Content Filtering Service (CFS) 4.0 Overview
03/26/2020 4005 37178
Starting with Sonic OS 6.2.6 SonicWall firewalls introduce Content Filtering Service 4.0. In this new version CFS is optimized and enhanced by including framework and workflow redesign, UI ease of use, improved filtering options, handling smaller packet sizes, etc.
This article describes all aspects of configuring Content Filtering Service 4.0.
Content Filter page
- On the Manage |Security Configuration | Ssecurity Services | Content Filter page, users are given a choice to select the Content filter type between SonicWall CFS and Websense Enterprise. By default the type is SonicWall CFS.
- Unlike previous CFS versions CFS4.0 is implemented by CFS Policies. Hence the options in SonicWall Filter Properties window are moved to Content Filter page and optimized under Global Settings section. The option Enable Content Filtering Service is added to enable/disable CFS globally.
- To make the configurations reusable and easy to manage, three objects are introduced in CFS. They are URI List Objects, CFS Action Objects and CFS Profile Objects. Navigate to Manage | Policies | Objects | Content Filter Objects page to configure them.
URI List Objects
- With this object, users can add the domains, URIs into the list, and set this list as custom Allowed or Forbidden. The lists will have higher priority than the category. CFS will check the lists before checking for the category for an URI. And Wildcard character "*" is supported in the URI string, for instance *.google.com.
- The URL List Object will be used by a CFS Profile Object.
CFS Action Objects
- Block: Users can define the blocking page to display if the connection is blocked.
- Passphrase: Users can define the passphrase page to display and the password needed before continue.
- Confirm: Users can define the confirm page to display.
- BWM: Users can configure Bandwidth Aggregation Method as Per Policy or Per Action. Users can also configure the detailed BWM status and objects for Egress Bandwidth Management and Ingress Bandwidth Management.
- Threat API: Shows Threat API Block page message.
TIP: The Action Objects will be used by CFS Policy.
CFS Profile Objects
- Users are able to define matching conditions to hit a CFS Policy: Enabled, Source Zone, Destination Zone, Address Object, Users/Groups, Schedule, CFS Profile, and CFS Action.
- If a packet is detected and all these conditions are matched, it will be filtered by the corresponding CFS Profile. Then the CFS Action will be invoked after filtering.
- There is priority for each CFS Policy. The matched CFS Policy with higher priority will always be checked earlier.
CFS Customer Category
- Users can customize the ratings for certain URI. When CFS checks the ratings for one URI, it will check the user ratings first, then check for the ratings from backend. When users try to add/edit a custom category, they will need to input a valid URI, and select up to 4 kinds of categories for this URI.
- Comparing with the previous version, CFS 4.0 separates the Websense configuration from SonicWall CFS. This is to avoid confusion between the two content filter Types.
- An option added to enable/disable CFS globally.
- Define URI List object, Profile object and Action object, which can be reused in multiple policies.
- Merge via Zones mode and via App Rules mode into one.
- Support Wildcard "*" matching for URI List.
- Introduce Passphrase and Confirm operations in CFS action object.
- Support more commands in html page editing, which including GET, HEAD, POST, PUT, CONNECT, OPTIONS, DELETE, REPORT, COPY and MOVE.
- Support BWM.
- Consent feature is per policy.