Solved

Sonicwall TZ205 CFS bypass

Posted on 2014-12-10
4
413 Views
Last Modified: 2015-02-13
Hi, we have a new Sonicwall TZ205 with the CFS subscription activated.  Our office consists of 10 people using the Sonicwall as a Router/Firewall with DHCP/DNS.  We have no servers.  I have configured the CFS with the basic settings confirmed it is working and blocking specific sites.

I have one computer that I want to be able to bypass the CFS.

Is there a way to bypass the CFS by using the MAC address of one computer?  If so, how can I accomplish?  I have already created an Address Object for the MAC address of the computer and an Address Group to include this Address Object.

Any help would be appreciated, thanks in advance,
0
Comment
Question by:eloredo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 13

Accepted Solution

by:
Greg Hejl earned 250 total points
ID: 40493084
https://support.software.dell.com/kb/sw6617

OverView:

IP address ranges can be manually added to or deleted from the CFS Exclusion List. Content filtering is disabled for IP addresses in the CFS Exclusion List. These address ranges are treated as trusted domains. Select Enable CFS Exclusion List to enable this feature.
 
 
Click To See Full Image.

The Do not bypass CFS blocking for the administrator checkbox controls content filtering for administrators. By default, when the administrator (“admin” user) is logged into the SonicOS management interface from a system, CFS blocking is suspended for that system’s IP address for the duration of the authenticated session. If you prefer to provide content filtering and apply CFS policies to the IP address of the administrator’s system, select the Do not bypass CFS blocking for the administrator checkbox.

Procedure:

To add a range of IP addresses to the CFS Exclusion List, follow these steps:

Step 1 Login to the SonicWALL Management Interface
Step 2 Go to Security Services > Content Filter
Step 3 Select the Enable CFS Exclusion List checkbox.
Step 4 Click Add. The Add CFS Range Entry window is displayed.
Step 5 Enter the first IP address in the range in the IP Address From: field and the last address in the IP Address To: field.

 
Click To See Full Image.


Step 6 Click OK.
Step 7 Click Accept on the Security Services > Content Filter page. The IP address range is added to the CFS Exclusion List.

Modifying or Temporarily Disabling the CFS Exclusion List

To modify or temporarily disable the CFS Exclusion List:

Step 1 To keep the CFS Exclusion List entries but temporarily allow content filtering to be applied to these IP addresses, uncheck the Enable CFS Exclusion List checkbox.
Step 2 To edit a trusted domain entry, click the Edit icon.
Step 3 To delete an individual trusted domain, click on the Delete icon for the entry.
Step 4 To delete all trusted domains, click Delete All.

Source: SonicOS Enhanced 5.1 Administrator Guide
0
 
LVL 20

Assisted Solution

by:carlmd
carlmd earned 250 total points
ID: 40493488
0
 

Author Comment

by:eloredo
ID: 40496969
Thanks for the info provided so far, looks like what I am looking for.  Unfortunately, I am away from that office and sonicwall for a few days but will attempt the recommended setups and confirm next week.

Thanks again.
0
 

Author Comment

by:eloredo
ID: 40531811
Just got back form vacation and need to coordinate this setup with the client this week and will respond with result.
0

Featured Post

Is your NGFW recommended by NSS Labs?

Ours is! NSS Labs Next Generation Firewall Test gives the WatchGuard Firebox M4600 a "Recommended" rating! Curious where your NGFW landed on the  Security Value Map? See the map and download the full report today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We've been using the Cisco/Linksys RV042 for years as: - an internet Gateway - a site-to-site VPN device - a leased line site-to-site subnet-to-subnet interface (And, here I'm assuming that any RV0xx behaves the same way as an RV042.  So that's …
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question