Tech Tips: DPI SSL - Need of the hour
With everything being SSL encrypted like emails, web content, file transfers it is now more important to protect against attacks that can happen through these encrypted channels. SonicWall has an amazing security service engine but the data that needs to be fed to it has to be decrypted first.
Deep Packet Inspection of Secure Socket Layer (DPI-SSL) extends SonicWall’s Deep Packet Inspection technology to allow for the inspection of encrypted HTTPS traffic and other SSL based traffic. The SSL traffic is decrypted transparently, scanned for threats and then re-encrypted and sent along to its destination if no threats or vulnerabilities are found. DPI-SSL provides additional security, application control, and data leakage prevention for analyzing encrypted HTTPS and other SSL-based traffic.
Here's a quick FAQ sheet on it:
Also, it can be configured by following the steps given in the KB below:
This feature is not just a check box but needs some homework. We would need to perform the DPI SSL certificate deployment before we can turn it ON. The following KB lists all the different methods that can be used for the same.
To learn more about this feature, you can check out:
Also, enabling DPI SSL license is now easy on mysonicwall. It is made available for free on all Gen 6 and 6.5 appliances. Please click on the product of choice and enable the DPI SSL license as below.
I hope you find this useful!
Thank you and stay safe!!
Technical Support Advisor, Premier Services