112 Advanced network traffic control
Managing content filtering lists
Managing content filtering lists
Special considerations
If you make changes to content filtering on the appliance, clear the DNS and
browser caches on the client machine. If a URL is accessed by a client, but then
the content filtering settings change to deny access to that URL, the cache may
be used and allow the client access to the URL. Refer to your operating system
documentation for information on clearing DNS caches and your browser's
documentation for clearing the browser cache.
If you enable content filtering for remote WAN-side VPN clients, you must have
DNS servers on the local LAN.
When you create allow and deny lists, you provide the allowed or denied fully
qualified domain names. The appliance filters traffic by checking DNS lookup
requests. There must be an exact match on the destination for action (blocking
or warning) to occur.
For wild card functionality, specify only the domain name in the allow or deny
list for specific sites. For example, to allow traffic to any Symantec site, add
symantec.com to the allow list. This allows traffic to liveupdate.symantec.com,
www.symantec.com, fileshare.symantec.com, and so on.
Content filtering applies to all outbound traffic, not just HTTP (Web) traffic.
If a site or security gateway uses redirection to transfer users from one URL to
another, you must include both URLs in the list. For example, www.disney.com
redirects users to www.disney.go.com. To allow your users to view this Web site,
you must specify both www.disney.com and www.disney.go.com in the allow list.
If a site brings in content from other sites, you must add both URLs to the list.
For example, www.cnn.com uses content from www.cnn.net.
To manage allow and deny lists
By default, the allow and deny lists are empty. Each filtering list can hold up to
100 entries. Each entry can be up to 128 characters long.
See
"Content filtering field descriptions"
To add a URL to an allow or deny list
1
In the left pane, click Content Filtering.
2
Under Select List, next to List Type, select Allow or Deny.
on page 210.