en-US
search-icon

Enforced Client Policy and Reporting Server 2.3 Admin Guide

Overview

SonicWall offers comprehensive web content security that blocks selected web content and enforces protection and productivity policies. The main components are Content Filtering Service (CFS), Content Filtering Client (CFC), and SonicWall EPRS (Content Filtering Client). CFS protects the devices behind the firewall; CFC protects devices regardless of where the device is located, even if it is connected outside the firewall, and Content Filtering Client provides administrators with the means to manage CFC from a central web interface.

This document describes how to use Content Filtering Client. Global policies can be created and assigned to all CFC client systems without having to log into each system separately. Additionally, policies can be defined for groups or individual users that can also be managed from the central web interface.

Topics:

About This Guide describes how this guide is organized and the conventions used to designate specialized text.
About EPRS describes how to navigate EPRS and license a client. It also provides general administration guidelines.

About This Guide

This document is intended for system administrators who define filtering policy for systems that will be accessing web content from the internet.

Document Contents describes how this document is organized.
Guide Conventions defines the text conventions used in this document.

Document Contents

This document includes:

This chapter, Overview, provides a general document overview and describes the conventions used within this guide.
Chapter 2, System, describes the System option, which includes viewing status, managing Schedule Groups and managing certificates.
Chapter 3, LDAP, describes how to access user and group data from the LDAP server.
Chapter 4, Google Directory, describes how to access user and group data from Google Directory.
Chapter 5, User Groups, describes how to utilize user groups that have already been established in LDAP and Google Directory. You can then apply the same policies to everyone in a group. All the groups can be viewed and managed from this option.
Chapter 6, Users, describes how to view and manage users.
Chapter 7, Content Filter, discusses how to set up and customize the content filtering for the Content Filtering Client (CFC).
Chapter 8, Enforcement, reviews how to configure enforcement policies and describes settings for Client Groups and Clients.
Chapter 9, Reports, shows the reports that are available from the Reports tab.
Chapter 10, Troubleshooting, provides some troubleshooting tips for common issues.

Guide Conventions

The following conventions used in this guide are as follows:

 

Text conventions

Convention

Use

Bold

Highlights dialog box, window, and screen names. Also highlights buttons. Also used for file names and text or values you are being instructed to type into the interface.

Italic

Indicates the name of a technical manual. Also indicates emphasis on certain words in a sentence. Sometimes indicates the first instance of a significant term or concept.

Computer code

Indicates sample code or text to be typed into data fields.

About EPRS

Content Filtering Client provides a single point from which to configure filtering policies and view reporting from users systems that are running CFC. EPRS is comprised of:

Web management interface and policy manager—a Web-based interface that provides the system administrator the ability to configure, create, and apply global policies and generate activity reports for client systems.
Policy Server—Supports policy functions including global management and user access credentials.
Reporting Server—Provides summarization of raw data to be used in reports and supports the various types of reports along with search and filtering functions.

Additional topics:

How EPRS Works

The administrator can access the management interface directly through a MySonicWall account. Single sign-on access allows the administrator to seamlessly move from one site or account to another without the need to remember multiple account details.

EPRS features include dynamic updates of licensing on the firewall registered to use the content filtering client an policy application based on client licensing.

 
* 
NOTE: Some of these features are available only when using a customer’s deployed SonicWall Global Management System (GMS) instead of the Cloud-based Content Filtering Client - Policy & Reporting Admin.

When deployed in the Cloud, EPRS is a customized, stripped down version of SonicWall Global Management System (GMS) providing just the client management function as a service. This means the server is optimized to perform at higher loads and also designed to be scalable when additional servers need to be added as the volume of clients requesting policies increases.

The Policy Manager is integrated with MySonicWall and the SonicWall License Manager. Data is saved in the database and is used when a request for a policy is made to the Policy Server Web Services.

How to Access CFC

MySonicWall provides two links that the administrator can click to access the EPRS management interface to create or manage client policies.

Firewall (unit) level link to manage CFC policies licensed on this firewall.
Global level link to manage multiple firewalls under the MySonicWall account. Single Sign-On is supported for MySonicWall users when logging in to the Policy Server.

Administrators can click a link on the Security Services > Client CFS Enforcement page to access and manage the client. When the link is clicked, a MySonicWall login screen (similar to the one used when licensing other services) prompts the user to log in using the MySonicWall account. After successfully logging in, the user is forwarded from MySonicWall to the EPRS interface using Single Sign-On.

Logging in to EPRS from MySonicWall allows you to configure and view policies and reporting for all the SonicWall appliances that are registered to that MySonicWall account.

When you log in to EPRS from an individual firewall, the interface only displays configuration pages for the unit from which you logged in.

Navigating the Interface

When you first open EPRS, the default display is a global view of System > Status.

The far left pane displays the devices being managed. You can select a specific device to view or manage or you can select the top node name, as in the figure above, to see information applicable to the global node.

 
* 
NOTE: If you have only a single node or unit, the node pane is not displayed.

The Global View provides the Settings, Policies, and Client Groups pages, but does not provide the r Clients pages since it pertains to a single SonicWall appliance.

You can hide the node pane by clicking on the green arrow in the top bar. Click on the arrow again to expand the view.

From the EPRS interface you can switch between Policies view and Reports view. Select the tab of the view that you want. Different options are listed depending on whether you selected the global node or a specific device.

Installing the Client on User Systems

A new SonicWall firewall is deployed on a network, registered, and licensed for Content Filtering. The feature is enabled as Enforced for Content Filtering. The administrator logs into the Policy Server and uses the Policy Manager interface to create one or more policies for client systems in the network. The administrator can also define user accounts on SonicWall Content Filtering Client with the necessary credentials to manage policies for one or more clients.

When a user tries to access the Internet and does not have the client installed, the user is taken to a Block page, which provides the information on where and how to download the client and install it.

Once the SonicWall Content Filtering Client software is installed, it contacts the SonicWall license manager to verify licensing. After a successful license check, the SonicWall license manager sends the URL of the Policy Server to the client software. The client contacts the server and downloads the policy, then uses the policy to determine the appropriate action for that user.

The software can also be installed on client systems by accessing a URL in Internet Explorer, and with an MSI package in conjunction with a domain group policy. In the final release, SonicWall software can also be installed on client systems from the command line.