Assigning Schedules to User-based Content Filter (CFS) policies

https://www.sonicwall.com/support/knowledge-base/?sol_id=170503810730718

05/15/2019 72 7349

DESCRIPTION:

Assigning Schedules to User-based Content Filter (CFS) policies

RESOLUTION:

Feature/Application:

Assigning Schedules to user based Content Filter Policies for limiting internet access to certain times of the day.

  • This article gives step by step configuration that allows administrators to enforce time-based internet access along with content filtering to local users.
  • In order for the SonicWall to differentiate between users, login must be forced at the SonicWall so that when users initially try to access the internet, they are redirected to a login screen.
  • The SonicWall has the ability to determine usernames silently (with no secondary log needed) by using the Single Sign On Agent (SSO). Information on using the SSO agent can be found here: Configuring Single Sign-On on the SonicWALL Security Appliance with SonicOS Enhanced
  • The SonicWall also has the ability to integrate with Active Directory so Local Users and Groups need not to be created in the SonicWall but can be accessed/imported from active directory via LDAP. For more information on this type of configuration, please refer Integration of LDAP and multiple/Custom CFS policies for different user groups - ULA + CFS + LDAP
  • In order to assign custom content filter polices to locally configured users based on group membership, the SonicWall must have premium content filter subscription and be running SonicOS Enhanced firmware.

Please Note: CFS Premium version is required to create custom CFS policies.

Scenario:

For the purpose of this article we configure the following scenario:

Image

  • Users to be able to have restricted access to the internet between 8:00 AM and 5:00 PM from Monday to Friday.
  • The same users to be able to have unrestricted access to the internet during lunchtime between 1:00 PM and 2:00 PM from Monday to Friday.
  • No internet access outside these hours.

Procedure:

Creating Schedules

SonicWall has a number of pre-configured Schedules which are for various time periods and can be used for various purposes, if suitable. For this scenario we select the pre-configured Schedule, Work Hours, which will suit our purpose as it is between 8:00 AM and 5:00 PM from Monday to Friday. For the lunchtime schedule we create a new one.

  • Login to the SonicWall mangement interface.
  • Navigate to the System > Schedules page.
  • Click on the Add button.
  • Set Schedule Name as Lunchtime
  • Set Schedule type as Recurring
  • Select the boxes under Mon,Tue,Wed,Thurs,Fri under Recurring .
  • Set Start Time as 13:00 and Stop Time as 14:00
  • Click on Add to add this time under Schedule List.
  • Click on OK to save.

Set the Default CFS Policy as the most restrictive

  • Navigate to Security Services > Content Filter
  • Click on Configure against Sonicwall CFS
  • In the Sonicwall Filter Properites windows, click on the Policy tab.
  • Click on Configure on the Default Policy.
  • Click on the URL List tab
  • Check the box under Select all Categories (Please note: This would block all access to the Internet therefore do not enable CFS yet on LAN or DMZ zones)
  • Click on OK to save the settings.

Image

Creating new CFS Policy - Restricted Access

  • Under the Policy tab click on the Add button.
  • Enter a name for the new policy. For eg. Restricted Access
  • Under the URL List tab select the categories to be blocked.
  • Click on the Settings tab
  • Under Filter Forbidden URLs by time of day select Work Hours . This is one of the pre-configured schedules.
  • Clik on OK to save the settings.

Image

Image

Creating new CFS Policy -Lunchtime Access

  • Under the Policy tab click on the Add button.
  • Enter a name for the new policy. For eg. Lunchtime Access
  • Under the URL List tab select the categories to be blocked.
  • Click on the Settings tab
  • Under Filter Forbidden URLs by time of day select Lunchtime . This is the newly added custom schedule.
  • Clik on OK to save the settings.

Image

Image

Now that custom policies have been created, Local Groups and Local Users must be created to assign the Custom Policies.

Creating Local Groups

  • Navigate to the Users > Local Groups page.
  • Click on the Add Group button.
  • Enter a name for the Group (For eg. Restricted Users) and click on the CFS Policy tab.

  • Under the Policy drop-down menu select the CFS policy created earlier - Restricted Access .
  • Click on OK to save.

Image

  • Navigate to the Users > Local Groups page.
  • Click on the Add Group

Resolution for SonicOS 6.5 and Later

SonicOS 6.5 was released September 2017. This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 and later firmware.

Feature/Application:

Assigning Schedules to user based Content Filter Policies for limiting internet access to certain times of the day.

  • This article gives step by step configuration that allows administrators to enforce time-based internet access along with content filtering to local users.
  • In order for the SonicWall to differentiate between users, login must be forced at the SonicWall so that when users initially try to access the internet, they are redirected to a login screen.
  • The SonicWall has the ability to determine usernames silently (with no secondary log needed) by using the Single Sign On Agent (SSO). Information on using the SSO agent can be found here: Configuring Single Sign-On on the SonicWALL Security Appliance with SonicOS Enhanced
  • The SonicWall also has the ability to integrate with Active Directory so Local Users and Groups need not to be created in the SonicWall but can be accessed/imported from active directory via LDAP. For more information on this type of configuration, please refer Integration of LDAP and multiple/Custom CFS policies for different user groups - ULA + CFS + LDAP
  • In order to assign custom content filter polices to locally configured users based on group membership, the SonicWall must have premium content filter subscription and be running SonicOS Enhanced firmware.

TIP: CFS Premium version is required to create custom CFS policies.

Scenario:

For the purpose of this article we configure the following scenario:

Image

  • Users to be able to have Restricted Access to the internet between 8:00 AM and 5:00 PM from Monday to Friday.
  • The same users to be able to have unrestricted access to the internet during lunchtime between 1:00 PM and 2:00 PM from Monday to Friday.
  • No internet access outside these hours.

Procedure

Creating Schedules

SonicWall has a number of pre-configured Schedules which are for various time periods and can be used for various purposes, if suitable. For this scenario we select the pre-configured Schedule, Work Hours, which will suit our purpose as it is between 8:00 AM and 5:00 PM from Monday to Friday. For the lunchtime schedule we create a new one.

  • Login to the SonicWall Mangement Interface.
  • Navigate to M anage | Appliance | System Schedules .
  • Click on the Add button.
  • Set Schedule Name as Lunchtime
  • Set Schedule Type as Recurring
  • Select the boxes under Mon, Tue, Wed, Thurs, Fri under Recurring .
  • Set Start Time as 13:00 and Stop Time as 14:00
  • Click on Add to add this time under Schedule List.
  • Click on OK to save.

Include the Schedule on a CFS Policy

  • Navigate to Manage | Security Services | Content Filter.

  • Click on Configure for the CFS Policy you’d like to edit.

  • In the pop-up window set the Schedule to the desired option. Click OK.

Categories

Firewalls>SonicWall NSA Series>Content Filtering Service

Firewalls>SonicWall SuperMassive 9000 Series>Content Filtering Service

Firewalls>SonicWall SuperMassive E10000 Series>Content Filtering Service

Firewalls>TZ Series>Content Filtering Service

Was This Article Helpful?

Yes

No

Not Finding Your Answer?


REQUEST NEW ARTICLE


Curated by Liquid Layer Networks

At Liquid Layer Web Hosting [LiquidLayer.net], we’ve made a shared web hosting platform that’s both feature-rich and easy to make use of. Our programmers have built up a custom Linux cloud web hosting platform plus an innovative Control Panel that perfectly takes advantage of its capabilities. After long hours of programming and bug fixing on our end, we are now capable to guarantee that all of our shared web hosting services are safe, virus-free, full of capabilities and very easy-to-work-with. In addition, they feature 99.9% server uptime as well as 99.9% network uptime warranties.

Powered by:

HostCheetah Networks
Global Web Hosting, Domain Registration, and Internet Services
https://hostcheetah.net | http://hostcheetah.uk


PC Helper | Est 1996 - Web Hosting | US, AU, UK, Finland, Bulgaria | :sunglasses:
https://pchelper.com