• SonicOS 7
• About DPI-SSL
  • Using DPI-SSL
    • Supported Features
    • Support for Local CRL
    • TLS Certificate Status Request Extension
    • Blocking of SSH X11 Forwarding
    • Support for ECDSA-Related Ciphers
    • DPI-SSL and CFS HTTPS Content Filtering Work Independently
    • Original Port Numbers Retained in Decrypted Packets
    • Security Services
  • Deployment Scenarios
  • Proxy Deployment
  • Customizing DPI-SSL
  • Connections per Appliance Model
• Configuring the DPI-SSL/TLS Client
  • Decryption Services > DPI-SSL/TLS Client
  • Viewing DPI-SSL Status
  • Deploying the DPI-SSL/TLS Client
    • Configuring General Settings
      • Enabling SSL Client Inspection
      • Enabling DPI-SSL Client on a Zone
      • Enabling DPI-SSL Server on a Zone
    • Selecting the Re-Signing Certificate Authority
      • Adding Trust to the Browser
    • Configuring Exclusions and Inclusions
      • Excluding/Including Objects/Groups
      • Excluding/Including by Common Name
        • Viewing Status of DPI SSL Default Exclusions
        • Excluding/Including Common Names
        • Deleting Custom Common Names
        • Showing Connection Failures
        • Updating Default Exclusions Manually
      • Specifying CFS Category-based Exclusions/Inclusions
      • Client DPI-SSL Examples
        • Content Filtering
        • App Rules
• Configuring DPI-SSL/TLS Server Settings
  • Decryption Services > DPI-SSL/TLS Server
  • About DPI-SSL/TLS Server Settings
    • Configuring General DPI-SSL/TLS Server Settings
    • Configuring Exclusions and Inclusions
    • Configuring Server-to-Certificate Pairings
• SonicWall Support
  • About This Document

Deployment Scenarios

DPI-SSL has two main deployment scenarios:

• Client DPI-SSL: Used to inspect HTTPS traffic when clients on the appliance’s LAN access content located on the WAN. Exclusions to DPI-SSL can be made on a common-name or category basis.
• Server DPI-SSL: Used to inspect HTTPS traffic when remote clients connect over the WAN to access content located on the appliance’s LAN.