How to block everything except allowed domains CFS 4.0

03/26/2020 126 11047

DESCRIPTION:

How to block everything except allowed domains CFS 4.0.

RESOLUTION:

Steps to Block Everything except allowed domains

1. Create a URI list object with all the allowed domains

2. Create a CFS Profile Object

3. Create a Policy to apply the filtering on to specific group or edit the existing default policy. 

Navigate to Manage | objects | content Filter Objects | URI list Objects | URI list  and add the domain's by clicking ADD. If you already have a URI list on other SonicWall you can import them from IMPORT ans EXPORT options

Navigate to Manage | objects | content Filter Objects | CFS Profile Objects

• Name the profile
• choose the Allowed Domains URI list that was created for Allowed URI list
• set the operation to block and make sure all the the categories are set to block or hit SET TO ALL and click OK

Navigate to Manage | Security Services | Content Filter and click ADD under CFS policies 

• Name the Policy
• Choose the source and destination zones as necessary(Here we are restricting to internet so LAN to WAN)
• Choose the User group. If the restriction is only for specific group group them all using address objects and address groups. Or if it is hard to add all the random IPs and if only few people are excluded from content filter, choose CFS exclusion list to add the excluded users using address objects and groups
• Choose the Allowed Domains Profile
• For the action you can choose the CFS default action or if some other action is necessary to be applied on this user group then it is necessary to create a CFS action object 

NOTE : This configuration might not work if there is a policy which is taking precedence over the one that has been just created. So make sure the policy created is taking precedence over other if the same user group is chosen in few other policies.