Solved

How to configure content filter by ip address on SonicWall TZ215 (SonicOS 5.9.0.4-127)

Posted on 2014-07-28
6
1,687 Views
Last Modified: 2014-08-25
I'm trying to change the content filter policy on one computer. All other computers on the network use the default CFS policy which is assigned as default to the LAN Zone and has been working fine.
On the LAN Zone Enforce Content Filtering Service is ticked and assigned to the Default policy that has the highest restrictions in terms of categories allowed.
The new policy that I want to assign to just a single machine has a more relaxed policy with a couple more categories allowed access.
Under "Security Services > Content Filter I have ticked "Enable Policy per IP Address Range" and I have the main LAN IP address range assigned to the Default policy and the IP address of the relaxed machine assigned to the relaxed CFS Policy.

The problem is that it now seems to allow all computers to access the more relaxed policy.

I am not connected to the admin console of the SonicWall from the machine I am testing from. I have tried to logout of the admin console totally and then test.

Is there a step I have missed to configure content filter by IP Address?
0
Comment
Question by:Milkybar-kid
  • 3
  • 2
6 Comments
 
LVL 38

Accepted Solution

by:
Aaron Tomosky earned 500 total points
ID: 40225867
I don't have a sonicwall in front of me at the moment but by memory I've done this in the application firewall rules section
http://help.mysonicwall.com/sw/eng/6005/ui2/25800/Security_Services_securityServicesCFView.html
0
 
LVL 20

Expert Comment

by:carlmd
ID: 40226272
Take a look at the following, specifically the section on Assigning CFS Policies on IP Addresses.

https://support.software.dell.com/sonicwall-e-class-nsa-series/kb/sw7969
0
 
LVL 38

Expert Comment

by:Aaron Tomosky
ID: 40226925
That article is for IP address ranges. If you want to do it that way, you need three ranges. The lower range, your ip exception, and the upper range.

If you try it the application firewall rule way it think you will find it easier for your setup.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 1

Author Comment

by:Milkybar-kid
ID: 40237404
Thank you for the replies.
I had a lok at the link that you sent Aaron regarding application firewall rules. This is something that I will take a look at for future reference. With a cursory glance it seemed to involve creating network zones which would mean restructuring the network topology which I want to avoid at this stage. However your comment regarding the adding the three ranges seems to have resolved this because I only had two ip ranges defined which took care of the devices in the safe policy range with the single IP having the more relaxed content filter policy above that.  I have now added another IP range above that completing the whole subnet and at first testing this seems to work. I will need to wait until tomorrow to confirm for sure.
0
 
LVL 1

Author Comment

by:Milkybar-kid
ID: 40277519
I've been tryin to make this work via app rules but can't get to grips with the exclusion requirements.
Under Security Services > Content Filter I have changes CFS Policy Assignment to Via App Rules
I have checked the box  for Enable HTTPS Content Filtering in the CFS tab
Under Firewall > Match Objects I have created a default CFS Rule that blocks many categories including Social Networking
I have created an App Rule that sets up a CFS Policy with the Default rule and this seems to operate OK

I have also created address objects for the two computers I want to allow access to social media and put them in an Address Object Group called Social Networkers and I have created an Allow/Forbid List containing Facebook and Twitter (initially). But these computers are still blocked from viewing. How is the precedence set for rules with exclusions?

The other problem I now face is that CFS is not working for https even though I have checked the box Enable HTTPS Content Filtering in the CFS tab - but it is not blocking https so why is that?- I have followed this article
https://www.fuzeqna.com/sonicwallkb/ext/kbdetail.aspx?kbid=8802
0
 
LVL 1

Author Closing Comment

by:Milkybar-kid
ID: 40282766
I used App Control Advanced in the end.
Good learning exercise and this post set me off in the right direction.
Even with App Rules everything works fine except with https using IE (Firefox and Chrome are OK)
0

Featured Post

Superior storage. Superior surveillance.

WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to setup a Voice VLAN on a Cisco Meraki MS220-24 3 89
Cisco ASA 5516-X Configuration 4 75
Flashing Cisco Meraki MR18 with OpenWRT firmware ? 5 159
nipper studio 2 34
This article will step through configuring a SonicWALL appliance to utilize an internal DHCP server for Global VPN Client (GVC) hosts.  There are times when using an external (external to the SonicWALL) DHCP server, such as Windows Servers, isn’t pr…
Hello All, I have been training on Multicast for a while now and whenever I start the topic , I find out that my friends /  Colleagues mention that they do not know how to test Multicast Joins. As most of the multicast would be video traffic and …
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: http://www.codetwo.com/backup-for-office-365/ (http://www.codetwo.com/ba…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now