Trying to properly configure, test, and then deploy DPI-SSL Client but I'm unclear on a few things
First, I'm on SonicOS 188.8.131.52-89n with two NSA 3600's in an HA pair. I've been trying to read through as many SW KB articles as possible but I'm still unclear on somethings. I mainly want to enable DPI-SSL since I've realized that my IDS/IPS and reporting/analytics is pretty much useless without it since I'm currently only seeing HTTP traffic. The plan is to use it with as much as possible (all user computers and network servers's WAN traffic). So I want to enable it and first test with some computers, starting with a single one called IT-LT.
I've looked at:
Questions (see attached screenshots for additional details/info);
- When I click "Enable SSL Client Inspection, and then click any of the items below it, I understand that I need to reboot the Sonicwall, is that correct?
- Are my Exclusion/Inclusion settings correct? - I just want to test on system named IT-LT, which is an Address Object for a FQDN host on the network
- In Network Zones, I see that DPI-SSL Server is currently checked green which I'm not sure if that was a mistake from the previous admin or what. I assume DPI-SSL Client needs to be checked green for WAN and any other zones I want it enabled on, right? I just want to more fully get protection and reporting on Internet traffic to/from user computers and servers - do I need to enable it on those zones too?