- Products
- Network Security
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
Capture ATPMulti-engine advanced threat detection
Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
- Email Security
Email SecurityProtect against today’s advanced email threats
- Cloud Security
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
- Products
- Network Security
- Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
- Security ServicesComprehensive security for your network security solution
- Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
- Capture ATPMulti-engine advanced threat detection
- Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
- Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
- Secure Mobile AccessRemote, best-in-class, secure access
- Wireless Access PointsEasy to manage, fast and secure Wi-FI
- SwitchesHigh-speed network switching for business connectivity
- Email Security
- Email SecurityProtect against today’s advanced email threats
- Cloud Security
- Cloud App SecurityVisibility and security for Cloud Apps
- Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
- Capture ClientStop advanced threats and rollback the damage caused by malware
- Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
SonicWall Management HTTPS traffic on non-standard port blocked by App Control Advanced
03/26/2020 
12 People found this article helpful
44,565 Views
Description
SonicWall Management HTTPS traffic on non-standard port blocked by App Control Advanced signature SID # 5, Encrypted Key Exchange -- TCP Random Encryption.
Resolution
When SonicWall HTTPS management is configured on a non-standard port (the default is the standard TCP port 443) and if the Application Control Advanced signature SID # 5 is enabled to block, attempting to login to a remote SonicWall management GUI over either WAN or VPN will be blocked.
SID # 5 is one of the critical signatures used to block traffic of such applications as UltraSurf, Skype or Emule. Due to the high importance of blocking such traffic, it is not recommended to disable this signature. Instead, we propose the following workaround of excluding the interface IP address of the destination SonicWall.
1. Login to the SonicWall Management GUI.
2. Navigate to the Network | Address Objects page.
3. Scroll down to the Address Objects section and click on Add.
4. Enter a name for the address object.
5. Set Zone Assignment as either WAN or VPN as the case maybe.
6. Set Type as Host
7. Under IP Address, enter the IP address of the destination SonicWall's interface.
8. Click on Add to save.
NOTE: If the appliance is to be managed over VPN, create an address object of zone type VPN with IP address of the X0 interface. If there are multiple SonicWall appliances, create an address object for each and add them to a group under Add Group.
1. Navigate to the Firewall | App Control Advanced page. In Gen5 TZ devices this page is under Security Services | App Control
2. Under App Control Advanced, enter 5 under Lookup Signature ID to open the Edit App Control Signature window.
3. Within this window, from the drop-down in Excluded IP Address Range, select the address object or address group created earlier.
4. Click on OK to save the changes.
Related Articles
- How to Create Gen 7 Settings File by Using the Online Migration Tool
- DNS Resolution of Wildcard FQDN Address Objects
- All associated wildcard FQDN IP addresses do not display in the web browser
Categories
- Firewalls > TZ Series
- Firewalls > SonicWall SuperMassive E10000 Series
- Firewalls > SonicWall SuperMassive 9000 Series
- Firewalls > SonicWall NSA Series
YES
NO