Sonicwall: How do I administer multiple CFS policies?

Problem:  Setup my Sonicwall NSA 240 to authenticate to Active Directory and then content filtering will be determined by two AD groups: “Admin” and “Staff” which I created two content filter policies for as well.   The problem is that when I try to whitelist or block a domain for one or both of the groups, it doesn’t work.  The site is either still available or not.   The effect that it doesn’t seem like I can customize the content filtering according to the appropriate group.    Example:  I want to give the “Admin” group access to Facebook but want it blocked for “Staff.”   I edit the “Admin”  CFS policy and add to the Allowed Domains.  When I test it, is still blocked.

Solution:  Turns out that I need to take into consideration the “Default” Policy as well.  Sonic CFS policies act in a hierarchical manner.  So the “Admin” and “Staff” policies fall under the Default.  I assumed that all three were independent which is not the case.   If you want to whitelist/Block a site within the “Admin” or “Staff” policy, you first have to whitelist/Block it in the Default.  So the solution to my example above goes like this:  I first have to go into the “Default” CFS policy and add to the Allowed Domains.   Then I need to do the same to the “Admin” CFS policy.  Success… and the “Staff” group/policy is still being blocked.  

One thought on “Sonicwall: How do I administer multiple CFS policies?

Leave a comment

Your email address will not be published.