How to configure SonicWall Content Filtering Service (CFS)
ฝัง
- เผยแพร่เมื่อ 21 ส.ค. 2024
- This video is how to setup URL filtering using SonicWall Content Filtering Service (CFS). Going from very simple "one size fit all" setup with little exceptions (address object and URI list object) to CFS policies with active directory groups, schedules (lunch time / outside business hours) and bandwidth management.
Bandwidth management KB:
www.sonicwall....
www.sonicwall....
see in which category a website is:
www.sonicwall....
DPI-SSL technical video:
• How to configure Sonic...
Active directory integration:
• How to configure Sonic...
AD Single sign on (SSO)
www.sonicwall....
www.sonicwall....
Network segregation
• Network segregation wi...
![ออกพรรษาน้ำตาหล่น - แอน อรดี [OFFICIAL MV]](http://i.ytimg.com/vi/PFZtOcY9ONA/mqdefault.jpg)
Keep up the great work with SonicWall explanation and detail.
Just saved me a support call Jean-Pierre. Great channel !
Thanks for these videos, used a bunch of them configuring new Sonicwalls. Really helpful and much clearer then the documentation that is out there.
Thanks!
Yeah documentation won’t tell you what to do, but more what each buttons does.
I find my video a good « how to get stared » then the admin guide to know in dept what different buttons do.
Even with this video being 2 years old, it is still newer than the documentation that Sonicwall leaves up......
I wondered why my car kept catching on fire!!!
More seriously, thanks for these videos....
You drive a Ferrari? :-)
@@JeanPierTalbot --- Don't I wish .... they just see the pile of parts, cables, and laptop bags in the back seat and light 'er up .... :D
Perfectly explained!! Great Video! Thank you so much!!
Everyone is sounding happy about this video and how it has helped them when im just trying to figure out why my UI looks nothing like that lol
Lol. Yeah, you probably run an old generation of sonicwall. Reach out to your local sonicwall reseller. Sonicwall has promos to upgrade to new model (this UI) and remaining licences you have on your firewall can be transferred.
Please keep making these videos, I use them all the time and share them around. Such great content and configuration help.
Thanks!
Nice detailing and explanation 👍
Awesome video. You are very good sir
Finally not a tutorial video with firmware 5.0 or less... so annoyed by the SonicWall KB site.
Thanks a lot John with the Mercedes!
This was such a big help. Keep up the good work!
You have done a tremendously good job with this video. Thumps up!
Thanks! Didn’t expect it to be an hour long… glad you liked it!
great Job and very helpfull.
Great video.
Great video!!!
Thank you so much.. you are inspiring me to master something…
Awesome!
So you will be able to do an amazing security job and go see management and say: so how the network going? Any ransomeware? Good! So can we talk salary?
Excellent video... So helpful!
Glad you liked it!
These are great videos
So insightful
Can you do a video on configuring sonicwall syslog settings. Awesome video!!
Could you do a video describing separation of guest WiFi from Staff Wifi using a non-Sonic Wall wifi access point ?
Love it. Your car may burst into flames. LOL
Configuring a new TZ370 with the 7.0 and having trouble with the content filtering aspect of it. The older version I was able to create a static IP for each member then put them in groups such as Management and Regular users, mush easier, But this version I don’t understand How to place them into groups by their IP and allow content filtering to be more lapsed for the management vers the regular users?
Any help would be great
These are great! Can you do more with OS 7.11??
please make videos for Load balancing , Nating(different types) & reporting
Great video! Do you have any info on reports of web traffic per user? Like seeing what IP my users are visiting during work hours?
Thanks for the detailed video. It helped a lot!
The IP-based exclusion works fine.
There's one thing I would like to know, how do we go about adding exclusion based on local(firewall-level) users? I added all the policies and objects, however, how would the browser know which user is allowed to access the web pages allowed by the CFS policy.
Any help would be greatly appreciated.
Thanks for the feedback on the videos!
Have a look at both Active Directory video and single sign in video. That will show you how to do CFS rules based on users.
make video on application control 😊
Ok :-)
@@JeanPierTalbot Hey Sir please make video as soon as possible because i want to implement in my company 🙏
Great Videos! If you add a custom URI to allow, will all subdomains be allowed as well by default?
In the setup I am looking at. LAN -> WAN has a default deny last and there are only a few things allowed, one of which is VNC. In packet monitor, I see a DNS response to various subdomains of ...services[.]vnc[.]com. If I add services[.]vnc[.]com as an allowed URI will the various subdomains be added as well? Also, I assume enabling HTTPS filtering will then allow the follow-on communications after the DNS information is received, correct? Will I also need to allow the whole netblock for VNC as an Access Rule, too?
Hi Gus,
Pretty sure you are the one that emailed me about that.
I would first try application control for that.
I’m not a fan of URI list. If they decide to change their domains or subdomains, you will have to update manually. Where application control is a signature maintained by sonicwall.
I would also check if they provide an official list of ip and or domain name. That would be even better. Just open access rules to those.
Hi @Jean-Pier Talbot. Are you able to clear my confusion about app rules and app Control feature. I am unable to figure out which one to use when?
Hello Guys,
I've been trying for almost 2 weeks now, blocking youtube and facebook, to no success...
Can anyone help me?
I am running a licensed NSA 2700.
Https filtering is enabled
Disabled exclusion of administrator
Basically setup everything there is with CFS
SonicWall can't seem to block https websites
hi,
try blocking cars website and see if that get blocked.
if not, then call support, you must have set (or forget to set) something.
if car websites are blocked, but not youtube, then it's google QUIC that bypasses CFS. you need to block port 443 UDP (not TCP!)
www.sonicwall.com/support/knowledge-base/how-to-block-google-quic-protocol-on-sonicosx-7-0/200727110451837/
that will force the brower to failback to standard HTTPS on TCP
@@JeanPierTalbot hello,
I actually found the resolution for the problem by watching your DPI-SSL video, seems that I turned on the DPI for content filtering without installing the certificate.
Thank you for helping, I'll add this link to my list of troubleshoots manual.
Is there any way to contact you directly..??
Yes. You will find my email on my monitor in each videos.
I’m covering eastern Canada for sonicwall as pre-sales technical ressource. If you are in another territory and don’t know who’s the pre-sales ressource in your area, email me, I’ll put you in touch.
If you need tech support. Calling tech support will be much faster and efficient than pigging us pre-sales people :-)
sir i got problem with my firewall sonicwall, as i checked Security -> management -> Content filtering ->Test selected SHOWS AN ERROR "API NOT FOUND". because we had an active license "Essential Package". What should I do ? Thxx
Not sure I’m following. Are your licences expired? If so, that’s most likely the issue.
what is applied first, access rules or content filtering?
To be honest, I don’t know. I bet access rules first. But at the end, if one service denies a specific traffic, order is not really relèvent, it’s going to be blocked.
Picture it as a tunnel with many doors. Each security services been one door. You need all door unlocked to go through. If one single door, no matter which one is locked, you are not going through
That’s how I see it. But I recall seeing the flow chart for services somewhere.
Some users bypasse CFS by using DNS over HTTPS: what's the best/fastest way to prevent that?
Tx!
Good one. Pretty sure DPI-SSL would do!
Why sometime site blocked by network administrator is not shown, only display no connection
Sorry I don’t understand your question
Bonjour Coment fqire pour bloquer tout les sites web pour un groupe mais le donner le droit a certain site web
Bonjour Michel!
D’ordre général je te recommanderais de le faire avec Active Directory et le single sing on. Après ça te permet de faire des regle de CFS avec des groupe AD
I think you need a wider monitor
Maybe… lol
Based on the number of references to gambling, I think he may have a problem. LMAO. But seriously, too much repeated info and personal experience. A third of this content was redundant or unnecessary. The rest was good.
Thanks for great videos! Having a problem with the feature to allow a blocked site via a passphrase. When my browser tries to get to the authenticator at "sonicwall.com/ipassphrase.html" it returns a 404 error. Even Sonicwall support is stumped. They get a validation on their test system. I get a 404 error. I have the DPI-SSL configured and working, and tested. Just the validation is failing. Any ideas on where I should look to debug this?