Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to exclude tightvnc from Risk or High Risk application list

Hello All,

I have added the "Block high risk (Risk level 4 and 5) apps" to the "Identify and control applications (App control)" part of Lan-To-Wan Firewall rule.

With this in the La-To-Wan firewall rule, I can not connect to a remote computer, using TightVnc and a specifik IP no. As soon as I remove "Block high risk (.." from the firewall rule, I can access the external computer with TightVnc.

I have tried to create an Application Filter, based on the "Block high risk (Risk Level 4 and 5) apps" application list, and wanted to add an exclusion for TightVnc to allow that, but TightVnc do not exist as a named application, and consequently have not succeded.

Could anybody help me with this ? How do I create an Application list, blocking all Risk and High Risk applications, but allowing only TightVnc ?

Best regards

Soren Jensen



This thread was automatically locked due to age.
Parents Reply Children
  • Hi Vivek Jagad,

    Thanks for your reply and suggestion. I've tried the solution you suggest, but it do not work. Maybe because I'm not doing it correctly or maybe because TightVnc, as I use it, is an EXE file local to my workstation, and I'm trying to connect to an IP no nnn.nnn.nnn.nnn:5902, where the nnn's is the external IP no of a firewall allowing request to port 5902 come in, when it is coming from my fixed external Ip no. 

    Anyway, I have changed the "Block high risk (Risk Level 4 and 5) apps" application filter and added a category "Remote Access", using smart filter to only include "VNC Remote Access" (filtering out VNC WEB Remote Access), allowing it, all the time. It means I can now use TightVnc to access the external computer I want, but I guess it also means any of the internal  workstations can use any application categorized as VNC Remote Access, to connect to any IP no in the world. 

    So to allow me to connect with TightVnc to a specific IP no., I have had to open up for a lot of other VNC programs connecting to an unlimited number of Ip adresses. How do I limit the VNC Remote Access category further ? If possible I would like to limit only to TightVnc, and further, only to a fixed number of IP adresses.

    I can't see any further options under Application Filter (or Application Lists for that matter), so where should I look ?

    Best Regards

    Soren

  • Hello,

    You may create the destination-based rule to with the destination FQDN/IP addresses of TightVNC and the ports used and keep the existing rule to block the High Risk application.

    Mayur Makvana
    Technical Account Manager | Global Customer Experience

    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question please use the 'Verify Answer' button.