-
Products
-
SonicPlatform
SonicPlatform is the cybersecurity platform purpose-built for MSPs, making managing complex security environments among multiple tenants easy and streamlined.
Discover More
-
-
Solutions
-
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn MoreFederalProtect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn More - Industries
- Use Cases
-
-
Partners
-
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
Learn MorePartner PortalAccess to deal registration, MDF, sales and marketing tools, training and more
Learn More - SonicWall Partners
- Partner Resources
-
-
Support
-
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn MoreSupport PortalFind answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn More - Support
- Resources
- Capture Labs
-
- Company
- Contact Us
How to configure Server DPI SSL to inspect SMTP traffic?
07/20/2022 
2 People found this article helpful
358,304 Views
Description
Server DPI-SSL is one of two deployment scenarios, the other being Client DPI-SSL, used to inspect SSL-based traffic. Server DPI-SSL deployment scenario is typically used to inspect HTTPS traffic when remote clients
connect over the WAN to access content located on the SonicWall security appliance’s LAN (or DMZ).
Server DPI-SSL is able to decrypt SSL-based traffic in the following manner:
- Configure pairing of an internal address object and certificate.
- When the appliance detects SSL connections to the address object, it presents the paired certificate and negotiates an SSL connection with the connecting client. This enables the SonicWall to inspect the traffic and, if a threat is detected, to enforce Security Services and Application Firewall policies.
In this deployment scenario the owner of the SonicWall UTM owns the certificates and private keys of the origin content servers. Administrators will have to import the server's original certificate into the UTM appliance and create appropriate server IP address to server certificate mappings in the Server DPI-SSL UI.
Further, the pairing of internal address objects with certificates can be either encrypted or "Cleartext". If the pairing is not defined to be cleartext, then an SSL connection to the server is negotiated. This allows for end-to-end encryption of the connection. If the pairing defines the server to be 'cleartext' then a standard TCP connection is made to the server on the original (post NAT remapping) port.
This article confirms that Server DPI-SSL can be configured to inspect the SMTP traffic.
Cause
Server DPI-SSL can be configured to inspect SMTP and other types of traffic. However, it is not possible to block potential threats but only to report them which can be done simply by configuring Server DPI-SSL and enabling SMTP Inbound/Outbound Inspection in the GAV feature.
NOTE: With Capture ATP/GAV, the SMTP traffic (inbound/outbound) will be inspected but a malicious attachment will be delivered to the client because the firewall is not designed to handle the e-mail traffic like other solutions such as SonicWall E-mail Security. For better handling of email traffic, our Hosted Email Security and Cloud App Security products offer such solutions and a very in-depth control of encrypted email traffic.
Resolution
Please follow the steps mentioned on the below KB:
- How to Configure Server DPI-SSL
- Please extract the server certificate along with its private key and import it on the firewall for correct functionality of the SMTP Inspection.
Related Articles
- How to Block Google QUIC Protocol on SonicOSX 7.0?
- How to block certain Keywords on SonicOSX 7.0?
- How internal Interfaces can obtain Global IPv6 Addresses using DHCPv6 Prefix Delegation
YES
NO