How to configure Web Content Filtering Policy on Capture Client 3.0?

05/15/2020 56 People found this article helpful 476,123 Views

Description

The ability to perform web content filtering has been added to Capture Client’s policy management. You can configure policies that allow or block access to various websites. This allows endpoint security and content filtering to be managed from the same management console, simplifying administration. The feature also includes web activity reporting for easier monitoring.

Resolution

NOTE: To enable this feature, the Capture Client Advance License is required.

There are several aspects to creating a strong content filtering policy. First, it needs to be created, followed by editing it to set the parameters you want. Use the following steps to guide you:

Login to https://captureclient.sonicwall.com and navigate to Security Policies | Web Content Filtering tab and you can add a new policy by clicking on the Add (+) icon or edit the existing Default CF Policy.
Navigate to the Settings tab. Make sure that the ‘Enable Web Content Filtering’ toggle switch is ON. On this same page, you can also choose to Enforce the client with this policy even when present behind the SonicWall using the toggle switch ‘Enforce behind SonicWall firewall’.
You can also choose to use the default block page or create your own with the ‘Define a custom block page’. You have an option to upload an HTML code, edit the code, and visualize the changes in real-time.
You can also set schedules for this policy using the timed filter.

We can edit the timed filter as below:
Any time other than the timed filter is considered as the default filter. There are two tabs just after the Schedule and you can decide what kind of filtering you would like to do during each of those timelines.
Both the filters have the same options to configure and get applied on their respective timelines.
The category sub-tab gives you control to block Category-wise or sub-category wise as depicted.
You can also add allowed and forbidden URLs to lists. This allows/blocks the URL even though the category that the website belongs to is blocked or allowed respectively.
We have option to block Keywords and add authorized list of processes.
You can enter a partial or full code signing certificate subject name for the processes you wish to explicitly allow. E.g., 'CN=Microsoft Corporation'
Once you have completed the configuration, click on the Update button.
We would then need to use this under the Capture Client Policy. Please Navigate to Security Policies | Capture Client Policy and use this under the Web Content Filtering drop-down.

Client checks:

Once the policy is updated, the Web filter policy will show up on the client end. To force to update the Policy on the client, you can go to the Capture Client Icon, and manually update it as below.
The updated Policy can be seen on the client Dashboard as below
Also, the ‘Web Content Filtering’ tab on the client Dashboard shows the recent blocked websites.
For an HTTPS website, a pop up also shows up on the client when a blocked website is accessed.
For an HTTP website, we also get a blocked page along with the pop up explaining the reason.

Logs on the CMC:

You can also check for the events and blocked websites under Analytics | Web protection tab on the Capture client portal. This list can be exported as well.