Filter
Top Products
Security Services > Content Filter
1192
SonicOS 5.8.1 Administrator Guide
Policies and Precedence: How Policies are Enforced
This section provides an overview of policy enforcement mechanism in CFS 3.0 to help the
policy administrator create a streamlined set of rules without unnecessary redundancy or
conflicting rule logic enforcement.
Policy Enforcement Across Different Groups
The basic default behavior for CFS policies assigned to different groups is to follow standard
most specific / least restrictive logic, meaning:
The most specific rule is always given the highest priority
• Example
A rule applying to the “Engineering” group (a specific group) is given presidence over
a rule
applying to the “All” group (the least specific group.)
Policy Enforcement Within The Same Group
The basic default behavior for CFS policies within the same group is to follow an additive logic,
meaning:
Rules are enforced additively
• Example
CFS policy 1 disallows porn, gambling, and social networking
CFS policy 2 applies bandwidth management to sport
s and adult content to 1Mbps
The end result of these policies is that spor
ts and adult content are bandwidth managed,
even though the first policy implies that they are allowed.
CFS 3.0 Configuration Examples
This section provides configuration examples using Application Control feature to create and
manage CFS policies:
• Blocking Forbidden Content — page 1192
• Bandwidth Managing Content — page 1195
• Applying Policies to Multiple Groups — page 1197
• Creating a Custom CFS Category — page 1199
Blocking Forbidden Content
To create a CFS Policy for blocking forbidden content:
• Create an Application Object — page 1193
• Create an Application Control Policy to Block Forbidden Content — page 1194