Sonicwall TZ570 SonicOS 7.0 - App Control Signature Block can't be disabled
I have a SonicWall TZ570 firewall with App Control enabled.
The SonicWall is blocking traffic related to a few App Control Signatures I want to allow. I would like to disable the blocking to allow the traffic for those apps by either excluding an Address Range, or disabling the Block completely.
I open App Control -> Signatures, edit the signature, and set Block = Disable. I then click OK. The Signature list still shows a green checkmark under the Block column. The device is still blocked and the System Log shows an Application Control Prevention Alert for the App Control signature.
If I disable App Control completely, the device is not blocked and works fine, and as soon as I re-enable App Control, it is blocked again, confirming that App Control is definitely the cause.
If I set Log = Disable, the green check mark is NOT displayed in the Log column of the App Control Signatures page, so it seems like this might be a bug in the App Control Block setting.
Can anyone confirm?
Screen shots attached
The SonicWall is blocking traffic related to a few App Control Signatures I want to allow. I would like to disable the blocking to allow the traffic for those apps by either excluding an Address Range, or disabling the Block completely.
I open App Control -> Signatures, edit the signature, and set Block = Disable. I then click OK. The Signature list still shows a green checkmark under the Block column. The device is still blocked and the System Log shows an Application Control Prevention Alert for the App Control signature.
If I disable App Control completely, the device is not blocked and works fine, and as soon as I re-enable App Control, it is blocked again, confirming that App Control is definitely the cause.
If I set Log = Disable, the green check mark is NOT displayed in the Log column of the App Control Signatures page, so it seems like this might be a bug in the App Control Block setting.
Can anyone confirm?
Screen shots attached
Elie Matar
When you disable blocking its should work fine.
ASKER
Hi Elie,
Do you have a device with SonicOS 7.0 you can test with? If you set Block = Disable, does the green check mark still show in the Block column of the App Control Signature list? Or does the green check mark go away?
Do you have a device with SonicOS 7.0 you can test with? If you set Block = Disable, does the green check mark still show in the Block column of the App Control Signature list? Or does the green check mark go away?
No it's seem the Proxy access is still blocking. Try to enable it inside the proxy and exclude your IP address then check
If it's not blocked you will not see anything below the block tab
If it's not blocked you will not see anything below the block tab
ASKER
I have separately tried to exclude an IP and the entire X0:V100 subnet (see my second screen shot in the original post), but the proxy traffic is still blocked.
My MSP is going to submit a support request to see if this is a known bug.
My MSP is going to submit a support request to see if this is a known bug.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ah, thank you for pointing that out, I hadn't considered that Block = Disabled and Exclusion = V100 might actually block that subnet.
I will try removing the exclusion and try Block = Disabled.
When I disable the Log setting, the green check mark disappears, but when I disable the Block, the green check mark still shows. Is that normal?
I will try removing the exclusion and try Block = Disabled.
When I disable the Log setting, the green check mark disappears, but when I disable the Block, the green check mark still shows. Is that normal?
ASKER
My MSP was unable to reproduce the issue on their lab TZ570.
After disabling the blocks on one of the App Control rules, the green "Block" check mark icon disappeared for that rule, but not for other rules that are Disabled. Seems like there are some bugs in App Control.
I've found another bug where DHCP leases cannot be viewed, so my MSP is upgrading my firmware to SonicOS 7.0.0-R713 to try and resolve that issue. I'll see if that improves the App Control rules.
After disabling the blocks on one of the App Control rules, the green "Block" check mark icon disappeared for that rule, but not for other rules that are Disabled. Seems like there are some bugs in App Control.
I've found another bug where DHCP leases cannot be viewed, so my MSP is upgrading my firmware to SonicOS 7.0.0-R713 to try and resolve that issue. I'll see if that improves the App Control rules.
Yes sure it's a bug better to upgrade it to a newer firmware and before that check for a stable version