- Products
- Network Security
- Threat Protection
- Secure Access Service Edge (SASE)
- Cloud Security
- Endpoint Security
- Email Security
- Secure Access
-
Wi-Fi 6 Access Points
SonicWall SonicWave 600 series access points provide always-on, always-secure connectivity for complex, multi-device environments.
Read More
- Solutions
- Industries
- Use Cases
- Solutions Widgets
- Solutions Content Widgets
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
- Solutions Image Widgets
-
- Partners
- SonicWall Partners
- Partner Resources
- Partner Widgets
- Custom HTML : Partners Content WIdgets
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
- Partners Image Widgets
-
- Support
- Support
- Resources
- Capture Labs
- Support Widget
- Custom HTML : Support Content WIdgets
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
- Support Image Widgets
-
- COMPANY
- PROMOTIONS
- MANAGED SERVICES
- Contact Sales
-
- Menu
- Solutions
- Solutions Widgets
- Solutions Image Widgets
-
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
-
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
-
- Support Widget
- Solutions
- Solutions Widgets
- Solutions Image Widgets
-
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
-
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
-
- Support Widget
SonicWall Management HTTPS traffic on non-standard port blocked by App Control Advanced
03/26/2020 
12 People found this article helpful
197,072 Views
Description
SonicWall Management HTTPS traffic on non-standard port blocked by App Control Advanced signature SID # 5, Encrypted Key Exchange -- TCP Random Encryption.
Resolution
When SonicWall HTTPS management is configured on a non-standard port (the default is the standard TCP port 443) and if the Application Control Advanced signature SID # 5 is enabled to block, attempting to login to a remote SonicWall management GUI over either WAN or VPN will be blocked.
SID # 5 is one of the critical signatures used to block traffic of such applications as UltraSurf, Skype or Emule. Due to the high importance of blocking such traffic, it is not recommended to disable this signature. Instead, we propose the following workaround of excluding the interface IP address of the destination SonicWall.
1. Login to the SonicWall Management GUI.
2. Navigate to the Network | Address Objects page.
3. Scroll down to the Address Objects section and click on Add.
4. Enter a name for the address object.
5. Set Zone Assignment as either WAN or VPN as the case maybe.
6. Set Type as Host
7. Under IP Address, enter the IP address of the destination SonicWall's interface.
8. Click on Add to save.
NOTE: If the appliance is to be managed over VPN, create an address object of zone type VPN with IP address of the X0 interface. If there are multiple SonicWall appliances, create an address object for each and add them to a group under Add Group.
1. Navigate to the Firewall | App Control Advanced page. In Gen5 TZ devices this page is under Security Services | App Control
2. Under App Control Advanced, enter 5 under Lookup Signature ID to open the Edit App Control Signature window.
3. Within this window, from the drop-down in Excluded IP Address Range, select the address object or address group created earlier.
4. Click on OK to save the changes.
Related Articles
- Bandwidth usage and tracking in SonicWall
- How to force an update of the Security Services Signatures from the Firewall GUI
- Configure Guest VLAN in the TZ firewall, for guest users to access Internet only.
Categories
- Firewalls > TZ Series
- Firewalls > SonicWall SuperMassive E10000 Series
- Firewalls > SonicWall SuperMassive 9000 Series
- Firewalls > SonicWall NSA Series
YES
NO