Table of Contents
Advertisement
WCF is a Subscription Based Feature
Web content filtering is a feature that is enabled by purchasing a subscription to the service. This
subscription is described further in Appendix A, Subscribing to Updates along with details of WCF
behavior after subscription expiry.
Setup Methods
Once a WCF subscription is purchased, the feature can be configured in NetDefendOS. There are
two ways of configuring WCF:
•
With an IP Rule object.
•
With an IP Policy object. This is discussed further in Section 6.3.4.3, "WCF Setup with IP Policies".
Summary of WCF Setup with IP Rules
The following steps are used with IP rules:
•
Define an HTTP ALG object with Web Content Filtering enabled.
Alternatively, use the Light Weight HTTP ALG (LW-HTTP ALG). This is preferred as it has less
system overhead and will provide higher traffic throughput. The disadvantage is that certain
features, such as Anti-Virus scanning and stripping static web content, are not supported. The
LW-HTTP ALG is discussed further in Section 6.2.3, "The Light Weight HTTP ALG".
•
The ALG object is then associated with a Service object. It is recommended to create a custom
Service object for this purpose so the predefined Service objects are left unchanged.
•
This Service object is then associated with an IP Rule object to determine which traffic should
be subject to filtering. This allows a detailed filtering policy to be defined.
Tip: Using a schedule
If the administrator would like the content filtering policy to vary depending on the time
of the day, they can make use of a Schedule object associated with the corresponding IP
rule. For more information about this, see Section 3.8, "Schedules".
Setting Fail Mode
The option exists to set the HTTP ALG fail mode in the same way that it can be set for some other
ALGs and it applies to WCF just as it does to functions such as Anti-Virus scanning. The fail mode
setting determines what happens when web content filtering cannot function. This is usually
because NetDefendOS is unable to reach the external databases to perform URL lookup.
Fail mode can have one of two settings:
•
Deny
If WCF is unable to function then URLs are denied if external database access to verify them is
not possible. The user will see an "Access denied" web page.
510
Chapter 6: Security Mechanisms
- Quick Links:
- User Manual
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
