- Products
- Network Security
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
Capture ATPMulti-engine advanced threat detection
Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
- Email Security
Email SecurityProtect against today’s advanced email threats
- Cloud Security
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
- Products
- Network Security
- Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
- Security ServicesComprehensive security for your network security solution
- Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
- Capture ATPMulti-engine advanced threat detection
- Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
- Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
- Secure Mobile AccessRemote, best-in-class, secure access
- Wireless Access PointsEasy to manage, fast and secure Wi-FI
- SwitchesHigh-speed network switching for business connectivity
- Email Security
- Email SecurityProtect against today’s advanced email threats
- Cloud Security
- Cloud App SecurityVisibility and security for Cloud Apps
- Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
- Capture ClientStop advanced threats and rollback the damage caused by malware
- Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
How to block everything except allowed domains CFS 4.0
03/26/2020 
145 People found this article helpful
28,653 Views
Description
How to block everything except allowed domains CFS 4.0.
Resolution
Steps to Block Everything except allowed domains
1. Create a URI list object with all the allowed domains
2. Create a CFS Profile Object
3. Create a Policy to apply the filtering on to specific group or edit the existing default policy.
Navigate to Manage | objects | content Filter Objects | URI list Objects | URI list and add the domain's by clicking ADD. If you already have a URI list on other SonicWall you can import them from IMPORT ans EXPORT options
Navigate to Manage | objects | content Filter Objects | CFS Profile Objects
- Name the profile
- choose the Allowed Domains URI list that was created for Allowed URI list
- set the operation to block and make sure all the the categories are set to block or hit SET TO ALL and click OK
Navigate to Manage | Security Services | Content Filter and click ADD under CFS policies
- Name the Policy
- Choose the source and destination zones as necessary(Here we are restricting to internet so LAN to WAN)
- Choose the User group. If the restriction is only for specific group group them all using address objects and address groups. Or if it is hard to add all the random IPs and if only few people are excluded from content filter, choose CFS exclusion list to add the excluded users using address objects and groups
- Choose the Allowed Domains Profile
- For the action you can choose the CFS default action or if some other action is necessary to be applied on this user group then it is necessary to create a CFS action object
NOTE : This configuration might not work if there is a policy which is taking precedence over the one that has been just created. So make sure the policy created is taking precedence over other if the same user group is chosen in few other policies.
Related Articles
- How to enable and configure NTP?
- Cannot edit App Control Signatures, "Error: property 'value' can't be empty value"
- SSL-VPN 2FA: How to unbind TOTP for a single user or multiple users
Categories
- Firewalls > TZ Series > Content Filtering Service
- Firewalls > SonicWall NSA Series > Content Filtering Service
- Firewalls > SonicWall SuperMassive 9000 Series > Content Filtering Service
- Firewalls > SonicWall SuperMassive E10000 Series > Content Filtering Service
YES
NO