Link to home
Start Free TrialLog in
Avatar of brett_apfc
brett_apfc

asked on

how to disable wpad.dat proxy requests on Sonicwall NSA firewall

We have a handful of computers that keep trying to go out to the internet looking for wpad.dat.  We do not use a proxy internet server.  We do have an "in line" Barracuda Web filter between the core router and the firewall.  We know the external address where these requests are going, and know that (currently) this is not a threat.  We have tried to disable any automatic configuration for internet connections via gpo, but continue to have computers send the requests.

How do you block an outgoing wpad request at the firewall using a Sonicwall NSA 3500?

thank you.
Avatar of J Spoor
J Spoor
Flag of Netherlands image

go to firewall > match objects and add a match object of type file name
then use this in the application firewall to block the file
Avatar of brett_apfc
brett_apfc

ASKER

I created a new Match Object:
type:  File Name
Match type:  Partial Match
object content:  wpad.dat

I then created an App Rule:
Policy Type:  HTTP Client Request (?)
Object:  Wpad.dat (Match Object)
Action:  Reset / drop
Source / Dest:  Any
To Service:  HTTP
Direction:  Both



I'll watch this today and see what results turn up.
thank you.

**update**
Two additional requests went out looking for wpad.dat from the external source.  My rule must not be correct.
It looks like the Sonicwall rules are not blocking the wpad requests.  So I've changed directions and decided to go about this a different way.
Here is what we did to [hopefully] resolve the issue:

on all DNS servers:  
verify DNS query block list is enabled.
verify dns query block list (wpad, isatap)
update dns query block list to only reflect:  isatap
add A record to DNS for wpad with ip 127.0.0.1


So far, we have had no further requests leaving our internal domain.
This question needs an answer!
Become an EE member today
7 DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.