Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

CFS - Can't seem to block a simple domain

I followed the directions here (

https://www.sonicwall.com/support/knowledge-base/how-can-i-block-a-website-using-content-filter-using-forbidden-domain-option/170503514810976/

I seem to be licensed.. Everything looks similar - couple differences.

I don't have a 'Enable HTTPS Content Filtering' check box.

when I get back to the 'Navigate to Security Services | Content Filter to confirm that the CFS policy has been implemented and that it applies to the correct zones.'

I don't get the cfs policy line... (and the site isn't blocked)

I am sure I am doing something stupid

thanks!

sam

Category: Firewall Security Services
Reply

Best Answer

  • CORRECT ANSWER
    MitatOngeMitatOnge Cybersecurity Overlord ✭✭✭
    Answer ✓

    Hi @skunkworks

    HTTPS is under the Firewall / Content Filter Objects / CFS Profile Objects / CFS Default Profile / Advanced Settings tab.

    be sure priority of cfs policy.



Answers

  • AjishlalAjishlal All-Knowing Sage ✭✭✭✭

    @skunkworks

    Enable HTTPS Content Filtering & try..

    Make sure you enabled the CFS policy for LAN -->WAN


  • skunkworksskunkworks Newbie ✭

    I cannot enable https because the checkbox isn't there...

    my cfs policy looks the same as yours.


  • skunkworksskunkworks Newbie ✭

    That did it! Thank you!

    The directions I find on the sonicwall site are more of a guideline ;)

  • skunkworksskunkworks Newbie ✭

    One last question.. Maybe.

    I want internet traffic when connected through the vpn to go through the gateway. I followed the above directions - but how do I test to make sure this is actually working? I thought adding the content filter for a web site would let me know because that site would not work on the client. so far - the network side blocks the site - but the client side doesn't. But - I assume I need the 'Content Filtering Client' service - which I don't have licensed..

    Am I making sense?

    thanks

    sam

  • skunkworksskunkworks Newbie ✭

    Ok - I think I made a working test case.. I setup one of my websites to only be available from the sonicwall external IP addresses.. I can get to it from our internal network. I then tried to connect to the website with cell data. Could not connect. Then connected to the VPN with the app through cell data and was able to connect to the website.

    So - I think the setup is working as I would like it to.

    sam

  • MitatOngeMitatOnge Cybersecurity Overlord ✭✭✭

    create a ping sessions 8.8.8.8 -t and control on the Soniwcall connection monitor. filter vpn client ip. and if you saw the 8.8.8.8 session transmit pkt and recieve pkt.

Sign In or Register to comment.