• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 533
  • Last Modified:

Sonicwall TZ205 CFS bypass

Hi, we have a new Sonicwall TZ205 with the CFS subscription activated.  Our office consists of 10 people using the Sonicwall as a Router/Firewall with DHCP/DNS.  We have no servers.  I have configured the CFS with the basic settings confirmed it is working and blocking specific sites.

I have one computer that I want to be able to bypass the CFS.

Is there a way to bypass the CFS by using the MAC address of one computer?  If so, how can I accomplish?  I have already created an Address Object for the MAC address of the computer and an Address Group to include this Address Object.

Any help would be appreciated, thanks in advance,
  • 2
2 Solutions
Greg HejlPrincipal ConsultantCommented:


IP address ranges can be manually added to or deleted from the CFS Exclusion List. Content filtering is disabled for IP addresses in the CFS Exclusion List. These address ranges are treated as trusted domains. Select Enable CFS Exclusion List to enable this feature.
Click To See Full Image.

The Do not bypass CFS blocking for the administrator checkbox controls content filtering for administrators. By default, when the administrator (“admin” user) is logged into the SonicOS management interface from a system, CFS blocking is suspended for that system’s IP address for the duration of the authenticated session. If you prefer to provide content filtering and apply CFS policies to the IP address of the administrator’s system, select the Do not bypass CFS blocking for the administrator checkbox.


To add a range of IP addresses to the CFS Exclusion List, follow these steps:

Step 1 Login to the SonicWALL Management Interface
Step 2 Go to Security Services > Content Filter
Step 3 Select the Enable CFS Exclusion List checkbox.
Step 4 Click Add. The Add CFS Range Entry window is displayed.
Step 5 Enter the first IP address in the range in the IP Address From: field and the last address in the IP Address To: field.

Click To See Full Image.

Step 6 Click OK.
Step 7 Click Accept on the Security Services > Content Filter page. The IP address range is added to the CFS Exclusion List.

Modifying or Temporarily Disabling the CFS Exclusion List

To modify or temporarily disable the CFS Exclusion List:

Step 1 To keep the CFS Exclusion List entries but temporarily allow content filtering to be applied to these IP addresses, uncheck the Enable CFS Exclusion List checkbox.
Step 2 To edit a trusted domain entry, click the Edit icon.
Step 3 To delete an individual trusted domain, click on the Delete icon for the entry.
Step 4 To delete all trusted domains, click Delete All.

Source: SonicOS Enhanced 5.1 Administrator Guide
eloredoAuthor Commented:
Thanks for the info provided so far, looks like what I am looking for.  Unfortunately, I am away from that office and sonicwall for a few days but will attempt the recommended setups and confirm next week.

Thanks again.
eloredoAuthor Commented:
Just got back form vacation and need to coordinate this setup with the client this week and will respond with result.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now