User manual SONICWALL CONTENT FILTERING SERVICE 3.0 OVERVIEW REV A
DON'T FORGET : ALWAYS READ THE USER GUIDE BEFORE BUYING !!!
If this document matches the user guide, instructions manual or user manual, feature sets, schematics you are looking for, download it now. Diplodocs provides you a fast and easy access to the user manual SONICWALL CONTENT FILTERING SERVICE 3.0. We hope that this SONICWALL CONTENT FILTERING SERVICE 3.0 user guide will be useful to you.
Manual abstract: user guide SONICWALL CONTENT FILTERING SERVICE 3.0OVERVIEW REV A
Detailed instructions for use are in the User's Guide.
[. . . ] Allowed actions on this policy type include:
HTTP Block Page Manage Bandwidth No Action CFS Block Page Packet Monitor
Allowed Zones include:
LAN DMZ SSLVPN VPN WLAN
Note
CFS Message Format Checkbox By default, messages are logged in Application Firewall format. This checkbox allows you to log using message format standard for CFS.
Content Filtering Service 3. 0
3
CFS 3. 0 Policy Management Overview
CFS 3. 0 Policy Management Overview
When a CFS policy assignment is implemented using the Application Firewall method, it is controlled by Application Firewall CFS policies in the Application Firewall > Policies page instead of by Users and Zones. While the new Application Firewall method of CFS management offers more control and flexibility, the administrator can still choose the previous user/zone management method to perform content filtering. This section includes the following sub-sections:
· · · · ·
Bandwidth Management Methods -- page 7 Choosing CFS Policy Management Type -- page 6 Enabling Application Firewall and CFS -- page 6 Bandwidth Management Methods -- page 7 Policies and Precedence: How Policies are Enforced -- page 8
The CFS Application Firewall Policy Settings Screen
There are multiple changes/additions to the CFS policy creation window when used in conjunction with Application Firewall. [. . . ] Check the box to Enable Application Firewall.
6
Content Filtering Service 3. 0
CFS 3. 0 Policy Management Overview
Bandwidth Management Methods
Bandwidth Management feature can be implemented in two separate ways:
·
Per Policy Method
The bandwidth limit specified in a policy is applied individually to each policy Example: two policies each have an independent limit of 500kb/s, the total possible
bandwidth between those two rules is 1000kb/s
·
Per Action Aggregate Method
The bandwidth limit action is applied (shared) across all policies to which it is applied Example: two policies share a BWM limit of 500kb/s, limiting the total bandwidth
between the two policies to 500kb/s
500kb/s BWM Limit Per Policy
Policy 1
www
Policy 2
exe
500kb/s BWM Limit Per Action
Policy 1 Policy 2
www
exe
Bandwidth Aggregation Method is selected in the Application Firewall Action Settings screen when the Action type is set as Bandwidth Management.
Content Filtering Service 3. 0
7
CFS 3. 0 Policy Management Overview
Policies and Precedence: How Policies are Enforced
This section provides an overview of policy enforcement mechanism in CFS 3. 0 to help the policy administrator create a streamlined set of rules without unnecessary redundancy or conflicting rule logic enforcement.
Policy Enforcement Across Different Groups
The basic default behavior for CFS policies assigned to different groups is to follow standard most specific / least restrictive logic, meaning: The most specific rule is always given the highest priority
·
Example A rule applying to the "Engineering" group (a specific group) is given presidence over a rule applying to the "All" group (the least specific group. )
Policy Enforcement Within The Same Group
The basic default behavior for CFS policies within the same group is to follow an additive logic, meaning: Rules are enforced additively
·
Example CFS policy 1 disallows porn, gambling, and social networking CFS policy 2 applies bandwidth management to sports and adult content to 1Mbps The end result of these policies is that sports and adult content are bandwidth managed, even though the first policy implies that they are allowed.
8
Content Filtering Service 3. 0
CFS 3. 0 Configuration Examples
CFS 3. 0 Configuration Examples
This section provides configuration examples using Application Firewall feature to create and manage CFS policies:
· · · ·
Blocking Forbidden Content -- page 9 Bandwidth Managing Content -- page 11 Applying Policies to Multiple Groups -- page 14 Creating a Custom CFS Category -- page 15
Blocking Forbidden Content
To create a CFS Policy for blocking forbidden content:
· ·
Create an Application Object -- page 9 Create an Application Firewall Policy to Block Forbidden Content -- page 10
Create an Application Object
Create an application object containing forbidden content:
Step 1 Step 2 Step 3 Step 4 Step 5
Navigate to the Firewall > Match Objects page in the SonicOS management interface. Click the Add New Match Object button, the Add/Edit Match Object window displays. Select `CFS Category List' from the Match Object Type dropdown list. Use the checkboxes to select the categories you wish to add to the forbidden content list.
Step 6
Click the OK button to add the object to the Application Objects list.
Content Filtering Service 3. 0
9
CFS 3. 0 Configuration Examples
Create an Application Firewall Policy to Block Forbidden Content
Create an Application Firewall policy to block content defined in the Application Object:
Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Step 9
Navigate to the Firewall > App Rules page in the SonicOS management interface. Click the Add Policy button, the Add/Edit Application Firewall Policy window displays. Enter a descriptive name for this action in the Policy Name field, such as `Block Forbidden Content'. From the Application Object dropdown list, select the object you created in the previous section. In the case of our example, this object is named `Forbidden Content'. From the Action dropdown list, select `CFS block page' to display a pre-formatted `blocked content' page when users attempt to access forbidden content. Optionally, select the Users/Groups who this policy is to be Included or Excluded on from the dropdown list. Our example uses the defaults of including `all' and excluding `none'. Optionally, select a Schedule of days and times when this rule is to be enforced from the dropdown list. Click the Add New Action Object button, the Add/Edit Action Object window displays. Per Action - to share this action limit across all policies to which it is applied.
Step 6 Step 7
Create the desired settings for Inbound Bandwidth Management and Outbound Bandwidth Management. Click the OK button to create this object.
12
Content Filtering Service 3. 0
CFS 3. 0 Configuration Examples
Create an Application Firewall Policy to Manage Non-Productive Content
Create an Application Firewall policy to block content defined in the Application Object:
Step 1 Step 2 Step 3 Step 4 Step 5 Step 6
Navigate to the Firewall > App Rules page in the SonicOS management interface. Click the Add Policy button, the Add/Edit Application Firewall Policy window displays. From the Application Object dropdown list, select the object you created in the previous section. In the case of our example, this object is named `Nonproductive Content'. From the Action dropdown list, select `Bandwidth Management - 100k' to apply this custom BWM rule when users attempt to access non-productive content.
Note
If you chose not to create a custom BWM object, you may use one of the pre-defined BWM objects (BWM high, BWM medium, or BWM low). Optionally, select the Users/Groups who this policy is to be Included or Excluded on from the dropdown list. Our example uses the defaults of including `all' and excluding `none'. Optionally, select a Schedule of days and times when this rule is to be enforced from the dropdown list. [. . . ] CFS allows the administrator not only to create custom Policies, but also allows for custom domain name entries to the existing CFS rating categories. This allows for insertion of custom CFS-managed content into the existing and very flexible category structure. To create a new CFS custom category:
· ·
Enable CFS Custom Categories -- page 15 Add a New CFS Custom Category Entry -- page 15
Enable CFS Custom Categories
Step 1 Step 2 Step 3
Navigate to the Security Services > Content Filter page in the SonicOS management interface. Scroll down and click the CFS Custom Category section and select the Enable CFS Custom Category checkbox. [. . . ]
DISCLAIMER TO DOWNLOAD THE USER GUIDE SONICWALL CONTENT FILTERING SERVICE 3.0
Click on "Download the user Manual" at the end of this Contract if you accept its terms, the downloading of the manual SONICWALL CONTENT FILTERING SERVICE 3.0 will begin.