SonicWALL 5.8.1 Microscope & Magnifier User Manual


  Open as PDF
of 1490
 
DPI-SSL > Client SSL
794
SonicOS 5.8.1 Administrator Guide
The DPI-SSL feature is available in SonicOS Enhanced 5.6 and higher. The following table
shows which platforms support DPI-SSL and the maximum number of concurrent connections
on which the appliance can perform DPI-SSL inspection.
Configuring Client DPI-SSL
TThe Client DPI-SSL deployment scenario typically is used to inspect HTTPS traffic when
clients on the LAN browse content located on the WAN. In the Client DPI-SSL scenario, the
SonicWALL UTM appliance typically does not own the certificates and private keys for the
content it is inspecting. After the appliance performs DPI-SSL inspection, it re-writes the
certificate sent by the remote server and signs this newly generated certificate with the
certificate specified in the Client DPI-SSL configuration. By default, this is the SonicWALL
certificate authority (CA) certificate, or a different certificate can be specified. Users should be
instructed to add the certificate to their browser’s trusted list to avoid certificate trust errors.
The following sections describe how to configure Client DPI-SSL:
“Configuring General Client DPI-SSL Settings” on page 794
“Configuring the Inclusion/Exclusion List” on page 795
“Selecting the Re-Signing Certificate Authority” on page 796
“Content Filtering” on page 797
Configuring General Client DPI-SSL Settings
Hardware Model Max Concurrent DPI-SSL connections
NSA 240 100
NSA 2400 250
NSA 3500 250
NSA 4500 350
NSA 5000 1000
NSA E5500 2000
NSA E6500 3000
NSA E7500 8000
NSA E8500 8000