Solved

How can I bypass the sonicwall  content filter

Posted on 2015-01-08
9
819 Views
Last Modified: 2015-01-08
HI I have a sonicwall 2040 with content filter which is used to block all web access to the internet except from machines on an exclusion list. Our network uses 192.168.4.XXX for IP addresses.

Everything worked as planned until recently when we  setup a private VPN to Microsoft Azure and configured one of the servers to house an internal website and a source control server. To do this we first had to setup a network in Azure (10.0.0.0) and then the server IP addresses were 10.0.0.XXX

We can rdp to the machines in Azure and mount file systems with no problem. However, when we try to access a web page or the source control server from Visual Studio (which uses http) the content filter kicks in an blocks the access. I tried all the following which does not seem to work:
a) Added 10.0.0.4 to the trusted domain sites
b) Created a custom policy and added 10.0.0.4 to the Allowed Domains in the default and in the new policy

The only thing that seemed to work was to uncheck the "Not Rated" site in the URL list for the default policy. I am uncomfortable doing this because I do not want to allow access to a site just because it is not rated. There has to be a better way.

Any help to configure the sonic wall to allow access to all content on the 10.0.0.4 server is appreciated.
0
Comment
Question by:shenoya
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
9 Comments
 
LVL 5

Expert Comment

by:CoSmismgr
ID: 40538471
I believe the CFS applies to zones. You should be able to just clear the checkbox to apply filtering to the VPN zone.
0
 

Author Comment

by:shenoya
ID: 40538520
If you are referring to the check boxes under Network > Zones there is nothing currently checked for VPN
0
 
LVL 5

Accepted Solution

by:
CoSmismgr earned 500 total points
ID: 40538537
To add a range of IP addresses to the CFS Exclusion List, follow these steps:

Step 1 Login to the SonicWALL Management Interface
Step 2 Go to Security Services > Content Filter
Step 3 Select the Enable CFS Exclusion List checkbox.
Step 4 Click Add. The Add CFS Range Entry window is displayed.
Step 5 Enter the first IP address in the range in the IP Address From: field and the last address in the IP Address To: field.
Step 6 Click OK.
Step 7 Click Accept on the Security Services > Content Filter page. The IP address range is added to the CFS Exclusion List.

from Here
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 

Author Comment

by:shenoya
ID: 40538852
Thanks. I tried this and it works.

Just want to make sure that I am not opening up something else by putting that Azure machine on  "Exclusion List"

My understanding is that CFS exclusion  bypasses all web content filtering for anyone logged in to a machine that is on the exclusion list. I was not aware that it could also be used to view content originating from a server on the exclusion list ( 10.0.0.4 )

All the documentation suggests that this should be done using the policy settings in the content filter. What I need is a way to still enforce web content filtering for all machines on the local LAN but allow full access to  10.0.0.XXX network which is on the VPN . Please advise
thanks
0
 
LVL 80

Expert Comment

by:David Johnson, CD, MVP
ID: 40538916
since the 10.x.x.x range is a non-routable private range it will not affect the previous content ratings settings.
0
 
LVL 5

Expert Comment

by:CoSmismgr
ID: 40538953
Just thought of something else. If I am understanding your scenario correctly, the traffic is http session from the servers public IP, so adding the private IP address to allowed domain will not work. You would need to add that servers public IP (or hostname)  to the allowed domain list, and apply the custom policy. This might be a better solution over adding to the exclusion list.
0
 

Author Comment

by:shenoya
ID: 40539043
Yes you are understanding the scenario correctly. Unfortunately ...

I don't have the public IP of the private Azure server. I only have the address of Azure Gateway IP which was given to me when I setup the Azure Virtual Network and configured the site to site VPN and created the gateway. I turned off direct internet access to the Virtual server using the Azure Configuration Manager so the private server is only accessible through the internal network / VPN

Already tried Adding the servers private IP in the allowed domain list - it  did not work
0
 
LVL 80

Expert Comment

by:David Johnson, CD, MVP
ID: 40539423
Perhaps my statement wasn't clear enough. What you have changed will not screw up your web filtering
0
 
LVL 5

Expert Comment

by:CoSmismgr
ID: 40539443
It's okay to talk about something even though a solution has been found. ;)
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Turning Verizon Fios Router into a Bridge? 28 63
Cloud Lab Environment for Company 5 49
CentOS 7 wireless 2 33
Citrix App 7 33
Or at least that’s the word according to a new blog from Tech Target on AWS’s new Managed Services (MS) offering. According to the blog, AWS is launching their AWS MS program to expedite the adoption of cloud by Fortune 1000 and Global 2000 companie…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question