Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

SSL-DPI Client

I have a TZ570, which interfaces do I need to enable? Just the LAN? Going to implement CFS with our CA root certificate
Category: Mid Range Firewalls
Reply

Best Answers

Answers

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @Chechler_2 I guess we're talking about Client DPI-SSL and this has to be enabled on Policy -> DPI-SSL -> Client SSL and in the Zone you like to have the encrypted traffic inspected, e.g. LAN.

    For obvious reasons I would not import the company CA cert, this should be kept away from any device except the CA server. I would go with a Sub CA for DPI-SSL, but you have to distribute this Sub CA to your clients as well, because the Firewall is not able to return the whole certificate chain.

    --Michael@BWC

  • MitatOngeMitatOnge All-Knowing Sage ✭✭✭✭
  • Chechler_2Chechler_2 Newbie ✭

    @BWC

    Thanks again for your quick responses. Certificate statement understood. I still will like to know which interface(s) (WAN, LAN, WIFI, etc) to enable the Deep Packet Inspection.

  • Chechler_2Chechler_2 Newbie ✭

    @MitatOnge

    Thanks for the link to the article, very helpful. As I mentioned above, I was wondering which Interface(s) (WAN,LAN,WIFI,etc) need to be enabled for the Deep Packet Inspection.

Sign In or Register to comment.