Справочник Пользователя для SonicWALL 5.8.1
DPI-SSL > Server SSL
802
SonicOS 5.8.1 Administrator Guide
•
On the User Object/Group line, select a user object or group from the Exclude pulldown
menu to exempt it from DPI-SSL inspection.
menu to exempt it from DPI-SSL inspection.
Note
The Include pulldown menu can be used to fine tune the specified exclusion list. For
example, by selecting the Remote-office-California address object in the Exclude
pulldown and the Remote-office-Oakland address object in the Include pulldown.
example, by selecting the Remote-office-California address object in the Exclude
pulldown and the Remote-office-Oakland address object in the Include pulldown.
Configuring Server-to-Certificate Pairings
Server DPI-SSL inspection requires that you specify which certificate will be used to sign traffic
for each server that will have DPI-SSL inspection performed on its traffic. To configure a server-
to-certificate pairing, perform the following steps:
for each server that will have DPI-SSL inspection performed on its traffic. To configure a server-
to-certificate pairing, perform the following steps:
1.
Navigate to the DPI-SSL > Server SSL page and scroll down to the SSL Servers section.
2.
Click the Add button.
3.
In the Address Object/Group pulldown menu, select the address object or group for the
server or servers that you want to apply DPI-SSL inspection to.
server or servers that you want to apply DPI-SSL inspection to.
4.
In the SSL Certificate pulldown menu, select the certificate that will be used to sign the
traffic for the server. For more information on importing a new certificate to the appliance,
see
traffic for the server. For more information on importing a new certificate to the appliance,
see
. For information on
creating a certificate, see
5.
Select the Cleartext checkbox to enable SSL offloading. See
for more information.
6.
Click Add.
SSL Offloading
When adding server-to-certificate pairs, a cleartext option is available. This option indicates
that the portion of the TCP connection between the UTM appliance and the local server will be
in the clear without SSL layer, thus allowing SSL processing to be offloaded from the server by
the appliance.
that the portion of the TCP connection between the UTM appliance and the local server will be
in the clear without SSL layer, thus allowing SSL processing to be offloaded from the server by
the appliance.
Please note that in order for such configuration to work properly, a NAT policy needs to be
created on the Network > NAT Policies page to map traffic destined for the offload server from
an SSL port to a non-SSL port. For example, in case of HTTPS traffic being used with SSL
offloading, an inbound NAT policy remapping traffic from port 443 to port 80 needs to be
created in order for things to work properly.
created on the Network > NAT Policies page to map traffic destined for the offload server from
an SSL port to a non-SSL port. For example, in case of HTTPS traffic being used with SSL
offloading, an inbound NAT policy remapping traffic from port 443 to port 80 needs to be
created in order for things to work properly.