How to block SnapChat using App Control Advanced and Client DPI-SSL
03/26/2020 339 12628
UTM: How to block SnapChat using App Control Advanced and Client DPI-SSL
SnapChat is a widely used app for exchanging photos, images, text and video. The nature of the application, and its popularity, makes SnapChat a potential network bandwidth hogger. SnapChat uses HTTPS to connect and exchange data. Because it is HTTPS and the traffic is encrypted, SnapChat traffic specifically cannot be blocked without SonicWall Client DPI-SSL. This KB article describes how to block SnapChat using App Control Advanced signatures with Client DPI-SSL enabled.
For blocking SnapChat without Client DPI-SSL, see UTM: How to block SnapChat using App Rules (Application Firewall).
1. Login to the SonicWallManagement GUI.
2. Navigate to the Firewall | App Control Advanced page. In Gen5 TZ devices this page is under Security Services | App Control
3. Check the box under Enable App Control and click on the Accept button at the top to enable App Control.
4. Under App Control Advanced | View Style, select SOCIAL NETWORKING under Category; select SnapChat under Application; select Signature under Viewed By to list the signatures available for SnapChat.
5. Click on the configure icon under SnapChat and select Enable under Block and Log:
6. Click on OK to save.
Enabling Client DPI-SSL
Note: Before enabling Client DPI-SSL, administrators must be aware that Client DPI-SSL will proxy all outgoing SSL connections. To this end, SonicWall will re-sign the SSL certificates passing to hosts. This will trigger certificate errors in the browsers. To avoid these errors, import the SonicWall DPI-SSL CA certificate as a trusted Root CA into the browser's (or the computer's) certificate store. For more information, see Distributing the Default SonicWall DPI-SSL CA certificate to client computers using Group Policy
1. Navigate to the DPI-SSL
| Client SSL
2. Enable check box Enable SSL Client Inspection
3. Enable check box Intrusion Prevention
4. Click on Accept
at the top to save the changes.
Enabling Application Control on zones
- Navigate to Network | Zones
- Click on the configure button under the zone where you want to enable App Control.
- Check Enable App Control Service.
- Click on OK to save.
The following log messages will be generated when clients are blocked trying to use the SnapChat app.