DPI-SSL

Deep Packet Inspection of Secure Socket Layer (DPI-SSL) is an extension of SonicWall’s Deep Packet Inspection technology. It allows for the inspection of encrypted HTTPS traffic and other SSL-based traffic. The SSL traffic is decrypted (intercepted) transparently, scanned for threats, and then re-encrypted before being sent along to its destination if no threats or vulnerabilities are found. DPI-SSL provides additional security, application control, and data leakage prevention for analyzing encrypted HTTPS and other SSL-based traffic.

Policy > DPI-SSL is deployed in two main scenarios:

• Client DPI-SSL
• Server DPI-SSL

For decrypted and intercepted connections, use DPI-SSL:

• Blocks connections to sites with untrusted certificates.

• Prevents connections if the domain name in the client does not validate against the server certificate for that connection.

To fix connection failures

1. Navigate to Policy | DPI-SSL | Client SSL > Common Name.

   

2. Check the boxes to see if something was mistakenly blocked and click the Exclude button. A custom exemption is automatically created and takes effect immediately.