VIDEO: How to block web browsers like (IE, Google Chrome, Firefox, etc) using Application Firewall
03/26/2020 9 10960
VIDEO: How to block web browsers like (IE, Google Chrome, Firefox, etc) using Application Firewall feature
Firmware/Software Version: 5.8 and above
Video Tutorial: Click here for the video tutorial of this topic.
This article describes how the Application Firewall feature in the Sonicwall UTM appliance is used to block Browsers. Application Firewall blocks browser like Internet Explorer (MSIE), Firefox, Netscape. An application object that allows enumeration of the various textual strings that can be used to match the name various browsers use to identify themselves. This information is contained in the User-Agent header of an HTTP GET request.
Please Note: To block HTTPS traffic you need to use the DPI-SSL feature (available on firmware: SonicOS 5.6 and above)
1. Login to the Sonicwall Management interface.
2. Navigate to the Application Firewall > Enable "Application Firewall" > Go to Application Objects page.
3. Click on the Add New Object button to create an Application Object with the following properties:
Object Name: Browse
Application Object Type: Web Browser
Browser: Select the browsers to be allowed / blocked and click “Add”
Enable Negative Matching: Enabling Negative Matching for an application object and then using such object in a policy would create a policy that will perform a specified action based on absence of the content specified in the application object. In our case, we allow MSIE, Firefox,
Netscape and block Google Chrome. so, Negative Matching is "Enabled"
1. Navigate to the Application Firewall > Policies page.
2. Check the Enable Application Firewall box.
3. Click on the Add New Policy button
4. In the Application Firewall Policy Settings window enter the following:
Policy Name: Block Chrome
Policy Type: HTTP Client
Address Source: Any
Address Destination: Any
Service Source: Any
Service Destination: HTTP
Exclusion Address: None
Application Object: Browser (select the Application Object created earlier)
Users/Groups Included: All
Users/Groups Excluded: None
Schedule: Always on
Enable Logging: Checked
Log individual object content: Unchecked
Log Redundancy Filter: Use Global Settings checked
Connection Side: Client Side
Direction (Basic): Both
Click on OK to save.
How to Test:
Open the chrome browser and try accessing HTTP/HTTPS site. A “This webpage is not available / the page cannot be displayed” error will be displayed on the browser.
The related log message: