policies to the IP address of the administrator’s system, select the Do not bypass CFS
blocking for the administrator
checkbox.
To add a range of IP addresses to the CFS Exclusion List, perform these tasks:
|
Step 1
|
Select the
Enable CFS Exclusion List
checkbox.
|
|
Step 2
|
Click
Add
. The Add CFS Range Entry
window is displayed.
|
|
Step 5
|
Click
Accept
on the Security Services > Content Filter
page. The IP address range is added to the CFS Exclusion List.
|
To modify or temporarily disable the CFS Exclusion List, perform these tasks:
To configure a custom CFS policy for a range of IP addresses, perform these tasks:
|
Step 1
|
Scroll down to the
CFS Policy per IP Address Range
section and select the Enable Policy
per IP Address Range
checkbox.
|
|
Step 2
|
Click
Add
. The Add CFS Policy per IP Address Range
window is displayed.
|
You can fully customize the web page that is displayed to the user when access to a blocked
site is attempted. To revert to the default page, click the Default Blocked Page
button.
For information on setting up Content Filter Properties, see
Configuring Legacy SonicWALL Filter Properties
.