Configuring Client DPI-SSL
The Client DPI-SSL deployment scenario is typically used to inspect HTTPS traffic when clients on the LAN browse content located on the WAN. In the Client DPI-SSL scenario, the SonicWall network security appliance typically does not own the certificates and private keys for the content it is inspecting. After the appliance performs DPI-SSL inspection, it re-writes the certificate sent by the remote server and signs this newly generated certificate with the certificate specified in the Client DPI-SSL configuration. By default, this is the SonicWall certificate authority (CA) certificate, or a different certificate can be specified. Users should be instructed to add the certificate to their browser’s trusted list to avoid certificate trust errors.