Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register
Options

CFS - Can't seem to block a simple domain

skunkworksskunkworks Newbie ✭
in Firewall Security Services

I followed the directions here (

https://www.sonicwall.com/support/knowledge-base/how-can-i-block-a-website-using-content-filter-using-forbidden-domain-option/170503514810976/

I seem to be licensed.. Everything looks similar - couple differences.

I don't have a 'Enable HTTPS Content Filtering' check box.

when I get back to the 'Navigate to Security Services | Content Filter to confirm that the CFS policy has been implemented and that it applies to the correct zones.'

I don't get the cfs policy line... (and the site isn't blocked)

I am sure I am doing something stupid

thanks!

sam

Category: Firewall Security Services
Reply

Best Answer

  • Options
    CORRECT ANSWER
    MitatOngeMitatOnge All-Knowing Sage ✭✭✭✭
    Answer ✓

    Hi @skunkworks

    HTTPS is under the Firewall / Content Filter Objects / CFS Profile Objects / CFS Default Profile / Advanced Settings tab.

    be sure priority of cfs policy.


    cfs https.png


Answers

  • Options
    AjishlalAjishlal Community Legend ✭✭✭✭✭

    @skunkworks

    Enable HTTPS Content Filtering & try..

    Make sure you enabled the CFS policy for LAN -->WAN

    image.png


  • Options
    skunkworksskunkworks Newbie ✭

    I cannot enable https because the checkbox isn't there...

    image.png

    my cfs policy looks the same as yours.

    image.png


  • Options
    skunkworksskunkworks Newbie ✭

    That did it! Thank you!

    The directions I find on the sonicwall site are more of a guideline ;)

  • Options
    skunkworksskunkworks Newbie ✭

    One last question.. Maybe.

    https://www.sonicwall.com/support/knowledge-base/route-the-internet-traffic-of-ssl-vpn-client-through-gateway-and-apply-the-cfs-policies/170505430848856/

    I want internet traffic when connected through the vpn to go through the gateway. I followed the above directions - but how do I test to make sure this is actually working? I thought adding the content filter for a web site would let me know because that site would not work on the client. so far - the network side blocks the site - but the client side doesn't. But - I assume I need the 'Content Filtering Client' service - which I don't have licensed..

    Am I making sense?

    thanks

    sam

  • Options
    skunkworksskunkworks Newbie ✭

    Ok - I think I made a working test case.. I setup one of my websites to only be available from the sonicwall external IP addresses.. I can get to it from our internal network. I then tried to connect to the website with cell data. Could not connect. Then connected to the VPN with the app through cell data and was able to connect to the website.

    So - I think the setup is working as I would like it to.

    sam

  • Options
    MitatOngeMitatOnge All-Knowing Sage ✭✭✭✭
    https://community.sonicwall.com/technology-and-support/discussion/comment/14245#Comment_14245

    create a ping sessions 8.8.8.8 -t and control on the Soniwcall connection monitor. filter vpn client ip. and if you saw the 8.8.8.8 session transmit pkt and recieve pkt.

Sign In or Register to comment.