• SonicOS 7.0
• About DPI-SSL
  • Using DPI-SSL
    • Supported Features
      • Support for Local CRL
      • TLS Certificate Status Request Extension
      • Support for Ciphers
      • DPI-SSL and CFS HTTPS Content Filtering Work Independently
      • Original Port Numbers Retained in Decrypted Packets
    • Security Services
  • Deployment Scenarios
  • Proxy Deployment
  • Customizing DPI-SSL
  • Connections per Appliance Model
• DPI-SSL/TLS Client
  • Deploying the DPI-SSL/TLS Client
    • Configuring General DPI-SSL/TLS Client Settings
      • Enabling DPI-SSL Client on a Zone
    • Selecting the Re-Signing Certificate Authority
      • Adding Trust to the Browser
    • Configuring Exclusions and Inclusions
      • Configuring Exclusions and Inclusions by Objects and Groups
      • Configuring Exclusions and Inclusions by Common Name
        • Viewing Status of DPI-SSL Default Exclusions
        • Rejecting or Accepting Default Common Names
        • Adding Custom Common Names
        • Editing Custom Common Names
        • Deleting Custom Common Names
        • Showing Connection Failures
        • Updating Default Exclusions Manually
      • Configuring Exclusions and Inclusions by CFS Category
  • Applying DPI-SSL/TLS Client
    • Performing Content Filtering using DPI-SSL
    • Filtering Content by App Rules using DPI-SSL
      • Enabling App Control Service on a Zone
  • Viewing DPI-SSL Status
• DPI-SSL/TLS Server
  • Deploying the DPI-SSL/TLS Server
    • Configuring General DPI-SSL/TLS Server Settings
      • Enabling DPI-SSL Server on a Zone
    • Configuring Exclusions and Inclusions
    • Configuring Server-to-Certificate Pairings
• SonicWall Support
  • About This Document

Excluding/Including Common Names

To exclude/include entities by common name

1. Navigate to the POLICY | DPI-SSL > Client SSL page.
2. Click Common Name.

3. Scroll to Common Name: Exclusions/Inclusions.

   

4. You can control the display of the common names by selecting the following options:

   • View options:
     • All – Displays all common names.
     • Default – Displays the default common names (excludes Custom).
     • Custom – Displays only common names you have added.

5. By default, all Built-in common names are approved. You can reject the approval of a Built-in common name by:

   1. Clicking the Reject this built-in name icon in the Configure column for the common name. A confirmation message displays.

      

   2. Click OK.

The Reject icon becomes an Accept icon, and Approved in the Built-in column becomes Rejected.

Built-in common names cannot be modified or deleted, but you can reject or accept them.

To accept a rejected Built-in common name

1. Click its Accept this built in name icon. A confirmation message displays.

   

2. Click OK.

6. To add a custom common name, click +Add. The Add Common Names dialog displays.

   

   1. Add one or more common names in the field. Separate multiple entries with commas or newline characters.

   2. Specify the type of Action:

      • Exclude (default)
      • Skip CFS Category-based Exclusion

      • Skip authenticating the server to opt out of authenticating the server for this domain if doing so results in the connection being blocked. Enable this option only if the server is a trusted domain.

   3. DPI-SSL dynamically determines if a connection should be intercepted (included) or excluded, based on policy or configuration. When DPI-SSL extracts the domain name for the connection, exclusion information is readily available for subsequent connections to the same server/domain.

      To Enable or Disable use of dynamic exclusion cache (both server IP and common-name based), select an option from the Always authenticate server before applying exclusion policy drop-down menu. Use Global Setting is selected by default.

   4. Click Accept.

      The Common Name Exclusions/Inclusions table is updated, with Custom in the Built-in column. If the Always authenticate server before applying exclusion policy option has been selected, an Information icon displays next to Custom in the Built-in column.

      Mouse over the Information icon to see which custom attributes were selected. If a common name was added through the Connection Failure List, the Information icon indicates the type of failure:

      • Skip CFS category exclusion
      • Skip Server authentication
      • Failed to authenticate server
      • Failed Client handshake
      • Failed Server handshake

      To delete the entry, click the Delete icon in the Configure column.

7. You can search for common names by specifying a filter.

   1. In the Filter field, enter a name by specifying the name in this syntax: name:mycommonname.
   2. Click Filter.

8. Click Accept.