Block E-mail Attachments from SMTP Mail Clients Using Application Firewall

Description


Application firewall scans application layer network traffic as it passes through the gateway and looks for content that matches configured keywords. When it finds a match, it performs the configured action. It can match text or binary content. When you configure application firewall, you create policies that define the type of applications to scan, the direction, the content or keywords to match. You could also optionally define the user or domain to match, and the action to perform.

Application firewall can be very effective for certain types of email control, especially when a blanket policy is desired. For example, you can prevent sending attachments of a given type, such as .exe, on a per-user basis, or for an entire domain.

This article illustrates the method to block email attachments with a certain extension.

NOTE: The configuration listed below will not work if the POP account or the mail server uses a secure connection (SSL) for sending mail.


Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.

Application Firewall is license based. You can view the status of your licenses at Manage | Updates | Licenses page. You must enable Application Firewall (Advanced Application Control)  to activate its functionality.

Defining an Match Object

  • Login to the SonicWall Mangement GUI
  • Click Manage in the top navigation menu.
  • Navigate to the Policies | Objects | Match Objects page and click on "Add" as shown in the GUI.

    Image
  • Select the option "Match Object" from the drop down of "Add" as shown in the GUI.

    Image
  • In the new window that has opened, enter the following options
    • Enter the "Object Name: "
    • From the drop down of "Match Object Type" select "File Extension"
    • Choose the "Match Type" as "Exact Match"
  • Click on OK to save.

    Image

NOTE: You could add more extension for other file types to the application object we created.

Defining an Action Object - Disable Email Attachment

  • Navigate to the Policies | Objects | Match Objects page and click on "Add" as shown in the GUI.Image
  • Enter the following information:
    • Action Name: no attachment
    • Select Disable E-mail Attachment - Add Text under Action.
    • Under Content enter some text to be sent to the receiver.
  • Click on OK to save.

    Image




Creating an Application Firewall Policy

  • Navigate to the Policies | Rules | Application Control as shown in the GUI. 

    Image
  • To enable the Application Control , Click on the "Gear" icon as shown in the GUI.

    Image
  • Click the check box for "Enable App Rules"

    Image
  • Click on "Add"
  • Create 2 new policies with the following information and click on OK to save.

Image

Image

How to Test:

To test this scenario send a mail from your POP or mail server account with one of the attachments listed under the application object created. You should see alerts similar to the ones shown below in the log.

Image
The recepient will receive the mail with the original attachment and a new text file. The text file will contain whatever text you entered when creating the Application Firewall Action object. The attachment itself will contain junk characters.

Image

Image

Image 

 

Resolution for SonicOS 6.2 and Below

The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.

Application Firewall is license based. You can view the status of your license at the top of the Application Firewall | Policies page. You must enable Application Firewall to activate its functionality.

Defining an Application Object

  • Login to the SonicWall Mangement GUI
  • Navigate to the Application Firewall | Policies page.
  • Check the box under Enable Application Firewall.
  • Navigate to the Application Firewall | Application Objects page
  • Click on the Add New Object button
  • In the Edit Applicable Firewall Object window, enter information as per the screenshot.
  • Click on OK to save.
    Image

 NOTE: You could add more extension for other file types to the application object we created.

Defining an Action - Disable Email Attachment

  • Navigate to Application Firewall | Actions page.
  • Click on Add New Action.
  • Enter the following information:
    • Action Name: no attachment
    • Select BDisable E-mail Attachment - Add Text under Action.
    • Under Content enter some text to be sent to the receiver.
  • Click on OK to save.

Image

Creating an Application Firewall Policy

Navigate to the Application Firewall | Policies page.
Click on Add New Policy.
Create 2 new policies with the following information and click on OK to save.

Image

Image

How to Test:

To test this scenario send a mail from your POP or mail server account with one of the attachments listed under the application object created. You should see alerts similar to the ones shown below in the log.

Image
The recepient will receive the mail with the original attachment and a new text file. The text file will contain whatever text you entered when creating the Application Firewall Action object. The attachment itself will contain junk characters.

Image

Image

Image 

Related Articles

  • SonicOS 8.1.0 FAQ
    Read More
  • SonicWall GEN8 TZs and GEN8 NSas Settings Migration
    Read More
  • Getting started with SonicWall firewalls
    Read More

Categories

Firewalls
SonicWall NSA Series
Application Firewall
not finding your answers?
Ask the Community