en-US
search-icon

Content Filtering Client 3.1 Getting Started Guide

Client CF Enforcement

Client CF Enforcement is a service running on the network security appliance that enables the automatic deployment of the SonicWall Content Filtering Client to endpoints (laptops and so forth) within the appliance perimeter. The SonicWall Content Filtering Client protects the users from accessing harmful and objectionable web sites when the endpoint goes outside the firewall perimeter.

Client CF Enforcement must be enabled on the SonicWall Inc. network security appliance before you can install the SonicWall Content Filtering Client.

 
* 
NOTE: If the SonicWall Content Filtering Client is not activated on MySonicWall, you must activate it to enforce client content filtering polices on client systems. For more information, see Content Filtering Client Prerequisites.
Topics:  

Enabling Client CFS in Network Zones

If you have end users that work both in the office and outside the office, you can configure the content filtering services so that the client manages the filtering when the system is outside the firewall, and the network security appliance manages the filtering when the user is inside the firewall. The SonicWall Content Filtering Client detects the zone the user is in and suspends or engages the client accordingly.

To set up this feature, you need to set up network zones on the network security appliance and enable the Suspend check box in EPRS.

 
* 
NOTE: The network security appliance needs at least one CF Client license.
To enforce the SonicWall Content Filtering Client on a per-zone basis:
1
Log into the network security appliance using administrator credentials.
2
Navigate to Security Services > Client CFS Enforcement.
3
Click the Network > Zones link in the Note.

 
* 
NOTE: You can also choose Network > Zones from the left menu.
4
Find the zone on which you want to enforce the SonicWall Content Filtering Client.

5
Click on the edit icon.
6
In the configuration window, check the box for Enable Client CFS Enforcement Service.

7
Click OK.

Configuring Client CF Enforcement

If you want your network security appliance to enforce the installation of the Content Filtering Client on client endpoints, you need to configure that option using the SonicOS management interface. During this process, you need to decide which items should be included in the Client CF Enforcement List and which should be excluded from enforcement.

To configure Client CF Enforcement on your network security appliance:
1
Log in to your network security appliance.
2
Navigate to Security Services > Client CF Enforcement.

3
Under the Client CF Enforcement Policies section, use the drop-down list to choose the Grace Period during which CF enforcement policies remain valid. The grace period is the amount of time you allow for an endpoint to get the most current policy. the default is 5 days; the options range from 0 days to 5 days.
4
To configure the Client CF Enforcement List (item 1 in the Client CF Enforcement figure above):
a
Click on the edit icon.

b
Highlight the item in the left column that you want added to the Client CF Enforcement List and click on the right arrow. That item now appears in the right column.
c
Repeat the process until you’ve selected all the items you want included.
d
Click OK.
5
To configure the Excluded from Client CF Enforcement List (item 2 in the Client CF Enforcement figure above):
a
Click on the edit icon.
b
Highlight the item in the left column that you want added to the Excluded from Client CF Enforcement List and click on the right arrow. That item now appears in the right column.
c
Repeat the process until you’ve selected all the items you want excluded.
d
Click OK.
6
In the drop-down list at the bottom of the page, select Client CFS Enforcement which sets the default enforcement For computers whose addresses do not fall in any of the above lists.

This option prompts all other computers connecting to the Internet through the appliance to install the client. If you select None from the drop-down list, the service is only enforced on computers that you have configured.

7
As a best practice the Client CF Enforcement cache should be reset. To perform those steps:
a
Navigate to System > Status on the interface for your firewall.
b
Go to the diagnostics page by changing “main.html” to “diag.html” in the website address and pressing return.
c
Select the Internal Settings button.

d
Scroll down to the Security Services Settings.
e
Find and select Reset Client CF Enforcement Cache.

8
Click Accept.
9
Click Close to leave the diagnostics page.