How to block everything except allowed domains CFS 4.0
03/26/2020 132 12376
How to block everything except allowed domains CFS 4.0.
Steps to Block Everything except allowed domains
1. Create a URI list object with all the allowed domains
2. Create a CFS Profile Object
3. Create a Policy to apply the filtering on to specific group or edit the existing default policy.
Navigate to Manage | objects | content Filter Objects | URI list Objects | URI list and add the domain's by clicking ADD. If you already have a URI list on other SonicWall you can import them from IMPORT ans EXPORT options
choose the Allowed Domains URI list that was created for Allowed URI list
set the operation to block and make sure all the the categories are set to block or hit SET TO ALL and click OK
Navigate to Manage | Security Services | Content Filter and click ADD under CFS policies
Name the Policy
Choose the source and destination zones as necessary(Here we are restricting to internet so LAN to WAN)
Choose the User group. If the restriction is only for specific group group them all using address objects and address groups. Or if it is hard to add all the random IPs and if only few people are excluded from content filter, choose CFS exclusion list to add the excluded users using address objects and groups
Choose the Allowed Domains Profile
For the action you can choose the CFS default action or if some other action is necessary to be applied on this user group then it is necessary to create a CFS action object
NOTE : This configuration might not work if there is a policy which is taking precedence over the one that has been just created. So make sure the policy created is taking precedence over other if the same user group is chosen in few other policies.
Firewalls>TZ Series>Content Filtering Service
Firewalls>SonicWall NSA Series>Content Filtering Service
Firewalls>SonicWall SuperMassive 9000 Series>Content Filtering Service
Firewalls>SonicWall SuperMassive E10000 Series>Content Filtering Service