How to Block SSLv3.0 (SSL version 3.0) connections using App Control Advanced

This KB article describes how to block SSL/TLS connections using App Control Advanced when negotiating with the SSLv3.0 protocol .

Resolution for SonicOS 7.X

This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.

Note: This solution does not block connections made to the SonicWall management interface or UTM SSL VPN.

• Login to the SonicWall Management GUI.

• Navigate to the Policy | Security Services | App Control page. 

• Check the box under Enable App Control and click on the Accept button at the top to enable App Control.

• Under Application Control | View Style, select PROTOCOLS under Category.

• Select SSL under Application

• Set View Style to Signatures to list all the signatures available under this Application

• Click on the configure icon under SSLv3.0

• In the Edit App Control Signature window, select Enable under Block and Log.

• Click OK to save.

Enabling Application Control on zones

• Navigate to Object | Zones

• Click on the configure button under the zone where you want to enable App Control.

• Check Enable App Control Service.

• Click OK to save.

Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.

NOTE: This solution does not block connections made to the SonicWall management interface or UTM SSL VPN.

• Login to the SonicWall Management GUI.

• Navigate to the Manage | Rules | Advanced Application Control page. 

• Check the box under Enable App Control and click on the Accept button at the top to enable App Control.

• Under Advanced Application Control | View Style, select PROTOCOLS under Category.

• Select SSL under Application

• Set View Style to Signatures to list all the signatures available under this Application
  

• Click on the configure icon under SSLv3.0

• In the Edit App Control Signature window, select Enable under Block and Log.

• Click OK to save.

• 

Enabling Application Control on zones

• Navigate to Manage | Network | Zones

• Click on the configure button under the zone where you want to enable App Control.

• Check Enable App Control Service.

• Click OK to save.

• 

Resolution for SonicOS 6.2 and Below

The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.

NOTE: This solution does not block connections made to the SonicWall management interface or UTM SSL VPN.

• Login to the SonicWall Management GUI.

• Navigate to the Firewall | App Control Advanced page. (In Gen5 TZ devices this page is under Security Services | App Control)

• Check the box under Enable App Control and click on the Accept button at the top to enable App Control.

• Under App Control Advanced | View Style, select PROTOCOLS under Category.

• Select SSL under Application

• Set View Style to Signatures to list all the signatures available under this Application.
  

• Click on the configure icon under SSLv3.0

• In the Edit App Control Signature window, select Enable under Block and Log.

• Click OK to save.
  

Enabling Application Control on zones

• Navigate to Network | Zones

• Click on the configure button under the zone where you want to enable App Control.

• Check Enable App Control Service.

• Click OK to save.