Activation
Dynamic Content Filtering is a feature that is enabled by taking out a separate subscription to the
service. This is an addition to the normal NetDefendOS license.
Once a subscription is taken out, an HTTP Application Layer Gateway (ALG) Object should be
defined with Dynamic Content Filtering enabled. This object is then associated with a service object
and the service object is then associated with a rule in the IP rule set to determine which traffic
should be subject to the filtering. This makes possible the setting up of a detailed filtering policy
based on the filtering parameters that are used for rules in the IP rule set.
Tip: Using a schedule
If the administrator would like the content filtering policy to vary depending on the
time of the day, they can make use of a Schedule object associated with the
corresponding IP rule. For more information, please see Section 3.6, “Schedules”.
Setting Fail Mode
The option exists to set the HTTP ALG fail mode in the same way that it can be set for some other
ALGs and it applies to WCF just as it does to functions such as Anti-Virus scanning. The fail mode
setting determines what happens when dynamic content filtering cannot function and, typically, this
is because NetDefendOS is unable to reach the external databases to perform URL lookup. Fail
mode can have one of two settings:
•
Deny - If WCF is unable to function then URLs are denied if external database access to verify
them is not possible. The user will see an "Access denied" web page.
•
Allow - If the external WCF database is not accessible, URLs are allowed even though they
might be disallowed if the WCF databases were accessible.
Example 6.15. Enabling Dynamic Web Content Filtering
This example shows how to setup a dynamic content filtering policy for HTTP traffic from intnet to all-nets. The
policy will be configured to block all search sites, and this example assumes that the system is using a single NAT
rule for HTTP traffic from intnet to all-nets.
Command-Line Interface
First, create an HTTP Application Layer Gateway (ALG) Object:
gw-world:/> add ALG ALG_HTTP content_filtering
WebContentFilteringMode=Enabled
FilteringCategories=SEARCH_SITES
Then, create a service object using the new HTTP ALG:
gw-world:/> add ServiceTCPUDP http_content_filtering Type=TCP
DestinationPorts=80
ALG=content_filtering
Finally, modify the NAT rule to use the new service. Assume rule is called NATHttp:
gw-world:/> set IPRule NATHttp Service=http_content_filtering
Web Interface
First, create an HTTP Application Layer Gateway (ALG) Object:
6.3.4. Dynamic Web Content Filtering
Chapter 6. Security Mechanisms
302
Summary of Contents for DFL-1600 - Security Appliance
Page 27: ...1 3 NetDefendOS State Engine Packet Flow Chapter 1 NetDefendOS Overview 27 ...
Page 79: ...2 7 3 Restore to Factory Defaults Chapter 2 Management and Maintenance 79 ...
Page 146: ...3 9 DNS Chapter 3 Fundamentals 146 ...
Page 227: ...4 7 5 Advanced Settings for Transparent Mode Chapter 4 Routing 227 ...
Page 241: ...5 4 IP Pools Chapter 5 DHCP Services 241 ...
Page 339: ...6 7 Blacklisting Hosts and Networks Chapter 6 Security Mechanisms 339 ...
Page 360: ...7 4 7 SAT and FwdFast Rules Chapter 7 Address Translation 360 ...
Page 382: ...8 3 Customizing HTML Pages Chapter 8 User Authentication 382 ...
Page 386: ... The TLS ALG 9 1 5 The TLS Alternative for VPN Chapter 9 VPN 386 ...
Page 439: ...Figure 9 3 PPTP Client Usage 9 5 4 PPTP L2TP Clients Chapter 9 VPN 439 ...
Page 450: ...9 7 6 Specific Symptoms Chapter 9 VPN 450 ...
Page 488: ...10 4 6 Setting Up SLB_SAT Rules Chapter 10 Traffic Management 488 ...
Page 503: ...11 6 HA Advanced Settings Chapter 11 High Availability 503 ...
Page 510: ...12 3 5 Limitations Chapter 12 ZoneDefense 510 ...
Page 533: ...13 9 Miscellaneous Settings Chapter 13 Advanced Settings 533 ...