How to Block Uploads From an Application
How can I block FTP / HTTP file downloads and upload using Application Control Avant-garde?
12/twenty/2019 60 People found this article helpful 89,991 Views
Description
The application signature databases that were previously included with SonicWall Intrusion Prevention Service (IPS) are now role of the Awarding Command feature. These signature databases are used to protect users from awarding vulnerabilities as well equally worms, Trojans, peer-to-peer transfers, spyware and backdoor exploits. The extensible signature language used in SonicWall's deep packet inspection engine as well provides proactive defense force against newly discovered application and protocol vulnerabilities.
The configuration method on the Firewall | App Control Advanced page (In Gen5 TZ Series it's on the Security Services | App Control Advanced page) allows granular control of specific categories, applications, or signatures. This includes granular logging control, granular inclusion and exclusion of users, groups, or IP address ranges, and schedule configuration. The settings here are global policies and independent from any custom App Rules policy.
This article describes the method to block downloads of file-types like Executables, Archives, Documents, Database files, Images, Stream using HTTP or FTP. The file-type signatures are grouped under the categories FILE-TYPES-HTTP (Category ID 72) and FILE-TYPES-FTP (Category ID 73). The principal purpose of these signatures is to provide Truthful-File Blazon detection based on a file's contents rather than relying on the provided file extension or MIME type.This solution would exist applicable to webmail downloads if using FILE-TYPES-HTTP.
Resolution
- Login to the SonicWall management GUI.
- Navigate to the Firewall | App Control Advanced folio.
- Bank check the box under Enable App Control and clickTake at the top of the page.
- Under View Style: Category, select FILE-TYPES-HTTP or select FILE-TYPES-FTP.
- Under Awarding, select the file-type that y'all desire to block. The following file-types are available.
- ArchiveDatabase File
- Certificate
- Executable
- Image
- Stream
You can block using the following methods:
- Block the awarding category FILE-TYPES-HTTP or FILE-TYPES-FTP.
- Cake individual file-types (eg. executables, archives, documents etc).
- Block individual signatures (eg. exe, pdf etc).
The ensuing sections illustrate each of the above methods.
Cake the application category FILE-TYPES-HTTP or FILE-TYPES-FTP
- Under View Manner: Category, select FILE-TYPES-HTTP or select FILE-TYPES-FTP.
- Click Configure button to bring upward the Edit App Control Category window.
- Select Enable under Block.
- Select Enable under Log.
- ClickOK .
Cake individual file-types (eg. executables, athenaeum, documents etc)
- Under View Manner: Category, select FILE-TYPES-HTTP or select FILE-TYPES-FTP.
- Nether Application select the file-blazon you lot wish to cake (Executable in this example) .
- Click Configure push button to bring up the Edit App Control App window.
- Select Enable under Block.
- Select Enable under Log.
- ClickOK .
Select other file-types to block multiple file-types.
Cake private signatures (eg. exe, pdf etc)
- Under View Style: Category, select FILE-TYPES-HTTP or select FILE-TYPES-FTP.
- Under Application select the file-type you wish to block (Executable in this example) .
- Under Viewed Past, select Signature to listing all the signatures under the file-type selected.
- Click Configure button on whatever of the signatures listed to bring up the Edit App Control Signature window ( PE/COFF four (HTTP Download) in this Example).
- Select Enable under Block.
- Select Enable nether Log.
- ClickOK.
Select other signatures to block multiple signatures.
Log Letters
When hosts behind the SonicWall try to download a file marked for blocking, they volition go blocked and the following letters volition be logged:
Note: This noesis base article is applicative for HTTP/FTP file uploads as well.
Related Articles
- Best practices for administrator managing SonicWall Firewall Appliances
- How to configure failover when at that place are two or more than WAN Interfaces?
- How can I put the SonicWall into safety mode?
Categories
- Firewalls > NSa Serial > Application Firewall
- Firewalls > NSv Series > Application Firewall
- Firewalls > TZ Serial > Application Firewall
Was This Commodity Helpful?
Source: https://www.sonicwall.com/support/knowledge-base/how-can-i-block-ftp-http-file-downloads-and-upload-using-application-control-advanced/170505852676491/
0 Response to "How to Block Uploads From an Application"
Post a Comment