Solved

sonicwall content filter exceptions

Posted on 2015-01-29
2
267 Views
Last Modified: 2015-01-30
I have a Sonicwall TZ215 that we have "clamped" down fairly tight.   In the Content Filter policy URL list for forbidden categories we have # 30 EMail checked and prefer to leave it that way.
However one of our vendors is now using a firm for sending out their monthly updates and it is being blocked as forbidden category-Email
I have tried several things to exclude it but I guess I am not doing it correctly....

I have tried putting it in allowed domain in the custom list of the policy.   I tried using the blocked IP to exclude.  I tried to set up a new "Compliance" group and add users to that group with the forbidden category - Email, Not checked.   (Not sure how to make it apply ahead of the default policy)

Can someone maybe provide some "step by step" directions on how I can get this to be an OK site?
0
Comment
Question by:bankwest
2 Comments
 
LVL 62

Accepted Solution

by:
btan earned 500 total points
ID: 40579729
pls see if the step through can help and importantly the re-configured policy need to be applied to that zone of interest. Note the Global allow and forbidden list on the settings page is for all policies while the per policy option on the settings is as it stated local to single policy. Eventually the policy will make the effect only on those applied to the selected zones.
http://www.uptimemadeeasy.com/networking/configure-sonicwall-content-filtering/

Also need to know CFS rule application scheme
Most Specific always has the highest priority (i.e. CFS policy for “All” group is least specific, CFS policy for local/authenticated group is more specific, CFS policy for a user is most specific. When policies are at the same level of specificity, the least restrictive option has the highest precedence.
Here is another example using CFS Custom Category instead
This option enables you to customize CFS categories thus overriding global CFS database ratings. For eg. in the screenshot below, cnn.com, which is rated "News and Media" by the global CFS database, is re-rated as Information Technology/Computers - Category 27
If the category News and Media is blocked but cnn.com needs to be allowed, re-categorizing it as an allowed category (in this eg. Information Technology/Computers) would allow cnn.com. The entries here are intrepreted as "suffix strings" meaning any prefix added to cnn.com, eg. us.cnn.com, will be treated as belonging to the custom category.
https://support.software.dell.com/kb/sw8563
0
 

Author Closing Comment

by:bankwest
ID: 40579833
Excellent.   Thank you.    I got it working for what I needed.
0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Sonic Firewall re-routing 443 wrong server IP 10 110
Forwarding web requests to different web servers 15 115
centos7 firewalld udp ports 33 71
cannot send E-mails to one company 15 90
Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question