SonicOS 7.0 DPI-SSL
- SonicOS 7.0
- About DPI-SSL
- DPI-SSL/TLS Client
- Deploying the DPI-SSL/TLS Client
- Applying DPI-SSL/TLS Client
- Viewing DPI-SSL Status
- DPI-SSL/TLS Server
- SonicWall Support
Excluding/Including Common Names
To exclude/include entities by common name
- Navigate to the POLICY | DPI-SSL > Client SSL page.
- Click Common Name.
-
Scroll to Common Name: Exclusions/Inclusions.
-
You can control the display of the common names by selecting the following options:
- View options:
- All – Displays all common names.
- Default – Displays the default common names (excludes Custom).
- Custom – Displays only common names you have added.
- View options:
-
By default, all Built-in common names are approved. You can reject the approval of a Built-in common name by:
-
Clicking the Reject this built-in name icon in the Configure column for the common name. A confirmation message displays.
- Click OK.
-
The Reject icon becomes an Accept icon, and Approved in the Built-in column becomes Rejected.
Built-in common names cannot be modified or deleted, but you can reject or accept them.
To accept a rejected Built-in common name
Click its Accept this built in name icon. A confirmation message displays.
- Click OK.
-
To add a custom common name, click +Add. The Add Common Names dialog displays.
- Add one or more common names in the field. Separate multiple entries with commas or newline characters.
-
Specify the type of Action:
- Exclude (default)
- Skip CFS Category-based Exclusion
-
Skip authenticating the server to opt out of authenticating the server for this domain if doing so results in the connection being blocked. Enable this option only if the server is a trusted domain.
-
DPI-SSL dynamically determines if a connection should be intercepted (included) or excluded, based on policy or configuration. When DPI-SSL extracts the domain name for the connection, exclusion information is readily available for subsequent connections to the same server/domain.
To Enable or Disable use of dynamic exclusion cache (both server IP and common-name based), select an option from the Always authenticate server before applying exclusion policy drop-down menu. Use Global Setting is selected by default.
-
Click Accept.
The Common Name Exclusions/Inclusions table is updated, with Custom in the Built-in column. If the Always authenticate server before applying exclusion policy option has been selected, an Information icon displays next to Custom in the Built-in column.
Mouse over the Information icon to see which custom attributes were selected. If a common name was added through the Connection Failure List, the Information icon indicates the type of failure:
- Skip CFS category exclusion
- Skip Server authentication
- Failed to authenticate server
- Failed Client handshake
- Failed Server handshake
To delete the entry, click the Delete icon in the Configure column.
-
You can search for common names by specifying a filter.
- In the Filter field, enter a name by specifying the name in this syntax: name:mycommonname.
- Click Filter.
-
Click Accept.
Was This Article Helpful?
Help us to improve our support portal