Client DPI-SSL Examples

Policy Configuration : DPI-SSL Overview

Client DPI-SSL Examples

The following sections provide configuration examples:

•

Content Filtering

•

Application Firewall

Content Filtering

To do SonicWALL Content Filtering on HTTPS and SSL-based traffic using DPI-SSL, complete the following steps:

1

Navigate to the DPI-SSL > Client SSL page.

2

Select Enable SSL Inspection and Content Filter.

3

Click Update.

4

Navigate to the Website Blocking > CFS Filter List page and click Configure.

5

Uncheck Enable IP based HTTPS Content Filtering.

6

Select the appropriate categories to be blocked.

7

Click Update.

8

Navigate to a blocked site using the HTTPS protocol to verify that it is properly blocked.

NOTE: For content filtering over DPI-SSL, the first time HTTPS access is blocked resulting in a blank page being displayed. If the page is refreshed, the SonicWALL block page appears.

Application Firewall

NOTE: Application Firewall is supported for appliances running SonicOS 5.8 and higher.

Enable Application Firewall on the Client DPI-SSL screen and Application Firewall on the Application Firewall > Policies screen.

1

Navigate to the DPI-SSL > Client SSL page.

2

Select Enable SSL Inspection and Application Firewall.

3

Click Update.

4

Navigate to the App Control > App Rules page.

5

Enable Application App Rules.

6

Configure an HTTP Client policy to block Microsoft Internet Explorer browser.

7

Select block page as an action for the policy. Click Apply.

8

Access any website using the HTTPS protocol with Internet Explorer and verify that it is blocked.

DPI-SSL also supports Application Level Bandwidth Management over SSL. Application Firewall HTTP bandwidth management policies also applies to content that is accessed over HTTPS when DPI-SSL is enabled for Application Firewall.