• SonicOS 7.0
• About DPI-SSL
  • Using DPI-SSL
    • Supported Features
      • Support for Local CRL
      • TLS Certificate Status Request Extension
      • Support for Ciphers
      • DPI-SSL and CFS HTTPS Content Filtering Work Independently
      • Original Port Numbers Retained in Decrypted Packets
    • Security Services
  • Deployment Scenarios
  • Proxy Deployment
  • Customizing DPI-SSL
  • Connections per Appliance Model
• DPI-SSL/TLS Client
  • Deploying the DPI-SSL/TLS Client
    • Configuring General DPI-SSL/TLS Client Settings
      • Enabling DPI-SSL Client on a Zone
    • Selecting the Re-Signing Certificate Authority
      • Adding Trust to the Browser
    • Configuring Exclusions and Inclusions
      • Configuring Exclusions and Inclusions by Objects and Groups
      • Configuring Exclusions and Inclusions by Common Name
        • Viewing Status of DPI-SSL Default Exclusions
        • Rejecting or Accepting Default Common Names
        • Adding Custom Common Names
        • Editing Custom Common Names
        • Deleting Custom Common Names
        • Showing Connection Failures
        • Updating Default Exclusions Manually
      • Configuring Exclusions and Inclusions by CFS Category
  • Applying DPI-SSL/TLS Client
    • Performing Content Filtering using DPI-SSL
    • Filtering Content by App Rules using DPI-SSL
      • Enabling App Control Service on a Zone
  • Viewing DPI-SSL Status
• DPI-SSL/TLS Server
  • Deploying the DPI-SSL/TLS Server
    • Configuring General DPI-SSL/TLS Server Settings
      • Enabling DPI-SSL Server on a Zone
    • Configuring Exclusions and Inclusions
    • Configuring Server-to-Certificate Pairings
• SonicWall Support
  • About This Document

Filtering Content by App Rules using DPI-SSL

Make sure that Enable SSL Inspection and Application Firewall options are enabled on General tab of POLICY | DPI-SSL > Client SSL. For more information, refer to Configuring General DPI-SSL/TLS Client Settings.

To filter HTTPS and SSL-based traffic by app rules using DPI-SSL

1. Navigate to POLICY | Rules and Policies > App Rules .
2. Click the Global Settings icon and select Enable App Rules.

3. Configure an HTTP Client policy to block Microsoft Internet Explorer browser with block page as an action for the policy.

   Here is an example to configure a match object and set the action for the app rule policy. But you can configure and set the action in other ways to allow or block the content.

   1. Create a match object with Web Browser as Match Object Type on OBJECT | Match Objects > Match Objects page and add MSIE Browser to the match object.
   2. Add an app rule with HTTP Client as Policy Type on POLICY | Rule and Policies > App Rules page. Set match object created in previous step in Match Object Included and/or Match Object Excluded options.
4. Access any website using the HTTPS protocol with Internet Explorer to verify it is blocked.

Enabling App Control Service on a Zone