Configuring sonicwall content filtering, Restrict web features – SonicWALL Internet Security Appliances User Manual

Page 100 SonicWALL Internet Security Appliance Administrator’s Guide

Configuring SonicWALL Content Filtering

The Configure tab is common between the three types of Content Filtering. Click Filter on the left
side of the browser window, and then click on the Configure tab.
Select the type of Content Filter from the Content Filter Type menu. To enforce Content Filtering on
the LAN, select Apply Content Filter.
Content filtering can also be enforced on the LAN, DMZ, or both. Select LAN, DMZ, or both. Both LAN
and DMZ are selected by default.

Restrict Web Features

Restrict Web Features enhances your network security by blocking potentially harmful Web
applications from entering your network. Select any of the following applications to block:

Block:

•

ActiveX
ActiveX is a programming language that embeds scripts in Web pages. Malicious programmers
can use ActiveX to delete files or compromise security. Select the ActiveX check box to block
ActiveX controls.

•

Java
Java is used to download and run small programs, called applets, on Web sites. It is safer than
ActiveX since it has built-in security mechanisms. Select the Java check box to block Java
applets from the network.

•

Cookies
Cookies are used by Web servers to track Web usage and remember user identity. Cookies can
also compromise users' privacy by tracking Web activities. Select the Cookies check box to
disable Cookies.

•

Known Fraudulent Certificates
Digital certificates help verify that Web content and files originated from an authorized party.
Enabling this feature protects users on the LAN from downloading malicious programs
warranted by these fraudulent certificates. If digital certificates are proven fraudulent, then the
SonicWALL blocks the Web content and the files that use these fraudulent certificates.
Known fraudulent certificates blocked by SonicWALL include two certificates issued on January
29 and 30, 2001 by VeriSign to an impostor masquerading as a Microsoft employee.

•

Access to HTTP Proxy Servers
When a proxy server is located on the WAN, LAN users can circumvent content filtering by
pointing their computer to the proxy server. Check this box to prevent LAN users from accessing
proxy servers on the WAN.

•

Don’t Block Java/ActiveX/Cookies to Trusted Domains
Select this option if you have trusted domains using Java, ActiveX, and Cookies. To add a trusted
domain, enter the domain name into the Add Trusted Domain field. Click Update to add the
domain to the list of trusted domains. To delete a domain, select it from the list, and then click
Delete.