Access Rules and DPI SSL - which is first?
Simon_Weel
Enthusiast ✭✭
I'm puzzled. DPI-SSL is a bit troublesome. Decided to switch it on (again) this week and see what happens. I occasionally look at the Show Connection Failures table. And among others, it lists v10.events.data.microsoft.com with a Server handshake error-error:00000001:lib(0):func(0):reason(1). This site is related to Windows 10 telemetry and can be blocked without problems. So I created an Access Rule to Deny outgoing traffic to this domain. It lists a lot of hits, so it's doing it's job. Or does it? Because if I check the DPI-SSL Connection Failure List, it's still listed?
So I wonder what's first - the Access Rule to block this site, or the DPI-SSL check? Or maybe I miss-configured something?
Category: Firewall Security Services
0
Answers
Hi @Simon_Weel ,
deponds on Sonic Os versions. you can find out below pictures.
SONIC OS 7 Packet process diagram.
SONIC OSX 7 Packet process diagram.
Hmm, still not clear? It doesn't outline the exact route of a packet. I assumed it would first check Access Rules and then, if passed, drop into the Security Services. Diagram doesn't show....
@MitatOnge where did you find those? Referring to this thread even the referenced KB doesnt have it...
https://community.sonicwall.com/technology-and-support/discussion/comment/7594
@TKWITS you can find below link.
1) packet comes to sonicwall
2) packet process start for rule lookup and match. if there is DPI-SSL rules packet will be decrypting for scaning. After scanning packet will encryption for send to destination.
you can find details.