Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

DPI-SSL inspection and UniFi equipment

HIS_DanielHIS_Daniel Enthusiast ✭✭
in Entry Level Firewalls

Hello,

I recently installed a new TZ570 at a customer site along with some UniFi AP's and a Cloud Key. With DPI-SSL enabled, the access points were not able to be adopted by the UBNT Cloud Key. I disabled DPI-SSL inspection and we were then able to adopt the AP's and finish configuring them. Once we adopted them, we set static ip's for all Ubiquiti equipment. I would like to re-enable DPI-SSL as quick as possible and am trying to pick the best course of action. Should I :

  1. Add the Ubiquiti equipment by their static ip addresses to a DPI-SSL exclusion Address Group?
  2. Add the UBNT common name, network.unifi.ui.com, to the list of DPI-SSL exclusions?
  3. Both?

Thank you,

Category: Entry Level Firewalls
Reply

Best Answer

Answers

  • shiprasahu93shiprasahu93 Moderator

    @HIS_Daniel,

    It would be best to go with Option 1 as suggested by @BWC. The common name might change or there might be dependencies on other common names, so it would be ideal to exclude the address object.

    Thanks!

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • HIS_DanielHIS_Daniel Enthusiast ✭✭

    Hello @BWC and @shiprasahu93

    Thank you for the replies. I figured that was the best way to go, just wanted some confirmation.

    Thank you again!

Sign In or Register to comment.