1. Verify that you are licensed for CFS (Standard or Premium)
a. You can check on the main status page on the right hand side under Security Services (Licensed / Not Licensed)
b. You can look under the Security Services section which will also let you know your expiration date for the services (Licensed 19 March 2010)
c. You can look under the Security Services>Content Filter section to see the status and service expiration date
d. You can log into your mysonicwall.com account and look under your device
2. Go to the Content Filter section (Security Services>Content Filter)
a. Verify that it shows that the server is ready
b. Click on Configure next to the SonicWALL CFS optionjust below the Content Filter Type
c. Now you have to decide if you want traffic going out or being blocked if it cannot check with the SonicWall server (Default is allow)
d. Click on the Policy tab and then the pencil at the end to configure
e. On the Edit CFS Policy you will see either a list of 12 (Standard) or ~65 (Premium with some numbers skipped) categories
f. Select which categories you do not want users to access (you can use http://cfssupport.sonicwall.com/Support/web/eng/newui/viewRating.jsp to check on how a site is rated)
g. Finally you can click on settings and for the most part we verify that the Disable Allowed Domains is unchecked and the Enable Forbidden Domains and Enable Keyword Blocking are both checked. This allows a little more granular control of allowed/blocked sites besides using the list of categories.
i. If you need to set any of these up you can go to the Custom List tab on the SonicWALL Filter Properties
3. If you have any servers I’d recommend adding an exception for them to the CFS rules under the CFS Exclusion List and check the Enable VFS Exclusion List box
a. One thing to watch out for on the newer OSes (5+ is that there is a default CFS Bypass CFS blocking for the administrator). This can mean that you have the CFS all setup, but are testing it from either a server with an exclusion or from a machine that you have logged onto the SonicWall with the administrator account and be able to get access to ANY site (even blocked ones) since it is detecting you as being logged in under the administrator account. I recommend testing the CFS from a completely separate machine that you didn’t use to configure the SonicWall CFS settings from.
4. Finally go to the Zones Section (Network>Zones) and verify that CFS is enabled on the LAN interface (should be by default).