Enabling Audit Mode - D-Link NetDefend DFL-210 User Manual

6.3.4. Dynamic Web Content Filtering
1. Go to Local Objects > Services > Add > TCP/UDP service
2. Specify a suitable name for the Service, for example http_content_filtering
3. Select the TCP in the Type dropdown list
4. Enter 80 in the Destination Port textbox
5. Select the HTTP ALG you just created in the ALG list
6. Click OK
Finally, modify the NAT rule to use the new service:
1. Go to Rules > IP Rules
2. In the grid control, click the NAT rule handling your HTTP traffic
3. Click the Service tab
4. Select your new service, http_content_filtering, in the pre-defined Service list
5. Click OK
Dynamic content filtering is now activated for all web traffic from lannet to all-nets. Validate the functionality by
following these steps:
1. On a workstation on the lannet network, launch a standard web browser.
2. Try to browse to a search site. For example, www.google.com.
3. If everything is configured correctly, the web browser will present a web page that informs the user about that
the requested site is blocked.
Audit Mode
In Audit Mode, the system will classify and log all surfing according to the content filtering policy,
but restricted web sites will still be accessible to the users. This means the content filtering feature
of NetDefendOS can then be used as an analysis tool to analysis what categories of websites are
being accessed by a user community and how often.
After running in Audit Mode for some period of time, it is easier to then have a better understanding
of the surfing behavior of different user groups and also to better understand the potential impact of
turning on the WCF feature.
Introducing Blocking Gradually
Blocking websites can be controversial if it's suddenly introduced. It is therefore recommended that
the administrator gradually introduces the blocking of particular categories one at a time. This
allows individual users time to get used to the notion that blocking exists and could avoid any
adverse reaction that might occur if too much is blocked at once. Gradual introduction also makes it
easier to evaluate if the goals of site blocking are being met.
Example 6.16. Enabling Audit Mode
This example is based on the same scenario as the previous example, but now with audit mode enabled.
CLI
First, create an HTTP Application Layer Gateway (ALG) Object:
gw-world:/> add ALG ALG_HTTP content_filtering WebContentFilteringMode=Audit
248
Chapter 6. Security Mechanisms