• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1061
  • Last Modified:

How can I bypass the sonicwall content filter

HI I have a sonicwall 2040 with content filter which is used to block all web access to the internet except from machines on an exclusion list. Our network uses 192.168.4.XXX for IP addresses.

Everything worked as planned until recently when we  setup a private VPN to Microsoft Azure and configured one of the servers to house an internal website and a source control server. To do this we first had to setup a network in Azure (10.0.0.0) and then the server IP addresses were 10.0.0.XXX

We can rdp to the machines in Azure and mount file systems with no problem. However, when we try to access a web page or the source control server from Visual Studio (which uses http) the content filter kicks in an blocks the access. I tried all the following which does not seem to work:
a) Added 10.0.0.4 to the trusted domain sites
b) Created a custom policy and added 10.0.0.4 to the Allowed Domains in the default and in the new policy

The only thing that seemed to work was to uncheck the "Not Rated" site in the URL list for the default policy. I am uncomfortable doing this because I do not want to allow access to a site just because it is not rated. There has to be a better way.

Any help to configure the sonic wall to allow access to all content on the 10.0.0.4 server is appreciated.
0
shenoya
Asked:
shenoya
  • 4
  • 3
  • 2
1 Solution
 
CoSmismgrCommented:
I believe the CFS applies to zones. You should be able to just clear the checkbox to apply filtering to the VPN zone.
0
 
shenoyaAuthor Commented:
If you are referring to the check boxes under Network > Zones there is nothing currently checked for VPN
0
 
CoSmismgrCommented:
To add a range of IP addresses to the CFS Exclusion List, follow these steps:

Step 1 Login to the SonicWALL Management Interface
Step 2 Go to Security Services > Content Filter
Step 3 Select the Enable CFS Exclusion List checkbox.
Step 4 Click Add. The Add CFS Range Entry window is displayed.
Step 5 Enter the first IP address in the range in the IP Address From: field and the last address in the IP Address To: field.
Step 6 Click OK.
Step 7 Click Accept on the Security Services > Content Filter page. The IP address range is added to the CFS Exclusion List.

from Here
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
shenoyaAuthor Commented:
Thanks. I tried this and it works.

Just want to make sure that I am not opening up something else by putting that Azure machine on  "Exclusion List"

My understanding is that CFS exclusion  bypasses all web content filtering for anyone logged in to a machine that is on the exclusion list. I was not aware that it could also be used to view content originating from a server on the exclusion list ( 10.0.0.4 )

All the documentation suggests that this should be done using the policy settings in the content filter. What I need is a way to still enforce web content filtering for all machines on the local LAN but allow full access to  10.0.0.XXX network which is on the VPN . Please advise
thanks
0
 
David Johnson, CD, MVPOwnerCommented:
since the 10.x.x.x range is a non-routable private range it will not affect the previous content ratings settings.
0
 
CoSmismgrCommented:
Just thought of something else. If I am understanding your scenario correctly, the traffic is http session from the servers public IP, so adding the private IP address to allowed domain will not work. You would need to add that servers public IP (or hostname)  to the allowed domain list, and apply the custom policy. This might be a better solution over adding to the exclusion list.
0
 
shenoyaAuthor Commented:
Yes you are understanding the scenario correctly. Unfortunately ...

I don't have the public IP of the private Azure server. I only have the address of Azure Gateway IP which was given to me when I setup the Azure Virtual Network and configured the site to site VPN and created the gateway. I turned off direct internet access to the Virtual server using the Azure Configuration Manager so the private server is only accessible through the internal network / VPN

Already tried Adding the servers private IP in the allowed domain list - it  did not work
0
 
David Johnson, CD, MVPOwnerCommented:
Perhaps my statement wasn't clear enough. What you have changed will not screw up your web filtering
0
 
CoSmismgrCommented:
It's okay to talk about something even though a solution has been found. ;)
0

Featured Post

Get quick recovery of individual SharePoint items

Free tool – Veeam Explorer for Microsoft SharePoint, enables fast, easy restores of SharePoint sites, documents, libraries and lists — all with no agents to manage and no additional licenses to buy.

  • 4
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now