SonicOS 7.0 DPI-SSL
- SonicOS 7.0
- About DPI-SSL
- DPI-SSL/TLS Client
- Deploying the DPI-SSL/TLS Client
- Applying DPI-SSL/TLS Client
- Viewing DPI-SSL Status
- DPI-SSL/TLS Server
- SonicWall Support
Configuring Server-to-Certificate Pairings
Server DPI-SSL inspection requires that you specify which certificate is used to sign traffic for each server that has DPI-SSL inspection performed on its traffic.
To configure a server-to-certificate pairing
- Navigate to the POLICY | DPI-SSL > Server SSL page.
-
Scroll to the SSL Servers section.
-
Click +Add. The Server DPI-SSL - SSL Server Setting dialog displays.
-
From Address Object/Group, select the address object or group for the server or servers to which you want to apply DPI-SSL inspection.
-
From SSL Certificate, select the certificate to be used to sign the traffic for the server. This certificate is used to sign traffic for each server that has DPI-SSL Server inspection performed on its traffic. For more information on:
-
Importing a new certificate to the appliance, see Selecting the Re-Signing Certificate Authority.
-
Creating a Linux certificate.
Clicking the (
Manage Certificates
) link displays the DEVICE | Settings > Certificates page.
-
Select Cleartext to enable SSL offloading. When adding server-to-certificate pairs, the Cleartext option provides a method of sending unencrypted data onto a server. This option is not selected by default.
For such a configuration to work properly, a NAT policy needs to be created for this server on the POLICY | Rules and Policies > NAT Rules page to map traffic destined for the offload server from an SSL port to a non-SSL port. Traffic must be sent over a port other than 443. For example, for HTTPS traffic used with SSL offloading, an inbound NAT policy remapping traffic from port 443 to port 80 needs to be created for things to work properly.
-
Click Add.
Was This Article Helpful?
Help us to improve our support portal