Blocking Email Client Attachments based on File Content using Application Firewall

10/14/2021 29 People found this article helpful 480,500 Views

Description

Resolution

Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.

Feature/Application:

This article describes the method to block attachments in a mail from a Mail Client, based on their contents. This method uses Match Object Type File Content in Application Firewall Match Objects. This method inspects the contents of file attachments and based on what is defined in Match Objects, blocks it. For eg. a document file with keyword "Confidential" or a compressed "exe" file. This method does not purport to block attachments by their extension. Likewise, this cannot be used to block HTTP Webmail attachments.

Procedure:

1. Creating the Match Object

Login to the SonicWalll Management GUI.
Click Manage in the top navigation menu.
Navigate to the Policies | Objects | Match Objects page.
Click on Add | New Match Object.
In the Add/Edit Match Object window, enter the following information.
- Object Name: A name for this Match Object
- Match Object Type: File Content
- Match Type: Partial Match
- Input Representation: Alphanumeric
- Content: Enter list of file types you wish to block.
- Click on OK to save.

2. Creating the App Rules Policy

Navigate to the Policies | Rules | Application Control page.
Click on Add and enter the following information in the App Control Policy window.

Resolution for SonicOS 6.2 and Below

The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.

Feature/Application:

This article describes the method to block attachments in a mail from a Mail Client, based on their contents. This method uses Match Object Type File Content in Application Firewall Match Objects. This method inspects the contents of file attachments and based on what is defined in Match Objects, blocks it. For eg. a document file with keyword "Confidential" or a compressed "exe" file. This method does not purport to block attachments by their extension. Likewise, this cannot be used to block HTTP Webmail attachments.

Procedure:

1. Creating the Match Object

Login to the SonicWalll Management GUI.
Navigate to the Firewall > Match Objects page.
Click on Add New Match Object.
In the Add/Edit Match Object window, enter the following information.
- Object Name: A name for this Match Object
- Match Object Type: File Content
- Match Type: Partial Match
- Input Representation: Alphanumeric
- Content: Enter list of file types you wish to block.
- Click on OK to save.

2. Creating the App Rules Policy

Navigate to the Firewall > App Rules page.
Click on Add New Policy and enter the following information in the App Control Policy window.

Logs

When an attachment is blocked the following message will be logged under Log > View

Not Finding Your Answers?

ASK THE COMMUNITY

Was This Article Helpful?

YES NO

Blocking Email Client Attachments based on File Content using Application Firewall

Description

Resolution

Resolution for SonicOS 6.5

Resolution for SonicOS 6.2 and Below

Related Articles

Categories

Not Finding Your Answers?

Was This Article Helpful?

Article Helpful Form

Article Not Helpful Form

Follow Us

Subscribe to newsletter

Stay In Touch