If you have a Cyberoam appliance you know that you can actually manage content filtering for individuals, specific machines or just about any sort of granular criteria you can think of. So I went about unblocking Facebook for several people around the office so they can use it. When I did my boss told me that he was only able to see text in his Facebook page. I searched the internet for the problem and couldn’t find a decent answer for this. So I fired up the handy packet capture diagnostic tool and found that Facebook uses another domain name for its images in its CSS files. The Cyberoam will filter out the images from fbcdn.net and let the text through from facebook.com, just like it’s supposed to if you have DatingMatrimonials or whatever Facebook is categorized under now blocked.
So to unblock Facebook entirely you need to unblock both facebook.com and fbcdn.net.
How To Setup Blocked and Safe Site Lists In Cyberoam 10
Also just in addition to that bit of information on how I set up my white and black lists in Cyberoam. I’ve done this for the probably dozen of these appliances I’ve set up for people. It makes it much easier to manage. Please keep in mind this is not a default setup.
Step 1 – Determine and implement whatever method you use for individual Authentication. Personally I use the Clientless SSO method.
Step 2 – Open up the Web Filter Section and click on Policies.
Step 3 – Don’t use any of the Cyberoam pre-loaded Web Filtering Policies, make your own new one and use one of theirs as the template. Typically I’ll use the “General Corporate Policy” as the template because it covers most of the basic categories most companies want to filter out.
Step 4 – Hit OK to save the Policy, then click the little Manage icon to the right of it so you can edit the categories.
Step 5 – Add any other categories that are missing, and change any you want to implicitly allow to “Allow” instead of “Deny”. Anything not on the list is going to be allowed by default. For instance one company I set up for wanted Gambling specifically denied, and needed the Weapons category unblocked. My own company needed JobSearch unblocked. I typically will block Cricket just because I think it’s hilarious that Cricket is a category (yes one of my acquaintances at Cyberoam told me why, it’s doubly hilarious).
Step 6 – Go ahead and save your work now and move into the Categories section.
Step 7 – Typically here I will add two categories: “Safe Sites” and “Blocked Sites”. This is a very basic black and white list set up.
Step 8 – Go back and manage your new Policy and add SafeSites to your new Policy as “Allowed All the Time” and BlockedSites as “Denied All the Time”.
Step 9 – You could also add a few more categories like “BlockedUntilNoon” and add schedules to them obviously. For instance you might want Facebook only available from 11:00 until 1:00 or something.
Step 10 – Make sure this new policy is the policy for everyone in your organization that needs this type of content filtering.
Now all you need to do to block a specific site is add it to “BlockedSites” and if you want to explicitly unblock a site, add it to “SafeSites”. My favorite example of this is Budweiser, which is an employer here, needed to be unblocked, but Alcohol is a category blocked by Policy. I added the appropriate sites to the SafeSites category and it was unblocked, but CaptainMorgan.com is still blocked.
You could take this a step further and make a Global Safe Sites and a Global Blocked Sites and then say Accounting Safe Sites and Human Resources Blocked sites. This would get you a bit more control over things, like if HR needs Facebook but Accounting needs it blocked, but they everyone needs MySpace blocked. Then you’d have an “Accounting Policy” and an “HR Policy”.
One other thing I like to do is make a really locked down tight policy and add it to the Firewall Rule #1, which is the “#LAN_WAN_AnyTraffic” rule. The CIPA one is a pretty good one to use for this. Just select that as the default policy. That way anyone who’s not logged in uses that but still has some small amount of internet use.