SonicOS 7.1 DPI-SSL
- SonicOS 7.1
- About SonicOS
- About DPI-SSL
- DPI-SSL/TLS Client
- Deploying the DPI-SSL/TLS Client
- Applying DPI-SSL/TLS Client
- Viewing DPI-SSL Status
- DPI-SSL/TLS Server
- SonicWall Support
Configuring Exclusions and Inclusions
By the default, the DPI-SSL applies to all traffic on the appliance when it is enabled. You can configure inclusion or exclusion lists to customize to which traffic DPI-SSL inspection applies. The Inclusion/Exclusion lists provide the ability to specify certain objects or groups. In deployments that process a large amount of traffic, to reduce the CPU impact of DPI-SSL and to prevent the appliance from reaching the maximum number of concurrent DPI-SSL inspected connections, it can be useful to exclude trusted sources.
To customize DPI-SSL server inspection
- Navigate to the POLICY | DPI-SSL > Server SSL.
-
Scroll to the Inclusion/Exclusion section.
-
Select an object or group to exclude or include the Objects or Groups from DPI-SSL inspection.
The Include drop-down menu can be used to fine tune the specified exclusion list. For example, by selecting the Remote-office-California address object in the Exclude drop-down menu and the Remote-office-Oakland address object in the Include drop-down menu.
Object Default Exclude Default Include ADDRESS OBJECT/GROUP None All USER OBJECT/GROUP - Click Accept.
Was This Article Helpful?
Help us to improve our support portal