Configuring Server SSL

The Server DPI-SSL deployment scenario is typically used to inspect HTTPS traffic when remote clients connect over the WAN to access content located on the SonicWALL security appliance’s LAN. Server DPI-SSL allows the user to configure pairings of an address object and certificate. When the appliance detects SSL connections to the address object, it presents the paired certificate and negotiates SSL with the connecting client.

Afterward, if the pairing defines the server to be cleartext, then a standard TCP connection is made to the server on the original (post NAT remapping) port. If the pairing is not defined to be cleartext, then an SSL connection to the server is negotiated. This allows for end-to-end encryption of the connection.

In this deployment scenario, the owner of the SonicWALL firewall appliance also owns the certificates and private keys of the original content servers. The administrator would have to import the server's original certificate onto the SonicWALL firewall appliance and create an appropriate server IP address linked to server certificate mappings in the Server DPI-SSL UI.

The following sections describe how to configure Server DPI-SSL:

•	Configuring General Server DPI-SSL Settings

•	Configuring the Exclusion List

•	Configuring Server-to-Certificate Pairings

•	SSL Offloading