Tech Tips - Best practices for protection against ransomware
shiprasahu93
Moderator
Hello Everyone,
It is highly important to have your network protected from any kind of possible attack. Ransomware can be devastating to an individual or an organization and is the worst of them all. It is therefore, very essential to know the best practices to be followed to keep your network safe.
Please go through the article below for the same
As we know that most of the traffic these days is encrypted, it is highly essential that the firewall can understand and scan them even though they are encrypted. It is also very important to have DPI-SSL turned ON for the same as most of the protection techniques will need that feature to work efficiently. The KB below explains the procedure for that.
If you have a large environment and need help with distributing the DPI-SSL certificate to all clients, you can either choose to use Group policy, DPI-SSL enforcement service, or if you are already using the Capture Client, you can distribute the certificate using CC.
Have a good one and stay safe!!
Shipra Sahu
Technical Support Advisor, Premier Services
Comments
Is there a newer guide on how to Configure Client DPI-SSL to include adding the certificates to Chrome and Edge? I have an NSa 2650 and want to enable DPI-SSL.
Hi @Rinconmike,
Please take a look at the below KB article for client DPI-SSL configuration on the SonicWall.
Please take a look at the below KB article for distributing the certificate to client PC's.
Hope this helps.
Regards
Saravanan V
Technical Support Advisor - Premier Services
Professional Services
Hello @Rinconmike,
Please take a look at the KB below. It lists various methods of distributing the DPI SSL certificate. This will help you across multiple client types and browsers.
I hope this helps!
Thanks!
Shipra Sahu
Technical Support Advisor, Premier Services
Thanks. I got the certificate installed on my windows 10 through the MMC and can now got to HTTPS sites. Next is on android and ios. I installed the cert on an android phone but i still cannot access secure sites through apps (like a banking app). Any ideas?
Hello @Rinconmike,
Most of the banking applications use certificate pinning. Since DPI SSL is like man in the middle, it might not be able to scan such applications for security reasons.
So, the application is programmed to look at the certificate designed for it and not the store where you are installing the DPI SSL certificate. I would suggest keeping such domains excluded from DPI SSL. You can also choose to exclude banking category from DPI SSL.
Thanks!
Shipra Sahu
Technical Support Advisor, Premier Services
Thanks. That worked. I do not block most of the items listed using CFS (only a few categories). When using DPI, is good practice to exclude a few items like the banking or leave most unchecked and include items like malware or unrated? Under good practice article, for CFS, it recommends at a min check Malware and Unrated. Under CFS I only have checked Malware and a couple other items. I only have around 6 users and we really do not need to filter content.