Справочник Пользователя для SonicWALL 5.8.1
DPI-SSL > Server SSL
800
SonicOS 5.8.1 Administrator Guide
The DPI-SSL feature is available in SonicOS Enhanced 5.6. The following table shows which
platforms support DPI-SSL and the maximum number of concurrent connections on which the
appliance can perform DPI-SSL inspection.
platforms support DPI-SSL and the maximum number of concurrent connections on which the
appliance can perform DPI-SSL inspection.
Configuring Server DPI-SSL Settings
The Server DPI-SSL deployment scenario is typically used to inspect HTTPS traffic when
remote clients connect over the WAN to access content located on the SonicWALL security
appliance’s LAN. Server DPI-SSL allows the user to configure pairings of an address object and
certificate. When the appliance detects SSL connections to the address object, it presents the
paired certificate and negotiates SSL with the connecting client.
remote clients connect over the WAN to access content located on the SonicWALL security
appliance’s LAN. Server DPI-SSL allows the user to configure pairings of an address object and
certificate. When the appliance detects SSL connections to the address object, it presents the
paired certificate and negotiates SSL with the connecting client.
Afterward, if the pairing defines the server to be 'cleartext' then a standard TCP connection is
made to the server on the original (post NAT remapping) port. If the pairing is not defined to be
cleartext, then an SSL connection to the server is negotiated. This allows for end-to-end
encryption of the connection.
made to the server on the original (post NAT remapping) port. If the pairing is not defined to be
cleartext, then an SSL connection to the server is negotiated. This allows for end-to-end
encryption of the connection.
In this deployment scenario the owner of the SonicWALL UTM owns the certificates and private
keys of the origin content servers. Administrator would have to import server's original
certificate onto the UTM appliance and create appropriate server IP address to server
certificate mappings in the Server DPI-SSL UI.
keys of the origin content servers. Administrator would have to import server's original
certificate onto the UTM appliance and create appropriate server IP address to server
certificate mappings in the Server DPI-SSL UI.
The following sections describe how to configure Server DPI-SSL:
•
•
•
•
Hardware Model
Max Concurrent DPI-SSL connections
NSA 240
100
NSA 2400
250
NSA 3500
250
NSA 4500
350
NSA 5000
1000
NSA E5500
2000
NSA E6500
3000
NSA E7500
8000
NSA E8500
8000