DPI-SSL inspection and UniFi equipment
I recently installed a new TZ570 at a customer site along with some UniFi AP's and a Cloud Key. With DPI-SSL enabled, the access points were not able to be adopted by the UBNT Cloud Key. I disabled DPI-SSL inspection and we were then able to adopt the AP's and finish configuring them. Once we adopted them, we set static ip's for all Ubiquiti equipment. I would like to re-enable DPI-SSL as quick as possible and am trying to pick the best course of action. Should I :
- Add the Ubiquiti equipment by their static ip addresses to a DPI-SSL exclusion Address Group?
- Add the UBNT common name, network.unifi.ui.com, to the list of DPI-SSL exclusions?