Problem: Setup my Sonicwall NSA 240 to authenticate to Active Directory and then content filtering will be determined by two AD groups: â€œAdminâ€ and â€œStaffâ€ which I created two content filter policies for as well. The problem is that when I try to whitelist or block a domain for one or both of the groups, it doesnâ€™t work. The site is either still available or not. The effect that it doesnâ€™t seem like I can customize the content filtering according to the appropriate group. Example: I want to give the â€œAdminâ€ group access to Facebook but want it blocked for â€œStaff.â€ I edit the â€œAdminâ€ CFS policy and add Facebook.com to the Allowed Domains. When I test it, Facebook.com is still blocked.
Solution: Turns out that I need to take into consideration the â€œDefaultâ€ Policy as well. Sonic CFS policies act in a hierarchical manner. So the â€œAdminâ€ and â€œStaffâ€ policies fall under the Default. I assumed that all three were independent which is not the case. If you want to whitelist/Block a site within the â€œAdminâ€ or â€œStaffâ€ policy, you first have to whitelist/Block it in the Default. So the solution to my example above goes like this: I first have to go into the â€œDefaultâ€ CFS policy and add Facebook.com to the Allowed Domains. Then I need to do the same to the â€œAdminâ€ CFS policy. Successâ€¦ and the â€œStaffâ€ group/policy is still being blocked.