?
Solved

How to configure content filter by ip address on SonicWall TZ215 (SonicOS 5.9.0.4-127)

Posted on 2014-07-28
6
Medium Priority
?
1,994 Views
Last Modified: 2014-08-25
I'm trying to change the content filter policy on one computer. All other computers on the network use the default CFS policy which is assigned as default to the LAN Zone and has been working fine.
On the LAN Zone Enforce Content Filtering Service is ticked and assigned to the Default policy that has the highest restrictions in terms of categories allowed.
The new policy that I want to assign to just a single machine has a more relaxed policy with a couple more categories allowed access.
Under "Security Services > Content Filter I have ticked "Enable Policy per IP Address Range" and I have the main LAN IP address range assigned to the Default policy and the IP address of the relaxed machine assigned to the relaxed CFS Policy.

The problem is that it now seems to allow all computers to access the more relaxed policy.

I am not connected to the admin console of the SonicWall from the machine I am testing from. I have tried to logout of the admin console totally and then test.

Is there a step I have missed to configure content filter by IP Address?
0
Comment
Question by:Milkybar-kid
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 39

Accepted Solution

by:
Aaron Tomosky earned 2000 total points
ID: 40225867
I don't have a sonicwall in front of me at the moment but by memory I've done this in the application firewall rules section
http://help.mysonicwall.com/sw/eng/6005/ui2/25800/Security_Services_securityServicesCFView.html
0
 
LVL 20

Expert Comment

by:carlmd
ID: 40226272
Take a look at the following, specifically the section on Assigning CFS Policies on IP Addresses.

https://support.software.dell.com/sonicwall-e-class-nsa-series/kb/sw7969
0
 
LVL 39

Expert Comment

by:Aaron Tomosky
ID: 40226925
That article is for IP address ranges. If you want to do it that way, you need three ranges. The lower range, your ip exception, and the upper range.

If you try it the application firewall rule way it think you will find it easier for your setup.
0
Moving data to the cloud? Find out if you’re ready

Before moving to the cloud, it is important to carefully define your db needs, plan for the migration & understand prod. environment. This wp explains how to define what you need from a cloud provider, plan for the migration & what putting a cloud solution into practice entails.

 
LVL 1

Author Comment

by:Milkybar-kid
ID: 40237404
Thank you for the replies.
I had a lok at the link that you sent Aaron regarding application firewall rules. This is something that I will take a look at for future reference. With a cursory glance it seemed to involve creating network zones which would mean restructuring the network topology which I want to avoid at this stage. However your comment regarding the adding the three ranges seems to have resolved this because I only had two ip ranges defined which took care of the devices in the safe policy range with the single IP having the more relaxed content filter policy above that.  I have now added another IP range above that completing the whole subnet and at first testing this seems to work. I will need to wait until tomorrow to confirm for sure.
0
 
LVL 1

Author Comment

by:Milkybar-kid
ID: 40277519
I've been tryin to make this work via app rules but can't get to grips with the exclusion requirements.
Under Security Services > Content Filter I have changes CFS Policy Assignment to Via App Rules
I have checked the box  for Enable HTTPS Content Filtering in the CFS tab
Under Firewall > Match Objects I have created a default CFS Rule that blocks many categories including Social Networking
I have created an App Rule that sets up a CFS Policy with the Default rule and this seems to operate OK

I have also created address objects for the two computers I want to allow access to social media and put them in an Address Object Group called Social Networkers and I have created an Allow/Forbid List containing Facebook and Twitter (initially). But these computers are still blocked from viewing. How is the precedence set for rules with exclusions?

The other problem I now face is that CFS is not working for https even though I have checked the box Enable HTTPS Content Filtering in the CFS tab - but it is not blocking https so why is that?- I have followed this article
https://www.fuzeqna.com/sonicwallkb/ext/kbdetail.aspx?kbid=8802
0
 
LVL 1

Author Closing Comment

by:Milkybar-kid
ID: 40282766
I used App Control Advanced in the end.
Good learning exercise and this post set me off in the right direction.
Even with App Rules everything works fine except with https using IE (Firefox and Chrome are OK)
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question