Content Filtering Client 3.1 Getting Started Guide

Auto Detection of Content Filtering Client

SonicWall Content Filtering Client (CFC) performs firewall discovery any time the Content Filtering Client is behind an Enforced UTM.

Auto detection is supported on SonicWall Content Filtering Client version 3.0 and above. Firmware version for the network security appliances is 5.9.x.x, 6.2.x.x and above.

NOTE: Firmware version 6.1.x.x will NOT be able to auto detect behind the firewall.
Topics: :

Configuring the Network Security Appliance

To configure the network security appliance for auto detection:
Determine the zone where Content Filtering Client will be located. For example, if Content Filtering Client is located on the LAN, DMZ and WLAN zone, then Content Filtering and Client CF options for the three zones MUST be enabled as shown below.

To enable the above options on a zone, go to Network->Zones on the interface for the network security appliance.
Select the zone to configure.
Check the two boxes as shown below:
Enforce Content Filtering Service
Enable Client CF Service

For systems running SonicOS 6.2.6 or later that support CFS 4.0 (Content Filtering Service), enable the CFS option:
Navigate to Security Services > Content Filtering.
Check the box to Enable Content Filtering Service.

Configuring EPRS

EPRS configuration required.
Log into MySonicWALL.
Navigate to CFC Management and select the network security appliance that you want to update.
Select Content Filter > Settings.
Enable Suspend CF Client when behind Firewall with Active Gateway CFS.

NOTE: If the CF Client is licensed using the Client Distribution Group, you need to list the serial number of the physical network security appliance the CFC will be behind.
NOTE: In the case of a Firewall Sandwich (FWS), list all the firewall serial numbers in the FWS. It is recommended that in a FWS deployment, license CFC using the Client Distribution Group.

As shown below on the CFC dashboard, when CFC detects a firewall, the Active Policy is disabled and the Suspend Behind Firewall option is On.

When working remotely and the system is not behind a firewall, note that the Active Policy is defined and the Suspend behind FW option is Off.

NOTE: CFC logs when a firewall is NOT detected.