Using Application Firewall to block HTTPS sites with certificate common name (CN)

Description

This article describes how to block secure sites such as https://www.facebook.com using the Common Name (CN) in the certificate.

Resolution

  • Begin with navigating to Application Firewall | Application Objects. 
  • You will be adding what is seen in red; first you must click on “Add New Object” 
  • When you are adding your object, name the object something that is relative to what you are blocking.  

NOTE: For HTTPS sites you will need to gather the common name associated to the HTTPS site. This means you’ll need to view the certificate and gather its CN.

  • Make sure the application object is a custom object and the content that you associate to this object is the common name just as it’s seen on the certificate.  Also the custom object match type must be an exact match.  Once you have entered all appropriate information for each field click OK.
  • Next, add the policy. This will create the rule to enforce the object you just entered. Under the Application Firewall menu click on Policies and click “Add New Policy”.
  • The key fields here are as follows:

Source Service: HTTPS
Application Object: FB Common Name (The object created earlier in this document)
Action: Reset/Drop
Connection Side: Server Side
Direction: Basic/Incoming

At this point all other fields can be modified for more specified action.

If you have issues be sure to clear cache, cookies and all offline content. Close your browser and test once more.

 

Related Articles

  • SonicOS 8.1.0 FAQ
    Read More
  • SonicWall GEN8 TZs and GEN8 NSas Settings Migration
    Read More
  • Getting started with SonicWall firewalls
    Read More

Categories

Firewalls
SonicWall NSA Series
Firewalls
SonicWall SuperMassive 9000 Series
Firewalls
SonicWall SuperMassive E10000 Series
Firewalls
TZ Series
not finding your answers?
Ask the Community