Enabling Audit Mode - D-Link NetDefend DFL-210 User Manual

6.3.4. Dynamic Web Content Filtering
5. In the Blocked Categories list, select Search Sites and click the >> button.
6. Click OK
Then, create a Service object using the new HTTP ALG:
1. Go to Local Objects > Services > Add > TCP/UDP service
2. Specify a suitable name for the Service, eg. http_content_filtering
3. Select the TCP in the Type dropdown list
4. Enter 80 in the Destination Port textbox
5. Select the HTTP ALG you just created in the ALG list
6. Click OK
Finally, modify the NAT rule to use the new service:
1. Go to Rules > IP Rules
2. In the grid control, click the NAT rule handling your HTTP traffic
3. Click the Service tab
4. Select your new service, http_content_filtering, in the pre-defined Service list
5. Click OK
Dynamic content filtering is now activated for all web traffic from lannet to all-nets. Validate the functionality by
following these steps:
1. On a workstation on the lannet network, launch a standard web browser.
2. Try to browse to a search site, for instance www.google.com.
3. If everything is configured correctly, your web browser will present a web page that informs you about that
the requested site is blocked.
Audit Mode
In Audit Mode, the system will classify and log all surfing according to the content filtering policy,
but restricted web sites will still be accessible to the users. This means the content filtering feature
of NetDefendOS can then be used as an analysis tool to analysis what categories of websites are
being accessed by a user community and how often.
After running in Audit Mode for some weeks, it is then easier to have a good understanding of
surfing behaviour and also the potential time savings that can be made by enabling content filtering.
It is recommended that the administrator gradually introduces the blocking of particular categories
one at a time. This allows individual users time to get used to the notion that blocking exists and can
avoid the widespread protests that might occur if everything is blocked at once. Gradual
introduction also makes for better evaluation as to whether the goals of blocking are being met.
Example 6.16. Enabling Audit Mode
This example is based on the same scenario as the previous example, but now with audit mode enabled.
CLI
First, create an HTTP Application Layer Gateway (ALG) Object:
gw-world:/> add ALG ALG_HTTP content_filtering WebContentFilteringMode=Audit
174
Chapter 6. Security Mechanisms