• SonicOS 7.1
• About SonicOS
  • Working with SonicOS
  • SonicOS Workflow
  • How to Use the SonicOS Administration Guides
  • Guide Conventions
• About DPI-SSL
  • Using DPI-SSL
    • Supported Features
      • Support for Local CRL
      • TLS Certificate Status Request Extension
      • Support for Ciphers
      • DPI-SSL and CFS HTTPS Content Filtering Work Independently
      • Original Port Numbers Retained in Decrypted Packets
    • Security Services
  • Deployment Scenarios
  • Proxy Deployment
  • Customizing DPI-SSL
  • Connections per Appliance Model
• DPI-SSL/TLS Client
  • Deploying the DPI-SSL/TLS Client
    • Configuring General DPI-SSL/TLS Client Settings
      • Enabling DPI-SSL Client on a Zone
    • Selecting the Re-Signing Certificate Authority
      • Adding Trust to the Browser
    • Configuring Exclusions and Inclusions
      • Configuring Exclusions and Inclusions by Objects and Groups
      • Configuring Exclusions and Inclusions by Common Name
        • Viewing Status of DPI-SSL Default Exclusions
        • Rejecting or Accepting Default Common Names
        • Adding Custom Common Names
        • Editing Custom Common Names
        • Deleting Custom Common Names
        • Showing Connection Failures
        • Updating Default Exclusions Manually
      • Configuring Exclusions and Inclusions by CFS Category
  • Applying DPI-SSL/TLS Client
    • Performing Content Filtering using DPI-SSL
    • Filtering Content by App Rules using DPI-SSL
      • Enabling App Control Service on a Zone
  • Viewing DPI-SSL Status
• DPI-SSL/TLS Server
  • Deploying the DPI-SSL/TLS Server
    • Configuring General DPI-SSL/TLS Server Settings
      • Enabling DPI-SSL Server on a Zone
    • Configuring Exclusions and Inclusions
    • Configuring Server-to-Certificate Pairings
• SonicWall Support
  • About This Document

Configuring Exclusions and Inclusions by Common Name

You can add trusted domain names to the exclusion list. Adding trusted domains to the Built-in exclusion database reduces the CPU effect of DPI-SSL and prevents the appliance from reaching the maximum number of concurrent DPI-SSL inspected connections.

From Common Name section, you can:

• View the list of default common names excluded from DPI-SSL inspection.
• Reject or Approve the default common names.
• Add custom trusted domain names to:
  • Exclusion list.
  • Skip CFS Category-based Exclusion list.

  • Skip authenticating the server list.

    Opt-out of authenticating the server for this domain if authenticating the server results in the connection being blocked. Enable this setting only if the server is a trusted domain.

• Delete the custom common names.
• Import exclusions manually If you work in a closed environment or prefer to update default exclusions manually.
• Refresh the COMMON NAME EXCLUSIONS/INCLUSIONS table to get the latest data.

• Viewing Status of DPI-SSL Default Exclusions
• Rejecting or Accepting Default Common Names
• Adding Custom Common Names
• Editing Custom Common Names
• Deleting Custom Common Names
• Showing Connection Failures
• Updating Default Exclusions Manually