Solved

Need SonicWALL Content Filtering Assistance

Posted on 2013-02-05
7
518 Views
Last Modified: 2013-06-19
I have a new NSA 2400 and have limited experience with the OS. I have two groups of users I'd like to configure content filtering (CFS) for. Group A will have limited access to the Internet. Group B will have access to some sites that are blocked for Group A users.

I have created two policies and assigned local groups (imported via LDAP from Active Directory) to each policy. I'm unclear on what to do next. Do I have to create a new zone for my LAN interface for the second policy?

Thx.
0
Comment
Question by:vsCoder
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 13

Accepted Solution

by:
Ugo Mena earned 500 total points
ID: 38855771
Yes, in order to apply the CFS policies via User and Zone you will need to create a new LAN zone for the second policy.

You can also apply CFS policies via App Rules. Which also requires you to create address objects for each group that you want a different CFS policy to apply to. However, this method does not require a new zone and is much more flexible for applying different policies.
0
 
LVL 1

Author Comment

by:vsCoder
ID: 38856171
Thank you, ultralites.

I have a couple of follow-up questions.

1. If I have two LAN zones with different CFS policies what happens if a person is in two Local Groups (via LDAP from Active Directory) with two separate CFS policies assigned? Is it cumulative access? Or does a blocked site in one policy override a setting in the other policy?

2. I like the App Rules option. I'm not clear on what address object I'd need to create in this scenario.
0
 
LVL 13

Expert Comment

by:Ugo Mena
ID: 38856352
1. I believe it will apply the most restrictive (cumulative) settings to a user in both Groups.

2. Sorry meant to say Application/Match Object for App Rules. App rules need a Match Object to define what/where to look for and an Action Object to define what to do when it is found. App rules allow for very specific scenarios and can let you determine what happens (i.e. with a user in 2 groups) using Address exclusions.
0
What, When and Where - Security Threats from Q1

Join Corey Nachreiner, CTO, and Marc Laliberte, Information Security Threat Analyst, on July 26th as they explore their key findings from the first quarter of 2017.

 
LVL 13

Expert Comment

by:Ugo Mena
ID: 38856371
Here is a link to SonicWall forums KB article:
https://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=7002
0
 
LVL 1

Author Comment

by:vsCoder
ID: 38856516
I did refer to that KB article previously. Not sure why it did not work - using LDAP.

I did just create a new App Rule and Match Object to block the site. Now I'd like to open it up for a small group of users. I tried using the Exception field for this, but no luck.

Thanks.
0
 
LVL 13

Expert Comment

by:Ugo Mena
ID: 38856562
you will need to define those users within a new Address Object. If you are relying on AD logins, you may need to define this group using MAC addresses.
0
 
LVL 1

Author Closing Comment

by:vsCoder
ID: 39260480
Thank you.
0

Featured Post

Percona Live Europe 2017 | Sep 25 - 27, 2017

The Percona Live Open Source Database Conference Europe 2017 is the premier event for the diverse and active European open source database community, as well as businesses that develop and use open source database software.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Examines three attack vectors, specifically, the different types of malware used in malicious attacks, web application attacks, and finally, network based attacks.  Concludes by examining the means of securing and protecting critical systems and inf…
A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question