How to block OpenDoor proxy using App Rules and Client DPI-SSL
03/26/2020 336 10280
OpenDoor is a proxy application for Apple iPad, iPhone and iPod. OpenDoor allows users to bypass firewall restrictions and browse the internet freely. It is a browser based proxy using HTTPS to establish connections.
This article describes how to block OpenDoor using App Rules (Application Firewall) with Client DPI-SSL enabled.
Here's how to block OpenDoor using App Rules:
- Go to Firewall | Match Objects.
- Click on Add New Match Object to open the Add/Edit Match Object window.
- Under Object Name, enter a name for this Match Object.
- Under Match Object Type, select Custom Object from the drop-down.
- Set Match Type to Exact Match (default).
- Set Input Representation to Hexadecimal.
- Enter the following hexadecimal values under Content and click on Add after each value:
- 6170690b637269747465726369736d03636f6d (hex for api.crittercism.com)
- 6F70656E646F6F72 (hex for opendoor)
- 637269747465726369736d2e636f6d (hex for crittercism.com)
- 6f70656e646f6f726170702e636f6d ((hex for opendoorapp.com)
- Click OK to save.
- Navigate to the Firewall | App Rules page and create the following App Rule referencing the above Match Object. Make sure Connection Side and Direction are set to Both.
- On the App Rules page enable check box Enable App Rules.
Enabling Client DPI-SSL
Note: Before enabling Client DPI-SSL, administrators must be aware that Client DPI-SSL will proxy all outgoing SSL connections. To this end, SonicWall will re-sign the SSL certificates passing to hosts. This in turn will trigger certificate errors in the browsers. To avoid these errors, import the SonicWall DPI-SSL CA certificate as a trusted Root CA into the browser's (or the computer's) certificate store. For more information, see: Distributing the Default SonicWall DPI-SSL CA certificate to client computers using Group Policy
- Navigate to the DPI-SSL | Client SSL page.
- Enable check box Enable SSL Client Inspection.
- Enable check box Intrusion Prevention.
- Click on Accept at the top to save the changes.
Test by accessing a website in the OpenDoor browser.