SonicWALL SonicWALL UTM Appliance manual Creating Custom CFS Policies

Page 35

NOTE: If you wish to forbid or allow HTTPS domains, use of their IP address must be used in CFS. FQDN does not work for HTTPS sites in the CFS Custom List. For example, I was able to forbid paypal.com with the use of these 3 IP addresses. (This list may not be representative of all IPs for paypal)

Using the forbidden domains list doesn’t require the use of CFS categories. For example, if you wanted to block myspace.com for the entire organization, or a given group, you would enter myspace.com into the forbidden domains list. This is a simple effective way to systematically block domains for the whole organization or a particular group.

Step 1: To configure CFS for specific groups/users Navigate to Local Groups or Local Users > Configure > select Policies and edit the Default Policy. The default CFS policy should be the most restrictive policy. When multiple policies are created, the most permissive, least restrictive policy wins for any given user. For example, let’s assume we have a user named Joe. Joe is a member of the Sales Group and the Marketing Group. The default CFS policy is set to restrict gambling. We’ve created a CFS policy for the Sales Group that also restricts gambling. The Marketing Group policy however does not restrict gambling. Because CFS is the most permissive, least restrictive, Joe will be able to visit gambling sites. It is recommended you create custom policies that allow exceptions to the default policy and then apply those policies to your respective groups/users.

Creating Custom CFS Policies

To create custom CFS policies first click Configure under the CFS main page.

35

Page 34 Page 36
Image 35
Page 34 Page 36
Contents Contents Page Integrating LDAP/Active Directory with Sonicwall UTM Configuring the CA on the Active Directory ServerImporting the CA Certificate onto the SonicWALL Configuring the SonicWALL Appliance for LdapPage Page Page Page Page Page Page Enable Radius to Ldap Relay Enables this feature Authentication Page Page Page Creating Firewall Rules with Ldap Groups/Users SonicOS Options That Leverage Groups/UsersPage Page Firewall Rules with Bandwidth Management & Logging Page Blocking Domains with Firewall Rules Blocking Websites Domain Names for Groups/UsersPage Page Navigate to Firewall Access Rules Create a rule to allow Http traffic for your allowed lists Do the same for Https Create the deny rules for Http and Https Firewall rules should now look like the below picture Blocking Https SSL Domains with SSL Control Configuring a SSL Blacklist and Whitelist Page Applying Different CFS Policies to Groups Page Creating Custom CFS Policies Navigate to the Policy tab and add a new CFS policy Page Page Page Http//$$fwinterface$$/$#SWLSTYLESCSS#$ Variables for Custom Block Page in SonicOSAdvanced Sample Code for SonicOS Basic Sample Code for SonicOSPage Page Sample Code for SonicOS 5.1 or Earlier Sample JavaScript Code for SonicOSApplying Application Firewall Polices to Groups/Users Page Page Page Page Tightening Control over the Browsing Behavior of Users Blocking IM Traffic Categorically Applying Granular IM Policies Global VPN Client GVC Applying VPN Access Policies to Groups/UsersPage SSL-VPN NetExtender Guest Services Wireless Guest Services
Top Page Image Contents