PANEL_cflPropsWs

Configuring Websense Enterprise Content Filtering

Websense Enterprise is a third party Internet filtering package that allows you to use Internet content filtering through the SonicWALL.

Websense Server Status

This section displays the status of the Websense Enterprise server used for content filtering.

Websense Properties

1. Select Websense Enterprise from the Content Filter Type list.

2. Click Configure to display the Websense Properties window.

Note You specify enforcement of content filtering on the Network > Zones page.

• Server Host Name or IP Address - Enter the Server Host Name or the IP address of the Websense Enterprise server used for the Content Filter List.

• Server Port - Enter the UDP port number for the SonicWALL to “listen” for the Websense Enterprise traffic. The default port number is 15868.

• User Name - To enable reporting of users and groups defined on the Websense Enterprise server, leave this field blank. To enable reporting by a specific user or group behind the SonicWALL, enter the User Name configured on the Websense Enterprise Server for the user or group. If using NT-based directories on the Websense Enterprise Server, the User Name is in this format, for example: NTLM:\\domainname\username. If using LDAP-based directories on the Websense Enterprise server, the User Name is in this format, for example: LDAP://o-domain/ou=sales/username.

CAUTION If you are not sure about entering a user name in this section, leave the field blank and consult your Websense documentation for more information.

• Enable Websense probe monitoring - Select to have the Websense Enterprise server monitored for deactivation or reactivation.

• Check Server every - Specify the frequency that the Websense Enterprise server is to be probed, in seconds. The default is 10 seconds.

• Deactivate Websense after - Specify the number of probes that must be missed before the Websense Enterprise server is deactivated. The default is 3 probes.

• Reactivate Websense after - Specify the number of success probes that must be returned before the Websense Enterprise server is reactivated. The default is 2 probes.

• If Server is unavailable for (secs) - Defines what action is taken if the Websense Enterprise server is unavailable. The default value for timeout of the server is 5 seconds, but you can enter a value between 1 and 10 seconds.

– Block traffic to all Web sites - Selecting this option blocks traffic to all Web sites except Allowed Domains until the Websense Enterprise server is available.

– Allow traffic to all Web sites - Selecting this option allows traffic to all Web sites without Websense Enterprise server filtering. However, Forbidden Domains and Keywords, if enabled, are still blocked.

Note If you have Websense Enterprise selected as the content filter type, the firewall does not store allowed or forbidden keywords. If the Websense server becomes unavailable, the firewall does not send any queries to the Websense database, and allowed and forbidden keywords will not work. Allowed and forbidden keywords work only when the Websense server is available. However, if you have SonicWall’s Content Filter Service selected as the content filter type, you can still use allowed and forbidden keywords even if the Content Filter Service server becomes unavailable.

• Cache Size (KB) - Configure the size of the URL Cache in KB.

Tip A larger URL Cache size can result in noticeable improvements in Internet browsing response times.

3. Click OK.

YouTube for School Content Filtering Support

YouTube for Schools is a service that allows for customized YouTube access for students, teachers, and administrators. YouTube Education (YouTube EDU) provides schools access to hundreds of thousands of free educational videos. These videos come from a number of respected organizations. You can customize the content available in your school. All schools get access to all of the YouTube EDU content, but teachers and administrators can also create playlists of videos that are viewable only within their school's network. Before configuring your SonicWALL security appliance for YouTube for Schools, you must first sign up:

www.youtube.com/schools

The configuration of YouTube for Schools depends on the method of Content Filtering you are using, which is configured on the Security Services > Content Filter page.

Topics:

• Membership in Multiple Groups

• YouTube for Schools and HTTPS

Membership in Multiple Groups

If a user is a member of multiple groups where one policy allows access to any part of YouTube and the other policy has a YouTube for Schools restriction, the user will be filtered by the YouTube for Schools policy and not be allowed unrestricted access to YouTube.

A user cannot be a member of multiple groups that have different YouTube for School IDs. While the firewall will accept the configuration, this is not supported.

Note For more information on the general configuration of CFS, refer to Security Services > Content Filter.

When the CFS Policy Assignment drop-down menu is set to Via Application Control, YouTube for Schools is configured as an App Control Policy.

1. Navigate to Firewall > Match Objects and click Add New Match Object.

2. Type in a descriptive name, and then select CFS Allow/Forbidden List as the Match Object Type.

3. Select Partial Match for the Match Type.

4. In the Content field, type in “youtube.com” and then click Add.

5. Type in “ytimg.com” and then click Add.

6. Click OK to create the Match Object.

7. Navigate to the Firewall > App Rules page and click Add New Policy.

8. Type in a descriptive Policy Name.

9. For the Policy Type, select CFS.

10. Select the appropriate settings for Match Object and Action Object, based on your environment.

11. For CFS Allow/Excluded List, select the Match Object you just created (our example uses “CFS Allow YT4S”).

12. Select the Enable YouTube for Schools checkbox.

13. Paste in your School ID, which is obtained from www.youtube.com/schools