Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Need SonicWALL Content Filtering Assistance

Posted on 2013-02-05
7
Medium Priority
?
520 Views
Last Modified: 2013-06-19
I have a new NSA 2400 and have limited experience with the OS. I have two groups of users I'd like to configure content filtering (CFS) for. Group A will have limited access to the Internet. Group B will have access to some sites that are blocked for Group A users.

I have created two policies and assigned local groups (imported via LDAP from Active Directory) to each policy. I'm unclear on what to do next. Do I have to create a new zone for my LAN interface for the second policy?

Thx.
0
Comment
Question by:vsCoder
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 13

Accepted Solution

by:
Ugo Mena earned 2000 total points
ID: 38855771
Yes, in order to apply the CFS policies via User and Zone you will need to create a new LAN zone for the second policy.

You can also apply CFS policies via App Rules. Which also requires you to create address objects for each group that you want a different CFS policy to apply to. However, this method does not require a new zone and is much more flexible for applying different policies.
0
 
LVL 1

Author Comment

by:vsCoder
ID: 38856171
Thank you, ultralites.

I have a couple of follow-up questions.

1. If I have two LAN zones with different CFS policies what happens if a person is in two Local Groups (via LDAP from Active Directory) with two separate CFS policies assigned? Is it cumulative access? Or does a blocked site in one policy override a setting in the other policy?

2. I like the App Rules option. I'm not clear on what address object I'd need to create in this scenario.
0
 
LVL 13

Expert Comment

by:Ugo Mena
ID: 38856352
1. I believe it will apply the most restrictive (cumulative) settings to a user in both Groups.

2. Sorry meant to say Application/Match Object for App Rules. App rules need a Match Object to define what/where to look for and an Action Object to define what to do when it is found. App rules allow for very specific scenarios and can let you determine what happens (i.e. with a user in 2 groups) using Address exclusions.
0
Moving data to the cloud? Find out if you’re ready

Before moving to the cloud, it is important to carefully define your db needs, plan for the migration & understand prod. environment. This wp explains how to define what you need from a cloud provider, plan for the migration & what putting a cloud solution into practice entails.

 
LVL 13

Expert Comment

by:Ugo Mena
ID: 38856371
Here is a link to SonicWall forums KB article:
https://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=7002
0
 
LVL 1

Author Comment

by:vsCoder
ID: 38856516
I did refer to that KB article previously. Not sure why it did not work - using LDAP.

I did just create a new App Rule and Match Object to block the site. Now I'd like to open it up for a small group of users. I tried using the Exception field for this, but no luck.

Thanks.
0
 
LVL 13

Expert Comment

by:Ugo Mena
ID: 38856562
you will need to define those users within a new Address Object. If you are relying on AD logins, you may need to define this group using MAC addresses.
0
 
LVL 1

Author Closing Comment

by:vsCoder
ID: 39260480
Thank you.
0

Featured Post

Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Keystroke loggers have been around for a very long time. While the threat is old, some of the remedies are new!
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question