Blocking Email Client Attachments based on File Content using Application Firewall
10/14/2021 29 People found this article helpful 490,879 Views
Description
Blocking Email Client Attachments based on File Content using Application Firewall
Resolution
Resolution for SonicOS 6.5
This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.
Feature/Application:
This article describes the method to block attachments in a mail from a Mail Client, based on their contents. This method uses Match Object Type File Content in Application Firewall Match Objects. This method inspects the contents of file attachments and based on what is defined in Match Objects, blocks it. For eg. a document file with keyword "Confidential" or a compressed "exe" file. This method does not purport to block attachments by their extension. Likewise, this cannot be used to block HTTP Webmail attachments.
Procedure:
1. Creating the Match Object
- Login to the SonicWalll Management GUI.
- Click Manage in the top navigation menu.
- Navigate to the Policies | Objects | Match Objects page.
- Click on Add | New Match Object.
- In the Add/Edit Match Object window, enter the following information.
- Object Name: A name for this Match Object
- Match Object Type: File Content
- Match Type: Partial Match
- Input Representation: Alphanumeric
- Content: Enter list of file types you wish to block.
- Click on OK to save.
2. Creating the App Rules Policy
- Navigate to the Policies | Rules | Application Control page.
- Click on Add and enter the following information in the App Control Policy window.
Resolution for SonicOS 6.2 and Below
The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.
Feature/Application:
This article describes the method to block attachments in a mail from a Mail Client, based on their contents. This method uses Match Object Type File Content in Application Firewall Match Objects. This method inspects the contents of file attachments and based on what is defined in Match Objects, blocks it. For eg. a document file with keyword "Confidential" or a compressed "exe" file. This method does not purport to block attachments by their extension. Likewise, this cannot be used to block HTTP Webmail attachments.
Procedure:
1. Creating the Match Object
- Login to the SonicWalll Management GUI.
- Navigate to the Firewall > Match Objects page.
- Click on Add New Match Object.
- In the Add/Edit Match Object window, enter the following information.
- Object Name: A name for this Match Object
- Match Object Type: File Content
- Match Type: Partial Match
- Input Representation: Alphanumeric
- Content: Enter list of file types you wish to block.
- Click on OK to save.
2. Creating the App Rules Policy
- Navigate to the Firewall > App Rules page.
- Click on Add New Policy and enter the following information in the App Control Policy window.
Logs
When an attachment is blocked the following message will be logged under Log > View
Related Articles
Categories
Was This Article Helpful?
YESNO