Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Need SonicWALL Content Filtering Assistance

Posted on 2013-02-05
Last Modified: 2013-06-19
I have a new NSA 2400 and have limited experience with the OS. I have two groups of users I'd like to configure content filtering (CFS) for. Group A will have limited access to the Internet. Group B will have access to some sites that are blocked for Group A users.

I have created two policies and assigned local groups (imported via LDAP from Active Directory) to each policy. I'm unclear on what to do next. Do I have to create a new zone for my LAN interface for the second policy?

Question by:vsCoder
  • 4
  • 3
LVL 13

Accepted Solution

Ugo Mena earned 500 total points
ID: 38855771
Yes, in order to apply the CFS policies via User and Zone you will need to create a new LAN zone for the second policy.

You can also apply CFS policies via App Rules. Which also requires you to create address objects for each group that you want a different CFS policy to apply to. However, this method does not require a new zone and is much more flexible for applying different policies.

Author Comment

ID: 38856171
Thank you, ultralites.

I have a couple of follow-up questions.

1. If I have two LAN zones with different CFS policies what happens if a person is in two Local Groups (via LDAP from Active Directory) with two separate CFS policies assigned? Is it cumulative access? Or does a blocked site in one policy override a setting in the other policy?

2. I like the App Rules option. I'm not clear on what address object I'd need to create in this scenario.
LVL 13

Expert Comment

by:Ugo Mena
ID: 38856352
1. I believe it will apply the most restrictive (cumulative) settings to a user in both Groups.

2. Sorry meant to say Application/Match Object for App Rules. App rules need a Match Object to define what/where to look for and an Action Object to define what to do when it is found. App rules allow for very specific scenarios and can let you determine what happens (i.e. with a user in 2 groups) using Address exclusions.
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

LVL 13

Expert Comment

by:Ugo Mena
ID: 38856371
Here is a link to SonicWall forums KB article:

Author Comment

ID: 38856516
I did refer to that KB article previously. Not sure why it did not work - using LDAP.

I did just create a new App Rule and Match Object to block the site. Now I'd like to open it up for a small group of users. I tried using the Exception field for this, but no luck.

LVL 13

Expert Comment

by:Ugo Mena
ID: 38856562
you will need to define those users within a new Address Object. If you are relying on AD logins, you may need to define this group using MAC addresses.

Author Closing Comment

ID: 39260480
Thank you.

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to choose hardware firewall 5 60
SonicWALL SIP Transformation Problem 4 113
What are acceptable WiFi signal strengths 6 72
IP Address -- lookup location ? 4 156
In this blog, I will share you some basic tips for content marketing and to rank your website on Google.
Examines three attack vectors, specifically, the different types of malware used in malicious attacks, web application attacks, and finally, network based attacks.  Concludes by examining the means of securing and protecting critical systems and inf…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

792 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question