SonicOS 7.1 Firewall
- SonicOS 7.1
- About SonicOS
- About Firewall
- Advanced
- Flood Protection
- SSL Control
- Cipher Control
- Real-Time Black List (RBL) Filter
- Use cases
Enabling SSL Control on Zones
After SSL Control has been globally enabled, and the desired options have been configured, SSL Control must be enabled on one or more zones. When SSL Control is enabled on the zone, the firewall looks for Client Hellos sent from clients on that zone through the firewall will trigger inspection. The firewall then looks for the Server Hello and Certificate that is sent in response for evaluation against the configured policy. Enabling SSL Control on the LAN zone, for example, will inspect all SSL traffic initiated by clients on the LAN to any destination zone.
If you are activating SSL Control on a zone (for example, the LAN zone) where there are clients who will be accessing an SSL server on another zone connected to the firewall (for example, the DMZ zone), it is recommended that you add the subject common name of that server’s certificate to the whitelist to ensure continuous trusted access.
To enable SSL Control on a zone:
- Navigate to Object > Match Objects > Zones page.
-
Click Edit icon for the desired zone. The Zone Settings > General dialog displays.
- Select the Enable SSL Control option.
- Click Save. All new SSL connections initiated from that zone are now subject to inspection.
Was This Article Helpful?
Help us to improve our support portal