DPI-SSL > Server SSL
800
SonicOS 5.8.1 Administrator Guide
The DPI-SSL feature is available in SonicOS Enhanced 5.6. The following table shows which
platforms support DPI-SSL and the maximum number of concurrent connections on which the
appliance can perform DPI-SSL inspection.
Configuring Server DPI-SSL Settings
The Server DPI-SSL deployment scenario is typically used to inspect HTTPS traffic when
remote clients connect over the WAN to access content located on the SonicWALL security
appliance’s LAN. Server DPI-SSL allows the user to configure pairings of an address object and
certificate. When the appliance detects SSL connections to the address object, it presents the
paired certificate and negotiates SSL with the connecting client.
Afterward, if the pairing defines the server to be 'cleartext' then a standard TCP connection is
made to the server on the original (post NAT remapping) port. If the pairing is not defined to be
cleartext, then an SSL connection to the server is negotiated. This allows for end-to-end
encryption of the connection.
In this deployment scenario the owner of the SonicWALL UTM owns the certificates and private
keys of the origin content servers. Administrator would have to import server's original
certificate onto the UTM appliance and create appropriate server IP address to server
certificate mappings in the Server DPI-SSL UI.
The following sections describe how to configure Server DPI-SSL:
• “Configuring General Server DPI-SSL Settings” on page 801
• “Configuring the Exclusion List” on page 801
• “Configuring Server-to-Certificate Pairings” on page 802
• “SSL Offloading” on page 802
Hardware Model Max Concurrent DPI-SSL connections
NSA 240
100
NSA 2400 250
NSA 3500 250
NSA 4500 350
NSA 5000 1000
NSA E5500 2000
NSA E6500 3000
NSA E7500 8000
NSA E8500 8000