Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1125
  • Last Modified:

How can I bypass the sonicwall content filter

HI I have a sonicwall 2040 with content filter which is used to block all web access to the internet except from machines on an exclusion list. Our network uses 192.168.4.XXX for IP addresses.

Everything worked as planned until recently when we  setup a private VPN to Microsoft Azure and configured one of the servers to house an internal website and a source control server. To do this we first had to setup a network in Azure (10.0.0.0) and then the server IP addresses were 10.0.0.XXX

We can rdp to the machines in Azure and mount file systems with no problem. However, when we try to access a web page or the source control server from Visual Studio (which uses http) the content filter kicks in an blocks the access. I tried all the following which does not seem to work:
a) Added 10.0.0.4 to the trusted domain sites
b) Created a custom policy and added 10.0.0.4 to the Allowed Domains in the default and in the new policy

The only thing that seemed to work was to uncheck the "Not Rated" site in the URL list for the default policy. I am uncomfortable doing this because I do not want to allow access to a site just because it is not rated. There has to be a better way.

Any help to configure the sonic wall to allow access to all content on the 10.0.0.4 server is appreciated.
0
shenoya
Asked:
shenoya
  • 4
  • 3
  • 2
1 Solution
 
CoSmismgrCommented:
I believe the CFS applies to zones. You should be able to just clear the checkbox to apply filtering to the VPN zone.
0
 
shenoyaAuthor Commented:
If you are referring to the check boxes under Network > Zones there is nothing currently checked for VPN
0
 
CoSmismgrCommented:
To add a range of IP addresses to the CFS Exclusion List, follow these steps:

Step 1 Login to the SonicWALL Management Interface
Step 2 Go to Security Services > Content Filter
Step 3 Select the Enable CFS Exclusion List checkbox.
Step 4 Click Add. The Add CFS Range Entry window is displayed.
Step 5 Enter the first IP address in the range in the IP Address From: field and the last address in the IP Address To: field.
Step 6 Click OK.
Step 7 Click Accept on the Security Services > Content Filter page. The IP address range is added to the CFS Exclusion List.

from Here
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
shenoyaAuthor Commented:
Thanks. I tried this and it works.

Just want to make sure that I am not opening up something else by putting that Azure machine on  "Exclusion List"

My understanding is that CFS exclusion  bypasses all web content filtering for anyone logged in to a machine that is on the exclusion list. I was not aware that it could also be used to view content originating from a server on the exclusion list ( 10.0.0.4 )

All the documentation suggests that this should be done using the policy settings in the content filter. What I need is a way to still enforce web content filtering for all machines on the local LAN but allow full access to  10.0.0.XXX network which is on the VPN . Please advise
thanks
0
 
David Johnson, CD, MVPOwnerCommented:
since the 10.x.x.x range is a non-routable private range it will not affect the previous content ratings settings.
0
 
CoSmismgrCommented:
Just thought of something else. If I am understanding your scenario correctly, the traffic is http session from the servers public IP, so adding the private IP address to allowed domain will not work. You would need to add that servers public IP (or hostname)  to the allowed domain list, and apply the custom policy. This might be a better solution over adding to the exclusion list.
0
 
shenoyaAuthor Commented:
Yes you are understanding the scenario correctly. Unfortunately ...

I don't have the public IP of the private Azure server. I only have the address of Azure Gateway IP which was given to me when I setup the Azure Virtual Network and configured the site to site VPN and created the gateway. I turned off direct internet access to the Virtual server using the Azure Configuration Manager so the private server is only accessible through the internal network / VPN

Already tried Adding the servers private IP in the allowed domain list - it  did not work
0
 
David Johnson, CD, MVPOwnerCommented:
Perhaps my statement wasn't clear enough. What you have changed will not screw up your web filtering
0
 
CoSmismgrCommented:
It's okay to talk about something even though a solution has been found. ;)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 4
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now