beautypg.com

Setting up dynamic web content filtering, Enabling dynamic web content filtering, Tip: using a schedule – Amer Networks E5Web GUI User Manual

Page 450

background image

6.3.4.2. Setting Up Dynamic Web Content Filtering

Activation

Dynamic Content Filtering is a feature that is enabled by purchasing a subscription to the service.
This is an addition to the normal cOS Core license. For complete details of subscription services,
see Appendix A, Update Subscriptions.

Once a subscription is purchased, an HTTP Application Layer Gateway (ALG) Object should be
defined with Dynamic Content Filtering enabled. This object is then associated with a service
object and the service object is then associated with a rule in the IP rule set to determine which
traffic should be subject to the filtering. This makes possible the setting up of a detailed filtering
policy based on the filtering parameters that are used for rules in the IP rule set.

Tip: Using a schedule

If the administrator would like the content filtering policy to vary depending on the time
of the day, they can make use of a Schedule object associated with the corresponding IP
rule. For more information, please see Section 3.7, “Schedules”.

Setting Fail Mode

The option exists to set the HTTP ALG fail mode in the same way that it can be set for some other
ALGs and it applies to WCF just as it does to functions such as Anti-Virus scanning. The fail mode
setting determines what happens when dynamic content filtering cannot function. This is usually
because cOS Core is unable to reach the external databases to perform URL lookup.

Fail mode can have one of two settings:

Deny

If WCF is unable to function then URLs are denied if external database access to verify them is
not possible. The user will see an "Access denied" web page.

Allow

If the external WCF database is not accessible, URLs are allowed even though they might be
disallowed if the WCF databases were accessible.

Example 6.16. Enabling Dynamic Web Content Filtering

This example shows how to set up dynamic content filtering for HTTP traffic from a protected
network to all-nets. It will be configured to block all search sites, and it is assumed that there is
using a single NAT IP rule controlling HTTP traffic.

Command-Line Interface

First, create an HTTP Application Layer Gateway (ALG) Object:

Device:/> add ALG ALG_HTTP content_filtering

WebContentFilteringMode=Enabled
FilteringCategories=SEARCH_SITES

Chapter 6: Security Mechanisms

450

This manual is related to the following products:
See also other documents in the category Amer Networks Computer Accessories: