Need SonicWALL Content Filtering Assistance

Posted on 2013-02-05
Last Modified: 2013-06-19
I have a new NSA 2400 and have limited experience with the OS. I have two groups of users I'd like to configure content filtering (CFS) for. Group A will have limited access to the Internet. Group B will have access to some sites that are blocked for Group A users.

I have created two policies and assigned local groups (imported via LDAP from Active Directory) to each policy. I'm unclear on what to do next. Do I have to create a new zone for my LAN interface for the second policy?

Question by:vsCoder
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
LVL 13

Accepted Solution

Ugo Mena earned 500 total points
ID: 38855771
Yes, in order to apply the CFS policies via User and Zone you will need to create a new LAN zone for the second policy.

You can also apply CFS policies via App Rules. Which also requires you to create address objects for each group that you want a different CFS policy to apply to. However, this method does not require a new zone and is much more flexible for applying different policies.

Author Comment

ID: 38856171
Thank you, ultralites.

I have a couple of follow-up questions.

1. If I have two LAN zones with different CFS policies what happens if a person is in two Local Groups (via LDAP from Active Directory) with two separate CFS policies assigned? Is it cumulative access? Or does a blocked site in one policy override a setting in the other policy?

2. I like the App Rules option. I'm not clear on what address object I'd need to create in this scenario.
LVL 13

Expert Comment

by:Ugo Mena
ID: 38856352
1. I believe it will apply the most restrictive (cumulative) settings to a user in both Groups.

2. Sorry meant to say Application/Match Object for App Rules. App rules need a Match Object to define what/where to look for and an Action Object to define what to do when it is found. App rules allow for very specific scenarios and can let you determine what happens (i.e. with a user in 2 groups) using Address exclusions.
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 13

Expert Comment

by:Ugo Mena
ID: 38856371
Here is a link to SonicWall forums KB article:

Author Comment

ID: 38856516
I did refer to that KB article previously. Not sure why it did not work - using LDAP.

I did just create a new App Rule and Match Object to block the site. Now I'd like to open it up for a small group of users. I tried using the Exception field for this, but no luck.

LVL 13

Expert Comment

by:Ugo Mena
ID: 38856562
you will need to define those users within a new Address Object. If you are relying on AD logins, you may need to define this group using MAC addresses.

Author Closing Comment

ID: 39260480
Thank you.

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to take over, control, & secure a network 9 95
ASA Tunnel 18 49
Review of a VPN cert policy 4 51
Wireshark Network Packet Analysis of PS4 7 48
The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question