How to restrict the web access based on a passphrase action in CFS 4.0

03/26/2020 1,387 People found this article helpful 100,613 Views

Description

CFS 4.0 in SonicOS 6.2 introduces a new restrict action, which named Passphrase, to restrict the web access other than just block. Once Passphrase action has been selected, the web will be redirected to a passphrase page after user attempts to access the specified website. In this page users should submit the preset password to continue the web browsing. 

If the password is correct, the web access will be allowed. Otherwise it will be blocked with a block page sending to client.
If the user didn't enter a correct password the first time, then the passphrase page will be sent to client again for requiring password the second time. Currently, client users have 3 opportunities to enter their passwords, this means the site will be blocked if user tries his password 3 times and the passwords are all wrong.
If client users don't know the password, they can click 'Cancel' button to skip entering the password. In this case, this site will be blocked immediately.

Resolution

To create the CFS Objects(except Action/profile objects) and policies please refer to:
How to block HTTPS (SSL) sites using SonicWall DPI-SSL and Content Filter Service (CFS 4.0)

To configure the Passphrase action, follow the steps below:

Step 1, Go to Firewall | Content Filter Objects | CFS Profile Objects

Step 2, Click Add to create a new action object(or Edit the CFS Default Action), set the password as below:

Step 2, Click Add to create a profile objects, here a block_bing profile object created for instance.

Step 3, If the websites are in the predefined URI:

Under URI LIst Configuration, In the pull-down menu of Operation for Forbidden URI list, select Passphrase.

If the websites are in the category:

Under Category Configuration, in the pull-down menu of Search Engines and Portals, select Passphrase.

Step 4, Click OK.

---

How to Test:

Open a web browser and enter https://bing.com
A CFS Passphrase page will appear as under. {If this is being done from the same computer as the one which is logged into the SonicWall Management GUI, make sure you are logged out before testing.}

If the password is correct, you will be allowed to access bing.com.

If the password is incorrect or users click Cancel, you will be forbidden to access bing.com and block page will display as below:

Log View:

Related Articles

• ‘Error sending one-time password’ encountered when connecting to NetExtender
• Supported SonicWall and 3rd party SFP and SFP+ modules that can be used with SonicWall NSsp series
• Supported SonicWall and 3rd party SFP and SFP+ modules that can be used with SonicWall NSA series

Categories

• Firewalls > SonicWall SuperMassive 9000 Series > Content Filtering Service
• Firewalls > SonicWall NSA Series > Content Filtering Service
• Firewalls > TZ Series > Content Filtering Service