SonicOS 7.1 DPI-SSL

Configuring Exclusions and Inclusions

By the default, the DPI-SSL applies to all traffic on the appliance when it is enabled. You can configure inclusion or exclusion lists to customize to which traffic DPI-SSL inspection applies. The Inclusion/Exclusion lists provide the ability to specify certain objects or groups. In deployments that process a large amount of traffic, to reduce the CPU impact of DPI-SSL and to prevent the appliance from reaching the maximum number of concurrent DPI-SSL inspected connections, it can be useful to exclude trusted sources.

To customize DPI-SSL server inspection

  1. Navigate to the POLICY | DPI-SSL > Server SSL.
  2. Scroll to the Inclusion/Exclusion section.

  3. Select an object or group to exclude or include the Objects or Groups from DPI-SSL inspection.

    The Include drop-down menu can be used to fine tune the specified exclusion list. For example, by selecting the Remote-office-California address object in the Exclude drop-down menu and the Remote-office-Oakland address object in the Include drop-down menu.

    Object Default Exclude Default Include
    ADDRESS OBJECT/GROUP None All
    USER OBJECT/GROUP
  4. Click Accept.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

  • Hidden
  • Hidden

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.
  • Hidden
  • Hidden