Monday, 18 July 2011

How do you allow/unblock a website that is protected by Sonicwall NSA Firewall content filter

This is one of the first tasks you will be asked to perform once you have put content filtering in place. As this is a straight question I will give a very short and concise answer. See below : sonicwallLogoShadowed4


1. Go to your Sonicwall login page
2. Login using your admin username and password
3. Go to Security Services>Content Filter
4. Under ‘Content Filter type’ choose ‘Configure’
5. Go to ‘Custom List’ tab
6. Under Allowed Domains> Click add
7. Add your URL >Click OK>Click OK
You will now see it in the ‘Allowed Domains’ list.

On the client machine close all browser windows, re-open, and go to the previously blocked website. It should now appear.

Sunday, 17 July 2011

Website appears in plain text without images after Sonicwall NSA firewall content filter has been allowed

The company I am doing work for have recently adopted Twitter.com as part of their marketing strategy and as a result the CEO needed access to the site. sonicwallLogoShadowed4
It had previously been blocked by default but it now need to be added to the custom list within the Sonicwall content filter.

This did unblock the site but it was only showing the text of the site and not the text and images.

Can you guess what the problem is yet ?. Twitter.com uses another website to provide the images to it’s site i.e. twimg.com which is also blocked by default. Therefore, in order to resolve this problem you will need to also add ‘twimg.com’ to the filter aswell.

Although, this works for Twitter it is true of all sites that show as plain text. In order to find the site that contains the images just keep refreshing the page and make a note of the URLs that ‘try’ to load in the bottom left of the browser.

Saturday, 16 July 2011

Symantec Endpoint protection won’t update client across DMZ

I recently had a situation in my network where I wanted to protect a new server with Symantec Endpoint Protection but the client machine was in a different DMZ (Demilitarized zone).  Symantec-Logo-Photo
For example, the Symantec Endpoint Protection Manager is on my internal LAN and the web server I wanted to protect is in my public DMZ.
I was able to deploy the client software to the web server but it was then unable to contact the management server for policy updates. This was verified by going to :
1.Symantec Icon in the system tray>Right click>Open Symantec Endpoint Protection
2. Help and Support>Troubleshooting>Management Tab
Under general information you will see ‘Server : Offline’ instead of a valid machine name or IP address.
So from this we can see that the client software cannot communicate with the management software.
Solution
Symantec uses ‘TCP 8014’ for this communication and this will need to be opened on your firewall between your Public DMZ and your internal LAN.
Once this rule has been added to your firewall you can go back to step 2 above, click on ‘Update’ under ‘Policy profile’ and you will see that ‘Server :’ will now have a machine name or IP address next to it.
After 5-10 mins your client software will be updated.