SonicOS 7.0 DPI-SSL
- SonicOS 7.0
- About DPI-SSL
- DPI-SSL/TLS Client
- Deploying the DPI-SSL/TLS Client
- Applying DPI-SSL/TLS Client
- Viewing DPI-SSL Status
- DPI-SSL/TLS Server
- SonicWall Support
Configuring Exclusions and Inclusions
By default, the DPI-SSL applies to all traffic on the appliance when it is enabled. You can configure inclusion/exclusion lists to customize to which traffic DPI-SSL inspection applies. The Inclusion/Exclusion lists provide the ability to specify certain objects or groups. In deployments that process a large amount of traffic, to reduce the CPU impact of DPI-SSL and to prevent the appliance from reaching the maximum number of concurrent DPI-SSL inspected connections, it can be useful to exclude trusted sources.
To customize DPI-SSL server inspection
- Navigate to the POLICY | DPI-SSL > Server SSL page.
-
Scroll to the Inclusion/Exclusion section.
-
From Address Object/Group Exclude, select an address object or group to exclude from DPI-SSL inspection. By default, Exclude is set to None.
-
From Address Object/Group Include, select an address object or group to include in DPI-SSL inspection. By default, Include is set to All.
Include can be used to fine tune the specified exclusion list. For example, by selecting the Remote-office-California address object from Exclude and the Remote-office-Oakland address object from Include.
-
From User Object/Group Exclude, select an address object or group to exclude from DPI-SSL inspection. By default, Exclude is set to None.
-
From User Object/Group Include, select an address object or group to include in DPI-SSL inspection. By default, Include is set to All.
-
Click Accept.
Was This Article Helpful?
Help us to improve our support portal