03/26/2020 1,218 People found this article helpful 455,462 Views
How to block Google play using CFS 3.0 (SonicOS 5.8.0 and above)
Feature/Application:
This KB article describes how to block play.google.com using SonicWall Content Filtering Service (CFS) 3.0. SonicWall CFS 3.0, which was introduced in SonicOS 5.8.0.0, uses HTTPS Content Filtering to block HTTPS sites. The CFS 3.0 implementation uses HTTPS Content Filtering to look up the host name from the Server Name extension in the SSL Client Hello message, if the browser supports SSL Server Name extension, or the Certificate Common Name (CN) in the Server Hello message.
However, this method will not work if 1) the browser does not support Server Name Extension in the Client Hello message 2) the Common Name (CN) in the Certificate message does not correspond to the host name being accessed. You could work around this problem by blocking those SSL / TLS versions not supporting Server Name extension. Refer this KB article to block SSL versions, UTM: How to Block SSL / TLS versions using Application Control Advanced (5.8 onwards). Alternatively, you could use DPI-SSL.
Procedure:
Enabling CFS on zones