CFS - Can't seem to block a simple domain
skunkworks
Newbie ✭
I followed the directions here (
I seem to be licensed.. Everything looks similar - couple differences.
I don't have a 'Enable HTTPS Content Filtering' check box.
when I get back to the 'Navigate to Security Services | Content Filter to confirm that the CFS policy has been implemented and that it applies to the correct zones.'
I don't get the cfs policy line... (and the site isn't blocked)
I am sure I am doing something stupid
thanks!
sam
Category: Firewall Security Services
0
Best Answer
-
MitatOnge All-Knowing Sage ✭✭✭✭
Hi @skunkworks
HTTPS is under the Firewall / Content Filter Objects / CFS Profile Objects / CFS Default Profile / Advanced Settings tab.
be sure priority of cfs policy.
0
Answers
@skunkworks
Enable HTTPS Content Filtering & try..
Make sure you enabled the CFS policy for LAN -->WAN
I cannot enable https because the checkbox isn't there...
my cfs policy looks the same as yours.
That did it! Thank you!
The directions I find on the sonicwall site are more of a guideline ;)
One last question.. Maybe.
I want internet traffic when connected through the vpn to go through the gateway. I followed the above directions - but how do I test to make sure this is actually working? I thought adding the content filter for a web site would let me know because that site would not work on the client. so far - the network side blocks the site - but the client side doesn't. But - I assume I need the 'Content Filtering Client' service - which I don't have licensed..
Am I making sense?
thanks
sam
Ok - I think I made a working test case.. I setup one of my websites to only be available from the sonicwall external IP addresses.. I can get to it from our internal network. I then tried to connect to the website with cell data. Could not connect. Then connected to the VPN with the app through cell data and was able to connect to the website.
So - I think the setup is working as I would like it to.
sam
create a ping sessions 8.8.8.8 -t and control on the Soniwcall connection monitor. filter vpn client ip. and if you saw the 8.8.8.8 session transmit pkt and recieve pkt.