Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

Qualys scan HTTP Security Header Not Detected QID: 11827 SMA 500v device

Network_123Network_123 Newbie ✭
in Secure Mobile Access Appliances

Hi,

I've had a Qualys vulnerability deteced, I've done what SonicWall said which is to enabl HTST but the vulnerability has come up in the latest Qualys scan....am I protected or not? Does anybody know the answer


Please see attachment

Qualys Vulnerability.txt

for full details

Category: Secure Mobile Access Appliances
Reply

Answers

  • BWCBWC Cybersecurity Overlord ✭✭✭

    Hi @Network_123

    you checked "Enable HTTP Strict Transport Security (HSTS) for SMA" in your portal settings?

    I checked with my installation, and HSTS gets properly detected if I'am accessing the correct Virtual Host or Virtual Alias name.

    For example: Your SMA holds a wildcard certificate *.domain.de and the VirtualOffice is accessible through the DNS records 1.domain.de, 2.domain.de and 3.domain.de. But only 1.domain.de and 2.domain.de are defined on the VirtualHost settings of your VirtualOffice Portal.

    HSTS detection will work for 1 + 2 but not for 3, this might be a bug because it's not conclusive.

    HSTS check can be done real quick here: https://gf.dev/hsts-test

    --Michael@BWC

Sign In or Register to comment.