- Products
- Network Security
- Threat Protection
- Secure Access Service Edge (SASE)
- Cloud Security
- Endpoint Security
- Email Security
- Secure Access
-
Wi-Fi 6 Access Points
SonicWall SonicWave 600 series access points provide always-on, always-secure connectivity for complex, multi-device environments.
Read More
- Solutions
- Industries
- Use Cases
- Solutions Widgets
- Solutions Content Widgets
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
- Solutions Image Widgets
-
- Partners
- SonicWall Partners
- Partner Resources
- Partner Widgets
- Custom HTML : Partners Content WIdgets
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
- Partners Image Widgets
-
- Support
- Support
- Resources
- Capture Labs
- Support Widget
- Custom HTML : Support Content WIdgets
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
- Support Image Widgets
-
- COMPANY
- PROMOTIONS
- MANAGED SERVICES
- Contact Sales
-
- Menu
- Solutions
- Solutions Widgets
- Solutions Image Widgets
-
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
-
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
-
- Support Widget
- Solutions
- Solutions Widgets
- Solutions Image Widgets
-
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
-
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
-
- Support Widget
How to Block Transmission of Credit Card and Social Security Numbers Over Email
03/26/2020 
9 People found this article helpful
198,404 Views
Description
Reassembly-Free Regular Expressions for DPI Engine
Starting with SonicOS 5.9, SonicWall has added reassembly-free regular expression functionality to the SonicWall Reassembly-Free Deep Packet Inspection (RF-DPI) engine. This proprietary implementation of regular expression matching does not require any buffering of the input content and works across packet boundaries. Users can now apply regular expressions to match objects in App Rules and use them across all currently supported application protocols and policy types. SonicWall supports perl-compatible regular expressions syntax. A few typical regular expression features are not supported: In this release SonicWall does not support back-references and does not provide substitution or translation functionality since regular expressions are used only for inspection of network traffic—not for modifying any part of the traffic.
The following predefined regular expressions are available in match objects:
- VISA CC
- US SSN
- CANADIAN SIN
- ABA ROUTING NUMBER
- AMEX CC
- MASTERCARD CC
- DISCOVER CC
This article describes how to configure these predefined regular expressions to block transmission of Credit Card and Social Security numbers over SMTP and POP3.
Resolution
Block outbound mail (SMTP) containing credit card numbers, social security numbers and ABA routing numbers.
- Login to the SonicWall management GUI
- Navigate to the Manage | Objects | Match Objects
- Click on Add New Match Object.
- In the Add/Edit Match Object window, enter the following:
- Name: Specify a name for this match object
- Match Object Type: File Content
- Match Type: Regex Match. Note: The pre-defined regular expression list will be displayed only on selecting Regex Match as Match Type,
- Select any of the following from the Pre-defined Regular Expression drop-down list and click on Pick.
- VISA CC
- US SSN
- CANADIAN SIN
- ABA ROUTING NUMBER
- AMEX CC
- MASTERCARD CC
- DISCOVER CC
- For the purpose of this article we select VISA CC
- Click on OK to save.
Note: Match object type File Content can only be used in App Rule policies with App Rule Policy Type of SMTP Client, FTP Data Transfer
Navigate to the Manage | Rules | App Rules page.
Click on Add New Policy and create the following App Rule policy:
- Policy Type: SMTP Client
- Service Destination: SMTP
- Match Object: PII
- Action Object: Reset/Drop
- Direction: Both
Block inbound mail (POP3) containing credit card numbers, social security numbers and ABA routing numbers.
- Navigate to the Manage | Objects |Match Objects
- Click on Add New Match Object.
- In the Add/Edit Match Object window, enter the following:
- Name: Specify a name for this match object
- Match Object Type: Email Body
- Match Type: Regex Match. Note: The pre-defined regular expression list will be displayed only on selecting Regex Match as Match Type,
- Select any of the following from the Pre-defined Regular Expression drop-down list and click on Pick.
- VISA CC
- US SSN
- CANADIAN SIN
- ABA ROUTING NUMBER
- AMEX CC
- MASTERCARD CC
- DISCOVER CC
- For the purpose of this article we select VISA CC
- Click on OK to save.
Navigate to te Manage |Rules | App Rules page.
Click on Add New Policy and create the following App Rule policy:
- Policy Type: POP3 Server
- Service: POP3 (Retrieve E-Mail)
- Match Object: Visa
- Action Object: Reset/Drop
- Connection Side: Server Side
Related Articles
- Bandwidth usage and tracking in SonicWall
- How to force an update of the Security Services Signatures from the Firewall GUI
- Configure Guest VLAN in the TZ firewall, for guest users to access Internet only.
Categories
- Firewalls > NSa Series > Application Firewall
- Firewalls > NSv Series > Application Firewall
- Firewalls > TZ Series > Application Firewall
YES
NO