[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1928
  • Last Modified:

sonicwall nsa3500 - how to make a policy that can add to security policy that allow youtube.com

Dear Sonicwall Expert,

Our company is using Sonicwall NSA3500 UTM. There are few customised CFS configured and user group configured imported from LDAP server.

On CFS configuration, all the policy is blocked social networking and multimedia. Now, I try to make a policy that can allow youtube.com only. this policy can be add to the existing policy so that if some top management wants it i just add the youtube policy. But I don't know how to do it. I did something that allowing youtube to open, but it is also allowing other social networking, like facebook, linkedin, etc... Could someone please teach me how to do it?

Thanks in advance.
1
normancb
Asked:
normancb
  • 7
  • 5
1 Solution
 
djsharmaCommented:
CFS Exclusion List

IP address ranges can be manually added to the CFS Exclusion List.

To manually add a range of IP addresses to the CFS Exclusion List, follow these steps:
 

1.Check the Enable CFS Exclusion List checkbox.
 
1.Click Add. The Add CFS Range Entry window is displayed.
 
1.Enter the first IP address in the range in the IP Address From: field and the last address in the IP Address To: field.
 
1.Click OK. The IP address range is added to the CFS Exclusion List.
 
To keep the CFS Exclusion List entries but temporarily allow access to these sites, uncheck the Enable CFS Exclusion LIst checkbox. To delete an individual trusted domain, click on the Trashcan icon for the entry. To delete all trusted domains, click Delete All. To edit a trusted domain entry, click the Notepad icon.
 

Please refer below link:

(http://help.mysonicwall.com/sw/eng/405/ui2/23500/Security_Services/Content_Filter.htm)
0
 
normancbAuthor Commented:
Hi djsharma, i think there's a little misunderstanding here. want i want is to make a policy not exclusion. a policy that can apply to users account on the domain. thanks anyway for your reply. i appreciated that.
0
 
Syed_M_UsmanCommented:
Dear,

Why dont you use Application Firewall to block and allow connections... could you please logon to SNA Firewall > App Control Advanced>

App Control Advanced  :

Category:ALL
Application:ALL
Viewed By:Category

Click on Multimedia
can you see MGMT if you click on "Excluded Users/Groups"
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
normancbAuthor Commented:
Hi,

that's actually i did. i configured on App Control Advanced> and on Multimedia > youtube, but what happenned is if I add that youtube policy to the users account, it is also opening social networking sites which is totally not good. I tried many times to trial and error of the settings from App Control Advance, and CFS but I couldn't find a solution for that.
0
 
Syed_M_UsmanCommented:
ok,,,

Do as follows..
Make sure you have created A Group (Example G_Multimedia), you can create G_Youtube_Users containg ALL AO to allow youtube....

App Control Advanced

Category:Multimedia
Application:ALL
Viewed By:Category=====>Configure

Block Enable,
Log Enable...

Now you have Blocked Multimedia Cat for All users,, make sure you have not added any exculsion...
save and exit

App Control Advanced

Category:Multimedia
Application:ALL
Viewed By:Application,,, Go to last page (183, You tube.com)

App Category:MULTIMEDIA
App Name:YouTube

and ad exclusion refer to below...
App Control Advanced
please let know if you find any difficulty
0
 
normancbAuthor Commented:
hi syed,

good day!

on these configuration, how can i add a policy within the domain?

here's the scenario, we have a 3 level cat on internet access, complete, medium and limited configured in the firewall (CFS). And on the users>local group, we have 3 group which is imported from LDAP. each group (top, med, users) configured to the level of internet access (CFS). note that top, med, users cannot access social networking site, like facebook, twitter, youtube, etc. now, what i want is i need to create 1 users group that allow youtube.com. so, from the 3 group levels, if i add the youtube group, it will allow youtube. sample; "name" in active directory, is a member of top group(which is complete), if i add youtube group in this account, he/she can now access youtube. note that only youtube can access not facebook or other social networking site.
0
 
Syed_M_UsmanCommented:
Dear,

i belive this will meet your requirment, please read below KB

https://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=8490

before you implement make sure you have Settings backup...
0
 
normancbAuthor Commented:
Thanks Syed. let me check on that. for now, i have to check first all the configurations since i have more to consider like we have DMZ setup, we hosted email exchange, vpn, and so on. thanks for all the guide and knowledge base. i appreciated that.
0
 
Syed_M_UsmanCommented:
Dear,
you are welcome,,, please make sure you do CFS change sfter office hours and you have settings backup PRE and POST chnage....
0
 
normancbAuthor Commented:
Hi,

in continuation to my question, please find attached file that might help in building the policy/configuration. Please pardon me for blocking the address bar.

Thanks
Sonicwall-NSA-3500-Configuration.pdf
0
 
Syed_M_UsmanCommented:
Dear,
sorry for my late reply, i was out...
i will check the atatched and get back to you ASAP.
0
 
normancbAuthor Commented:
thanks to all for the support. i just want to inform everyone that i already got a solution on this issue.
0
 
normancbAuthor Commented:
at last, i've got a solution after how many days of re study of all the configuration. Thanks everyone who supported me.
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

  • 7
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now