Sonicwall TZ100 Content Filter problem

I have the content filter enabled on a TZ100 and added to the Custom list, forbidden domains list.  I also added facebook to the Keyword Blocking list.

If users go to directly, it stops access.  However, if they do a Google search for and click on the link on the results page, they can access it!

What am I missing?

atekcomputerSenior Network EngineerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Sounds like you need to enable Safe Search enforcement, see if this video helps:
atekcomputerSenior Network EngineerAuthor Commented:
I enabled Safe Search, but didn't block them.
Blue Street TechLast KnightCommented:
Hi atekcomputer,

What firmware version are you running?
Do you have CGSS enabled?

Check this after you answer the above questions; login to your firewall
Go to Security Services>Content Filter>Configure...>CFS tab
Make sure the following have Checks next to them:
Enable HTTPS Content Filtering
Enable CFS Server Failover.
Block Traffic to all Web sites.
Then go to the Policy tab & click Configure
In the Settings tab make sure the following looks like this:
Source of Allowed Domains: Global
Source of Forbidden Domains: Global
Source of Keywords: Global
Click OK, OK until your back to the main interface.
Reboot the firewall & test again.

Let me know how it goes!

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Powerful Yet Easy-to-Use Network Monitoring

Identify excessive bandwidth utilization or unexpected application traffic with SolarWinds Bandwidth Analyzer Pack.

atekcomputerSenior Network EngineerAuthor Commented:
Firmware version:
where can I check if CGSS is enabled?
Blue Street TechLast KnightCommented:
Thanks for your reply.

You should upgrade your firmware version to the latest release, which is
Here's how:

To see if CGSS is enabled & to locate your current licensing: Log onto the firewall & go to System>Licenses then look under Comprehensive Gateway Security Suite and you should see the products with associated expiry dates.

Did you try what I provided above: http:#a39462406 ?
atekcomputerSenior Network EngineerAuthor Commented:
I did what you said in 39462406, just need to apply the firmware update.  I'll let you know how it goes.

Under CGSS, only premium content filtering services is licensed, the rest aren't.
Blue Street TechLast KnightCommented:

OK, Premium Content Filtering will do it. CGSS is best though because you would have App Control, which governs over applications on the web and locally installed.

I'll wait for your results!
Blue Street TechLast KnightCommented:
How's it going...any updates?
Blue Street TechLast KnightCommented:

How's it going?
Blue Street TechLast KnightCommented:
Have I answered all your questions?
Blue Street TechLast KnightCommented:
Can you confirm if you upgraded your firmware or not? Thanks!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.