SonicOS 7.1 Rules and Policies for Policy Mode
- SonicOS 7.1 Rules and Policies
- Overview
- Settings
- Security Policy
- NAT Policy
- About NAT in SonicOS
- About NAT Load Balancing
- About NAT64
- About FQDN-based NAT
- About Source MAC Address Override
- Viewing NAT Policy Entries
- Adding or Editing NAT or NAT64 Rule Policies
- Deleting NAT Policies
- Creating NAT Rule Policies: Examples
- Creating a One-to-One NAT Policy for Inbound Traffic
- Creating a One-to-One NAT Policy for Outbound Traffic
- Inbound Port Address Translation via One-to-One NAT Policy
- Inbound Port Address Translation via WAN IP Address
- Creating a Many-to-One NAT Policy
- Creating a Many-to-Many NAT Policy
- Creating a NAT Load Balancing Policy for Two Web Servers
- Routing
- Decryption Policy
- DoS Policy
- DNS Policy
- Endpoint Policy
- Shadow
- SonicWall Support
SonicWall CFS
This allows you to configure client Content Filtering Service (CFS) settings in SonicOS. The default SonicWall Content Filtering Service policy is available without a CFS subscription. With a valid advanced CFS subscription, you can create custom CFS policies and apply them to network zones or to groups of users within your organization.
After you have configured a CFS policy, you can configure client content filtering settings.
SonicOS offers client content filtering protection on a subscription-basis through a partnership with McAfee.
Global Settings
The Global Settings section of the Content Filter page brings up the information for defining the global settings for CFS policies. Many of the fields on this page have an i (information) icon on the right, which gives more information about that field. The Global Settings section provides these configuration options:
| Max URL Cache Entries | You can select the maximum number of URL entries that can be cached. The minimum is 25,600 and the maximum is 51,200. In the note beneath this field, there is a link on the word "here" that gives the supported range for the selected model. |
| Block if CFS Server is Unavailable | When this option is selected, if the CFS server is detected as unavailable, then all web access is blocked. |
| Bypass decryption when CFS is not licensed and policies need web content | When enabled, all connections are bypassed when the GEO-IP map database is not downloaded and your policies require country details. |
| Bypass decryption when CFS fails to connect to backend rating server and policies need web rating | When enabled, all web client connections are bypassed when the CFS is unable to connect to the backend servers and your policies require web stream rating data (URL ratings). |
| Server Timeout | If the network security appliance does not get a response from the CFS server within this timeout value, the sever is marked as unavailable. The minimum is two seconds, the maximum is 10 seconds, and the default is five seconds. This setting is not available when Block if CFS Server is Unavailable is not checked. |
Was This Article Helpful?
Help us to improve our support portal