With integrated web filtering, the security device intercepts each HTTP request and then determines whether to permit or block access to a requested site by categorizing its URL and matching the URL category to a web-filtering profile. A web-filtering profile is bound to a firewall policy; it defines, per category, the action the security device takes (permit or block) when it receives a request to access a URL.
Note: You must install the web-filtering license key to use this feature.
Enter the necessary information to configure integrated web-filtering parameters:
Enable Web Filtering via CPA Server: Select this option to enable web filtering with the SurfControl Content Portal Authority (CPA) server.
Server Name: Select one of the three SurfControl server locations.
The three SurfControl server locations serve a specific geographic area: the Americas, Asia Pacific, and Europe/Middle/East/Africa. The default primary server is the Americas, and the default backup server is Asia Pacific. You can change the primary server, and the security device automatically selects a backup server, based on the primary server. (The Asia Pacific server is the backup for the Americas server, and the Americas server is the backup for the other two servers.)
Host: Enter the DNS name or the IP address of the web-filtering server. When you select the server name, this field gets updated automatically.
Port: The port number on which the security device communicates with the web-filtering server.
Enable Cache: Select the checkbox to enable the security device to cache the categorization of URLs. This reduces the overhead of accessing the CPA server each time the device receives a new request for previously requested URLs.
Cache Size: Enter a value between 500 - 1000K to specify the memory size of the categorization cache.
Cache Timeout: Enter a value between 1 - 24 to specify the number of hours the security device stores entries in the categorization cache.
Query Interval: Enter a value between 1 - 5 to specify the number of weeks at which the security device queries the SurfControl CPA server for categorization updates.
If connectivity to the server is lost: Select an action to perform if the connection to the SurfControl server is lost.
Block: Select this option to block all HTTP requests (configured for the policy) if the connection between the security device and the SurfControl server is lost.
Permit: Select this option to permit all HTTP requests (configured for the policy) if the connection between the security device and the SurfControl server is lost.
Click Apply to save the configuration.