• SonicOS 7.1
• About SonicOS
  • Working with SonicOS
  • SonicOS Workflow
  • How to Use the SonicOS Administration Guides
  • Guide Conventions
• About DPI-SSL
  • Using DPI-SSL
    • Supported Features
      • Support for Local CRL
      • TLS Certificate Status Request Extension
      • Support for Ciphers
      • DPI-SSL and CFS HTTPS Content Filtering Work Independently
      • Original Port Numbers Retained in Decrypted Packets
    • Security Services
  • Deployment Scenarios
  • Proxy Deployment
  • Customizing DPI-SSL
  • Connections per Appliance Model
• DPI-SSL/TLS Client
  • Deploying the DPI-SSL/TLS Client
    • Configuring General DPI-SSL/TLS Client Settings
      • Enabling DPI-SSL Client on a Zone
    • Selecting the Re-Signing Certificate Authority
      • Adding Trust to the Browser
    • Configuring Exclusions and Inclusions
      • Configuring Exclusions and Inclusions by Objects and Groups
      • Configuring Exclusions and Inclusions by Common Name
        • Viewing Status of DPI-SSL Default Exclusions
        • Rejecting or Accepting Default Common Names
        • Adding Custom Common Names
        • Editing Custom Common Names
        • Deleting Custom Common Names
        • Showing Connection Failures
        • Updating Default Exclusions Manually
      • Configuring Exclusions and Inclusions by CFS Category
  • Applying DPI-SSL/TLS Client
    • Performing Content Filtering using DPI-SSL
    • Filtering Content by App Rules using DPI-SSL
      • Enabling App Control Service on a Zone
  • Viewing DPI-SSL Status
• DPI-SSL/TLS Server
  • Deploying the DPI-SSL/TLS Server
    • Configuring General DPI-SSL/TLS Server Settings
      • Enabling DPI-SSL Server on a Zone
    • Configuring Exclusions and Inclusions
    • Configuring Server-to-Certificate Pairings
• SonicWall Support
  • About This Document

Performing Content Filtering using DPI-SSL

To perform SonicWall Content Filtering on HTTPS and SSL-based traffic using DPI-SSL

Make sure that Enable SSL Inspection and Content Filter options are enabled on General tab of POLICY | DPI-SSL > Client SSL. For more information, refer to Configuring General DPI-SSL/TLS Client Settings.

To perform SonicWall Content Filtering on HTTPS and SSL-based traffic using DPI-SSL

1. Create a content filter profile object on OBJECT | Profile Objects > Content Filter.

2. Configure a content filter rule on POLICY | Rules and Policies > Content Filter Rules.

   Make sure to select:

   • Content filter Profile object created on OBJECT | Profile Objects > Content Filter.
   • Default content filter Action object from the drop-down menu as the default action object is configured to Block, Confirm, or Passphrase the page or create a content filter action object for Block, Confirm, or Passphrase page on OBJECT | Action Objects > Content Filter Actions.

3. Navigate to POLICY | Security Services > Content Filter.

   Make sure that SonicWall CFS is selected for the Content Filter Type from the drop-down menu.

4. Scroll to the Global Settings section.

   Make sure that Enable Content Filtering Service is selected.

   By the default, Enable Content Filtering Service is selected.

   

5. Click Accept.

6. Navigate to a blocked, confirmed, or passphrased site using the HTTPS protocol to verify that it is properly blocked, confirmed, or passphrased.

   For content filtering over DPI-SSL, the first time HTTPS access is blocked results in a blank page being displayed. If the page is refreshed, the user sees the firewall block page.