Beruflich Dokumente
Kultur Dokumente
Page 1
11. Gambling ..................................................................................26
12. Alcohol/Tobacco.......................................................................26
13. Chat/Instant Messaging (IM) ....................................................26
14. Arts/Entertainment....................................................................27
15. Business and Economy............................................................27
16. Abortion/Advocacy Groups.......................................................27
17. Education .................................................................................27
19. Cultural Institutions...................................................................27
20. Online Banking .........................................................................28
21 Online Brokerage and Trading ..................................................28
22. Games......................................................................................28
23. Government..............................................................................28
24. Military ......................................................................................28
25. Political/Advocacy Groups........................................................29
26. Health .......................................................................................29
27. Information Technology/Computers .........................................29
28. Hacking/Proxy Avoidance Systems..........................................29
29. Search Engines and Portals.....................................................30
30. E-Mail .......................................................................................30
31. Web Communications ..............................................................30
32. Job Search ...............................................................................30
33. News and Media.......................................................................30
34. Personals and Dating ...............................................................31
35. Usenet News Groups ...............................................................31
36. Reference.................................................................................31
37. Religion ....................................................................................31
38. Shopping ..................................................................................31
39. Internet Auctions ......................................................................32
40. Real Estate...............................................................................32
41. Society and LifeStyle................................................................32
42. Gay and Lesbian Issues...........................................................32
43. Restaurants and Dining............................................................32
44. Sports/Recreation.....................................................................33
45. Travel .......................................................................................33
46. Vehicles....................................................................................33
47. Humor/Jokes ............................................................................33
48. MP3/Streaming.........................................................................33
50. Freeware/Software Downloads ................................................34
51. Pay to Surf Sites.......................................................................34
53. Kid Friendly ..............................................................................34
54. Advertisement ..........................................................................34
Page 3
Page 4 SonicWALL Pocket Global VPN Client 3.0 User’s Guide
Copyright Notice
©
2008 SonicWALL, Inc. All rights reserved.
Under the copyright laws, this manual or the software described within, can not be copied, in whole or
part, without the written consent of the manufacturer, except in the normal use of the software to make a
backup copy. The same proprietary and copyright notices must be affixed to any permitted copies as were
affixed to the original. This exception does not allow copies to be made for others, whether or not sold,
but all of the material purchased (with all backup copies) can be sold, given, or loaned to another person.
Under the law, copying includes translating into another language or format.
SonicWALL is a registered trademark of SonicWALL, Inc.
Other product and company names mentioned herein can be trademarks and/or registered trademarks of
their respective companies.
Specifications and descriptions subject to change without notice.
Limited Warranty
SonicWALL, Inc. warrants that commencing from the delivery date to Customer (but in any case
commencing not more than ninety (90) days after the original shipment by SonicWALL), and continuing
for a period of twelve (12) months, that the product will be free from defects in materials and workmanship
under normal use. This Limited Warranty is not transferable and applies only to the original end user of
the product. SonicWALL and its suppliers' entire liability and Customer's sole and exclusive remedy under
this limited warranty will be shipment of a replacement product. At SonicWALL's discretion the
replacement product may be of equal or greater functionality and may be of either new or like-new quality.
SonicWALL's obligations under this warranty are contingent upon the return of the defective product
according to the terms of SonicWALL's then-current Support Services policies.
This warranty does not apply if the product has been subjected to abnormal electrical stress, damaged by
accident, abuse, misuse or misapplication, or has been modified without the written permission of
SonicWALL.
Page 1
DISCLAIMER OF WARRANTY. EXCEPT AS SPECIFIED IN THIS WARRANTY, ALL EXPRESS OR
IMPLIED CONDITIONS, REPRESENTATIONS, AND WARRANTIES INCLUDING, WITHOUT
LIMITATION, ANY IMPLIED WARRANTY OR CONDITION OF MERCHANTABILITY, FITNESS FOR A
PARTICULAR PURPOSE, NONINFRINGEMENT, SATISFACTORY QUALITY OR ARISING FROM A
COURSE OF DEALING, LAW, USAGE, OR TRADE PRACTICE, ARE HEREBY EXCLUDED TO THE
MAXIMUM EXTENT ALLOWED BY APPLICABLE LAW. TO THE EXTENT AN IMPLIED WARRANTY
CANNOT BE EXCLUDED, SUCH WARRANTY IS LIMITED IN DURATION TO THE WARRANTY
PERIOD. BECAUSE SOME STATES OR JURISDICTIONS DO NOT ALLOW LIMITATIONS ON HOW
LONG AN IMPLIED WARRANTY LASTS, THE ABOVE LIMITATION MAY NOT APPLY TO YOU. THIS
WARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS, AND YOU MAY ALSO HAVE OTHER RIGHTS
WHICH VARY FROM JURISDICTION TO JURISDICTION. This disclaimer and exclusion shall apply
even if the express warranty set forth above fails of its essential purpose.
DISCLAIMER OF LIABILITY. SONICWALL'S SOLE LIABILITY IS THE SHIPMENT OF A
REPLACEMENT PRODUCT AS DESCRIBED IN THE ABOVE LIMITED WARRANTY. IN NO EVENT
SHALL SONICWALL OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER,
INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS
INTERRUPTION, LOSS OF INFORMATION, OR OTHER PECUNIARY LOSS ARISING OUT OF THE
USE OR INABILITY TO USE THE PRODUCT, OR FOR SPECIAL, INDIRECT, CONSEQUENTIAL,
INCIDENTAL, OR PUNITIVE DAMAGES HOWEVER CAUSED AND REGARDLESS OF THE THEORY
OF LIABILITY ARISING OUT OF THE USE OF OR INABILITY TO USE HARDWARE OR SOFTWARE
EVEN IF SONICWALL OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH
DAMAGES. In no event shall SonicWALL or its suppliers' liability to Customer, whether in contract, tort
(including negligence), or otherwise, exceed the price paid by Customer. The foregoing limitations shall
apply even if the above-stated warranty fails of its essential purpose. BECAUSE SOME STATES OR
JURISDICTIONS DO NOT ALLOW LIMITATION OR EXCLUSION OF CONSEQUENTIAL OR
INCIDENTAL DAMAGES, THE ABOVE LIMITATION MAY NOT APPLY TO YOU.
Page 2 SonicWALL Content Filtering Service Premium Administrator’s Guide (SonicOS Enhanced)
SonicWALL Content Filtering Service - Premium
SonicWALL Content Filtering Services Premium (CFS Premium) enforces protection and productivity
policies for businesses, schools, and libraries to reduce legal and privacy risks while minimizing
administration overhead. CFS Premium provides network administrators with greater control by
automatically and transparently enforcing acceptable use policies.
SonicWALL CFS Premium gives administrators the flexibility to enforce content filtering on zones as well
as custom content filtering policies for groups of users on the network. For example, a school can create
one policy for teachers and another for students.
SonicWALL CFS Premium utilizes a dynamic database of millions of URLs, IP addresses, and domains
to block 56 categories of objectionable, inappropriate or unproductive Web content. At the core of CFS
Premium is an innovative rating architecture that cross references all Web sites against the database at
worldwide SonicWALL co-location facilities. A rating is returned to the SonicWALL security appliance and
then compared to the content filtering policy established by the administrator. Almost instantaneously, the
Web site request is either allowed through or a Web page is generated by the SonicWALL security
appliance informing the user that the site has been blocked according to policy.
With SonicWALL CFS Premium, network administrators have a flexible tool to provide comprehensive
filtering based on keywords, time of day, trusted and forbidden domain designations, and file types such
as Cookies, Java™ and ActiveX®. CFS Premium automatically updates the filters, making maintenance
substantially simpler and less time consuming.
SonicWALL CFS Premium can also be customized to add or remove specific URLs from the blocked list
and to block specific keywords. When a user attempts to access a site that is blocked by the SonicWALL
security appliance, a customized message is displayed on the user’s screen. SonicWALL security
appliances can also be configured to log attempts to access sites on the SonicWALL Content Filtering
Service database, on a custom URL list, and on a keyword list to monitor Internet usage before putting
new usage restrictions in place.
Note: For SonicWALL CFS Premium running on SonicWALL Firmware 6.6 or higher, see the SonicWALL
Content Filtering Service Premium (Firmware 6.6) Administrator’s Guide, available at
http://www.sonicwall.com/services/documentation.html.
The audience for this guide is administrators who are concerned with enforcement of Acceptable Use
Policies to improve protection and productivity policies to reduce legal and privacy risks while minimizing
administration overhead. You should be familiar with the features, functions, and operating characteristics
of SonicWALL security appliances.
Page 3
Guide Conventions
Conventions used in this guide are as follows:
Convention Use
Menu Item > Menu Item Indicates a multiple step management interface menu
choice. For example, “Security Services > Content Filter
means select Security Services, then select Content Filter.
Alert! Important information that cautions about features affecting firewall performance, security features, or
causing potential problems with your SonicWALL security appliance.
Tip! Useful information about security features and configurations on your SonicWALL security appliance.
Note: Important information on a feature that requires callout for special attention.
Page 4 SonicWALL Content Filtering Service Premium Administrator’s Guide (SonicOS Enhanced)
SonicWALL Technical Support
For timely resolution of technical support questions, visit SonicWALL on the Internet at:
http://www.sonicwall.com/us/Support.html
Web-based resources are available to help you resolve most technical issues or contact SonicWALL
Technical Support.
To contact SonicWALL telephone support, see the telephone numbers listed below:
Note: Please visit http://www.sonicwall.com/us/support/contact.html for the latest technical support telephone
numbers.
Page 5
Activating SonicWALL CFS Premium
If you do not have SonicWALL CFS Premium activated on your SonicWALL security appliance, you will
not be able to create CFS Policies for customized content filtering. For full CFS functionality, you must
purchase a subscription to SonicWALL CFS Premium from a SonicWALL reseller or from your
MySonicWALL account (limited to customers in the USA and Canada).
Page 6 SonicWALL Content Filtering Service Premium Administrator’s Guide (SonicOS Enhanced)
3. Click Activate or Renew in the Manage Service column in the Manage Services Online table. Type
in the Activation Key in the New License Key field and click Submit. Your SonicWALL CFS Premium
subscription is activated on your SonicWALL.
Page 7
Security Services > Content Filter
Selecting Security Services > Content Filter displays the Content Filter page for managing SonicWALL
Content Filtering Service on the SonicWALL security appliance. All settings on this page are available with
or without a current CFS Premium subscription.
Page 8 SonicWALL Content Filtering Service Premium Administrator’s Guide (SonicOS Enhanced)
Content Filter Type
There are three types of content filtering available on the SonicWALL security appliance.
• SonicWALL CFS - Selecting SonicWALL CFS as the Content Filter Type allows you to configure
SonicWALL Content Filtering Service Premium features. You can access SonicWALL CFS
functionality that is included with SonicOS Enhanced, and also configure custom CFS Policies
that are available only with a valid subscription.
• N2H2 - N2H2 is a third party content filter software package supported by SonicWALL security
appliances.
• Websense Enterprise - Websense Enterprise is also a third party content filter list supported by
SonicWALL security appliances.
Trusted Domains
Trusted Domains can be added to enable content from specific domains to be exempt from Restrict
Web Features. If you trust content on specific domains and want them exempt from Restrict Web
Features, follow these steps to add them:
1. Under Content Filter > Trusted Domains select Do not block Java/ActiveX/Cookies to Trusted
Domains.
2. Click Add. The Add Trusted Domain Entry window is displayed.
3. Enter the trusted domain name in the Domain Name field.
4. Click OK. The trusted domain entry is added to the Trusted Domains table.
• To keep the trusted domain entries but enable Restrict Web Features, uncheck Do not block Java/
ActiveX/Cookies to Trusted Domains.
• To delete an individual trusted domain, click on the Delete icon for the entry in the Configure column.
• To delete all trusted domains, click Delete All.
• To edit a trusted domain entry, click the Edit icon in the Configure column.
Page 9
CFS Exclusion List
IP address ranges can be manually added to or deleted from the CFS Exclusion List in this section.
Content filtering is disabled for IP addresses in the CFS Exclusion List. These address ranges are treated
as trusted domains.
Page 10 SonicWALL Content Filtering Service Premium Administrator’s Guide (SonicOS Enhanced)
Configuring SonicWALL CFS Premium
You can customize SonicWALL content filtering features included with SonicOS from the SonicWALL
Filter Properties window. A valid subscription to SonicWALL CFS Premium on a SonicWALL security
appliance running SonicOS Enhanced allows you to create custom policies to apply to specified user
groups. The Default CFS Premium policy is used as the content filtering basis for all users not assigned
to a specific custom policy.
Alert! It’s recommended you make the Default CFS Premium policy the most restrictive policy. Custom CFS
policies are subject to content filter inheritance. This means that all custom CFS policies inherit the
filters from the Default CFS policy. To ensure proper content filtering, the Default CFS policy should
be configured to be the most restrictive policy, then each custom policy should be configured to grant
privileges that are otherwise restricted by the Default policy.
Page 11
Configuring Settings on the CFS Tab
The CFS tab allows you to enable IP based HTTPS Content Filtering, block or allow traffic to sites when
the server is unavailable, and set preferences for your URL cache.
Settings
The Settings section allows you to enable HTTPS content filtering, select what you want the firewall
to do if the server is unavailable, and what it should do when access is attempted to a forbidden Web
site.
• Enable IP based HTTPS Content Filtering - Select this checkbox to enable HTTPS content
filtering. HTTPS content filtering is IP-based, and will not inspect the URL. While HTTP content
filtering can perform redirects to enforce authentication or provide a block page, HTTPS filtered pages
will be silently blocked. You must provide the IP address for any HTTPS Web sites to be filtered.
• If Server is unavailable for (seconds) - Sets the amount of time after the content filter server is
unavailable before the SonicWALL security appliance takes action to either block access to all Web
sites or allow traffic to continue to all Web sites.
Note: If the server is unavailable, the firewall can allow access to Web sites in the cache memory. This means
that by checking the "block access to all sites" checkbox, the firewall will only block Web sites that are
not in the cache memory.
Block traffic to all Web sites - Select this feature if you want the SonicWALL security appliance
to block access to all Web sites until the content filter server is available.
Allow traffic to all Web sites - Select this feature if you want to allow access to all web sites when
the content filter server is unavailable. However, Forbidden Domains and Keywords, if enabled, are
still blocked.
• If URL marked as Forbidden - If you have enabled blocking by Categories and the URL is blocked
by the server, there are two options available.
Block Access to URL - Selecting this option prevents the browser from displaying the requested
URL to the user.
Log Access to URL - Selecting this option records the requested URL in the log file.
URL Cache
The URL Cache section allows you to configure the URL cache size on the SonicWALL security
appliance.
Tip! A larger URL cache size can provide noticeable improvements in Internet browsing response times.
Page 12 SonicWALL Content Filtering Service Premium Administrator’s Guide (SonicOS Enhanced)
URL Rating Review
If you believe that a Web site is rated incorrectly or you wish to submit a new URL to be rated, you
can click the here link to display the SonicWALL CFS URL Rating Review Request form for
submitting the request. This can also be used to view the rating of a URL.
Enter a URL and click Submit,and a description appears. Select Rating Request to request a URL to be
rated or re-rated.
Note: Custom CFS policies are applied to user groups in the User > Local Groups page. See “Applying
Custom CFS Policy Enforcement to Groups” on page 22 for more information.
The Default CFS policy is always inherited by every user. To ensure proper content filtering, the Default
CFS policy should be configured to be the most restrictive policy, and then each custom policy should be
configured to grant privileges that are otherwise restricted by the Default policy.
For example, the Default policy has all categories filtered (checked), except category 53. Kid Friendly.
The effect is that all network users can only access sites rated as Kid Friendly. If you create a Sales
Group policy and filter only category 4. Pornography, members of the Sales Group can access all sites
including Kid Friendly, but not Pornography.
Page 13
Alert! Make the Default policy the most restrictive before configuring custom CFS policies to ensure content
filtering is properly applied.
4. In the Select Forbidden Categories list, uncheck any category to which you want to allow access.
Move your mouse pointer over the Down or Up arrows to automatically scroll through the list of CFS
categories. Select the Select all categories check box if you want to block all categories, or uncheck
the box to deselect all categories.
5. Click the Settings tab.
Page 14 SonicWALL Content Filtering Service Premium Administrator’s Guide (SonicOS Enhanced)
6. Under Custom List Settings, select any of the following settings:
Disable Allowed Domains - select this setting to disable the allowed domains that are listed on the
Custom List tab in the SonicWALL Filter Properties window.
Enable Forbidden Domains - select this setting to enable forbidden domains that are listed on the
Custom List tab in the SonicWALL Filter Properties window.
Enable Keyword Blocking - select this setting to enable keyword blocking for the URLs that are
listed in the Keyword Blocking section on the Custom List tab in the SonicWALL Filter Properties
window.
7. To configure the schedule for when Content Filtering is enforced, select the following:
Always on - When selected, Content Filtering is enforced at all times.
From/To - When selected, Content Filtering is enforced during the time and days specified. Enter the
time period, in 24-hour format, and select the starting and ending day of the week that Content
Filtering is enforced. The choices also include work hours and weekend hours.
8. Click OK.
Tip! Time of Day restrictions only apply to the Content Filter List, Customized blocking and Keyword
blocking. Consent and Restrict Web Features are not affected.
Page 15
Configuring Settings on the Custom List Tab
On the Custom List tab, you can customize your URL list to include Allowed Domains and Forbidden
Domains that are applied globally to all policies. By customizing your URL list, you can include specific
domains to be allowed (accessed), forbidden (blocked), and include specific keywords to be used to block
sites.
Alert! Do not include the prefix “http:// or https://” in either the Allowed Domains or Forbidden Domains fields.
All subdomains are automatically affected. For example, entering “yahoo.com” applies to
“mail.yahoo.com” and “my.yahoo.com”.
Allowed Domains
To allow access to a Web site that is blocked by the Content Filtering Service, click Add under Allowed
Domains, and enter the host name general root domain, such as “ok-site.com”, into the Allowed
Domains field. 1024 entries can be added to the Allowed Domains list if you are using SonicOS
Enhanced, and 256 entries can be added if you are using SonicOS Standard.
This feature is enabled on a per-policy basis. To enable or disable any of the features on this page,
see “Enabling or Disabling Allowed/Forbidden Domains or Keyword Blocking” on page 17.
To remove a trusted domain, select it from the appropriate list, and click Delete. Once the domain has
been deleted, the Status bar displays Ready.
Forbidden Domains
To block a Web site that is not blocked by the Content Filtering Service, click Add under Forbidden
Domains, and enter the host name general root domain, such as “bad-site.com” into the Forbidden
Domains field. 1024 entries can be added to the Forbidden Domains list if you are using SonicOS
Enhanced, and 256 entries can be added if you are using SonicOS Standard.
This feature is enabled on a per-policy basis. To enable or disable any of the features on this page,
see “Enabling or Disabling Allowed/Forbidden Domains or Keyword Blocking” on page 17.
HTTPS Domains
HTTPS traffic, such as Web proxy servers, are blocked using an IP address. This is because the traffic is
encrypted so there is no way to extract domain names from the packet stream. To find the site’s IP
address(es), use the DOS command nslookup and add the proxy site of your choice: nslookup
kproxy.com. Then navigate back to the Custom List tab and enter the Web proxy site’s IP address(es)
in the Forbidden Domains field.
Page 16 SonicWALL Content Filtering Service Premium Administrator’s Guide (SonicOS Enhanced)
To remove a forbidden domain, select it from the appropriate list, and click Delete. Once the domain has
been deleted, the Status bar displays Ready.
Keyword Blocking
To enable blocking using Keywords, click Add under Keyword Blocking and enter the keyword to
block in the Add Keyword field. Keywords can be 16 characters maximum length. The maximum
number of keywords is 100.
Alert! Select keywords carefully. The longer and more specific the keyword, the more accurate the results will
be. For example, blocking the keyword “Sex” because of its correlation with porn sites may also block
trusted sites such as msexchange.somedomain.com.
To remove a keyword, select it from the list and click Delete. Once the keyword has been removed,
the Status bar displays Ready.
This feature is enabled on a per-policy basis. To enable or disable any of the features on this page,
see “Enabling or Disabling Allowed/Forbidden Domains or Keyword Blocking” on page 17.
Page 17
Enable Forbidden Domains - select this setting to enable filtering (blocking) of forbidden domains
that are listed on the Custom List tab.
Enable Keyword Blocking - select this setting to enable keyword blocking for the URLs that are
listed in the Keyword Blocking section on the Custom List tab.
2. Click OK.
Page 18 SonicWALL Content Filtering Service Premium Administrator’s Guide (SonicOS Enhanced)
Configuring Settings on the Consent Tab
The Consent tab allows you to enforce content filtering on designated computers and provide optional
filtering on other computers. Consent can be configured to require the user to agree to the terms outlined
in an Acceptable Use Policy window before Web browsing is allowed.
Page 19
(Filtering Off) field. This page must reside on a Web server and be accessible as a URL by users on
the network.
• Consent Accepted URL (Filtering On) - When a user accepts the terms outlined in the Consent
page and chooses to access the Internet with the protection of Content Filtering, they are shown a
Web page confirming their selection. Enter the URL of this page in the Consent Accepted (Filtering
On) field. This page must reside on a Web server and be accessible as a URL by users on the
network.
Mandatory IP Filtering
This feature can be used to display warnings and terms of use information. The Consent Page is enforced
based on IP Addressing. This allows the administrator to enforce the consent notice to anyone using all
computers or specified groups of computers. This feature does not require the administrator to configure
user logins. It can be easily implemented for Wireless Guest Services, for example, in libraries and hotels.
It will block access to the Internet until the user acknowledges the notice and provides consent. The
administrator can also configure several options including bypassing the content filter.
The following options are available under Consent Page URL:
• Consent page URL (Mandatory Filtering) - When a user opens a Web browser on a computer using
mandatory content filtering, a consent page is displayed. You must create the Web page that appears
when the Web browser is opened. It can contain text from an Acceptable Use Policy, and notification
that violations are logged or blocked.
This Web page must reside on a Web server and be accessible as a URL by users on the network.
This page must also contain a link to a page contained in the SonicWALL security appliance that tells
it that the user agrees to have filtering enabled. The link must be <192.168.168.168/
iAcceptFilter.html>, where the SonicWALL LAN IP Address is used instead of 192.168.168.168.
Type the URL of this page in the Consent page URL (Mandatory Filtering) field and click OK. Once
the SonicWALL security appliance has been updated, a message confirming the update is displayed
at the bottom of the Web browser window.
• Adding a New Address - The SonicWALL security appliance can be configured to enforce content
filtering for certain computers on the LAN. Click Add and enter the IP address of the computer in the
IP Address field and then click the OK button. Up to 128 IP addresses can be entered. To remove a
computer from the list of computers to be filtered, highlight the IP address in the Filtered IP Address
list and click Delete.
Page 20 SonicWALL Content Filtering Service Premium Administrator’s Guide (SonicOS Enhanced)
How to set up Mandatory IP Filtering
1. Create a Web page with the company’s terms of use, name it man.html and publish it on the Web
server so that the page is accessible as a URL on the network. Fig 1.1 shows a sample Mandatory IP
Filter page.
2. Try accessing the Mandatory filter page from the network by pointing your browser to http://(Web
server IP)/man.html.
3. The Click Here hyperlink must be http://(SonicWALL LAN IP)/iAcceptFilter.html.
Note: If you are filtering wireless users connected to the WLAN zone with SonicOS Enhanced, you will use
the SonicWALL WLAN IP address.
Note: Enforce the Content Filtering Service per zone from the Network > Zones page on SonicOS Enhanced, or per
interface from the Network > Settings page on SonicOS Standard.
Page 21
8. Click Add. The Add Filtered IP Address Entry window is displayed.
9. Enter the IP address of a computer on which you wish to enforce the CFS Policy, and then click OK
10.Repeat steps 8 and 9 to add other IP addresses on which to enforce mandatory IP filtering.
11. In the SonicWALL Filter Properties window, click OK.
Note: Up to 128 IP addresses can be entered. To remove a computer from the list of computers to be filtered,
highlight the IP address in the Filtered IP Address list and then click Delete.
12.Test the settings by accessing the Internet from a workstation that is listed under Filtered IP Address
in the Mandatory IP Filtering section. The SonicWALL appliance should redirect the user to the
mandatory page to agree to the terms of use before accessing the Internet.
Note: Only the default CFS Premium policy can be enabled or disabled for Zones.
To enable CFS Premium for a particular Zone, follow these steps:
1. Select the Network > Zones page.
2. Click the pencil icon in the Configure column for the Zone you want in the Zone Settings table. The
Edit Zone window is displayed.
3. To enable CFS Premium enforcement for the zone, select the Enforce Content Filtering Service
checkbox.
4. Click OK. A checkmark appears under Content Filtering for the Zone in the Zone Settings table.
5. To disable CFS Premium enforcement for a Zone, uncheck the Enforce Content Filtering Service
setting in the Edit Zone window.
Page 22 SonicWALL Content Filtering Service Premium Administrator’s Guide (SonicOS Enhanced)
2. Click the pencil icon in the Configure column for the group you want in the Local Groups table. The
Edit Group window is displayed.
3. Select the CFS Policy tab.
4. Select the Default policy or a custom CFS policy from the Policy drop-down list. The drop-down list
includes the Default policy and any custom policies that you created in the SonicWALL Filter
Properties window.
5. Click OK. The Caption icon appears in the CFS Policy column of the Local Groups table. Moving
your mouse pointer over the icon displays the CFS policy applied to the group.
Page 23
Content Filtering Service Premium Categories
The following provides a detailed description of the criteria used to define the Content Filtering Service
Premium categories.
1. Violence/Hate/Racism
Sites that depict extreme physical harm to people or property, or that advocate or provide instructions to
cause such harm. Also includes sites that advocate, depict hostility or aggression toward, or denigrate an
individual or group on the basis of race, religion, gender, nationality, ethnic origin, or other involuntary
characteristics.
Category Examples:
www.rotten.com
www.whitepower.com
www.bumfights.com
www.deathnet.com
2. Intimate Apparel/Swimsuit
Sites that contain images or offer the sale of swimsuits or intimate apparel or other types of suggestive
clothing. Does not include sites selling undergarments as a subsection of other products offered.
Category Examples:
www.victoriassecret.com
www.fredericks.com
3. Nudism
Sites containing nude or semi-nude depictions of the human body. These depictions are not necessarily
sexual in intent or effect, but may include sites containing nude paintings or photo galleries an of artistic
nature. This category also includes nudist or naturist sites that contain pictures of nude individuals.
Category Examples:
www.nudistnews.com
4. Pornography
Sites that contain sexually explicit material for the purpose of arousing a sexual or prurient interest.
Category Examples:
www.playboy.com
www.bodyscapes.com
www.steakandcheese.com
www.sexed.com
www.sexuality.org
Page 24 SonicWALL Content Filtering Service Premium Administrator’s Guide (SonicOS Enhanced)
5. Weapons
Sites that sell, review, or describe weapons such as guns, knives or martial arts devices, or provide
information on their use, accessories, or other modifications. Does not include sites that promote
collecting weapons, or groups that either support or oppose weapons use.
Category Examples:
www.browning.com
www.weapons.com
www.shooters.com
6. Adult/Mature Content
Sites that contain material of an adult nature that does not necessarily contain excessive violence, sexual
content, or nudity. These sites include profane or vulgar content and sites that are not appropriate for
children.
Category Examples:
www.punchbaby.com
7. Cult/Occult
Sites that promote or offer methods, means of instruction, or other resources to affect or influence real
events through the use of spells, curses, magic powers, satanic or supernatural beings.
Category Examples:
www.satannet.com
www.churchofsatan.com
8. Drugs/Illegal Drugs
Sites that promote, offer, sell, supply, encourage or otherwise advocate the illegal use, cultivation,
manufacture, or distribution of drugs, pharmaceuticals, intoxicating plants or chemicals and their related
paraphernalia.
Category Examples:
www.marijuana.org
www.hightimes.com
Page 25
10. Sex Education
Sites that provide graphic information on reproduction, sexual development, safe sex practices, sexuality,
birth control, and sexual development. Also includes sites that offer tips for better sex as well as products
used for sexual enhancement.
Category Examples:
www.scarleteen.com
www.viagra.com
11. Gambling
Sites where a user can place a bet or participate in a betting pool (including lotteries) online. Also includes
sites that provide information, assistance, recommendations, or training on placing bets or participating
in games of chance. Does not include sites that sell gambling related products or machines. Also does
not include sites for off-line casinos and hotels as long as those sites do not meet one of the previous
requirements.
Category Examples:
www.gambling.com
www.casino.com
www.sportsbook.com
12. Alcohol/Tobacco
Sites that promote or offer alcohol/tobacco products for sale, or provide the means to create them. Also
includes sites that glorify, tout, or otherwise encourage the consumption of alcohol/tobacco. Does not
include sites that sell alcohol or tobacco as a subset of other products.
Category Examples:
www.budweiser.com
www.cigar.com
www.coors.com
Page 26 SonicWALL Content Filtering Service Premium Administrator’s Guide (SonicOS Enhanced)
14. Arts/Entertainment
Sites that promote and provide information about motion pictures, videos, television, music and
programming guides, books, comics, movie theatres, galleries, artists or reviews on entertainment.
Category Examples:
www.imdb.com
www.eonline.com
www.moviephone.com
www.style.com
17. Education
Sites that offer educational information, distance learning and trade school information or programs. Also
includes sites that are sponsored by schools, educational facilities, faculty, or alumni groups.
Category Examples:
www.education-world.com
www.ed.gov
www.nyu.edu
22. Games
Sites that provide information and support game playing or downloading, video games, computer games,
electronic games, tips, and advice on games or how to obtain cheat codes. Also includes sites dedicated
to selling board games as well as journals and magazines dedicated to game playing. Includes sites that
support or host online sweepstakes and giveaways.
Category Examples:
www.nintendo.com
www.gamespot.com
www.gamesdomain.com
23. Government
Sites sponsored by or which provide information on government, government agencies and government
services such as taxation and emergency services. Also includes sites that discuss or explain laws of
various governmental entities.
Category Examples:
www.whitehouse.gov
www.federalreserve.gov
24. Military
Sites that promote or provide information on military branches or armed services.
Category Examples:
www.army.mil
www.navy.mil
www.af.mil
Page 28 SonicWALL Content Filtering Service Premium Administrator’s Guide (SonicOS Enhanced)
25. Political/Advocacy Groups
Sites sponsored by or which provide information on political parties, special interest groups, or any
organization that promotes change or reform in public policy, public opinion, social practice, or economic
activities.
Category Examples:
www.whitehouse.com
www.texasgop.org
www.aclu.org
www.rnc.org
www.dnc.org
26. Health
Sites that provide advice and information on general health such as fitness and well-being, personal
health or medical services, drugs, alternative and complimentary therapies, medical information about
ailments, dentistry, optometry, general psychiatry, self-help, and support organizations dedicated to a
disease or condition.
Category Examples:
www.cvs.com
www.webmd.com
Page 29
29. Search Engines and Portals
Sites that support searching the Internet, indices and directories.
Category Examples:
www.google.com
www.yahoo.com
30. E-Mail
Sites offering Web-based e-mail services, such as online e-mail reading, e-cards, and mailing list
services.
Category Examples:
www.email.com
www.hotmail.com
www.aim.com
Page 30 SonicWALL Content Filtering Service Premium Administrator’s Guide (SonicOS Enhanced)
34. Personals and Dating
Sites that promote interpersonal relationships.
Category Examples:
www.singlelinks.com
www.lovesites.com
www.dating.com
36. Reference
Sites containing personal, professional, or educational reference, including online dictionaries, maps,
census, almanacs, library catalogues, genealogy-related sites and scientific information.
Category Examples:
www.dictionary.com
www.encarta.com
www.familysearch.org
37. Religion
Sites that promote and provide information on conventional or unconventional religious or quasi-religious
subjects, as well as churches, synagogues, or other houses of worship. Does not include sites containing
alternative religions such as Wicca or witchcraft (Cult/Occult) or atheist beliefs (Political/Advocacy
Groups).
Category Examples:
www.catholic.net
www.gospel.com
www.lds.org
38. Shopping
Sites that provide or advertise the means to obtain goods or services. Does not include sites that can be
classified in other categories such as vehicles or weapons.
Category Examples:
www.amazon.com
www.tigerdirect.com
Page 31
39. Internet Auctions
Sites that support the offering and purchasing of goods between individuals. Does not include classified
advertisements.
Category Examples:
www.bidfind.com
www.ebay.com
Page 32 SonicWALL Content Filtering Service Premium Administrator’s Guide (SonicOS Enhanced)
44. Sports/Recreation
Sites that promote or provide information about spectator sports, recreational activities, or hobbies.
Includes sites that discuss or promote camping, gardening, and collecting.
Category Examples:
www.espn.com
www.nba.com
www.snoweb.com
45. Travel
Sites that promote or provide opportunity for travel planning, including finding and making travel
reservations, vehicle rentals, descriptions of travel destinations, or promotions for hotels or casinos.
Category Examples:
www.travelocity.com
www.luxor.com
www.orbitz.com
www.hertz.com
46. Vehicles
Sites that provide information on or promote vehicles, boats, or aircraft, including sites that support online
purchase of vehicles or parts.
Category Examples:
www.autotrader.com
www.boattrader.com
www.progressive.com
47. Humor/Jokes
Sites that primarily focus on comedy, jokes, fun, etc. May include sites containing jokes of adult or mature
nature. Sites containing humorous adult content also have an Adult/Mature Content rating.
Category Examples:
www.ahajokes.com
www.comedycentral.com
www.the-jokes.com
48. MP3/Streaming
Sites that sell, deliver, or stream music or video content in any format, including sites that provide
downloads for such viewers.
Category Examples:
www.mp3.com
www.windowsmedia.com
www.musiccity.com
Page 33
50. Freeware/Software Downloads
Sites that are dedicated to the electronic downloading of software, whether for payment or at no charge.
Category Examples:
www.tucows.com
54. Advertisement
Sites that provide online advertisements or banners. These sites will always be allowed. Does not include
advertising servers that serve adult-oriented advertisements.
Category Examples:
adserver.inetzone.com
webrootdisp.net
56. Other
Sites not fitting into any of the other categories.
Page 34 SonicWALL Content Filtering Service Premium Administrator’s Guide (SonicOS Enhanced)
Index
A
activating CFS Premium 6
admin
bypassing content filtering 10
Allowed 16
allowed domains 16
B
bypass
for admin 10
C
CFS Exclusion List 10
CFS server settings 12
content filter status 8
content filter types 9
F
filter properties window 11
Forbidden 16
forbidden domains 16
M
message to display when blocking 10
mySonicWALL.com 6
R
registering the SonicWALL security appliance 6
restrict web features 9
access to HTTP proxy servers 9
ActiveX 9
Cookies 9
Java 9
S
SonicWALL CFS Premium
about 3
SonicWALL technical support 5
T
trusted domains 9
U
URL cache size 12
Page 33
SonicWALL Content Filtering Service Premium Administrator’s Guide (SonicOS Enhanced)
SonicWALL, Inc.
1143 Borregas Avenue T +1 408.745.9600
Sunnyvale CA 94089-1306 F +1 408.745.9300 www.sonicwall.com
©2008 SonicWALL, Inc. is a registered trademark of SonicWALL, Inc. Other product names mentioned herein may be trademarks and/or registered trademarks of their respective companies.
Specifications and descriptions subject to change without notice.