03/26/2020 12 People found this article helpful 454,819 Views
SonicWall Management HTTPS traffic on non-standard port blocked by App Control Advanced signature SID # 5, Encrypted Key Exchange -- TCP Random Encryption.
When SonicWall HTTPS management is configured on a non-standard port (the default is the standard TCP port 443) and if the Application Control Advanced signature SID # 5 is enabled to block, attempting to login to a remote SonicWall management GUI over either WAN or VPN will be blocked.
1. Login to the SonicWall Management GUI.
2. Navigate to the Network | Address Objects page.
3. Scroll down to the Address Objects section and click on Add.
4. Enter a name for the address object.
5. Set Zone Assignment as either WAN or VPN as the case maybe.
6. Set Type as Host
7. Under IP Address, enter the IP address of the destination SonicWall's interface.
8. Click on Add to save.
NOTE: If the appliance is to be managed over VPN, create an address object of zone type VPN with IP address of the X0 interface. If there are multiple SonicWall appliances, create an address object for each and add them to a group under Add Group.
1. Navigate to the Firewall | App Control Advanced page. In Gen5 TZ devices this page is under Security Services | App Control
2. Under App Control Advanced, enter 5 under Lookup Signature ID to open the Edit App Control Signature window.
3. Within this window, from the drop-down in Excluded IP Address Range, select the address object or address group created earlier.
4. Click on OK to save the changes.