SonicOS 7.0 DPI-SSL

Configuring Exclusions and Inclusions

By default, the DPI-SSL applies to all traffic on the appliance when it is enabled. You can configure inclusion/exclusion lists to customize to which traffic DPI-SSL inspection applies. The Inclusion/Exclusion lists provide the ability to specify certain objects or groups. In deployments that process a large amount of traffic, to reduce the CPU impact of DPI-SSL and to prevent the appliance from reaching the maximum number of concurrent DPI-SSL inspected connections, it can be useful to exclude trusted sources.

To customize DPI-SSL server inspection

  1. Navigate to the POLICY | DPI-SSL > Server SSL page.
  2. Scroll to the Inclusion/Exclusion section.

  3. From Address Object/Group Exclude, select an address object or group to exclude from DPI-SSL inspection. By default, Exclude is set to None.

  4. From Address Object/Group Include, select an address object or group to include in DPI-SSL inspection. By default, Include is set to All.

    Include can be used to fine tune the specified exclusion list. For example, by selecting the Remote-office-California address object from Exclude and the Remote-office-Oakland address object from Include.

  5. From User Object/Group Exclude, select an address object or group to exclude from DPI-SSL inspection. By default, Exclude is set to None.

  6. From User Object/Group Include, select an address object or group to include in DPI-SSL inspection. By default, Include is set to All.

  7. Click Accept.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

  • Hidden
  • Hidden

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.
  • Hidden
  • Hidden