undesirable sites are actually our main tools - how to reclassify?
Nov 30, 2016 12:48PM PST
Sites we use everyday such as Office365.com, Microsoft.com, Sharepoint.com etc are showing as 'allowed undesirable sites' when they are in fact indicators of productivty. I can't see where/how I can change/reclassify these?
SonicWALL is doing the classification of websites into categories, and Fastvue Reporter for SonicWALL is grouping those categories into Productive, Unproductive, Acceptable and Unacceptable. You can configure this in *Settings | Productivity*.
But first you'll need to find out what category SonicWALL is classifying these sites as. To do this: 1. Go to *Reports* and click *Overview Report* 2. Select yesterday as the date range and click OK 3. When the report finishes, go to the *Productivity | Unproductive Browsing By Site* section. Here you should the sites you mention. 4. Click the 'Clean (off)' button above the list of sites. Here you'll see the Category for each website.
If you consider the categories to be acceptable and/or productive, simply head to *Settings | Productivity* and drag/drop them into the correct list, then click *Save Productivity Settings* in the top right corner.
If you believe the sites have been incorrectly categorised, follow the steps in this SonicWALL's KB article to categorize your site domains into one of SonicWALL's existing categories such as 'Business and Economy': https://support.software.dell.com/kb/sw8623
This could be dropped or forbidden traffic that is not making it into SonicWALL's CFS feature, so SonicWALL is not categorising it.
Also, CFS works on the entire URL, not just the domain, so perhaps CFS is having a hard time on a specific Microsoft URL.
Can you: 1. Go to *Reports* and select *Activity Report* 2. Enter the following filter: Origin Domain 'Equal to' microsoft.com AND Category 'Equal to' Not Rated 3. Select today as the date range (or yesterday) and click Run Report 4. The report will show all user sessions to to Microsoft.com where the Category is Not Rated. Click the rows in the report to show full URL details, including the SonicWALL 'Action' (Dropped, Allowed, Blocked etc).
You can then check the 'full url' against SonicWALL's CFS database.
If you're interested in the differences between dropped, forbidden and blocked firewall actions, see: http://sonicwall.fastvue.co/customer/en/portal/articles/2655264-what-is-the-difference-between-blocked-dropped-and-forbidden-actions-
If the Activity Report is blank, then this means it is all non-web traffic, and the IP addresses in the firewall connection have resolved to microsoft.com. This traffic is not going through CFS.
If you determine that this is not traffic you want to see in your Overview Reports, then you can filter it out in a variety of ways. Here's some filters you might want to consider: *Action* 'Equal to' Allowed, Blocked (hopefully just includes web traffic going through CFS) ... *Category* 'Not equal to' Not Rated (removes everything that CFS failed to categorise, including non-web traffic) ... *Event Message* 'Equal to' #Web site hit (removes just non-web traffic)