5G Software Guide between Core and Sonic Firewall Rules

May, 28 2021

Content Filtering Services (CFS) enforces granular web policies to restrict objectionable, unproductive or unsecure web content. CFS compares requested web sites against a massive database in the cloud containing millions of rated URLs, IP addresses and websites.

To restrict access for users on Vlan20, we are using a Content Filter Policy. Content Filtering is a service under “Security Services” on the SonicWall OS. The Content Filtering Service (CFS) allows filtering of URLs on a allow or block list. This Policy is set up under Firewall Settings, Content Filter Policies.

CFS Policy 1 is set to VLAN 20 Subnet. Note the priority is enabled. Both of these are important. It is applied to anyone using Vlan20 Subnet. We can create more groups or smaller groups or even single IP’s if needed to apply policies to.

The Other important piece is the Profile, it sets the rules. Also, the Action as that sets what happens. We can create a new one or use the existing.

To review or edit an existing Object, navigate to the “Content Filter Objects” and then use the tabs at the top to edit the different objects. On these tabs we can set what is allowed and what is forbidden. Once changes are made, perform a test and then adjust, as necessary.

This blocks the URI traffic for web browsers and other apps. The other type of rules you may consider is Firewall rules that would block all outbound ports, except those needed.

To set Firewall Rules,
Go to Firewall -> Access Rules.
Set the rules based on Zones. We have Zones setup by Vlan and the network type.
Set the Traffic From Zone To Traffic To Zone. And then can choose if it is an allow rule or deny. We can also specify the Service or Port Type and Destination.