Symantec.com
VERITAS.com
Partners
About Symantec
WelcomeProducts & ServicesSecurity ResponseSupportSolutions & IndustriesLicensingTraining
Enterprise
Symantec.com > Enterprise > Support > Knowledge Base

PRINT THIS PAGE PRINT THIS PAGE

RATE THIS PAGE RATE THIS PAGE

Configuring content filtering

Question/Issue:
You need a general overview of content filtering and instructions on implementing it.

Symptoms:
Configuring content filtering You need a general overview of content filtering and instructions on implementing it.

Solution:
Overview
Symantec? Gateway Security 300 Series supports basic content filtering for outbound traffic. You use content filtering to restrict the content to which clients have access. For example, to restrict your users from seeing gambling
sites, you configure content filtering to deny access to gambling URLs that you specify.

Content filtering is administered through computer groups and VPN groups. A computer group is a group of computers, defined in the Firewall section of the Security Gateway Management Interface (SGMI), to which you apply the same rules. Similarly, a VPN group is a group of VPN users, defined in the VPN section of the SGMI, to which you apply the same rules. When you define a computer group, you specify if the group uses a content filtering deny or allow list.

Note: By default, content filtering is disabled for all computer groups.

Allow and deny lists
An allow list permits access only to sites on the list, and blocks access to all other sites. The allow list permits traffic to pass to sites that exactly match entries in the list. The content filtering engine drops connection requests to a destination that do not match an entry in the list. If the allow list is empty, all traffic is blocked.

A deny list blocks access to sites that are on the list and allows access to all other sites. If the deny list is empty, traffic is not filtered. Once entries are added to the deny list, the content filtering engine drops connection requests sent to a destination that exactly matches an entry. Traffic that does not match an entry is allowed to pass.

Special considerations

Managing content filtering lists
When you create allow and deny lists, you provide the allowed or denied fully qualified domain names. The appliance filters traffic by checking DNS look-up requests. There must be an exact match on the destination for action (blocking or warning) to occur.
For wildcard functionality, specify only the domain name in the allow or deny list for specific sites. For example, to allow traffic to any Symantec site, add symantec.com to the allow list. This allows traffic to liveupdate.symantec.com, www.symantec.com, fileshare.symantec.com, and other sites in the symantec.com domain.

Note: If a site or security gateway uses redirection to transfer users from one URL to another, you must include both URLs in the list. For example, www.disney.com redirects users to www.disney.go.com. To allow your users to view this Web site, you must specify both www.disney.com and www.disney.go.com in the allow list. If a site brings in content from other sites, you must add both URLs to the list. For example, www.cnn.com uses content from www.cnn.net.


To add a URL to an allow or deny list
  1. In the left pane of the SGMI, click Content Filtering.
  2. Under Select List, next to List Type, select Allow or Deny.
  3. In the Input URL text box, type the name of a site you want to add to the list.
    For example, yoursite.com or mysite.com/pictures/me.html.
  4. Click Add.
    Repeat the previous two steps until you have all of your URLs added to the list.
  5. Click Save List.

To remove a URL from an allow or deny list
  1. In the left pane, click Content Filtering.
  2. From the Delete URL drop-down list, select the URL that you want to delete.
  3. Click Delete Entry.
  4. Click Save List.


Using content filtering
Content filtering can be enabled for computers on your LAN or for VPN clients that connect to the WAN side of your appliance.

Enabling content filtering for computers on your LAN
After you have set up the allow or deny lists, you must enable content filtering for each computer group for which you want to filter traffic.

To enable content filtering for a computer group
  1. In the left pane of the SGMI, click Firewall.
  2. On the Computer Groups tab, under Security Policy, using the Computer Group drop-down list, select the computer group for which you want to enable content filtering.
  3. Under Content Filtering, check Enable Content Filtering.
  4. Do one of the following:
    • To filter content based on the deny list, click Use Deny List.
    • To filter content based on the allow list, click Use Allow List.
  5. Click Save.

Enabling content filtering for VPN client tunnels
You enable content filtering for VPN client tunnels in the VPN Group configuration by checking the Enable Content Filtering option and selecting Use Allow List or Use Deny List.

Monitoring content filtering
Content filtering logs a message in the log files if packets are dropped due to a user attempting to access a URL on the deny list, or attempting to access a URL that is not specifically permitted on the allow list.
  1. In the left pane, click Content Filtering.
  2. Under Select List, under List Type, do one of the following:
    • To view the URLs on the Deny list, click Deny.
    • To view the URLs on the Allow list, click Allow.
  3. Click View/Edit.





 

Available Translations:


RATE THIS SOLUTION
Was this solution helpful to you?
Yes
No
If any information was unclear, or the information you were seeking was not provided, please let us know. Your feedback will help us improve this service.

NOTE: Comments entered here will NOT recieve a personal email response.


Document ID: 2004041413150954
Last Modified: 10/03/2007
Date Created: 04/14/2004
Product(s): Symantec Gateway Security 300 Series, Symantec Gateway Security 400 Series
Release(s): 320, 360, 360R, 440, 460, 460R, SGS 440, SGS 460, SGS 460R



Site Index · Legal Notices · Privacy Policy · Contact Us · Global Sites
©1995 - 2009 Symantec Corporation