Application Control Bypass
Hi, Running the new NSA 3700 on SonicOS 7.0.1-R1456
We have enabled Application Control on a number of applications and signatures one of which is Gmail. We also have an Address Group where the IP's of certain machines can bypass the application block. However we have noticed that for applications like Gmail, the requests (source) are coming from our Domain controller (DNS) server not the machine making the request and therefore the bypass is not taking effect. Adding the DNS server to the bypass is an absolute no no. Anyone else experienced this? Not sure if it is a bug in SonicOS 7.x or misconfiguration on my part.
Other applications work fine and the bypass seems to be effective.
thanks
Best Answer
-
shiprasahu93 Moderator
Hello @stevmorr,
Welcome to the SonicWall community.
If you using an internal DNS server on the machines that are connected to LAN, all DNS requests come to the firewall using the DNS server's IP address. This is expected behavior.
I would request you to specifically unblock the DNS signature for Gmail (without any inclusions/exclusions) and keep all other signatures enabled. The firewall can then block the Gmail traffic using other signatures and apply the necessary inclusions/exclusions as the HTTP or other requests reach the firewall from the original client IP address.
An easier solution will be using global DNS like 8.8.8.8 machines, but if it is a domain environment, it is possible you might not want it that way.
Thanks!
Shipra Sahu
Technical Support Advisor, Premier Services
0
Answers
shiprasahu93,
Thanks for your quick response and sorry for the delay in response. You are absolutely correct - when blocking Gmail at the 'application' level (instead of the individual 'signature' level) it includes DNS query. Allowing this and keeping the block enabled for the others works perfectly!
Thanks again for your help. 😁