Problem: Setup my Sonicwall NSA 240 to authenticate to Active Directory and then content filtering will be determined by two AD groups: “Admin†and “Staff†which I created two content filter policies for as well. The problem is that when I try to whitelist or block a domain for one or both of the groups, it doesn’t work. The site is either still available or not. The effect that it doesn’t seem like I can customize the content filtering according to the appropriate group. Example: I want to give the “Admin†group access to Facebook but want it blocked for “Staff.†I edit the “Admin†CFS policy and add Facebook.com to the Allowed Domains. When I test it, Facebook.com is still blocked.
Solution: Turns out that I need to take into consideration the “Default†Policy as well. Sonic CFS policies act in a hierarchical manner. So the “Admin†and “Staff†policies fall under the Default. I assumed that all three were independent which is not the case. If you want to whitelist/Block a site within the “Admin†or “Staff†policy, you first have to whitelist/Block it in the Default. So the solution to my example above goes like this: I first have to go into the “Default†CFS policy and add Facebook.com to the Allowed Domains. Then I need to do the same to the “Admin†CFS policy. Success… and the “Staff†group/policy is still being blocked.
Thanks for sharing.