Enabling Audit Mode - D-Link NetDefend DFL-210 User Manual

6.5.4. Dynamic Content Filtering
3. Click the Web Content Filtering tab.
4. Select Enabled in the Mode dropdown list.
5. In the Blocked Categories list, select Search Sites and click the >> button.
6. Click OK.
Then, create a Service object using the new HTTP ALG:
1. Go to Local Objects > Services > Add > TCP/UDP service
2. Specify a suitable name for the Service, for instance http_content_filtering
3. Select the TCP in the Type dropdown list.
4. Enter 80 in the Destination Port textbox.
5. Select the HTTP ALG you just created in the ALG dropdown list.
6. Click OK.
Finally, modify the NAT rule to use the new service:
1. Go to Rules > IP Rules
2. In the grid control, click the NAT rule handling your HTTP traffic.
3. Click the Service tab.
4. Select your new service, http_content_filtering, in the pre-defined Service dropdown list.
5. Click OK.
Dynamic content filtering is now activated for all web traffic from lannet to all-nets. Validate the functionality by fol-
lowing these steps:
1. On a workstation on the lannet network, launch a standard web browser.
2. Try to browse to a search site, for instance www.google.com.
3. If everything is configured correctly, your web browser will present a web page that informs you about that
the requested site is blocked.
6.5.4.2. Audit Mode
In Audit Mode, the system will classify and log all surfing according to the content filtering policy,
but restricted web sites will still be accessible to the users. This means the content filtering feature
of NetDefendOS can then be used as an analysis tool to analysis what categories of websites are be-
ing accessed by a user community and how often.
After running in Audit Mode for some weeks, it is then easier to have a good understanding of surf-
ing behaviour and also the potential time savings that can be made by enabling content filtering. It is
recommended that the administrator gradually introduces the blocking of particular categories one at
a time. This allows individual users time to get used to the notion that blocking exists and can avoid
the widespread protests that might occur if everything is blocked at once. Gradual introduction also
makes for better evaluation as to whether the goals of blocking are being met.
Example 6.19. Enabling Audit Mode
This example is based on the same scenario as the previous example, but now with audit mode enabled.
CLI
First, create an HTTP Application Layer Gateway (ALG) Object:
145
Chapter 6. Security Mechanisms