NOTE: If you wish to forbid or allow HTTPS domains, use of their IP address must be used in CFS. FQDN does not work for HTTPS sites in the CFS Custom List. For example, I was able to forbid paypal.com with the use of these 3 IP addresses. (This list may not be representative of all IPs for paypal)
Using the forbidden domains list doesn’t require the use of CFS categories. For example, if you wanted to block myspace.com for the entire organization, or a given group, you would enter myspace.com into the forbidden domains list. This is a simple effective way to systematically block domains for the whole organization or a particular group.
Step 1: To configure CFS for specific groups/users Navigate to Local Groups or Local Users > Configure > select Policies and edit the Default Policy. The default CFS policy should be the most restrictive policy. When multiple policies are created, the most permissive, least restrictive policy wins for any given user. For example, let’s assume we have a user named Joe. Joe is a member of the Sales Group and the Marketing Group. The default CFS policy is set to restrict gambling. We’ve created a CFS policy for the Sales Group that also restricts gambling. The Marketing Group policy however does not restrict gambling. Because CFS is the most permissive, least restrictive, Joe will be able to visit gambling sites. It is recommended you create custom policies that allow exceptions to the default policy and then apply those policies to your respective groups/users.
Creating Custom CFS Policies
To create custom CFS policies first click Configure under the CFS main page.
35
