Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Another site suddenly blocked

djhurt1djhurt1 Newbie ✭
edited February 24 in High End Firewalls

We have a site that users have been using for quite some time and suddenly this morning our firewall is blocking it. What's strange is our Sonicwall is showing it as category 25 which we block but checking the site in mysonicwall.com it is rated as 26 which we allow. What's going on? Am I missing something?

Category: High End Firewalls
Reply

Answers

  • TKWITSTKWITS Cybersecurity Overlord ✭✭✭

    CFS can and will miscategorize websites. What your firewall categorizes it as, and what its listed as Sonicwalls global response can be different. You're not crazy.

  • djhurt1djhurt1 Newbie ✭

    Does the CFS in the firewall pull this data from Sonicwall? I guess I "assumed" that's where it got it's ratings for the various sites.

  • @djhurt1,

    The firewall does maintain a cache of the previously queried websites and their respective categories. But, the categorization is saved on the cloud and each firewall queries it if the category is not present in the cache.

    Thanks!

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • BWCBWC Cybersecurity Overlord ✭✭✭

    Hi @djhurt1

    did you gave Reset CFS Memory Cache and/or Reset CFS Persistent Cache a try on the Internal settings? (/diag.html).

    --Michael@BWC

  • djhurt1djhurt1 Newbie ✭

    @BWC


    Can you tell me how to do that? I haven't figured that out yet.


    @shiprasahu93


    How often does the firewall query the cloud normally?

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @djhurt1

    We're talking about Gen6/6.5? ... it's on the internal settings /diag.html instead of /main.html of your Firewall. Scroll down to the Security Services, there a bunch of buttons which might do the job.

    --Michael@BWC

  • djhurt1djhurt1 Newbie ✭
    edited March 2

    @BWC


    I see the area your talking about now, thank you. It's an area I didn't even know existed obviously. I feel I should confirm the potential ramifications of clicking either of those buttons. Suggestions?

  • LarryLarry Cybersecurity Overlord ✭✭✭

    @djhurt1 - if, and when, you click those buttons, the local cache is deleted. They will be rebuilt over time. The key factor to know about clicking these buttons: you have to reboot the device afterward.

    This process is just like clearing cache in a web browser. You indicate you want it emptied, and you would close and restart the browser to ensure a clean start afterward.

  • djhurt1djhurt1 Newbie ✭

    @Larry


    I have the site cleared in the content filter list for now. Will the sonicwall device update overtime to reflect the correct category for the site in question? I imagine there is but I can't find it but is there a way in the Sonicwall interface to check what category it believes the site belongs to currently? Or do I just need to remove the site from the list and test?

  • LarryLarry Cybersecurity Overlord ✭✭✭

    @djhurt1

    Here's how to check: https://www.sonicwall.com/support/knowledge-base/how-to-find-out-the-cfs-rating-of-a-website/170505682966697/

    Enter your URL, enter the capthca, and view the results.

    There's even a link to request the URL to be re-rated.

    Now, having seen the result, you can either make an exception in both categories, or request that SonicWall step up and make it one or the other (but not both). I'm not sure folks expect more than one rating...

  • djhurt1djhurt1 Newbie ✭

    @Larry


    Thank you for your reply. However I was hoping there was a way to see what our sonicwall applliance views it as currently since previously it placed it in a different category than what the site you linked to had it in. Really I just wanted to know if there was a quick way to see if the appliance itself has updated to what the cloud has so I can remove the site in the "trusted domain list".

  • LarryLarry Cybersecurity Overlord ✭✭✭

    @djhurt1 - the Diagnostic tools inside the SonicWall and that CFS website pull from the same database.

    You'd have to access that website from one of your client computers and see if you take a "hit" - then make your decision based on that.

Sign In or Register to comment.