UTM: Using Application Firewall to block download of EXE files using HTTP (web browser) (SW6656)

Return
  • Title

    UTM: Using Application Firewall to block download of EXE files using HTTP (web browser)
  • Resolution

    Article Applies To:

    SonicWALL Security Appliance Platforms:

    Gen5: NSA E8500, NSA E7500, NSA E6500, NSA E5500, NSA 5000, NSA 4500, NSA 3500, NSA 2400, NSA 2400 MX, NSA 240
    Gen5 TZ Series: TZ 100, TZ 100 Wireless, TZ 200, TZ 200 W, TZ 210, TZ 210 Wireless,
    Gen4: PRO series: PRO 5060, PRO 4100, PRO 4060,PRO 3060, 
    Firmware/Software Version: SonicOS Enhanced 4.0 or higher
    Services:  Application Firewall


    Overview

    The Application Firewall feature can be used to block the download of .exe files.  Follow the steps below to configure.

    Resolution or Workaround

    1. Create the Application Object of type ‘Custom’.  Using input type ‘hexadecimal’, add the following patterns into the object (or you can add these to a file which you can use with the “Load from File” Application Object option, so you do not have to type them in manually):

    0d0a0d0a4d5a000002

    0d0a0d0a4d5a500002

    0d0a0d0a4d5a420002

    0d0a0d0a4d5a900003

    0d0a0d0a4d5a930001

    0d0a0d0a4d5a000000

    0d0a0d0a4d5a000001

     

    2.  Create Application Policy of type ‘HTTP Server’ and use the above created object in this Application policy.  Use ‘Reset/Drop’ action if you want to block these or ‘No Action’ if you want to just log them.  Set direction of the policy as ‘incoming’ and save the policy:

    When an HTTP download of an EXE file is blocked by the configured Application Firewall policy, you will see a log message like this:

     

  • Key Words

    6656


Product(s):
SonicWALL NSA Series
4500, 3500, 2400
SonicWALL E-Class NSA Series
E8500, E7500, E6500, E5500
SonicWALL TZ Series
210W, 210, 200W, 200, 100W, 100
SonicWALL PRO Series
5060, 4100, 4060, 3060

Topic(s):
Technical Solutions

Article History:
Created on: 4/28/2009
Last Update on: 5/13/2014

Feedback submitted.

Did this article help?

[Select Rating]

Thank you for your rating!

Close

Request or Create a KB Article »