Qualys scan HTTP Security Header Not Detected QID: 11827 SMA 500v device
Network_123 Newbie ✭
I've had a Qualys vulnerability deteced, I've done what SonicWall said which is to enabl HTST but the vulnerability has come up in the latest Qualys scan....am I protected or not? Does anybody know the answer
Please see attachment
for full details
Category: Secure Mobile Access Appliances
Hey! You will be signed out in 60 seconds due to inactivity. Click here to continue using the site.
you checked "Enable HTTP Strict Transport Security (HSTS) for SMA" in your portal settings?
I checked with my installation, and HSTS gets properly detected if I'am accessing the correct Virtual Host or Virtual Alias name.
For example: Your SMA holds a wildcard certificate *.domain.de and the VirtualOffice is accessible through the DNS records 1.domain.de, 2.domain.de and 3.domain.de. But only 1.domain.de and 2.domain.de are defined on the VirtualHost settings of your VirtualOffice Portal.
HSTS detection will work for 1 + 2 but not for 3, this might be a bug because it's not conclusive.
HSTS check can be done real quick here: https://gf.dev/hsts-test