How to block SnapChat using App Control Advanced and Client DPI-SSL
03/26/2020 
338 
11215
DESCRIPTION:
UTM: How to block SnapChat using App Control Advanced and Client DPI-SSL
RESOLUTION:
SnapChat is a widely used app for exchanging photos, images, text and video. The nature of the application, and its popularity, makes SnapChat a potential network bandwidth hogger. SnapChat uses HTTPS to connect and exchange data. Because it is HTTPS and the traffic is encrypted, SnapChat traffic specifically cannot be blocked without SonicWall Client DPI-SSL. This KB article describes how to block SnapChat using App Control Advanced signatures with Client DPI-SSL enabled.
For blocking SnapChat without Client DPI-SSL, see UTM: How to block SnapChat using App Rules (Application Firewall).
Procedure:
1. Login to the SonicWallManagement GUI.
2. Navigate to the Firewall | App Control Advanced page. In Gen5 TZ devices this page is under Security Services | App Control
3. Check the box under Enable App Control and click on the Accept button at the top to enable App Control.
4. Under App Control Advanced | View Style, select SOCIAL NETWORKING under Category; select SnapChat under Application; select Signature under Viewed By to list the signatures available for SnapChat.
5. Click on the configure icon under SnapChat and select Enable under Block and Log:
6. Click on OK to save.
Enabling Client DPI-SSL
Note: Before enabling Client DPI-SSL, administrators must be aware that Client DPI-SSL will proxy all outgoing SSL connections. To this end, SonicWall will re-sign the SSL certificates passing to hosts. This will trigger certificate errors in the browsers. To avoid these errors, import the SonicWall DPI-SSL CA certificate as a trusted Root CA into the browser's (or the computer's) certificate store. For more information, see Distributing the Default SonicWall DPI-SSL CA certificate to client computers using Group Policy
1. Navigate to the
DPI-SSL |
Client SSL page.
2. Enable check box
Enable SSL Client Inspection
3. Enable check box
Intrusion Prevention
4. Click on
Accept at the top to save the changes.
Enabling Application Control on zones
- Navigate to Network | Zones
- Click on the configure button under the zone where you want to enable App Control.
- Check Enable App Control Service.
- Click on OK to save.
Log Messages
The following log messages will be generated when clients are blocked trying to use the SnapChat app.
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Capture Security applianceAdvanced Threat Protection for modern threat landscape
Network Security ManagerModern Security Management for today’s security landscape
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
