- Products
- Network Security
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
Capture ATPMulti-engine advanced threat detection
Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
- Email Security
Email SecurityProtect against today’s advanced email threats
- Cloud Security
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
- Products
- Network Security
- Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
- Security ServicesComprehensive security for your network security solution
- Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
- Capture ATPMulti-engine advanced threat detection
- Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
- Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
- Secure Mobile AccessRemote, best-in-class, secure access
- Wireless Access PointsEasy to manage, fast and secure Wi-FI
- SwitchesHigh-speed network switching for business connectivity
- Email Security
- Email SecurityProtect against today’s advanced email threats
- Cloud Security
- Cloud App SecurityVisibility and security for Cloud Apps
- Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
- Capture ClientStop advanced threats and rollback the damage caused by malware
- Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
Steps taken by CFS engine for web traffic
05/28/2020 
3 People found this article helpful
35,629 Views
Description
The SonicWall Content Filtering Service (CFS) delivers content filtering enforcement for educational institutions, businesses, libraries, and government agencies. With Content Filter policies and objects, you can control the websites students and employees can access using their IT-issued computers while behind the organization’s firewall.
To be able to configure it right and understand the best way to set it up, the flow of events taking place within CFS engine is essential.
Resolution
CFS must be licensed and enabled before you can use it.
An outline of how CFS works is as follows:
- A packet arrives and is examined by CFS.
- CFS checks it against the CFS Exclusion addresses configured on the MANAGE | Security Services | Content Filter page and allows it through if a match is found, meaning that the source/destination address is excluded from content filtering.
- CFS checks its policies to find the first policy that matches these conditions in the packet:
Source zone
Destination zone
Included Source Address object/group, but not matching the Excluded Source Address object/group
Included User/Group, but not matching the Excluded User/Group
Schedule
Enabled state
The CFS policies are arranged based on priority. Once a policy matches, all subsequent policies are not checked.
- Once the matching policy is found, it checks if the URL requested is already in the allowed or forbidden URL list/group for that policy and takes the necessary action. The order in which the lists are checked is also configurable on the CFS profile itself.
- It checks if the URL is added to any custom category on the firewall and takes action for that category based on the profile.
- If it is in neither of them, it determines the category of the website by contacting the CFS web server and takes the action listed for that specific category. Also, if a URL belongs to multiple categories and even one of them is allowed, the website will be allowed.
NOTE: If no policy is matched, the packet is passed through without any action by CFS.
CFS uses the CFS Profile defined in the matching policy to do the filtering and returns the corresponding action for this packet.- CFS performs the action defined in the CFS Action Object for the matching policy.
Related Articles
- How to force an update of the Security Services Signatures from the Firewall GUI
- How to upload security services signatures manually on Closed Environments?
- How to Create Gen 7 Settings File by Using the Online Migration Tool
YES
NO