Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

SonicOS 7 CFS: URI List Restrictions

Hello,

New to Gen7 - we have the CFS setup to block all categories, and allow access to sites in the Allow URI list. How do I allow the entire 17.0.0.0 - 17.255.255.255 range? In Gen6 I was able to add both 17.* and 17.0.0.0/8 to the URI list (although the latter may not have had the effect I was going for), but on my Gen7 SonicWall I get errors when trying to add either of those. I'm not going to know all the URL wrappers for the IP addresses within the range - how can I whitelist the range as simply as possible?

Thanks in advance!

Category: Entry Level Firewalls
Reply

Best Answer

  • CORRECT ANSWER
    BWCBWC Cybersecurity Overlord ✭✭✭
    Answer ✓

    Hi @DrewK I did a quick test on 6.5.4.8 (hope that applies to 7.0 too) and when an URL gets blocked by CFS I can force access by having an Address Object in the CFS Exclusion - Excluded Address setting.

    I always thought it's valid for Source/Destination IP but wasn't sure anymore since you mentioned it.

    --Michael@BWC

Answers

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @DrewK wouldn't it be easier to exclude 17.0.0.0/8 from CFS at all? But this might mess with your statistics, if you need to know the CFS rating of the accessed URLs in that netblock.

    --Michael@BWC

  • DrewKDrewK Newbie ✭

    Hi Michael,

    Are you suggesting I can add an Address Object for that range, and include it in the Group under Security Services - Content Filter: Excluded Addresses? I was always under the impression that those were local Objects/Group on the private W/LANs, but reading the description again, that's not specified.

    If I can add WAN endpoints to that group as well, it should certainly work. Thank you for the suggestion!

Sign In or Register to comment.