Solved

How to configure content filter by ip address on SonicWall TZ215 (SonicOS 5.9.0.4-127)

Posted on 2014-07-28
6
1,754 Views
Last Modified: 2014-08-25
I'm trying to change the content filter policy on one computer. All other computers on the network use the default CFS policy which is assigned as default to the LAN Zone and has been working fine.
On the LAN Zone Enforce Content Filtering Service is ticked and assigned to the Default policy that has the highest restrictions in terms of categories allowed.
The new policy that I want to assign to just a single machine has a more relaxed policy with a couple more categories allowed access.
Under "Security Services > Content Filter I have ticked "Enable Policy per IP Address Range" and I have the main LAN IP address range assigned to the Default policy and the IP address of the relaxed machine assigned to the relaxed CFS Policy.

The problem is that it now seems to allow all computers to access the more relaxed policy.

I am not connected to the admin console of the SonicWall from the machine I am testing from. I have tried to logout of the admin console totally and then test.

Is there a step I have missed to configure content filter by IP Address?
0
Comment
Question by:Milkybar-kid
  • 3
  • 2
6 Comments
 
LVL 39

Accepted Solution

by:
Aaron Tomosky earned 500 total points
ID: 40225867
I don't have a sonicwall in front of me at the moment but by memory I've done this in the application firewall rules section
http://help.mysonicwall.com/sw/eng/6005/ui2/25800/Security_Services_securityServicesCFView.html
0
 
LVL 20

Expert Comment

by:carlmd
ID: 40226272
Take a look at the following, specifically the section on Assigning CFS Policies on IP Addresses.

https://support.software.dell.com/sonicwall-e-class-nsa-series/kb/sw7969
0
 
LVL 39

Expert Comment

by:Aaron Tomosky
ID: 40226925
That article is for IP address ranges. If you want to do it that way, you need three ranges. The lower range, your ip exception, and the upper range.

If you try it the application firewall rule way it think you will find it easier for your setup.
0
Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

 
LVL 1

Author Comment

by:Milkybar-kid
ID: 40237404
Thank you for the replies.
I had a lok at the link that you sent Aaron regarding application firewall rules. This is something that I will take a look at for future reference. With a cursory glance it seemed to involve creating network zones which would mean restructuring the network topology which I want to avoid at this stage. However your comment regarding the adding the three ranges seems to have resolved this because I only had two ip ranges defined which took care of the devices in the safe policy range with the single IP having the more relaxed content filter policy above that.  I have now added another IP range above that completing the whole subnet and at first testing this seems to work. I will need to wait until tomorrow to confirm for sure.
0
 
LVL 1

Author Comment

by:Milkybar-kid
ID: 40277519
I've been tryin to make this work via app rules but can't get to grips with the exclusion requirements.
Under Security Services > Content Filter I have changes CFS Policy Assignment to Via App Rules
I have checked the box  for Enable HTTPS Content Filtering in the CFS tab
Under Firewall > Match Objects I have created a default CFS Rule that blocks many categories including Social Networking
I have created an App Rule that sets up a CFS Policy with the Default rule and this seems to operate OK

I have also created address objects for the two computers I want to allow access to social media and put them in an Address Object Group called Social Networkers and I have created an Allow/Forbid List containing Facebook and Twitter (initially). But these computers are still blocked from viewing. How is the precedence set for rules with exclusions?

The other problem I now face is that CFS is not working for https even though I have checked the box Enable HTTPS Content Filtering in the CFS tab - but it is not blocking https so why is that?- I have followed this article
https://www.fuzeqna.com/sonicwallkb/ext/kbdetail.aspx?kbid=8802
0
 
LVL 1

Author Closing Comment

by:Milkybar-kid
ID: 40282766
I used App Control Advanced in the end.
Good learning exercise and this post set me off in the right direction.
Even with App Rules everything works fine except with https using IE (Firefox and Chrome are OK)
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Occasionally, we encounter connectivity issues that appear to be isolated to cable internet service.  The issues we typically encountered were reset errors within Internet Explorer when accessing web sites or continually dropped or failing VPN conne…
Every server (virtual or physical) needs a console: and the console can be provided through hardware directly connected, software for remote connections, local connections, through a KVM, etc. This document explains the different types of consol…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

837 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question