- Products
- Network Security
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
Capture ATPMulti-engine advanced threat detection
Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
- Email Security
Email SecurityProtect against today’s advanced email threats
- Cloud Security
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
-
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
-
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
-
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
-
- Support Widget
- Products
- Network Security
- Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
- Security ServicesComprehensive security for your network security solution
- Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
- Capture ATPMulti-engine advanced threat detection
- Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
- Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
- Secure Mobile AccessRemote, best-in-class, secure access
- Wireless Access PointsEasy to manage, fast and secure Wi-FI
- SwitchesHigh-speed network switching for business connectivity
- Email Security
- Email SecurityProtect against today’s advanced email threats
- Cloud Security
- Cloud App SecurityVisibility and security for Cloud Apps
- Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
- Capture ClientStop advanced threats and rollback the damage caused by malware
- Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
-
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
-
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
-
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
-
- Support Widget
How to troubleshoot CFS v4.0 broken site issues with Wireshark?
06/01/2020 
22 People found this article helpful
90,618 Views
Description
Multiple times administrator run into issue of allowing or whitelisting some sites from CFS filtering of the SonicWall.The simple solution is to allow the website/domain name under Manage |Policies | Object | Content Filter Object | URI List Object
However, some websites fetch data from few other domains and hence whitelisting a single main domain results in partial contents being loaded.
EXAMPLE: If we add 'bbc.com' website only and under the allowed domain list, the website partially loads as shown below:
Resolution
In order to fine the assosicated domains or extra domains embedded in the website coding, either we can check the HTML coding by checking 'view page source' of the website or use the 'Packet Monitor' feature of the SonicWall to identify it as explained below:
- Set the packet capture on the SonicWall based on the source IP address of the PC which is having the issue. You can navigate to Investigate |Tools | Packet Monitor and configure it as :
- Select the view filter as only drop packets.
- Refresh or access the broken web-page again from the machine through which packet monitoring has been set and you should notice the following drop packets mentioning the drop reason as Enforced Content Filter Policy. Export this data in libpacpng or any wireshark supported format .
- SonicWall CFS policy will block the client hello packet for https site and 'get request' for http sites. For the above example, the website is https based, hence we will filter the wireshark for client hello packets.
ssl.handshake.type==1
TIP: Either you can check the dropped packet number on firewall and directly go to that packet in wireshark by pressing CTRL+G or use the filter with syntax as shown below to see all the client hello packets captured:
- Open the client Hello packet and navigate to the Server Name field where you will find the exact domain name which needs to be added in the CFS Allowed Domain List .
NOTE: You might need to check all the client hello packets and find all the domains which are being dropped as CFS. - Add all the domains found through the above steps under the CFS allowed domain list. If you see different sub-domains of a main domain, you may add Wildcard character (*) to the main domain as shown below.
- Access the website now as you should be seeing all the contents loaded as expected.
TIP: Make sure you check in the private window of browser or clear browsing history to avoid any previous cache issues.
Related Articles
- Parserror on Event logs.
- Switch from the Policy mode to classic mode on Gen 7 appliances
- Analyzing TCP reset(RST)packets
Categories
- Firewalls > TZ Series
- Firewalls > SonicWall NSA Series
- Firewalls > SonicWall SuperMassive 9000 Series
- Firewalls > SonicWall SuperMassive E10000 Series
YES
NO