Enabling Audit Mode - D-Link NetDefendOS User Manual

After running in Audit Mode for some period of time, it is easier to then have a better
understanding of the surfing behavior of different user groups and also to better understand the
potential impact of turning on the WCF feature.
Introducing Blocking Gradually
Blocking websites can disturb users if it is introduced suddenly. It is therefore recommended that
the administrator gradually introduces the blocking of particular categories one at a time. This
allows individual users time to get used to the notion that blocking exists and could avoid any
adverse reaction that might occur if too much is blocked at once. Gradual introduction also
makes it easier to evaluate if the goals of site blocking are being met.
Example 6.22. Enabling Audit Mode
This example is based on the same scenario as the previous example, but now with audit mode
enabled.
Command-Line Interface
First, create an HTTP Application Layer Gateway (ALG) Object:
gw-world:/> add ALG ALG_HTTP content_filtering
Web Interface
First, create an HTTP Application Layer Gateway (ALG) Object:
1. Go to: Objects > ALG > Add > HTTP ALG
2. Specify a suitable name for the ALG, for example content_filtering
3. Click the Web Content Filtering tab
4. Select Audit in the Mode list
5. In the Blocked Categories list, select Search Sites and click the >> button
6. Click OK
The steps to then create a service object using the new HTTP ALG and modifying the NAT IP rule
to use the new service, are described in the previous example.
Allowing Override
On some occasions, Active Content Filtering may prevent users carrying out legitimate tasks.
Consider a stock analyst who deals with online gaming companies. In his daily work, he might
need to browse gambling web sites to conduct company assessments. If the corporate policy
blocks gambling web-sites, he will not be able to do his job.
For this reason, NetDefendOS supports a feature called Allow Override. With this feature enabled,
the content filtering component will present a warning to the user that he is about to enter a
web site that is restricted according to the corporate policy, and that his visit to the web site will
WebContentFilteringMode=Audit
FilteringCategories=SEARCH_SITES
513
Chapter 6: Security Mechanisms