SonicOS 7.0 DPI-SSL
- SonicOS 7.0
- About DPI-SSL
- DPI-SSL/TLS Client
- Deploying the DPI-SSL/TLS Client
- Applying DPI-SSL/TLS Client
- Viewing DPI-SSL Status
- DPI-SSL/TLS Server
- SonicWall Support
Supported Features
Deep Packet Inspection of Secure Socket Layer (DPI-SSL) extends SonicWall’s Deep Packet Inspection technology to the inspection of encrypted HTTPS traffic and other SSL-based traffic. The SSL traffic is decrypted (intercepted) transparently, scanned for threats, and then re-encrypted and, if no threats or vulnerabilities are found, sent along to its destination.
DPI-SSL provides additional security, application control, and data-leakage prevention for analyzing encrypted HTTPS and other SSL-based traffic. DPI-SSL supports:
- Transport Layer Security (TLS) Handshake Protocol 1.2 and earlier versions – The TLS 1.2 communication protocol is supported during SSL inspection/decryption between the firewall and the server in DPI-SSL deployments (previously, TLS 1.2 was only supported between client and firewall). SonicOS also supports TLS 1.2 in other areas as well.
- SHA-256 – All re-signed server certificates are signed with the SHA-256 hash algorithm.
- Perfect Forward Secrecy (PFS) – Perfect Forward Secrecy-based ciphers and other stronger ciphers are prioritized over weak ciphers in the advertised cipher suite. As a result, the client or server is not expected to negotiate a weak cipher unless the client or server does not support a strong cipher.
DPI-SSL also supports application-level Bandwidth Management over SSL tunnels. App Rules HTTP bandwidth management policies also applies to content that is accessed over HTTPS when DPI-SSL is enabled for App Rules.
DPI-SSL for both client and server can be controlled by Access Rules.
- Support for Local CRL
- TLS Certificate Status Request Extension
- Blocking of SSH X11 Forwarding
- Support for ECDSA-Related Cipher
- DPI-SSL and CFS HTTPS Content Filtering Work Independentlyt
- Original Port Numbers Retained in Decrypted Packets
Was This Article Helpful?
Help us to improve our support portal