How to mitigate DoS and DDoS Attacks towards SMA Appliances

Description

This article explains some of the configuration steps you may take to reduce the impact of DoS and DDoS attacks towards the SMA appliance.

Please note that these types of attacks may vary and this guide is intended to provide just some common steps to reduce the attack surface.

CAUTION: It’s very important that a firewall is placed in front of the SMA appliance and act as a filter for such attacks as recommended in our deployment guides.

 

Image

Resolution

Below a few basic steps to protect SMA using WAF policy/rules.

  • Create Rule Chains:

    Image 

  • Locking AD account by unknown user brute force: Enable the following option on the SMA to only allow the login of the listed user.
    Image
  • Virtual Office Portals: if the attacker is trying to flood with requests on each domain with the same unknown user, we recommend  to hide the domain list on the portal login page, so the attackers cannot fetch the available domains on the appliance therefore reducing the attack surface and success rate

    Image

 

Other possible steps:


If you still have any other behaviors or symptoms, please share more details along with TSR for further review.

There are two ways to contact technical support:

1. Online: Visit mysonicwall.com. Once logged in select Resources & Support | Support | Create Case. 

2. By phone: please use our toll-free number at 1-888-793-2830. Please have your SonicWall serial number available to create a new support case.

If you do not have a mysonicwall.com account create one for free!

 

Related Articles

  • SMA 1000 Series Support Matrix
    Read More
  • How to Configure SAML 2.0 SSO with Microsoft Entra ID for SonicWall SMA 1000 Series
    Read More
  • End of sale "SMA, SonicWall Switch, and Sonicwave" product for India.
    Read More

Categories

Secure Mobile Access
SMA 100 Series
Configuration
Secure Mobile Access
SMA 100 Series
Vulnerabilities
not finding your answers?
Ask the Community
Chat