Define Advanced WebBlocker Options
To configure advanced WebBlocker options, in the WebBlocker Configuration dialog box select the Advanced tab.
WebBlocker Advanced tab in Fireware Web UI
WebBlocker Advanced tab in Policy Manager
You can enable your users to get access to content that is blocked by your WebBlocker settings. When you enable WebBlocker local override, if a user connects to a site that is denied by WebBlocker, the user is prompted to type the override password. When the user types the correct password, WebBlocker allows the user to get to the destination website until either the inactivity timeout is reached or until an authenticated user logs out. This feature operates only with HTTP proxy policies.
For information about how to use local override, see Use WebBlocker Local Override.
To enable local override for your users:
- In Fireware Web UI, select the Use this passphrase to enable WebBlocker local override check box.
In Policy Manager, select the Use this passphrase and inactivity timeout to control WebBlocker local override check box.
- In the Passphrase and Confirm text boxes, type the local override passphrase.
- In the Inactivity timeout text box, type or select an amount of time in minutes.
Change this setting to improve WebBlocker performance.
Select or type a number to change the number of entries in the cache.
The Cache Size setting applies to Fireware OS v11.6.x and lower. For information about how the cache size is set in Fireware OS v11.7 and higher, see About the WebBlocker Cache.
If the server can't be reached in (Fireware Web UI)
If your Firebox cannot connect to the WebBlocker server in (Policy Manager)
Set the number of seconds to try to connect to the server before the Firebox times out.
Select to send an alarm when the Firebox cannot connect to the WebBlocker Server and times out. To set parameters for the alarms, click the Alarm tab. For information about the settings on the Alarm tab, see Set Logging and Notification Preferences.
Log this action
Select to send a message to the log file if the Firebox times out.
Allow the user to view the website
Select if you want to allow the user to see the website if the Firebox times out and does not connect to the WebBlocker Server.
Deny access to the website
Select to deny access if the Firebox times out.
The Firebox attempts to reach the WebBlocker Server even when it is unavailable. If you allow web traffic when the server is unavailable, each user who sends a web request must wait for the number of seconds in the Server Timeout settings before the Firebox allows access to the website. When the Firebox can connect to the WebBlocker Server again, it starts to apply WebBlocker rules again.
In the The Default-WebBlocker action created by the Web Setup Wizard or Quick Setup Wizard, the Server Timeout is configured to allow connections if there is a server timeout. For more information, see Setup Wizard Default Policies and Settings.
To add or delete servers, or to change their order of priority, see Configure WebBlocker Servers.
The license bypass setting controls whether users on your network can get access to websites if WebBlocker is enabled and the WebBlocker security subscription expires.
From the When the WebBlocker license expires, access to all sites is drop-down box, select one of these options:
Select to block access to all websites when the WebBlocker license expires
Select to allow access to all websites when the WebBlocker license expires
By default, license bypass is configured to block access to all websites if the WebBlocker security subscription is expired. This is the most secure option if you must block your users from specific types of content.
In the The Default-WebBlocker action created by the Web Setup Wizard or Quick Setup Wizard, the License Bypass setting is configured to allow connections if the WebBlocker license expires. For more information, see Setup Wizard Default Policies and Settings.
For information about how to renew your security subscription see Renew Subscription Services.
Diagnostic Log Level
Override the diagnostic log level for proxy policies that use this WebBlocker action
To specify the diagnostic log level for all proxy polices that use this proxy action, select this check box. Then, from the Diagnostic log level for this WebBlocker action drop-down list, select a log level:
The log level you select overrides the diagnostic log level that is configured for all proxy policies that use this WebBlocker action.
For more information about the diagnostic log level, see Set the Diagnostic Log Level.