Filter
Top Products
DPI-SSL > Client SSL
795
SonicOS 5.8.1 Administrator Guide
To enable Client DPI-SSL inspection, perform the following steps:
1. Navigate to the DPI-SSL > Client SSL page.
2. Select the Enable SSL Inspection checkbox.
3. Select which of the following services to perform inspection with: Intrusion Prevent,
Gateway Anti-Virus, Gateway Anti-Spyware, Application Firewall, and Content Filter.
4. Click Accept.
Configuring the Inclusion/Exclusion List
By default, the DPI-SSL applies to all traffic on the appliance when it is enabled. You can
configure an Inclusion/Exclusion list to customize which traffic DPI-SSL inspection will apply to.
The Inclusion/Exclusion list provides the ability to specify certain objects, groups, or
hostnames. In deployments that are processing a large amount of traffic, it can be useful to
exclude trusted sources in order to reduce the CPU impact of DPI-SSL and to prevent the
appliance from reaching the maximum number of concurrent DPI-SSL inspected connections.
The Inclusion/Exclusion section of the Client SSL page contains three options for specifying
the inclusion list:
• On the Address Object/Group line, select an address object or group from the Exclude
pulldown menu to exempt it from DPI-SSL inspection.
• On the Service Object/Group line, select a service object or group from the Exclude
pulldown menu to exempt it from DPI-SSL inspection.
• On the User Object/Group line, select a user object or group from the Exclude pulldown
menu to exempt it from DPI-SSL inspection.
Tip The Include pulldown menu can be used to fine tune the specified exclusion list. For
example, by selecting the Remote-office-California address object in the Exclude
pulldown and the Remote-office-Oakland address object in the Include pulldown.