- Products
- Network Security
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
Capture ATPMulti-engine advanced threat detection
Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
- Email Security
Email SecurityProtect against today’s advanced email threats
- Cloud Security
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
- Products
- Network Security
- Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
- Security ServicesComprehensive security for your network security solution
- Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
- Capture ATPMulti-engine advanced threat detection
- Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
- Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
- Secure Mobile AccessRemote, best-in-class, secure access
- Wireless Access PointsEasy to manage, fast and secure Wi-FI
- SwitchesHigh-speed network switching for business connectivity
- Email Security
- Email SecurityProtect against today’s advanced email threats
- Cloud Security
- Cloud App SecurityVisibility and security for Cloud Apps
- Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
- Capture ClientStop advanced threats and rollback the damage caused by malware
- Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
Difference between trusted domains, Allowed domains and Forbidden domains (URLs)
03/26/2020 
74 People found this article helpful
20,532 Views
Description
This article explains the difference between trusted domains, Allowed domains and Forbidden domains (URLs).
Restrict Web Features enhances your network security by blocking potentially harmful Web applications from entering your network. Restrict Web Features are included with SonicOS. Select any of the following applications to block:
• ActiveX - ActiveX is a programming language that embeds scripts in Web pages. Malicious programmers can use ActiveX to delete files or compromise security. Select the ActiveX check box to block ActiveX controls.
• Java - Java is used to download and run small programs, called applets, on Web sites. It is safer than ActiveX since it has built-in security mechanisms. Select the Java check box to block Java applets from the network.
• Cookies - Cookies are used by Web servers to track Web usage and remember user identity. Cookies can also compromise users' privacy by tracking Web activities. Select the Cookies check box to disable Cookies.
• Access to HTTP Proxy Servers - When a proxy server is located on the WAN, LAN users can circumvent content filtering by pointing their computer to the proxy server. Check this box to prevent LAN users from accessing proxy servers on the WAN.
NOTE: Restrict Web Features is a depricated feature within CFS 3.0. In the latest CFS 4.0 this feature has been merged into the Forbidden URI List. The new Forbidden URI List supports file extensions which are the same as the Restrict Web Features. For more information read Content Filter Service (CFS) 4.0 Upgrade Guide.
Resolution
Trusted Domains can be added to enable content from specific domains to be exempt from Restrict Web Features. If you trust content on specific domains and want them to be exempt from Restrict Web Features, follow these steps to add them:
- Select the Do not block Java/ActiveX/Cookies to Trusted Domains checkbox.
- Click Add. The Add Trusted Domain Entry window is displayed.
- Enter the trusted domain name in the Domain Name field.
- Click OK. The trusted domain entry is added to the Trusted Domains table.
To keep the trusted domain entries but enable Restrict Web Features, uncheck Do not block Java/ActiveX/Cookies to Trusted Domains. To delete an individual trusted domain, click on the Delete icon for the entry. To delete all trusted domains, click Delete All. To edit a trusted domain entry, click the Edit icon.
Allowed Domains:
Allowed domains allow access to URLs that are normally blocked by the SonicWall's Content Filter List (Categories). To allow access to a Web site that is blocked by the Content Filter List, click Add, and enter the host name, such as “www.ok-site.com”, into the Allowed Domains fields. 256 entries can be added to the Allowed Domains list.
To allow access to a Web site that is blocked by the Content Filter List, click Add, and enter the host name, such as “www.ok-site.com”, into the Allowed Domains fields. 1,024 entries can be added to the Allowed Domains list.
CAUTION: Do not include the prefix “http://” in either the Allowed Domains or Forbidden Domains the fields. All subdomains are affected. For example, entering “yahoo.com” applies to “mail.yahoo.com” and “my.yahoo.com”.
Forbidden Domains:
To block a Web site that is not blocked by the Content Filter Service, click Add, and enter the host name, such as “www.bad-site.com” into the Forbidden Domains field. 1,024 entries can be added to the Forbidden Domains list.
Related Articles
- Configuring Aggressive Mode Site to Site VPN when a Site has Dynamic WAN Public IP address
- High Availability: Idle / Standby appliance cannot pass traffic, WAN and LAN side.
- How do I configure the SSL-VPN feature for use with NetExtender or Mobile Connect?
Categories
- Firewalls > TZ Series
- Firewalls > SonicWall SuperMassive E10000 Series
- Firewalls > SonicWall SuperMassive 9000 Series
- Firewalls > SonicWall NSA Series
YES
NO