SonicWall: Content Filtering Service

Educational institutions, businesses and government agencies assume substantial risks when they provide students and employees IT-issued computers that can be used to access the Internet, even when the device is behind the firewall perimeter where organizational web use policies are enforced. This is particularly true when those connections are used to access sites containing information or images that are inappropriate, dangerous or even illegal. These sites may also be infected with malware that can be inadvertently downloaded and then used to steal confidential information.

Schools, in particular, have a responsibility to protect students from inappropriate and harmful web content. In addition, to receive eRate funding, both schools and libraries are required by law to install a content filtering solution in compliance with the Children’s Internet Protection Act (CIPA). For businesses and government agencies, providing employees with uncontrolled web access can result in non-productive web surfing, creating tremendous losses in productivity, not to mention the potential for legal liability.

SonicWall Content Filtering Service (CFS) running on SonicWall Unified Threat Management and nextgeneration firewalls (NGFWs) is a powerful protection and productivity solution that delivers unequaled content filtering enforcement for educational institutions, businesses, libraries and government agencies. Using SonicWall CFS, organizations have control over the websites students and employees can access using their IT-issued computer behind the firewall.

SonicWall CFS compares requested websites against a massive database in the cloud containing millions of rated URLs, IP addresses and websites. CFS provides administrators with the tools to create and apply policies that allow or deny access to sites based on individual or group identity, or by time of day, for over 56 pre-defined categories. CFS also dynamically caches website ratings ocally on the SonicWall firewall for near-instantaneous response times.

For laptops that are used outside the firewall erimeter, the SonicWall Content Filtering Client addresses safety, security and productivity concerns by extending the controls to block harmful and unproductive web content. The client is either installed manually or automatically deployed and provisioned through a SonicWall firewall. In addition to providing IT administrators the tools to control web based access for roaming devices, the Content Filtering Client can be configured to automatically switch enforcement to the internal policy once the device reconnects to the network firewall. The client is managed and monitored using a powerful policy and reporting engine in the cloud that is accessed seamlessly from the firewall interface. In the event an outdated client attempts to connect to the internal network to access the Internet, the connection is denied and the user receives a message with steps for remediation.

Features and benefits

Granular content filtering allows the administrator to block or apply bandwidth management to all pre-defined categories or any combination of categories. Administrators can apply User Level Authentication (ULA) and Single Sign-On (SSO) to enforce username and password logon. CFS can block potentially harmful content such as Java™, ActiveX®, and Cookies, as well as schedule filtering by time of day, such as during school or business hours. CFS also enhances performance by filtering out IM, MP3s, streaming media, freeware and other files that drain bandwidth.

Dynamically updated rating architecture cross-references all requested websites against a highly accurate database categorizing millions of URLs, IP addresses and domains. The SonicWall firewall receives ratings in real time, and then compares each rating to the local policy setting. The appliance will then either allow or deny the request based on the administrator’s locally configured policy.

Application traffic analytics suite includes SonicWall Capture Security Center, SonicWall Global Management System (GMS®), and SonicWall Analyzer, each of which provides real-time and historic analysis of data transmitted through the firewall, including websites blocked and visited by user.

Easy-to-use web-based management enables flexible policy configuration and complete control over Internet usage. Administrators can enforce multiple custom policies for individual users, groups or specific category types. Local URL filtering controls can allow or deny specific domains or hosts. To block objectionable and unproductive material more effectively, administrators can also reate or customize filtering lists.

High-performance web caching and rating architecture allows administrators to block sites easily and automatically by category. URL ratings are cached locally on the SonicWall firewall, so that response time for subsequent access of frequently visited sites is only a fraction of a second.

IP-based HTTPS content filtering allows administrators to control user access to websites over encrypted HTTPS. HTTPS filtering is based on the categorical rating of websites containing information or images that are objectionable or unproductive such as violence, hate, online banking, shopping and others.

Scalable, cost-effective solution controls content filtering from the SonicWall firewall, eliminating the need for additional hardware or deployment expenditures on a separate dedicated filtering server.

Content Filtering Client for roaming devices extends enforcement of internal web use policies to block objectionable and unproductive Internet content for devices located outside the firewall perimeter. The client enforces security and productivity policies whenever the device connects to the Internet regardless of where the connection is established.