Block phishing domain in sma

Darshil · August 2020

Hi Team,

Looks like a phishing domain has been registered by fraudsters with a name of vpn.**.net which looks similar like our workplace URL

Can we configure our VPN clients to block that host name/address as the destination ?

I there any setting is available on sma appliance or client end to block thins domain

Simon · August 2020

@Darshil With the tunnel clients the SMA server FQDN will be remembered. Once that is set it should not be a problem. With web access is where the risk is more prominent. I think the best tool we have to solve your issue on the client side, before a VPN is established, is the Sonicwall Capture Client product.

If you use SCCM or a similar management tool, you could push a host table entry to the client PC and redirect the offending FQDN to a loopback address or similar inactive address. This would prevent them accessing that FQDN.

Having protected your users, you might go further and attempt to report the FQDN as fraudulent. It can be reported to the Domain registrar. You can find the Domain Registrar by

Since most phishing is email based most documented responses are related to email. I believe the FTC site at the bottom may be the place to report the FQDN as suspect.

Here are some links that may be helpful:

https://www.sonicwall.com/support/knowledge-base/how-do-i-create-anti-phishing-blacklist-rule-on-cloud-app-security/200121152657984/

https://www.wikihow.com/Report-a-Fraud-Website

https://www.ftccomplaintassistant.gov/#crnt&panel1-1

Join the Conversation

Block phishing domain in sma

Answers