App Control Signature ID 14191 (X-VPN -- HTTP Activity 2) blocks various websites

Description

Various Websites are inaccessible since the App Control Signature Database update on UTC 05/08/2019 16:19:40.000

Log shows: "Application Control Prevention Alert: PROXY-ACCESS X-VPN -- HTTP Activity 2, SID: 14191, AppID: 2083, CatID: 27"

Some of the affected websites include:

  • google.com
  • bing.com
  • wikipedia.com
  • skype.com
  • microsoft.com
  • whatsapp.com
  • office.com

Resolution

UPDATE May 9, 2019 - ISSUE SOLVED

The issue has been resolved and the Signature ID 14191 was removed from the X-VPN Application list.

 

To verify, go to MANAGE | Rules | App Control and ensure the App Signature Database Timestamp shows UTC 05/09/2019 04:51:29.000 or later. Otherwise click UPDATE button next to the DB Timestamp to trigger Database synchronization.

The issue was reported to the respective Team and a solution is being worked on. 

NOTE: The issue affects only customers who are blocking X-VPN Application in Proxy-Access Category of App Control

 

  1. Verify if the website is blocked due to the "App Control PROXY-ACCESS signature:  X-VPN -- HTTP Activity 2, SID: 14191, AppID: 2083, CatID: 27" by checking the affected website IP under INVESTIGATE | Log Events
  2. Temporarily disable the signature by setting Block: "Disable" and verify if access is restored. 

 

LogEvents_AppControlPrevention

 

See also:

How to Configure Application Control Advanced feature in SonicOS Enhanced?

How do I resolve drop code "Enforced Firewall Rule"?

Related Articles

  • How to block ICMP (Ping ) using Application control
    Read More
  • SonicWall GEN8 TZ and NSa Firewalls FAQ
    Read More
  • How to configure Link Aggregation
    Read More

Categories

Firewalls
NSa Series
Firewalls
SonicWall NSA Series
Firewalls
SonicWall SuperMassive 9000 Series
Firewalls
TZ Series
not finding your answers?
Ask the Community