A Walled Garden is a web filtering setup that restricts a specific group of users to access only a limited set of domains or websites. Unlike the usual approach, where most content is accessible by default and only restricted when needed, a Walled Garden blocks everything except selected domains for a subset of your users. For example:
- Exam conditions: Create a temporary block that restricts access to all but a few domains, such as examination software, during exam hours, only for the students taking the exams.
- Location-specific filtering: Set up a Location containing machines that can access only certain categories or sites for a specific purpose.
Important
Don’t use the Walled Garden method exclusively across your whole organisation. You should use it only for specific scenarios, in addition to a set of policies that follow the usual filtering approach. This is because:
- It results in overblocking.
- If a website domain is explicitly allowed through Web Filter policies and is compromised to display inappropriate content, it won’t be blocked.
Before you begin
Prepare your policy items
Just like any set of Web Filter policies, you’ll need to identify:
- Who the policies apply to, identified by their User Group or as individual users.
Note
Policies for individual users can only be set up in On-Premise Appliance, but are synced to Cloud Filter and applied using Cloud Filter Extension, Smoothwall Browser or Android Filter App.
- Where the policy applies, based on Location.
- When the policy will be active, based on Time slots.
You’ll also need a list of what content the users should be allowed to access while the Walled Garden applies. You can:
- Create a Custom Category that contains the domains they will require access to.
- Create a Category Group that contains the allowed categories.
- Use a combination of both.
(On-Premise Appliance only) HTTPS Inspection
Set up HTTPS Inspection for the allowed category or category group.
(On-Premise Appliance only) Authentication Exceptions
Content in the Authentication Exceptions list is not subject to Web Filter Policies specific to certain groups, so users may be able to access content they shouldn’t. Consider whether Authentication Exceptions are needed.
If you are sure they are needed, you can set up Authentication Exceptions.
Create your Walled Garden Web Filter Policies
Create two Web Filter policies within a Policy folder, so the policies are kept together and can be switched on or off as required.
- A policy to Allow the content that is permitted in the What field.
Note
Alternatively, you can set up Do Not Filter policies in On-Premise Appliance. These policies sync to Cloud Filter and are treated as Allow by the Agents and Extensions.
- A policy to Block the Everything category in the What field. Order this below your Allow policy.
Image 1: Example setup in On-Premise Appliance.
Image 2: Example setup in Cloud Filter.