How to block SSL / TLS Versions Using Application Control Advanced
07/10/2023 1,323 People found this article helpful 403,733 Views
Description
In certain deployments it may be required to block SSL or TLS connections by their versions. SonicWall App Control Advanced feature has signatures for blocking SSL / TLS versions. This article describes how to block SSL / TLS versions.
Resolution
Resolution for SonicOS 7.X
This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.
- Login to the SonicWall Management GUI.
- Navigate to Policies | Security Services | App Control | Status/Settings page.
- Enable the check box under Enable App Control and Accept.
- On Signatures tab, select PROTOCOLS under Category.
- From the drop down under Application, select SSL/TLS.
- Set Viewed by to Signature.
- Click on the Configure button on the SSL/TLS version to bring up the Edit App control signature window.
- Set Enable under Block and Log.
- Click OK to save the settings.
Enabling Application Control on Zones:
- Navigate to Objects |Match Objects | Zones.
- Click on Configure button on the Zone on where you want to enable Application Control.
- Enable Application Control Service.
- Click Save to save settings.
Resolution for SonicOS 6.5
This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.
- Login to the SonicWall Management GUI.
- Navigate to Manage | Rules| App Control page. In Gen5 TZ devices this page is under Security Services | App Control
- Check the box under Enable App Control and click on the Accept button at the top to enable App Control.
- Under App Control Advanced | View Style select PROTOCOLS under Category;
- From the drop-down under Application, select SSL.
- Set Viewed By to Signature.
- Click on the Configure button under the SSL / TLS version to bring up the Edit App Control Signature window.
- Select Enable under Block and Log.
- Click on OK to save the settings.
Enabling Application Control on zones
- Navigate to Manage | Network | Zones
- Click on the configure button under the zone where you want enable App Control.
- Check Enable App Control Service.
- Click on OK to save the settings.
When a host behind the SonicWall tries to negotiate a SSL connection using SSLv3 (in this example) it will be blocked and the following message will be logged in the SonicWall under Log | View.
Related Articles
Categories
Was This Article Helpful?
YESNO