• SonicOS 7
• About DPI-SSL
  • Using DPI-SSL
    • Supported Features
    • Support for Local CRL
    • TLS Certificate Status Request Extension
    • Blocking of SSH X11 Forwarding
    • Support for ECDSA-Related Ciphers
    • DPI-SSL and CFS HTTPS Content Filtering Work Independently
    • Original Port Numbers Retained in Decrypted Packets
    • Security Services
  • Deployment Scenarios
  • Proxy Deployment
  • Customizing DPI-SSL
  • Connections per Appliance Model
• Configuring the DPI-SSL/TLS Client
  • Decryption Services > DPI-SSL/TLS Client
  • Viewing DPI-SSL Status
  • Deploying the DPI-SSL/TLS Client
    • Configuring General Settings
      • Enabling SSL Client Inspection
      • Enabling DPI-SSL Client on a Zone
      • Enabling DPI-SSL Server on a Zone
    • Selecting the Re-Signing Certificate Authority
      • Adding Trust to the Browser
    • Configuring Exclusions and Inclusions
      • Excluding/Including Objects/Groups
      • Excluding/Including by Common Name
        • Viewing Status of DPI SSL Default Exclusions
        • Excluding/Including Common Names
        • Deleting Custom Common Names
        • Showing Connection Failures
        • Updating Default Exclusions Manually
      • Specifying CFS Category-based Exclusions/Inclusions
      • Client DPI-SSL Examples
        • Content Filtering
        • App Rules
• Configuring DPI-SSL/TLS Server Settings
  • Decryption Services > DPI-SSL/TLS Server
  • About DPI-SSL/TLS Server Settings
    • Configuring General DPI-SSL/TLS Server Settings
    • Configuring Exclusions and Inclusions
    • Configuring Server-to-Certificate Pairings
• SonicWall Support
  • About This Document

Specifying CFS Category-based Exclusions/Inclusions

You can exclude/include entities by content filter categories.

To specify CFS category-based exclusions/inclusions:

1. Navigate to the POLICY | DPI-SSL > Client SSL page.

2. Click CFS Category-based Exclusions/Inclusions.

   

   The status of the list is shown by an icon at the top of the view. A green icon indicates Content Filtering is licensed, a red icon that it is not.

3. Choose whether you want to include or exclude the selected categories by clicking either:

   • Exclude (default)
   • Include

   By default, all categories are unselected.

4. Optionally, repeat Step 3 and Step 4 to create the opposite list.
5. Select the categories to be included/excluded. To select all categories, click Select all Categories.

6. Optionally, to exclude a connection if the content filter category information for a domain is not available to DPI-SSL, select the Exclude connection if Content Filter Category is not available checkbox. This option is not selected by default.

   In most cases, category information for a HTTPS domain is available locally in the firewall cache. When the category information is not locally available, DPI-SSL obtains the category information from the cloud without blocking the client or server communication. In rare cases, the category information is not available for DPI-SSL to make a decision. By default, such sites are inspected in DPI-SSL.

7. Click Accept.