Solved

How can I bypass the sonicwall  content filter

Posted on 2015-01-08
9
783 Views
Last Modified: 2015-01-08
HI I have a sonicwall 2040 with content filter which is used to block all web access to the internet except from machines on an exclusion list. Our network uses 192.168.4.XXX for IP addresses.

Everything worked as planned until recently when we  setup a private VPN to Microsoft Azure and configured one of the servers to house an internal website and a source control server. To do this we first had to setup a network in Azure (10.0.0.0) and then the server IP addresses were 10.0.0.XXX

We can rdp to the machines in Azure and mount file systems with no problem. However, when we try to access a web page or the source control server from Visual Studio (which uses http) the content filter kicks in an blocks the access. I tried all the following which does not seem to work:
a) Added 10.0.0.4 to the trusted domain sites
b) Created a custom policy and added 10.0.0.4 to the Allowed Domains in the default and in the new policy

The only thing that seemed to work was to uncheck the "Not Rated" site in the URL list for the default policy. I am uncomfortable doing this because I do not want to allow access to a site just because it is not rated. There has to be a better way.

Any help to configure the sonic wall to allow access to all content on the 10.0.0.4 server is appreciated.
0
Comment
Question by:shenoya
  • 4
  • 3
  • 2
9 Comments
 
LVL 5

Expert Comment

by:CoSmismgr
ID: 40538471
I believe the CFS applies to zones. You should be able to just clear the checkbox to apply filtering to the VPN zone.
0
 

Author Comment

by:shenoya
ID: 40538520
If you are referring to the check boxes under Network > Zones there is nothing currently checked for VPN
0
 
LVL 5

Accepted Solution

by:
CoSmismgr earned 500 total points
ID: 40538537
To add a range of IP addresses to the CFS Exclusion List, follow these steps:

Step 1 Login to the SonicWALL Management Interface
Step 2 Go to Security Services > Content Filter
Step 3 Select the Enable CFS Exclusion List checkbox.
Step 4 Click Add. The Add CFS Range Entry window is displayed.
Step 5 Enter the first IP address in the range in the IP Address From: field and the last address in the IP Address To: field.
Step 6 Click OK.
Step 7 Click Accept on the Security Services > Content Filter page. The IP address range is added to the CFS Exclusion List.

from Here
0
Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

 

Author Comment

by:shenoya
ID: 40538852
Thanks. I tried this and it works.

Just want to make sure that I am not opening up something else by putting that Azure machine on  "Exclusion List"

My understanding is that CFS exclusion  bypasses all web content filtering for anyone logged in to a machine that is on the exclusion list. I was not aware that it could also be used to view content originating from a server on the exclusion list ( 10.0.0.4 )

All the documentation suggests that this should be done using the policy settings in the content filter. What I need is a way to still enforce web content filtering for all machines on the local LAN but allow full access to  10.0.0.XXX network which is on the VPN . Please advise
thanks
0
 
LVL 80

Expert Comment

by:David Johnson, CD, MVP
ID: 40538916
since the 10.x.x.x range is a non-routable private range it will not affect the previous content ratings settings.
0
 
LVL 5

Expert Comment

by:CoSmismgr
ID: 40538953
Just thought of something else. If I am understanding your scenario correctly, the traffic is http session from the servers public IP, so adding the private IP address to allowed domain will not work. You would need to add that servers public IP (or hostname)  to the allowed domain list, and apply the custom policy. This might be a better solution over adding to the exclusion list.
0
 

Author Comment

by:shenoya
ID: 40539043
Yes you are understanding the scenario correctly. Unfortunately ...

I don't have the public IP of the private Azure server. I only have the address of Azure Gateway IP which was given to me when I setup the Azure Virtual Network and configured the site to site VPN and created the gateway. I turned off direct internet access to the Virtual server using the Azure Configuration Manager so the private server is only accessible through the internal network / VPN

Already tried Adding the servers private IP in the allowed domain list - it  did not work
0
 
LVL 80

Expert Comment

by:David Johnson, CD, MVP
ID: 40539423
Perhaps my statement wasn't clear enough. What you have changed will not screw up your web filtering
0
 
LVL 5

Expert Comment

by:CoSmismgr
ID: 40539443
It's okay to talk about something even though a solution has been found. ;)
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Wired Network vs Wireless 12 66
Windows 10 - Devices and Printers slow loading 29 90
Powershell SQL Insert is failing 10 26
VPN Server config in Modem 5 21
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question