35
NOTE: If you wish to forbid or allow HTTPS domains, use of their IP address must be used in CFS. FQDN
does not work for HTTPS sites in the CFS Custom List. For example, I was able to forbid paypal.com with the
use of these 3 IP addresses. (This list may not be representative of all IPs for paypal)
Using the forbidden domains list doesn’t require the use of CFS categories. For example, if you wanted to
block myspace.com for the entire organization, or a given group, you would enter myspace.com into the
forbidden domains list. This is a simple effective way to systematically block domains for the whole
organization or a particular group.
Step 1: To configure CFS for specific groups/users Navigate to Local Groups or Local Users >
Configure > select Policies and edit the Default Policy. The default CFS policy should be the most
restrictive policy. When multiple policies are created, the most permissive, least restrictive policy wins
for any given user. For example, let’s assume we have a user named Joe. Joe is a member of the
Sales Group and the Marketing Group. The default CFS policy is set to restrict gambling. We’ve
created a CFS policy for the Sales Group that also restricts gambling. The Marketing Group policy
however does not restrict gambling. Because CFS is the most permissive, least restrictive, Joe will
be able to visit gambling sites. It is recommended you create custom policies that allow exceptions to
the default policy and then apply those policies to your respective groups/users.
Creating Custom CFS Policies
To create custom CFS policies first click Configure under the CFS main page.