SonicWALL 5.8.1 用户手册
Security Services > Content Filter
1192
SonicOS 5.8.1 Administrator Guide
Policies and Precedence: How Policies are Enforced
This section provides an overview of policy enforcement mechanism in CFS 3.0 to help the
policy administrator create a streamlined set of rules without unnecessary redundancy or
conflicting rule logic enforcement.
policy administrator create a streamlined set of rules without unnecessary redundancy or
conflicting rule logic enforcement.
Policy Enforcement Across Different Groups
The basic default behavior for CFS policies assigned to different groups is to follow standard
most specific / least restrictive logic, meaning:
most specific / least restrictive logic, meaning:
The most specific rule is always given the highest priority
•
Example
A rule applying to the “Engineering” group (a specific group) is given presidence over a rule
applying to the “All” group (the least specific group.)
applying to the “All” group (the least specific group.)
Policy Enforcement Within The Same Group
The basic default behavior for CFS policies within the same group is to follow an additive logic,
meaning:
meaning:
Rules are enforced additively
•
Example
CFS policy 1 disallows porn, gambling, and social networking
CFS policy 2 applies bandwidth management to sports and adult content to 1Mbps
The end result of these policies is that sports and adult content are bandwidth managed,
even though the first policy implies that they are allowed.
even though the first policy implies that they are allowed.
CFS 3.0 Configuration Examples
This section provides configuration examples using Application Control feature to create and
manage CFS policies:
manage CFS policies:
•
•
•
•
Blocking Forbidden Content
To create a CFS Policy for blocking forbidden content:
•
•