SonicWALL TZ 190 Configuring SonicWALL Blocking Features

Security Services > Content Filter

706

SonicOS Enhanced 4.0 Administrator Guide

–

Block traffic to all Web sites - Selecting this option blocks traffic to all Web sites

except Allowed Domains until the N2H2 server is available.

–

Allow traffic to all Web sites - Selecting this option allows traffic to all Web sites

without Websense Enterprise server filtering. However, Forbidden Domains and

Keywords, if enabled, are still blocked.

• Cache Size (KB) - Configure the size of the URL Cache in KB.

Tip Tip! A larger URL Cache size can result in noticeable improvements in Internet browsing

response times.

Configuring SonicWALL Blocking Features

Once you configure your settings in the Websense Properties window, you can configure

SonicWALL blocking features including Restrict Web Features, Trusted Domains, and

Message to Display when Blocking from the Security Services>Content Filtering page.

Restrict Web Features enhances your network security by blocking potentially harmful Web

applications from entering your network. Select any of the following applications to block:

• ActiveX - ActiveX is a programming language that embeds scripts in Web pages. Malicious

programmers can use ActiveX to delete files or compromise security. Select the ActiveX

check box to block ActiveX controls.

• Java - Java is used to download and run small programs, called applets, on Web sites. It

is safer than ActiveX since it has built-in security mechanisms. Select the Java check box

to block Java applets from the network.

• Cookies - Cookies are used by Web servers to track Web usage and remember user

identity. Cookies can also compromise users' privacy by tracking Web activities. Select the

Cookies check box to disable Cookies.

• Web Proxy - When a proxy server is located on the WAN, LAN users can circumvent

content filtering by pointing their computer to the proxy server. Check this box to prevent

LAN users from accessing proxy servers on the WAN.

• Known Fraudulent Certificates - Digital certificates help verify that Web content and files

originated from an authorized party. Enabling this feature protects users on the LAN from

downloading malicious programs warranted by these fraudulent certificates. If digital

certificates are proven fraudulent, then the SonicWALL blocks the Web content and the

files that use these fraudulent certificates. Known fraudulent certificates blocked by

SonicWALL include two certificates issued on January 29 and 30, 2001 by VeriSign to an

impostor masquerading as a Microsoft employee.