Steps taken by CFS engine for web traffic

05/28/2020 3 4712

DESCRIPTION:

The SonicWall Content Filtering Service (CFS) delivers content filtering enforcement for educational institutions, businesses, libraries, and government agencies. With Content Filter policies and objects, you can control the websites students and employees can access using their IT-issued computers while behind the organization’s firewall.

To be able to configure it right and understand the best way to set it up, the flow of events taking place within CFS engine is essential.

RESOLUTION:

CFS must be licensed and enabled before you can use it.

An outline of how CFS works is as follows:

1. A packet arrives and is examined by CFS.
2. CFS checks it against the CFS Exclusion addresses configured on the MANAGE | Security Services | Content Filter page and allows it through if a match is found, meaning that the source/destination address is excluded from content filtering.
3. CFS checks its policies to find the first policy that matches these conditions in the packet:
   
   Source zone
   Destination zone
    Included Source Address object/group, but not matching the Excluded Source Address object/group
   Included User/Group, but not matching the Excluded User/Group
   Schedule
   Enabled state
   
   The CFS policies are arranged based on priority. Once a policy matches, all subsequent policies are not checked.
   
   
4. Once the matching policy is found, it checks if the URL requested is already in the allowed or forbidden URL list/group for that policy and takes the necessary action. The order in which the lists are checked is also configurable on the CFS profile itself.
   
   
5. It checks if the URL is added to any custom category on the firewall and takes action for that category based on the profile.
   
   
6. If it is in neither of them, it determines the category of the website by contacting the CFS web server and takes the action listed for that specific category. Also, if a URL belongs to multiple categories and even one of them is allowed, the website will be allowed.
   
   

   NOTE: If no policy is matched, the packet is passed through without any action by CFS.
   
   

7. 
   

   CFS uses the CFS Profile defined in the matching policy to do the filtering and returns the corresponding action for this packet.
8. CFS performs the action defined in the CFS Action Object for the matching policy.