[ZyWALL/USG] How to add a list of Trusted/Forbidden website to Content Filter Security Firewalls icon

Avatar
Matt
  • Updated

This guide will cover adding websites to the content filter trusted or forbidden sites list.

Overview

The content filter feature on ZLD devices allows administrators (in business environment) or parents (in home environment) using a ZyWALL/USG appliance, to control the web content their employees or family members can access.  For users who do not have a content filter license registered for the ZyWALL/USG appliance, a Black/White list (Trusted/Forbidden) can be created to block certain websites or only allow certain websites to be accessed.  1024 common forbidden sites and 1024 common trusted sites can be configured on the appliance.  Doing this through the WebUI can be a tedious task and may require more steps than entering via CLI or creating a shell script file.

Supported Devices

ZyWALL 110
ZyWALL 310
ZyWALL 1100
USG40/40W
USG60/60W
USG110
USG210
USG310
USG1100
USG1900
USG20-VPN
USG20W-VPN
USG2200-VPN

CLI Method

Open a terminal connection using SSH/Telnet/Serial.  Enter your admin user credentials and do the following:

  1. Enter the configuration mode by typing "configure terminal" and hit Enter/Return key.
  2. From the configuration terminal type "content-filter common-list <trust|forbid>" and hit the Enter/Return key.  (ex:  For this example we will be configuring a forbidden websites list so the command will look like this, "content-filter common-list forbid")
  3. Now we can begin to enter the forbidden websites.  Enter the domain name and hit the Enter/Return key to add.  Repeat the process until all site domains are added.
  4. Type "exit" to close the content filter forbidden common list.
  5. Type "exit" once more to close the configuration terminal.
  6. Type "write" to force save the configuration file.
  7. Type "exit" once more to end the CLI session.
    cf-trusted-forbidden-website-list-cli.001.png

Shell Script Method

To create a script that can be uploaded to the ZLD appliance open Notepad, WordPad, TextEdit, etc. on your computer.  Once the editor program is open type the following:

  1. Start by entering the configuration terminal.
    configure terminal
  2. Access the content filter common list.
    content-filter common-list forbid
  3. Enter the domains.
    google.com
    bing.com
    yahoo.com
    duckduckgo.com
  4. Exit the common list.
    exit
  5. Exit the configurator.
    exit
  6. Save the document using ZYSH extension.  (ex: cf_forbid_list.zysh)
    cf-trusted-forbidden-website-list-cli.002.png
  7. Upload the "*.zysh" file to the ZyWALL/USG.  File needs to be uploaded to the Shell Script menu by doing the following:

    Via WebUI

    • Access the WebUI and enter admin credentials.
    • Go to menu, Maintenance(maintenance_on.png) → File Manager and select the Shell Script tab.
    • Under the "Upload Shell Script" option click the Browse button.
    • From the browse window, find the *.zysh file, select the file and click Open.
    • Click the Upload button.

    Via FTP

    • Open Command Prompt or PowerShell on Windows, Terminal on macOS and Linux.
    • Type "ftp" and hit the Enter/Return key.
    • Type "open" and hit the Enter/Return key.
    • Type the ZyWALL/USG management IP address and hit Enter/Return key.
    • Enter your administrative credentials.
    • Type "bin" and hit the Enter/Return key.
    • Type "cd script" to access the script directory and hit the Enter/Return key.
    • Type "put <file_path>" to upload the file into the script directory and hit the Enter/Return key.
      (Note:  If you are unsure of the exact file path for the "*.zyzh" file, click and drag the file to the prompt window, this will enter the full path automatically.)
    • Once the file is uploaded type "disconnect" to terminate the FTP session and hit the Enter/Return key.
    • Type "bye" to exit the FTP program/protocol and hit the Enter/Return key.
    • Now that you are back to the regular prompt, close the window or type "exit" and hit the Enter/Return key to close out the program.
      cf-trusted-forbidden-website-list-cli.003.png
  8. Apply the "*.zysh" script file.

    Via WebUI

    • Access the WebUI and enter admin credentials.
    • Go to menu, Maintenance(maintenance_on.png) → File Manager and select the Shell Script tab.
    • Select the "*.zysh" file that was just uploaded.
    • Click the Apply button at the top of the list to run the script.
    • A warning window will appear letting you know that the script may take a while to apply depending on the length of command(s).  Click Yes to continue running the script.
      cf-trusted-forbidden-website-list-cli.004.png

    Via SSH/Telnet/Serial

    • Open a terminal connection and enter administrative credentials.
    • Type "run /script/*.zysh" (where *.zysh is the name of the shell script file) and hit the Enter/Return key.
      cf-trusted-forbidden-website-list-cli.005.png

Related articles

Comments

0 comments

Please sign in to leave a comment.