Article Applies To:
SonicWALL Security Appliance Platforms:
Gen5: NSA E8500, NSA E7500, NSA E6500, NSA E5500, NSA 5000, NSA 4500, NSA 3500, NSA 2400, NSA 2400MX, NSA 240
Gen5 TZ Series: TZ 210, TZ 210 Wireless
Gen4: PRO series: PRO 5060, PRO 4100, PRO 4060,PRO 3060
Firmware/Software Version: SonicOS 4.0 and above
Services: Application Firewall
Application firewall scans application layer network traffic as it passes through the gateway and looks for content that matches configured keywords. When it finds a match, it performs the configured action. It can match text or binary content. When you configure application firewall, you create policies that define the type of applications to scan, the direction, the content or keywords to match. You could also optionally define the user or domain to match, and the action to perform.
SSL (Secure Sockets Layer) is the dominant standard for the encryption of TCP based network communications, with its most common and well-known application being HTTPS (HTTP over SSL). SSL provides digital certificate-based endpoint identification, and cryptographic and digest-based confidentiality to network communications.
An effect of the security provided by SSL is the obscuration of all payload being requested by a client when establishing an HTTPS session. This is due to the fact that HTTP is transported within the encrypted SSL
tunnel when using HTTPS. It is not until the SSL session is established (step 10 in the screenshot below) that the actual target resource is requested by the client, but since the SSL session is already established, no inspection of the session data by the firewall or any other intermediate device is possible. The following screenshot shows the SSL session establishment.
In the above messages, we are going to concentrate on the SeverKeyExchange message. ServerKeyExchange messages contain the public key information. Since ServerKeyExchange messages are transmitted without encryption, the public key information is visible to the SonicWALL. Within the ServerKeyExchange packet is the Serial Number. The Serial Number is a value assigned by the Certificate Authority (CA) to an individual certificate and is unique for every certificate.
This article illustrates the method to find out the Serial Number of HTTPS websites and creating Application Firewall policies to block the Serial Number.
Obtaining the Certificate Serial Number-1
Obtaining the Certificate Serial Number-2
The Certifcate serial number can also obtained by clicking on the padlock icon at the bottom of a browser when a HTTPS session has been established.
Configuration in Application Firewall
SonicWALL NSA Series
4500, 3500, 2400, 240
SonicWALL E-Class NSA Series
E8500, E7500, E6500, E5500
SonicWALL TZ Series
SonicWALL PRO Series
5060, 4100, 4060, 3060
Created on: 10/26/2010
Last Update on: 5/13/2014