Link to home
Start Free TrialLog in
Avatar of ormerodrutter
ormerodrutterFlag for United Kingdom of Great Britain and Northern Ireland

asked on

Sonic Wall with Content Filtering

Dear SonicWall experts,

My company has recently purchased SonicWall TZ and want to implement Content filtering. I have tried to setup our own policies but they don't seem to work too well.

What we want to achieve is, 1. Block Facebook in working hours, but lift the ban between 1pm to 2pm. and 2. Block certain GAMES and Chat websites during office hours, lift the ban between lunch hour.

What I have done so far, is to alter the Default policy to block these sites, with a custom policy to lift that ban between 1pm to 2pm. But it doesn't seem to be working at all as people are complaining they couldn't get onto www.bored.com

With the Facebook issue, I put www.facebook.com in the forbidden domain and in the custom policy unticked the "Enable Forbidden Domains" checkbox. I have tried tick and untick that box but Facebook is still blocked.

Can any experts shed some lights here please? I have already received a lot of hate mail because people couldn't get onto these sites at lunch hour......:(

Thanks in advance.

Avatar of MikeKane
MikeKane
Flag of United States of America image

Avatar of VisionVoice
VisionVoice

Hello Friend!  I understand what you are trying to achieve, and the Sonicwall forums are littered with posts of people trying to do the same or similar with very little luck.  There are a few confusing things about the Content Filtering on the Sonicwall, but it is possible to do what you are trying to do.  I am working on a TZ210 with 5.5 firmware.  I am assuming you are working on similar (TZ 180, 190, 200 etc with 5.0 or better).

First of all...when you are programming and testing the filtering -- Administer the Sonicwall from one machine and test the effects from another.  Being logged into the Sonicwall as the administrator will change the filtering for that machine.  There is a setting that should affect how the administrator is filtered, but I have found it to be unpredictable.

I am going to give a simplified approach here that will demonstrate the method.  I am going to block an entire category (Personals and Dating) during work hours, and allow a specific site in that category during during non work hours (including lunch from 1pm to 2pm).

Go to System --> Schedules and click the Edit button for Work Hours schedule.  Under Schedule List, click the Delete All button to delete the current 8am to 5pm schedule.  Now Add two new schedules in the Work Hours list - one for 8pm to 1pm, M-F and one for 2pm to 5pm M-F.  Save the Work Hours schedule.

Go to Security Services --> Content Filter.  Click Configure (Beside Sonicwall CFS)

Click the Custom List Tab and in the Allowed Domains box, enter "www.facebook.com" .  

Click the Policy Tab and edit the Default Policy.  Click the URL List Tab and check the Personals and Dating category. Click the Settings Tab and UNCHECK Disable Allowed Domains. Click OK.

Back on the Policy Tab, click ADD. Name the Policy "Work Hours Policy".  Click the URL List Tab and check the Personals and Dating category. Click the Settings Tab and CHECK Disable Allowed Domains. Under Filter URL by Time of Day, select Work Hours. Click OK.

Now you need to apply the new policy to all the appropriate Zones and User Groups.  Go to Network --> Zones and edit the LAN zone.  CHECK Enforce Content Filtering, and select "Work Hours Policy" under CFS Policy.  Be sure to click OK at the bottom.  Sometimes you have to expand the pop-up window to see the OK button. If you are using the Sonicwall wireless, you will need to do the same thing in the WLAN zone.

If you have created any Sonicwall users (under Users --> Local Users) for VPN access or other functions then you will also need to change the CFS Policy for the User Groups they are in.  Go to Users - Local Groups, edit the group and change the policy on the CFS Policy Tab.  If you have no Sonicwall users, this shouldn't be necessary.

So, in review, we have have created a Default Policy and Custom Policy.  Both of them have the same URL Categories Restricted.  We create a list of sites that we want to allow during lunch and put them in the Allowed Domains List.  We then Disable the Allowed Domains list on our Custom Policy and make the Custom Policy active during lunch.  The rest of the time, the default policy is in effect.

You should be able to expand these instructions to include other Restricted Categories and Allowed Domains with no trouble.

Let me know how it goes. Cheers!

Avatar of ormerodrutter

ASKER

Thank You VisionVoice that is a very comprehensive guide to config CFS.

I have done pretty much what you stated, apart from applying the policy to the LAN zone. I will do that and test it out today. As you may guess everyone were shouting at me in the past few days. :(

Just a couple of further question.

1. If I apply the Work Hour policy will that supercede the Default policy?
2. Can you apply more than one policy to LAN zoone (I guess not or probably not necessary)?

Thanks
ASKER CERTIFIED SOLUTION
Avatar of VisionVoice
VisionVoice

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Works great. Very detailed step by step guide.
You definitely know what you are talking :)

Thanks!!!