How to Set Up Blocked and Safe Site lists In Cyberoam 10

If  you have a Cyberoam appliance you know that you can actually manage content filtering for individuals, specific machines or just about any sort of granular criteria you can think of. So I went about unblocking Facebook for several people around the office so they can use it. When I did my boss told me that he was only able to see text in his Facebook page. I searched the internet for the problem and couldn’t find a decent answer for this. So I fired up the handy packet capture diagnostic tool and found that Facebook uses another domain name for its images in its CSS files. The Cyberoam will filter out the images from fbcdn.net and let the text through from facebook.com, just like it’s supposed to if you have DatingMatrimonials or whatever Facebook is categorized under now blocked.

So to unblock Facebook entirely you need to unblock both facebook.com and fbcdn.net. 

How To Setup Blocked and Safe Site Lists In Cyberoam 10

Also just in addition to that bit of information on how I set up my white and black lists in Cyberoam. I’ve done this for the probably dozen of these appliances I’ve set up for people. It makes it much easier to manage. Please keep in mind this is not a default setup.

Step 1 – Determine and implement whatever method you use for individual Authentication. Personally I use the Clientless SSO method.
Step 2 – Open up the Web Filter Section and click on Policies.
Step 3 – Don’t use any of the Cyberoam pre-loaded Web Filtering Policies, make your own new one and use one of theirs as the template. Typically I’ll use the “General Corporate Policy” as the template because it covers most of the basic categories most companies want to filter out.
Step 4 – Hit OK to save the Policy, then click the little Manage icon to the right of it so you can edit the categories.
Step 5 – Add any other categories that are missing, and change any you want to implicitly allow to “Allow” instead of “Deny”. Anything not on the list is going to be allowed by default. For instance one company I set up for wanted Gambling specifically denied, and needed the Weapons category unblocked. My own company needed JobSearch unblocked. I typically will block Cricket just because I think it’s hilarious that Cricket is a category (yes one of my acquaintances at Cyberoam told me why, it’s doubly hilarious).
Step 6 – Go ahead and save your work now and move into the Categories section.
Step 7 – Typically here I will add two categories: “Safe Sites” and “Blocked Sites”. This is a very basic black and white list set up.
Step 8 – Go back and manage your new Policy and add SafeSites to your new Policy as “Allowed All the Time” and BlockedSites as “Denied All the Time”.
Step 9 – You could also add a few more categories like “BlockedUntilNoon” and add schedules to them obviously. For instance you might want Facebook only available from 11:00 until 1:00 or something.
Step 10 – Make sure this new policy is the policy for everyone in your organization that needs this type of content filtering.

Now all you need to do to block a specific site is add it to “BlockedSites” and if you want to explicitly unblock a site, add it to “SafeSites”. My favorite example of this is Budweiser, which is an employer here, needed to be unblocked, but Alcohol is a category blocked by Policy. I added the appropriate sites to the SafeSites category and it was unblocked, but CaptainMorgan.com is still blocked.

You could take this a step further and make a Global Safe Sites and a Global Blocked Sites and then say Accounting Safe Sites and Human Resources Blocked sites. This would get you a bit more control over things, like if HR needs Facebook but Accounting needs it blocked, but they everyone needs MySpace blocked. Then you’d have an “Accounting Policy” and an “HR Policy”.

One other thing I like to do is make a really locked down tight policy and add it to the Firewall Rule #1, which is the “#LAN_WAN_AnyTraffic” rule. The CIPA one is a pretty good one to use for this. Just select that as the default policy. That way anyone who’s not logged in uses that but still has some small amount of internet use.

 

6 Replies to “How to Set Up Blocked and Safe Site lists In Cyberoam 10”

  1. I want to express my metisation on the open public proxy. I think on account of spammers proxy concept is becoming more popular. When the topic was restricted to cracking a few puzzled within the question of anonymity online. Today, when more and more people took for spamming websites, forums, twitter and facebook was required to become familiar using this sphere. This does mean that thousands of people use a general public proxy for spamming and also kill them very quickly. Finding a general public proxy active today is very difficult. This undermines the the task of many those people who are trying to sound right to use public proxy. It also offers an option for the emergence of gamer hunters proxy.

    1. You make some very good points. As a rule I like the concept of public proxies. I’ve hosted one or two in my time for private use among my friends.

  2. , I think you definitely shloudn’t block the websites suddenly without any warning. Let them know about the problem and tell them that you trust them since they’re adults and they should know how to behave.My previous company once blocked all these websites one day and all the developers were furious about it since it made us feel like we are kids/prisoners who don’t know how to control ourselves. I even thought about quitting just for that reason. It really hurts when you feel that you’re not being trusted, especially by the management.I believe all the companies lead by young entrepreneurs like Google and Facebook in the US don’t enforce these policies and so there must be a way to make it work… CK should know this better than me 🙂

    1. Yeah, this can definitely be an issue. I’m normally opposed to blocking sites other than ads and pornography. Sometimes with a public building it’s necessary simply because people will take up public resources for nothing but Facebook. I understand why they do it, but there has to be a limit on how long they do this.

  3. Pingback: 手機保護殼

Leave a Reply