Configuring Content Filtering Client on Firewall and Significance of "Enable Content Filtering Clie
03/26/2020 39 12438
Configuring Content Filtering Client on Firewall and Significance of "Enable Content Filtering Client Behind the Firewall"
Firmware/Software Version: Content Filtering Client feature release firmware version 184.108.40.206 and above for Gen. 6 Appliances (NSA2600 220.127.116.11 and above)
Services: Content Filtering Client enforcement and Security Center
Content Filtering Client (CF client) provides the flexibility to allow the Firewall to take precedence in applying applicable policy(ies) when the Client Systems are behind the Firewall.
The precedence can be controlled in combination through Security Center and Appliance.
Either through Mysonicwall.com or Appliance Interface Log on to Security Center
Go to Policies: Content filter > Settings
Check or Uncheck the checkbox against "Enable Content Filtering Client behind the Firewall" ; that controls whether the CF client or the firewall will be applying Content Filtering Policies when the Client System(s) behind the firewall.
In the current implementation the checkbox "Enable Content Filtering Client behind the Firewall" ONLY works when the "Client CF enforcement" is enabled in the Firewall.
Log on to Appliance GUI:
Note: Ensure CF client licenses are enabled.
- Go to Network : Zones "Enable Client CF service" should be enabled on the respective zone/zones
- Navigate to Security Services-> Client CF Enforcement
? 4. The client CF enforcement can be configured in the following ways:
i) Specify the Client Enforcement List
ii) Specify an exclusion list from Client CF Enforcement
iii) If there are addresses that do no fall in one of the above i) and ii) the default enforcement can be selected as "None" or "Client CF Enforcement"
If None is selected the addresses not included in the list will not be enforced with CF client whereas
If Client CF enforcement is selected from the dropdown all IP's will be enforced with the CF client.
5. If "Enable Content Filtering Client behind the Firewall" is left unchecked, CF client will detect and disable itself when behind the NGFW.
Note: In an upcoming version of the firmware 6.2.4.x the configuration under security services will no longer be required. This was implemented as an enhancement request based on the feedback received from customers.