Another site suddenly blocked
djhurt1 Newbie ✭
edited February 2021 in High End Firewalls
We have a site that users have been using for quite some time and suddenly this morning our firewall is blocking it. What's strange is our Sonicwall is showing it as category 25 which we block but checking the site in mysonicwall.com it is rated as 26 which we allow. What's going on? Am I missing something?
Category: High End Firewalls
Hey! You will be signed out in 60 seconds due to inactivity. Click here to continue using the site.
CFS can and will miscategorize websites. What your firewall categorizes it as, and what its listed as Sonicwalls global response can be different. You're not crazy.
Does the CFS in the firewall pull this data from Sonicwall? I guess I "assumed" that's where it got it's ratings for the various sites.
The firewall does maintain a cache of the previously queried websites and their respective categories. But, the categorization is saved on the cloud and each firewall queries it if the category is not present in the cache.
Technical Support Advisor, Premier Services
did you gave Reset CFS Memory Cache and/or Reset CFS Persistent Cache a try on the Internal settings? (/diag.html).
Can you tell me how to do that? I haven't figured that out yet.
How often does the firewall query the cloud normally?
We're talking about Gen6/6.5? ... it's on the internal settings /diag.html instead of /main.html of your Firewall. Scroll down to the Security Services, there a bunch of buttons which might do the job.
I see the area your talking about now, thank you. It's an area I didn't even know existed obviously. I feel I should confirm the potential ramifications of clicking either of those buttons. Suggestions?
@djhurt1 - if, and when, you click those buttons, the local cache is deleted. They will be rebuilt over time. The key factor to know about clicking these buttons: you have to reboot the device afterward.
This process is just like clearing cache in a web browser. You indicate you want it emptied, and you would close and restart the browser to ensure a clean start afterward.
I have the site cleared in the content filter list for now. Will the sonicwall device update overtime to reflect the correct category for the site in question? I imagine there is but I can't find it but is there a way in the Sonicwall interface to check what category it believes the site belongs to currently? Or do I just need to remove the site from the list and test?
Here's how to check: https://www.sonicwall.com/support/knowledge-base/how-to-find-out-the-cfs-rating-of-a-website/170505682966697/
Enter your URL, enter the capthca, and view the results.
There's even a link to request the URL to be re-rated.
Now, having seen the result, you can either make an exception in both categories, or request that SonicWall step up and make it one or the other (but not both). I'm not sure folks expect more than one rating...
Thank you for your reply. However I was hoping there was a way to see what our sonicwall applliance views it as currently since previously it placed it in a different category than what the site you linked to had it in. Really I just wanted to know if there was a quick way to see if the appliance itself has updated to what the cloud has so I can remove the site in the "trusted domain list".
@djhurt1 - the Diagnostic tools inside the SonicWall and that CFS website pull from the same database.
You'd have to access that website from one of your client computers and see if you take a "hit" - then make your decision based on that.