Assigning Schedules to User-based Content Filter policies

09/27/2022 136 People found this article helpful 491,137 Views

Description

Feature/Application:

Assigning Schedules to user based Content Filter Policies for limiting Internet access to certain times of the day.

This article gives step by step configuration that allows administrators to enforce time-based Internet access along with content filtering to local users.
In order for the SonicWall to differentiate between users, login must be forced at the SonicWall so that when users initially try to access the Internet, they are redirected to a login screen.
The SonicWall has the ability to determine usernames silently (with no secondary log needed) by using the Single Sign On Agent (SSO). Information on using the SSO agent can be found here: Configuring Single Sign-On on the SonicWall Security Appliance with SonicOS Enhanced.
The SonicWall also has the ability to integrate with Active Directory so Local Users and Groups need not to be created in the SonicWall but can be accessed/imported from active directory via LDAP. For more information on this type of configuration, please refer Integration of LDAP and multiple/Custom CFS policies for different user groups - ULA + CFS + LDAP.

In order to assign custom content filter polices to locally configured users based on group membership, the SonicWall must have premium content filter subscription and be running SonicOS Enhanced firmware.

NOTE: CFS Premium version is required to create custom CFS policies.

Scenario

Users to be able to have restricted access to the Internet between 8:00AM and 5:00PM from Monday to Friday.
The same users to be able to have unrestricted access to the Internet during lunchtime between 1:00 PM and 2:00 PM from Monday to Friday.
No Internet access outside these hours.

Resolution

Resolution for SonicOS 7.X

This release includes significant user interface changes and many new features that are different from the SonicOS 7.X and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.

Creating Schedules

NOTE: SonicWall has a number of pre-configured Schedules which are for various time periods and can be used for various purposes, if suitable. For this scenario we select the pre-configured Schedule, Work Hours, which will suit our purpose as it is between 8:00 AM and 5:00 PM from Monday to Friday. For the lunchtime schedule we create a new one.

Login to Sonicwall management Interface
Navigate to Top Object tab| Match Objects|Schedules
Click Add button.
Set Schedule Name as Lunchtime.
Set Schedule Type as Recurring.
Enable the toggle buttons for Monday, Tuesday, Wednesday, Thursday, Friday under Recurring.
Set Start Time as 13:00 and End Time as 14:00.
Click Add to add this time under Schedule List.
Click Save.

Include the Schedule on a CFS Policy

Navigate to Policy | Content filter rules
Click Configure for the Content filter rule you'd like to edit.
In the pop-up window set the Schedule to the desired option. Click Ok.

Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.

Creating Schedules

NOTE: SonicWall has a number of pre-configured Schedules which are for various time periods and can be used for various purposes, if suitable. For this scenario we select the pre-configured Schedule, Work Hours, which will suit our purpose as it is between 8:00 AM and 5:00 PM from Monday to Friday. For the lunchtime schedule we create a new one

090170911000127.png (1948×1068)

Login to Sonicwall management Interface
Navigate to Manage | Appliance | System Schedules.
Click Add button.
Set Schedule Name as Lunchtime.
Set Schedule Type as Recurring.
Select the boxes under Mon, Tue, Wed, Thurs, Fri under Recurring.
Set Start Time as 13:00 and Stop Time as 14:00.
Click Add to add this time under Schedule List.
Click OK.

Include the Schedule on a CFS Policy

Navigate to Manage | Security Services | Content Filter.
Click Configure for the CFS Policy you'd like to edit.
In the pop-up window set the Schedule to the desired option. Click OK.

Resolution for SonicOS 6.2 and Below

The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.

Creating Schedules

NOTE: SonicWall has a number of pre-configured Schedules which are for various time periods and can be used for various purposes, if suitable. For this scenario we select the pre-configured Schedule, Work Hours, which will suit our purpose as it is between 8:00 AM and 5:00 PM from Monday to Friday. For the lunchtime schedule we create a new one.

Login to the SonicWall management interface.
Navigate to the System | Schedules page.
Click Add .
Set Schedule Name as Lunchtime
Set Schedule type as Recurring
Select the boxes under Mon,Tue,Wed,Thurs,Fri under Recurring.
Set Start Time as 13:00 and Stop Time as 14:00
Click Add to add this time under Schedule List.
Click OK .

Set the Default CFS Policy as the most restrictive

Navigate to Security Services | Content Filter.
Click Configure against SonicWall CFS
In the SonicWall Filter Properties windows, click Policy tab.
Click Configure on the Default Policy.
Click URL List tab.
Check the box under Select all Categories (Please note: This would block all access to the Internet therefore do not enable CFS yet on LAN or DMZ zones).
Click OK .

Creating new CFS Policy - Restricted Access

Under the Policy tab click Add.
Enter a name for the new policy. EXAMPLE: Restricted Access.
Under the URL List tab select the categories to be blocked.
Click Settings tab
Under Filter Forbidden URLs by time of day select Work Hours. This is one of the pre-configured schedules.
Click OK.

Creating new CFS Policy -Lunchtime Access

Under the Policy tab click Add.
Enter a name for the new policy. EXAMPLE: Lunchtime Access.
Under the URL List tab select the categories to be blocked.
Click Settings tab
Under Filter Forbidden URLs by time of day select Lunchtime. This is the newly added custom schedule.
Click OK.

Creating Local Groups

Navigate to Users | Local Groups page.
Click Add Group.
Enter a name for the Group (For eg. Restricted Users) and click on the CFS Policy tab.

Under the Policy drop-down menu select the CFS policy created earlier - Restricted Access.
Click OK .

Navigate to Users | Local Groups page.
Click Add Group

Not Finding Your Answers?

ASK THE COMMUNITY

Was This Article Helpful?

YES NO

Assigning Schedules to User-based Content Filter policies

Description

Resolution

Resolution for SonicOS 7.X

Resolution for SonicOS 6.5

Resolution for SonicOS 6.2 and Below

Related Articles

Categories

Not Finding Your Answers?

Was This Article Helpful?

Article Helpful Form

Article Not Helpful Form

Follow Us

Subscribe to newsletter

Stay In Touch