Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".


Qualys scan HTTP Security Header Not Detected QID: 11827 SMA 500v device


I've had a Qualys vulnerability deteced, I've done what SonicWall said which is to enabl HTST but the vulnerability has come up in the latest Qualys I protected or not? Does anybody know the answer

Please see attachment

for full details

Category: Secure Mobile Access Appliances


  • Options
    BWCBWC Cybersecurity Overlord ✭✭✭

    Hi @Network_123

    you checked "Enable HTTP Strict Transport Security (HSTS) for SMA" in your portal settings?

    I checked with my installation, and HSTS gets properly detected if I'am accessing the correct Virtual Host or Virtual Alias name.

    For example: Your SMA holds a wildcard certificate * and the VirtualOffice is accessible through the DNS records, and But only and are defined on the VirtualHost settings of your VirtualOffice Portal.

    HSTS detection will work for 1 + 2 but not for 3, this might be a bug because it's not conclusive.

    HSTS check can be done real quick here:


Sign In or Register to comment.