Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

Troubleshoot DPI-SSL connections

ArkwrightArkwright All-Knowing Sage ✭✭✭✭
in High End Firewalls

There are lots of ways to enable or disable DPI-SSL for any given connection: zone-level, object include/exclude in DPI-SSL settings and access rule.

How can I work out if any given connection is inspected? I am trying to troubleshoot a scenario where a connection should not be inspected but screenshots from customer show the firewall's DPI cert.

Category: High End Firewalls
Reply

Answers

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    "How can I work out if any given connection is inspected?"

    IIRC the UI doesnt provide any indicator of DPI SSL in the connection monitor or elsewhere unfortunately, so it really becomes a manual process.

    Work your way from the Zone setting, to access rules, to exclusions. Temporarily disable DPISSL at each step and verify the functionality changes with the end user.

    Thats probably as good as its gonna get.

  • A_ElliottA_Elliott Enthusiast ✭✭

    I typically go to the DPI-SSL page, then go to the tab "Common Name", and then hit "show connection failures". From the list, I can then exclude specific URLs from DPI.

Sign In or Register to comment.