DPI-SSL and Content Filtering
Awhile back Sonicwall changed the way DPI-SSL and content filtering interact. Currently, it says if you want CFS to handle HTTPS you have to have content filtering unchecked under DPI-SSL. What I'd like to know is what if any role the CFS category tab plays anymore. If content filtering is unchecked and left to CFS to handle, then does the category selection really mean anything? I've had some confusing results in tests I've done, but the categories selected on that page do NOT seem to work if content filtering is checked under DPI-SSL, in which that tab seems to serve no purpose under recent firmware releases, like an artifact page that should be removed.
Further, if that is unchecked and CFS blocks, you will not get the block screen for HTTPS, but a connection failure, a behavior they describe. If you do leave it checked, a blocked HTTPS site will show the block screen, which would be the more desirable behavior. I wonder if this is another change for which I haven't seen documentation. This is with changing allowed categories under CFS Profile Objects. Changing category permission under DPI-SSL seems to have no effect whatsoever.
Can someone explain the various interactions of these settings? Is there a bug, or just a sloppy, poorly documented way this is all handled?