DPI-SSL -SonicWall Deep Packet Inspection of SSL/TLS Encrypted Traffic
One of the recent project required to setup DPI-SSL for the network. Customer need to block part of the URL on the link. normally content filter can block the domain or categories of the website, however what if you need to block part of the sensitive url? ex: www.domain.com is ok to access, but block, www.domain.com/download? Well DPI-SSL will allow you to block that specific URL.
In addition, you want to allow yourself but block your staff? no problem, we can setup exclusion rules to accomplish the result. further, you can create a additional network or vlan to setup non-enabled dpi-ssl network. Combinations to meet your need can be configured as needed.
Below are additional information on DPI-SSL from sonicwall.
Safeguard your network from encrypted threats with SonicWall Deep Packet Inspection of SSL/TLS and SSH. These add-on security services are available on all SonicWall Next-Generation Firewall (NGFW) and Unified Threat Management (UTM) firewalls. DPI-SSL delivers deep protection against encrypted threats, and scalable SSL decryption and deep packet inspection SSL performance without limitation. It leverages the SonicWall patented Reassembly-Free Deep Packet Inspection engine, a full-stack streaming inspection technology that scans a broad array of encryption protocols including HTTPS, SMTPS, NNTPS, LDAPS, FTPS, Telnets, IMAPS, IRCS, and POPS. For high traffic or highly-regulated deployments, DPI-SSL can exclude trusted sources to optimize network performance, and conform to privacy and/or legal requirements.