sonicwall:dpi:how_can_i_configure_client_dpi_ssl
Differences
This shows you the differences between two versions of the page.
| sonicwall:dpi:how_can_i_configure_client_dpi_ssl [2021/07/13 08:14] – created aperez | sonicwall:dpi:how_can_i_configure_client_dpi_ssl [2021/07/13 08:22] (current) – aperez | ||
|---|---|---|---|
| Line 24: | Line 24: | ||
| * Once DPI-SSL Client Inspection is enabled, SonicWall will seamlessly and transparently decrypt all SSL traffic passing through it. You will be able to apply Security Services on the clear-text portion of the SSL encrypted payload passing through it. | * Once DPI-SSL Client Inspection is enabled, SonicWall will seamlessly and transparently decrypt all SSL traffic passing through it. You will be able to apply Security Services on the clear-text portion of the SSL encrypted payload passing through it. | ||
| - | {{: | + | {{: |
| o avoid certificate trust errors and to enable the re-signing certificate authority to successfully re-sign certificates, | o avoid certificate trust errors and to enable the re-signing certificate authority to successfully re-sign certificates, | ||
| Line 31: | Line 31: | ||
| **Certificate Authority (CA) Certificate: | **Certificate Authority (CA) Certificate: | ||
| - | {{: | + | {{: |
| **NOTE:** It is recommended to use 2048 bit DPI-SSL certificate instead of 1024 bit certificate | **NOTE:** It is recommended to use 2048 bit DPI-SSL certificate instead of 1024 bit certificate | ||
| Line 37: | Line 37: | ||
| As computer power increases, anything less than 2048-bit certificates are at risk of being compromised by hackers with sophisticated processing capabilities. The cybersecurity industry is moving to stronger 2048-bit encryption to help preserve internet security | As computer power increases, anything less than 2048-bit certificates are at risk of being compromised by hackers with sophisticated processing capabilities. The cybersecurity industry is moving to stronger 2048-bit encryption to help preserve internet security | ||
| - | + | **Internet Explorer:, | |
| - | + | ||
| - | Internet Explorer:, | + | |
| Click Trusted Root Certification Authorities tab and click Import. The Certificate Import Wizard will guide you through importing the certificate. | Click Trusted Root Certification Authorities tab and click Import. The Certificate Import Wizard will guide you through importing the certificate. | ||
| + | {{: | ||
| + | |||
| + | {{: | ||
| + | |||
| + | {{: | ||
| + | |||
| + | {{: | ||
| + | |||
| + | |||
| + | **Firefox, Navigate to Tools | Options, click the Advanced tab and then the Encryption tab. Click View Certificates, | ||
| + | ** | ||
| + | |||
| + | {{: | ||
| + | |||
| + | {{: | ||
| + | |||
| + | {{: | ||
| + | |||
| + | {{: | ||
| + | |||
| + | **Mac, Double-click the certificate file, select Keychain menu, click X509 Anchors, and then click OK. Enter the system username and password and click OK.** | ||
| + | |||
| + | **How to Test:** | ||
| + | |||
| + | Start a packet capture on the SonicWall. Make sure you have enabled M**onitor intermediate SSL decrypted traffic** under the Advanced tab of **Packet Monitor**. Go to **https:// | ||
| + | |||
| + | {{: | ||
| + | |||
| + | The screen shot below is an example of ESMTP (465) traffic being decrypted. | ||
| + | {{: | ||
sonicwall/dpi/how_can_i_configure_client_dpi_ssl.1626182047.txt.gz · Last modified: 2021/07/13 08:14 by aperez