Custom_CFS_Category

Creating a Custom CFS Category

This section details creating a custom CFS category entry. CFS allows the administrator not only to create custom Policies, but also allows for custom domain name entries to the existing CFS rating categories. This allows for insertion of custom CFS-managed content into the existing and very flexible category structure.

To create a new CFS custom category:

 
Enable CFS Custom Categories — page 964
 
Add a New CFS Custom Category Entry — page 964

Enable CFS Custom Categories

Step 1
Navigate to the Security Services > Content Filter page in the SonicOS management interface.
Step 2
Scroll down and click the CFS Custom Category section and select the Enable CFS Custom Category checkbox.
Step 3
Click the Accept button to save your changes and enable the Custom Category feature.

Add a New CFS Custom Category Entry

Step 1
Again in the Security Services > Content Filter page, scroll down to the CFS Custom Category section and click the Add... button.

Step 2
Enter a descriptive Name for the custom entry.
Step 3
Choose the pre-defined Category to which this entry will be added.
Step 4
Enter a domain name into the Content field.
 
Note
All subdomains of the domain entered are affected. For example, entering “yahoo.com” applies to “mail.yahoo.com” and “my.yahoo.com”, hence it is not necessary to enter all FQDN entries for subdomains of a parent domain.
Step 5
Click the OK button to add this custom entry.

Legacy Content Filtering Examples

The following sections describe how to configure the settings on the Security Services > Content Filter page using legacy Cotent Filtering methods.

 
Note
It is not possible to create advanced rules which uitilize bandwidth management and application filter policy control when using the ‘legacy’ method of Content Filtering. For advanced rule cration, see the CFS 3.0 Policy Management Overview section.
 
“Content Filter Status”
 
“Content Filter Type”
 
“Restrict Web Features”
 
“Trusted Domains”
 
“CFS Exclusion List”
 
“CFS Policy per IP Address Range”
 
“Web Page to Display when Blocking”

Content Filter Status

If SonicWALL CFS is activated, the Content Filter Status section displays the status of the Content Filter Server, as well as the date and time that your subscription expires. The expiration date and time is displayed in Universal Time Code (UTC) format.

You can also access the SonicWALL CFS URL Rating Review Request form by clicking on the here link in If you believe that a Web site is rated incorrectly or you wish to submit a new URL, click here .

If SonicWALL CFS is not activated, you must purchase a license subscription for full content filtering functionality, including custom CFS Policies. If you do not have an Activation Key, you must purchase SonicWALL CFS from a SonicWALL reseller or from your mysonicwall.com account (limited to customers in the USA and Canada).

Activating SonicWALL CFS

If you have an Activation Key for your SonicWALL CFS subscription, follow these steps to activate SonicWALL CFS:

 
Warning
You must have a mysonicwall.com account and your SonicWALL security appliance must be registered to activate SonicWALL Client Anti-Virus.
Step 1
Click the SonicWALL Content Filtering Subscription link on the Security Services > Content Filtering page. The mysonicwall.com Login page is displayed.
Step 2
Enter your mysonicwall.com account username and password in the User Name and Password fields, then click Submit . The System > Licenses page is displayed. If your SonicWALL security appliance is already connected to your mysonicwall.com account, the System > Licenses page appears after you click the SonicWALL Content Filtering Subscription link.
Step 3
Click Activate or Renew in the Manage Service column in the Manage Services Online table. Type in the Activation Key in the New License Key field and click Submit . Your SonicWALL CFS subscription is activated on your SonicWALL.
Step 4
When you activate SonicWALL CFS at mysonicwall.com, the SonicWALL CFS activation is automatically enabled on your SonicWALL within 24-hours or you can click the Synchronize button on the Security Services > Summary page to update your SonicWALL.

Activating a SonicWALL CFS FREE TRIAL

You can try a FREE TRIAL of SonicWALL CFS by following these steps:

Step 1
Click the FREE TRIAL link on the Security Services > Content Filter page. The mysonicwall.com Login page is displayed.
Step 2
Enter your mysonicwall.com account username and password in the User Name and Password fields, then click Submit . The System > Licenses page is displayed. If your SonicWALL is already connected to your mysonicwall.com account, the System > Licenses page appears after you click the FREE TRIAL link.
Step 3
Click FREE TRIAL in the Manage Service column in the Manage Services Online table. Your SonicWALL CFS trial subscription is activated on your SonicWALL.
Step 4
Select Security Services > Content Filter to display the Content Filter page for configuring your SonicWALL Content Filtering Service settings.

Content Filter Type

There are three types of content filtering available on the SonicWALL security appliance. These options are available from the Content Filter Type menu.

 
SonicWALL CFS - Selecting SonicWALL CFS as the Content Filter Type allows you to access SonicWALL CFS functionality that is included with SonicOS Enhanced, and also to configure custom CFS Policies that are available only with a valid subscription. You can obtain more information about SonicWALL Content Filtering Service at
http://www.sonicwall.com/products/cfs.html
 
Websense Enterprise - Websense Enterprise is also a third party content filter list supported by SonicWALL security appliances.

Clicking the Network > Zones link in Note: Enforce the Content Filtering per zone from the Network > Zone page , displays the Network > Zones page for enabling SonicWALL Content Filtering Service on network zones.

Restrict Web Features

Restrict Web Features enhances your network security by blocking potentially harmful Web applications from entering your network.

 

Restrict Web Features are included with SonicOS. Select any of the following applications to block:

 
ActiveX - ActiveX is a programming language that embeds scripts in Web pages. Malicious programmers can use ActiveX to delete files or compromise security. Select the ActiveX check box to block ActiveX controls.
 
Java - Java is used to download and run small programs, called applets, on Web sites. It is safer than ActiveX since it has built-in security mechanisms. Select the Java check box to block Java applets from the network.
 
Cookies - Cookies are used by Web servers to track Web usage and remember user identity. Cookies can also compromise users' privacy by tracking Web activities. Select the Cookies check box to disable Cookies.
 
Access to HTTP Proxy Servers - When a proxy server is located on the WAN, LAN users can circumvent content filtering by pointing their computer to the proxy server. Check this box to prevent LAN users from accessing proxy servers on the WAN.

Trusted Domains

Trusted Domains can be added to enable content from specific domains to be exempt from Restrict Web Features .

If you trust content on specific domains and want them to be exempt from Restrict Web Features , follow these steps to add them:

Step 1
Select the Do not block Java/ActiveX/Cookies to Trusted Domains checkbox.
Step 2
Click Add . The Add Trusted Domain Entry window is displayed.
Step 3
Enter the trusted domain name in the Domain Name field.
Step 4
Click OK . The trusted domain entry is added to the Trusted Domains table.

To keep the trusted domain entries but enable Restrict Web Features, uncheck Do not block Java/ActiveX/Cookies to Trusted Domains . To delete an individual trusted domain, click on the Delete icon for the entry. To delete all trusted domains, click Delete All . To edit a trusted domain entry, click the Edit icon.

CFS Exclusion List

IP address ranges can be manually added to or deleted from the CFS Exclusion List. For traffic from IP addresses in the CFS Exclusion List, content filtering is disabled and the traffic is allowed access through any firewall access rules that are set to allow only certain users without requiring the user to be authenticated. If Single Sign On is enabled, that traffic will not initiate SSO. These address ranges are treated as trusted domains. Select Enable CFS Exclusion List to enable this feature.

 

The Do not bypass CFS blocking for the administrator checkbox controls content filtering for administrators. By default, when the administrator (“admin” user) is logged into the SonicOS management interface from a system, CFS blocking is suspended for that system’s IP address for the duration of the authenticated session. If you prefer to provide content filtering and apply CFS policies to the IP address of the administrator’s system, select the Do not bypass CFS blocking for the administrator checkbox.

Adding Trusted Domains to the CFS Exclusion List

To add a range of IP addresses to the CFS Exclusion List, perform these tasks:

Step 1
Select the Enable CFS Exclusion List checkbox.
Step 2
Click Add . The Add CFS Range Entry window is displayed.
Step 3
Enter the first IP address in the range in the IP Address From: field and the last address in the IP Address To: field.
Step 4
Click OK .
Step 5
Click Accept on the Security Services > Content Filter page. The IP address range is added to the CFS Exclusion List.

Modifying or Temporarily Disabling the CFS Exclusion List

To modify or temporarily disable the CFS Exclusion List, perform these tasks:

Step 1
To keep the CFS Exclusion List entries but temporarily allow content filtering to be applied to these IP addresses, uncheck the Enable CFS Exclusion List checkbox.
Step 2
To edit a trusted domain entry, click the Edit icon.
Step 3
To delete an individual trusted domain, click on the Delete icon for the entry.
Step 4
To delete all trusted domains, click Delete All .

CFS Policy per IP Address Range

To configure a custom CFS policy for a range of IP addresses, perform these tasks:

Step 1
Scroll down to the CFS Policy per IP Address Range section and select the Enable Policy per IP Address Range checkbox.
Step 2
Click Add . The Add CFS Policy per IP Address Range window is displayed.
Step 3
Enter the first IP address in the range in the IP Address From: field and the last address in the IP Address To: field.
Step 4
Select the CFS policy to apply to this IP address range in the CFS Policy: pulldown window.
Step 5
Optionally add a comment about this IP address range in the Comment: field.
Step 6
Click OK .

Web Page to Display when Blocking

You can fully customize the web page that is displayed to the user when access to a blocked site is attempted. To revert to the default page, click the Default Blocked Page button.

For information on setting up Content Filter Properties, see Configuring Legacy SonicWALL Filter Properties .