SMA WAF Signature Update Affecting ActiveSync Connections

First Published:02/09/2018 Last Updated:12/20/2019

On February 8, 2018, a SMA WAF signature update was pushed to all customers that have enabled WAF on the SonicWall Secure Mobile Access appliance. This is a typical occurrence, however, two signatures displayed a negative impact on ActiveSync connections, commonly associated with webmail. Upon discovery, SonicWall initiated the process to retract the update until the offending signatures have been corrected. If you are negatively impacted by this update please perform the provided workaround until the signatures are automatically corrected:

Navigate to the SMA appliance and click Web Application Firewall | Signatures- search and locate 9008 & 1603.

  • 9008 : Cross-site Scripting (XSS) Attack (HIGH)
  • 1603 : Bash Code Injection (MEDIUM)

Disable both signatures and confirm ActiveSync connections are restored.

We apologize for any inconvenience this may have caused and are working hard to prevent this from happening in the future.