Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Options

Qualys scan HTTP Security Header Not Detected QID: 11827 SMA 500v device

Hi,

I've had a Qualys vulnerability deteced, I've done what SonicWall said which is to enabl HTST but the vulnerability has come up in the latest Qualys scan....am I protected or not? Does anybody know the answer


Please see attachment

for full details

Category: Secure Mobile Access Appliances
Reply

Answers

  • Options
    BWCBWC Cybersecurity Overlord ✭✭✭

    Hi @Network_123

    you checked "Enable HTTP Strict Transport Security (HSTS) for SMA" in your portal settings?

    I checked with my installation, and HSTS gets properly detected if I'am accessing the correct Virtual Host or Virtual Alias name.

    For example: Your SMA holds a wildcard certificate *.domain.de and the VirtualOffice is accessible through the DNS records 1.domain.de, 2.domain.de and 3.domain.de. But only 1.domain.de and 2.domain.de are defined on the VirtualHost settings of your VirtualOffice Portal.

    HSTS detection will work for 1 + 2 but not for 3, this might be a bug because it's not conclusive.

    HSTS check can be done real quick here: https://gf.dev/hsts-test

    --Michael@BWC

Sign In or Register to comment.