• SonicOS 7.1
• About SonicOS
  • Working with SonicOS
  • SonicOS Workflow
  • How to Use the SonicOS Administration Guides
  • Guide Conventions
• About Firewall
  • Firewall Workflow
• Advanced
  • Changing Between SonicOS
    • Changing From Classic to Policy Mode
    • Changing From Policy to Classic Mode
  • Detection Prevention
  • Dynamic Ports
  • Source Routed Packets
  • Internal VLAN
  • Access Rule Options
  • IP and UDP Checksum Enforcement
  • Jumbo Frame
  • Connections
  • Control Plane Flood Protection
  • IPv6 Advanced Configuration
  • TCP
    • TCP Settings
    • Layer 3 SYN Flood Protection- SYN Proxy
    • Layer 2 SYN/RST/FIN Flood Protection - MAC Blacklisting
    • WAN DDOS Protection (Non-TCP Floods)
    • TCP Traffic Statistics
  • UDP
    • UDP Settings
    • UDP Flood Protection
    • UDP Traffic Statistics
    • UDPV6 Traffic Statistics
  • ICMP
    • ICMP Flood Protection for IPv4 version
    • ICMP Traffic Statistics
    • ICMP Flood Protection for IPv6 version
    • ICMPv6 Traffic Statistics
• Flood Protection
• SSL Control
  • Key Features of SSL Control
  • Key Concepts to SSL Control
  • Caveats and Advisories
  • Configuring SSL Control
  • Custom List
  • Enabling SSL Control on Zones
  • SSL Control Events
• Cipher Control
  • TLS Ciphers
    • Blocking/Unblocking Ciphers
    • Filtering Ciphers
      • Selecting Display Options
      • Displaying Ciphers by Strength
      • Displaying Ciphers by Block/Unblock
      • Displaying Ciphers by CBC Mode
      • Displaying Ciphers by TLS Protocol Version
  • SSH Ciphers
• Real-Time Black List (RBL) Filter
  • Configuring the RBL Filter
    • Enabling RBL Blocking
    • Adding RBL Services
    • Configuring User-Defined SMTP Server Lists
      • Configuring a White List
      • Configuring a Black List
    • Testing SMTP IP Addresses
• Use cases

Custom List

The Custom Lists section allows you to configure custom whitelists and blacklists.

Configure Blacklist and Whitelist – Allows you to define strings for matching common names in SSL certificates. Entries are case-insensitive and are used in pattern-matching fashion, as shown in Blacklist and Whitelist: pattern matching:

• 67.115.118.87 is currently the IP address to which sslvpn.demo.sonicwall.com resolves, and that site uses a certificate issued to sslvpn.demo.sonicwall.com. This results in a match to “sonicwall.com” as matching occurs based on the common name in the certificate.
• This is the decimal notation for the IP address 63.208.219.44, whose certificate is issued to www.megaproxy.com.
• www.freeproxy.ru will not match “prox” as the common name on the certificate that is currently presented by this site is a self-signed certificate issued to “-“. This can, however, easily be blocked by enabling control of self-signed or Untrusted CA certificates.

To configure the Blacklist

1. Navigate to Network > Firewall > SSL Control > Custom List > Blacklist.

2. Click + icon. The Add Blacklist dialog displays.

   

3. Enter the certificate’s name in the Certificate Common Name field.

   List matching is based on the subject common name in the certificate presented in the SSL exchange, not in the URL (resource) requested by the client.

4. Click Add.

   Changes to any of the SSL Control settings do not affect currently established connections; only new SSL exchanges that occur after the change is committed are inspected and affected.

To configure the Whitelist

1. Navigate to Network > Firewall > SSL Control > Custom List > Whitelist.

2. Click + icon. The Add Whitelist dialog displays.

   

3. Enter the certificate’s name in the Certificate Common Name field.

   List matching is based on the subject common name in the certificate presented in the SSL exchange, not in the URL (resource) requested by the client.

4. Click Add.

   Changes to any of the SSL Control settings do not affect currently established connections; only new SSL exchanges that occur after the change is committed are inspected and affected.