One user can access a blocked URL while others are appropriately blocked, and only a single policy
03/26/2020 12 11268
One user can access a blocked URL while others are appropriately blocked, and only a single policy in effect
Step 1: The allowed user may have the site cached from a previous visit. Clear the machine's browser cache / cookies
Step 2: The User may have a complete CFS bypass. Check the users group memberships, and also check under user > settings that the Default CFS policy is applied to the user.
Step 3. Check that the user is not using some VPN tunneling method to create an encrypted connection to an allowed site, which then relays information in a secure manner which the SonicWall is unable to parse for the unallowed sites. Consider blocking the Hacking/Proxy Avoidance Systems category.
Step 4. If this is an HTTP site, check that the blocked users are not being blocked for a reason OTHER than CFS, such as the app control advanced engine... otherwise it is possilbe that all users have an allowance to the site on CFS, and the exclusion is in the app control engine.
How to Test:
Clear the machine's browser cache again and have the machine attempt to access the site. Run a packet capture to determine that the traffic is actually showing an HTTP or HTTPS request through the firewall.