SonicWALL Internet Security Appliances Configuring SonicWALL Content Filtering

Page 100 SonicWALL Internet Security Appliance Administrator’s Guide

Configuring SonicWALL Content Filtering

The Configure tab is common between the three types of Content Filtering. Click Filter on the left

side of the browser window, and then click on the Configure tab.

Select the type of Content Filter from the Content Filter Type menu. To enforce Content Fi ltering on

the LAN, select Apply Content F ilter.

Content filtering can al so be en for ced o n t he LA N, DM Z, or b ot h. Selec t LAN, DMZ, or both. Both LAN

and DMZ are selected by defaul t.

Restrict Web Features

Restrict Web Features enhances your network security by blocking poten tially harmful Web

applications from entering your network. Select any of the following applications to block:

Block:

•ActiveX

ActiveX is a programming language that embeds scripts in Web pages. Malicious progr ammers

can use ActiveX to delete files or compromise security. Select the ActiveX check box to block

ActiveX controls.

•Java

Java is used to dow nload and run small program s, called applets, on Web s ites. It is safer than

ActiveX since it has built-in security mechanisms. Select the Java check box t o block Ja va

applets from the network.

•Cookies

Cookies are used by Web servers to track Web usage and remember user id enti ty . Cooki es can

also compromise users' priva cy by tracking Web activ ities. Select the Cookies chec k box to

disable Cookies.

•Known Fraudulent Certificates

Digital certificates help verify that Web content and files originated from an authorized party.

Enabling this feature protects users on the LAN from downloading malicious programs

warranted by these fraudulent certificates. If digital certificates are proven fraudulent, then the

SonicWALL blocks the Web content and the files that use these fraudulent certificates.

Known fraudulent certificates b loc ked by So nic WALL incl ude two c ert if icat es is sued on Ja nuary

29 and 30, 2001 by VeriSign to an impostor mas querading as a Microsoft em ployee.

•Access to HTTP Proxy Se rvers

When a proxy server is located on the WAN, LAN users can circumvent content filtering by

pointing their computer to the proxy server. Check this box to prevent LAN user s fro m accessing

proxy servers on the WAN.

•Don’t Block Java/ActiveX/Cookies to Trusted Domains

Select this option if you have trusted domains using Java, Activ eX, and Cookies. To add a trusted

domain, enter the domain name into the Add Trusted Domain field. Click Update to add the

domain to the list of trusted domains. To delete a domain, select it from the list, and then click

Delete.