- Products
- Network Security
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
Capture ATPMulti-engine advanced threat detection
Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
- Email Security
Email SecurityProtect against today’s advanced email threats
- Cloud Security
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
- Products
- Network Security
- Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
- Security ServicesComprehensive security for your network security solution
- Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
- Capture ATPMulti-engine advanced threat detection
- Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
- Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
- Secure Mobile AccessRemote, best-in-class, secure access
- Wireless Access PointsEasy to manage, fast and secure Wi-FI
- SwitchesHigh-speed network switching for business connectivity
- Email Security
- Email SecurityProtect against today’s advanced email threats
- Cloud Security
- Cloud App SecurityVisibility and security for Cloud Apps
- Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
- Capture ClientStop advanced threats and rollback the damage caused by malware
- Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
How to restrict the web access based on a passphrase action in CFS 4.0
03/26/2020 
1,385 People found this article helpful
37,769 Views
Description
CFS 4.0 in SonicOS 6.2 introduces a new restrict action, which named Passphrase, to restrict the web access other than just block. Once Passphrase action has been selected, the web will be redirected to a passphrase page after user attempts to access the specified website. In this page users should submit the preset password to continue the web browsing.
If the password is correct, the web access will be allowed. Otherwise it will be blocked with a block page sending to client.If the user didn't enter a correct password the first time, then the passphrase page will be sent to client again for requiring password the second time. Currently, client users have 3 opportunities to enter their passwords, this means the site will be blocked if user tries his password 3 times and the passwords are all wrong.
If client users don't know the password, they can click 'Cancel' button to skip entering the password. In this case, this site will be blocked immediately.
Resolution
To create the CFS Objects(except Action/profile objects) and policies please refer to:
How to block HTTPS (SSL) sites using SonicWall DPI-SSL and Content Filter Service (CFS 4.0)
To configure the Passphrase action, follow the steps below:
Step 1, Go to Firewall | Content Filter Objects | CFS Profile Objects
Step 2, Click Add to create a new action object(or Edit the CFS Default Action), set the password as below:
Step 2, Click Add to create a profile objects, here a block_bing profile object created for instance.
Step 3, If the websites are in the predefined URI:
Under URI LIst Configuration, In the pull-down menu of Operation for Forbidden URI list, select Passphrase.
If the websites are in the category:
Under Category Configuration, in the pull-down menu of Search Engines and Portals, select Passphrase.
Step 4, Click OK.
How to Test:
Open a web browser and enter https://bing.com
A CFS Passphrase page will appear as under. {If this is being done from the same computer as the one which is logged into the SonicWall Management GUI, make sure you are logged out before testing.}
If the password is correct, you will be allowed to access bing.com.
If the password is incorrect or users click Cancel, you will be forbidden to access bing.com and block page will display as below:
Log View:
Related Articles
- Troubleshooting Single Sign-on (SSO) related errors
- How to enable and configure NTP?
- Cannot edit App Control Signatures, "Error: property 'value' can't be empty value"
Categories
- Firewalls > SonicWall SuperMassive 9000 Series > Content Filtering Service
- Firewalls > SonicWall NSA Series > Content Filtering Service
- Firewalls > TZ Series > Content Filtering Service
YES
NO