Main Menu
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Events
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • SonicWall Promotions
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
SonicWall
  • Products
      All Products A–Z
      Free Trials
    • Network Security
      • Next-Generation Firewall (NGFW)
      • Network Security Services
      • Network Security Management
      • Secure SD-WAN
    • Threat Protection
      • Advanced Threat Protection Cloud
      • Advanced Threat Protection Appliance
      • Capture Labs
    • Secure Access Service Edge (SASE)
      • Zero-Trust Network Access (ZTNA)
    • Cloud Security
      • Cloud Firewall
      • Cloud App Security
    • Endpoint Security
      • Endpoint Detection & Response (EDR)
    • Email Security
      • Cloud Email Security
      • Hosted Email Security
      • On-Prem Email Security
    • Secure Access
      • Wireless Access Points
      • Network Switch
      • Virtual Private Network (VPN)
    • Wi-Fi 6 Access Points

      SonicWall SonicWave 600 series access points provide always-on, always-secure connectivity for complex, multi-device environments.

      Read More
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Network Segmentation
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure Wi-Fi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Events
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Events
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • SonicWall Promotions
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • English English English en
  • BLOG
  • CONTACT SALES
  • FREE TRIALS
  • English English English en
SonicWall
  • Products
      All Products A–Z
      Free Trials
    • Network Security
      • Next-Generation Firewall (NGFW)
      • Network Security Services
      • Network Security Management
      • Secure SD-WAN
    • Threat Protection
      • Advanced Threat Protection Cloud
      • Advanced Threat Protection Appliance
      • Capture Labs
    • Secure Access Service Edge (SASE)
      • Zero-Trust Network Access (ZTNA)
    • Cloud Security
      • Cloud Firewall
      • Cloud App Security
    • Endpoint Security
      • Endpoint Detection & Response (EDR)
    • Email Security
      • Cloud Email Security
      • Hosted Email Security
      • On-Prem Email Security
    • Secure Access
      • Wireless Access Points
      • Network Switch
      • Virtual Private Network (VPN)
    • Wi-Fi 6 Access Points

      SonicWall SonicWave 600 series access points provide always-on, always-secure connectivity for complex, multi-device environments.

      Read More
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Network Segmentation
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure Wi-Fi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Events
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Events
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • SonicWall Promotions
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • Menu

How to configure CFS (content filtering service) on NSSP 13700?

07/12/2021 0 People found this article helpful 183,603 Views

    Download
    Print
    Share
    • LinkedIn
    • Twitter
    • Facebook
    • Email
    • Copy URL The link has been copied to clipboard

    Description

    SonicWall CFS compares requested websites against a massive database in the cloud containing millions of rated URLs, IP addresses, and websites. It provides administrators with the tools to create and apply policies that allow or deny access to sites based on individual or group identity, or by the time of day, for over 50 pre-defined categories.

    Resolution

    NOTE: During the initial release, NSSP 13700 only supports Global mode and not Policy mode.


    Let us discuss the various components of CFS:

    Content Filtering type:

    • Navigate to Policy|Security Services|Content Filter, users are given a choice to select the content filter type: SonicWall CFS and Websense Enterprise.
    • By default, the type is SonicWall CFS.
      Image
    • Websense Enterprise:

      • Websense configuration can be done under the Policy|Security Services|Content Filter with content filter type as Websense Enterprise.
      • You would need to mention the IP address or domain name to connect to the Websense server with the port number.
        Image


    Global Settings:

    • In this, we have the option to Enable/Disable Content Filtering Services Globally.

    CFS exclusion:

    • On the CFS exclusion, we can Exclude Administrator from the Content Filtering Policies, and we can use address objects of the IP addresses for the exclusion.
    • With the Administrator excluded, if a machine is accessing the firewall UI using a SonicWall administrator account, that machine will be bypassed completely from CFS.
      Image

    CFS custom Category:

    • Navigate to Policy|Security Services|Content Filter page and you can Enable CFS custom Category.
    • In this section, users can add custom categories and customize the ratings for a certain URI, When CFS checks the ratings for one URI, it will check the user ratings first, then check for the ratings from the backend. When users try to add/edit a custom category, they will need to input a valid URI and select up to 4 kinds of categories for this URI.
      Image

      Image

    CFS URI Lists:

    • Navigate to Objects|Match objects|URI Lists, to configure CFS URI objects which can be used to add the domains, URLs into the list, and set this list as custom Allowed or Forbidden.
    • The URI list can be grouped together as well, and this list will have higher priority than the CFS category and it will check the list before checking for the category for an URI.
      Image
    • Users can also add Wildcard character “*” is supported in the URI string, for instance *.yahoo.com
    • The URI list object will be used in the CFS Profile objects under Content Filter.
    • You can add either domain, URI or Keyword type of list. After adding them, you can clock on Save to save it.
      Image

    CFS profile:

    • Navigate to Object|Profile Objects|Content Filter for the CFS default profile.
    • CFS Profile object defines the type of operation which will be triggered for each HTTP/HTTPS connection and this same profile will be used in the CFS policy.
      Image

    URI list Configuration:

    • Allowed URI List and Forbidden URI list can be selected according to the URI list object created, when searching the URL inside Allowed/Forbidden URL lists, we will start the searching from which one.

    Category Configuration:

    • For each category, users can define the operation for it if the URI is belonged to the category. By default, the operation for category 1 ~ 12 is blocked, the operation for other categories is allowed.
      Image

      We have multiple advanced options the CFS profile object which includes:

    • Enable HTTPS Content Filtering: Please make sure that this option is enabled so that the necessary action can be taken even for HTTPS websites. This option is disabled by default.
    • Enable Smart Filtering for Embedded URI: Google Translate https://translate.google.com provides the capability to translate one site from one language to another. Because the website to be translated is embedded inside Google Translate URI, user can bypass CFS with it. With this new feature, if users want CFS to detect the embedded URI inside Google Translate, users can enable this option and then the embedded URI will be filtered.
    • Enable Safe Search enforcement: When searching from these websites www.google.com, www.yahoo.com, www.bing.com, www.dogpile.com, www.lycos.com, www.ask.com, Safe Search will be turned on.
    • Enable YouTube Restrict Mode: When accessing to YouTube, student can only view the video predefined by the school administrator. If enabling this option, user will need to provide a valid school ID.
      NOTE: The last three options are only supported for the HTTP request. For the HTTPS request, DPI-SSL needs to be used cooperatively.

      Image
    • We can also define the Web usage content under Consent in CFS profile Objects.
      Image

    CFS Action Objects:

    • Navigate to Object|Action objects|Content filer Actions to define how CFS deal with the packet after it is filtered.
      Image

      There are four actions supported in CFS:

    • Block: Users can define the blocking page to display if the connection is blocked.
    • Passphrase: Users can define the passphrase page to display and the password needed before continue.
    • Confirm: Users can define the confirm page to display.
    • BWM: Users can configure Bandwidth Aggregation Method as Per Policy or Per Action. Users can also configure the detailed BWM status and objects for Egress Bandwidth Management and Ingress Bandwidth Management.
      TIP: The Action Objects will be used by the CFS Policy.

      Image


    Content Filer Policies:

    • Navigate to Policy|Rules and Policies|Content Filer Rules and add the CFS policies with the specific URI list objects and action objects.
    • By default, a CFS default policy exists with the CFS default profile and CFS default action, Users can either edit the existing Policy or can add the new policy as well.
      Image
    • Users can define matching conditions to hit a CFS Policy: Enabled, Source Zone, Destination Zone, Address Object, Users/Groups, Schedule, CFS Profile, and CFS Action.
      Image
    • If a packet is detected and all these conditions are matched, it will be filtered by the corresponding CFS Profile. Then the CFS Action will be invoked after filtering.
    • There is priority for each CFS Policy. The matched CFS Policy with higher priority will always be applied first.
    • Any new policy created is added here with the least priority. The arrows on the CFS policy can be used to alter the priority. The lower the number the higher the priority.
      Image

    See also:

    • Configuring A CFS Policy Per IP Address Or Range Of IP Addresses
    • How To Find Out The CFS Rating Of A Website?

    Related Articles

    • Identical Access Rules for different users/user groups
    • Advanced Network Security eLearning Training Course
    • Network Security Essentials eLearning Training Course

    Categories

    • Firewalls > NSsp Series

    Not Finding Your Answers?

    ASK THE COMMUNITY

    Was This Article Helpful?

    YESNO

    Article Helpful Form

    Article Not Helpful Form

    Company
    • Careers
    • News
    • Leadership
    • Awards
    • Press Kit
    • Contact Us
    Popular resources
    • Communities
    • Blog
    • SonicWall Capture Labs

    Stay In Touch

    • By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. You can unsubscribe at any time from the Preference Center.
    • This field is for validation purposes and should be left unchanged.
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
    • Instagram

    © 2023 SonicWall. All Rights Reserved.

    • Legal
    • Privacy
    • English
    Scroll to top