Filter
Top Products
DPI-SSL > Server SSL
801
SonicOS 5.8.1 Administrator Guide
Configuring General Server DPI-SSL Settings
To enable Server DPI-SSL inspection, perform the following steps:
1. Navigate to the DPI-SSL > Server SSL page.
2. Select the Enable SSL Inspection checkbox.
3. Select which of the following services to perform inspection with: Intrusion Prevent,
Gateway Anti-Virus, Gateway Anti-Spyware, and Application Firewall.
4. Click Apply.
5. Scroll down to the SSL Servers section to configure the server or servers to which DPI-
SSL inspection will be applied. See “Configuring Server-to-Certificate Pairings”
on
page 802.
Configuring the Exclusion List
By default, the DPI-SSL applies to all traffic on the appliance when it is enabled. You can
configure an Inclusion/Exclusion list to customize which traffic DPI-SSL inspection will apply to.
The Inclusion/Exclusion list provides the ability to specify certain objects, groups, or
hostnames. In deployments that are processing a large amount of traffic, it can be useful to
exclude trusted sources in order to reduce the CPU impact of DPI-SSL and to prevent the
appliance from reaching the maximum number of concurrent DPI-SSL inspected connections.
The Inclusion/Exclusion section of the Server SSL page contains two options for specifying
the inclusion list:
• On the Address Object/Group line, select an address object or group from the Exclude
pulldown menu to exempt it from DPI-SSL inspection.