Table of Contents
Advertisement
Figure 47. Monitoring Page After Blocking
Rules are matched against both inbound and outbound HTTP(S) traffic. When all rules in a rule chain find a
match, the action defined in the rule chain is done. You can also enable rate limiting in rule chains to trigger an
action only after the number of matching attacks exceeds a threshold within a certain time period. You can
configure the action to block the traffic and log the match, or to simply log it. You can also set the action to
Disabled to remove the rule chain from active status and stop comparing traffic against those rules.
The Custom Rules feature can be enabled or disabled using the Enable Custom Rules global setting.
NOTE:
Rule chains are enforced in the order that the rule chains were added. This order can be changed
by deleting and re-creating rule chains.
Similarly, rules within rule chains are enforced in the order that the rules were added. This order can be
changed by deleting and re-creating rules.
Configuring Application Profiling
You can create URL profiles by putting the SMA/SRA appliance into learning mode while applications are in use
by trusted users, and then use those URL profiles to generate rule chains that prevent malicious misuse of the
applications.
NOTE:
Application profiling is supported only on the SMA 400, SRA 4600, and SMA 500v Virtual Appliance.
To configure application profiling and automatically generate rules:
1
Navigate to the Web Application Firewall > Rules page.
2
Under Application Profiling, select one or more portals with the application(s) to be profiled from the
Portals drop-down list. Use Shift+click or CTRL+click to select multiple portals.
Dell SonicWALL Secure Mobile Access 8.5
Administration Guide
295
Advertisement
Chapters
Table of Contents
Troubleshooting
