How to restrict the web access based on a passphrase action in CFS 4.0 (New as of 04/2019)

DPI-SSL is required as enabled (which is free) for this feature to work, however ALERT - be aware of latency metric for DPI-SSL and requirement of (root certificate deployment for every browser in use within the trusted LAN) before using this feature.

How to restrict the web access based on a passphrase action in CFS 4.0

05/15/2019 1343 7018


CFS 4.0 in SonicOS 6.2 introduces a new restrict action, which named Passphrase, to restrict the web access other than just block. Once Passphrase action has been selected, the web will be redirected to a passphrase page after user attempts to access the specified website. In this page users should submit the preset password to continue the web browsing.

If the password is correct, the web access will be allowed. Otherwise it will be blocked with a block page sending to client.
If the user didn’t enter a correct password the first time, then the passphrase page will be sent to client again for requiring password the second time. Currently, client users have 3 opportunities to enter their passwords, this means the site will be blocked if user tries his password 3 times and the passwords are all wrong.
If client users don’t know the password, they can click ‘Cancel’ button to skip entering the password. In this case, this site will be blocked immediately.


To create the CFS Objects(except Action/profile objects) and policies please refer to:
How to block HTTPS (SSL) sites using SonicWall DPI-SSL and Content Filter Service (CFS 4.0)

To configure the Passphrase action, follow the steps below:

Step 1, Go to Firewall | Content Filter Objects | CFS Profile Objects

Step 2, Click Add to create a new action object(or Edit the CFS Default Action), set the password as below:

Step 2, Click Add to create a profile objects, here a block_bing profile object created for instance.

Step 3, If the websites are in the predefined URI:

Under URI LIst Configuration , In the pull-down menu of Operation for Forbidden URI list , select Passphrase .

If the websites are in the category:

Under Category Configuration , in the pull-down menu of Search Engines and Portals , select Passphrase .

Step 4, Click OK .

How to Test:

Open a web browser and enter
A CFS Passphrase page will appear as under. {If this is being done from the same computer as the one which is logged into the SonicWall Management GUI, make sure you are logged out before testing.}

If the password is correct, you will be allowed to access

If the password is incorrect or users click Cancel , you will be forbidden to access and block page will display as below:

Log View:


Curated by Liquid Layer Networks

At Liquid Layer Web Hosting [], we’ve made a shared web hosting platform that’s both feature-rich and easy to make use of. Our programmers have built up a custom Linux cloud web hosting platform plus an innovative Control Panel that perfectly takes advantage of its capabilities. After long hours of programming and bug fixing on our end, we are now capable to guarantee that all of our shared web hosting services are safe, virus-free, full of capabilities and very easy-to-work-with. In addition, they feature 99.9% server uptime as well as 99.9% network uptime warranties.

Powered by:

HostCheetah Networks
Global Web Hosting, Domain Registration, and Internet Services |

PC Helper | Est 1996 - Web Hosting | US, AU, UK, Finland, Bulgaria | :sunglasses: