Introduction and configuration of the Content Filtering Client

03/26/2020 1,574 People found this article helpful 54,428 Views

Description

As opposed to the Content Filtering Service, the Content Filtering Client is installed on the user's machine directly. This article explains the installation and configuration of the Client Content Filter and guide will first go through the installation, and configuration of CFC on the firewall, as well as on EPRS (Enforced Policy and Reporting System)

Resolution

Content Filtering installation and first configuration

Log on to the SonicWall Web Management and under Network | Address Object | create an A/O for the IP addresses you want to apply the CFC to.
You need to apply this Address Object to the CFC Enforcement list. Navigate to Security Services | Client CF Enforcement. Configure the Client CF Enforcement list and add your Address Object, click OK.

NOTE:The above mentioned steps are only required for CFC 2.0. This is no longer required in the later versions.
Enable the Content Filtering Client on the zone where you want the feature to be enforced.

NOTE: The Address objects configured above, should belong to this zone.
The first time a PC int he listed IP address range goes out to the internet, the user will be prompted to download the CFC Software on their PC. Click on Install Content Filtering Client | Download and start the installer.
Have the user to follow the installation steps.
Once the CFC software installed, it's icon will show up in the windows task bar.

Accessing the EPRS console and feature presentation

To configure the policies, user permissions and to view reports in the CFC we need to open the EPRS console. Go back to Security Services | Client CF Enforcement and select clicking here. You will be prompted to enter the MySonicWall Account username and password and / or the authentication code of the SonicWall.
After clicking Submit, you are redirected to the EPRS console. The System | Status page allows you to synchronize the module license with your MySonicWall Account. You can create Schedule for Policies enforcement to your users under System | Schedules. The System | Certificates allows you to import certificates from a .p7b, .pem, .der or .cer format onto the module.
The Directory Services allows you to manage the user authentication and configuration. On the LDAP tab you can configure the LDAP server with the CFC. You can import users and groups from the Google Directory. You are able to synchronize the User Groups and Users from the SonicWall to the EPRS console.
The Content Filter tab is where you will configure all the Content Filter policies. The Settings page you can configure the following.
1. Disable CFC if the machine on which it’s installed is behind a SonicWall with an active Content Filter Service configured.
2. What webpage to display when CFC blocks a webpage: the SonicWall default blocked webpage or a customer one.
3. Enable HTTPS content filtering.
Under the Content Filter | Custom List you configure the allowed and forbidden domains that you will then apply to the Policies. You can import a list of Allowed domains, Forbidden domains or Keyword as a text file where the file is formatted as one Domain per line.
Under Content Filter | Policies you will find the Default Content Filter policy that cannot be edited. You can however create a new Policy. You configure the Content Filter Client policy the same way you would configure the CFS per Users and Zone on a SonicWall.
Navigate to the last tab of the menu: Enforcement | Policies where you can create enforcement policies. You need to choose the Version settings to use and the Content filter policy to apply, previously created. You can also use the default Desktop policy or the Default Mobile policy but you won’t be able to edit those.
Under Enforcement | Client Groups you can use the Default Client Group or create custom groups under which you will add your clients using the Content Filter Client.
At last the list of clients with the CFC installed is listed under Enforcement. You are able to move clients between Groups, block and unblock clients. Blocking a client will forbid him to any internet access.
The last tab is Reports where you can consult the sites visited by users, create reports and view an history of the web activity on the machines using CFC.