DROWN Vulnerability: Blocking SSLv2 with UTM9

Question

Hello, 
 I would like to write a firewall rule to drop all SSLv2 traffic attempting to travel through our UTM because of the DROWN vulnerability . We have a couple of servers susceptible to the attack and it would be nice to first block the attack at the UTM while we work on patching our servers siting underneath it. 
 I understand how to write the sources and destinations part of the firewall rule, but I am unsure how to define the services part of the rule for SSLv2 or if this is even possible. Maybe this is something Sophos will take care with a new IPS rule and I do not need to worry, but I'm trying to be proactive. 
 Any guidance would be greatly appreciated. 
 Regards, 
 Scott

BAlfson · Accepted Answer

Hi, Scott, and welcome to the UTM Community! 
 If you are using Webserver Protection, your servers are protected. If you are using DNATs to forward traffic to your servers, you can't get any help with SSLv2 from the UTM. 
 Cheers - Bob 
 PS (added 04 MAR 2016) You can see that this is the case because # grep SSLProtocol /var/chroot-reverseproxy/usr/apache/conf/httpd.conf returns SSLProtocol all -SSLv2 -SSLv3