[Webinar]: See how SecureW2 + Okta continuously verify certificate trust and enforce policies in real time.
Register Now
Home Knowledge Base Documentation Configuring DPI SSL on SonicWall with SecureW2

Configuring DPI SSL on SonicWall with SecureW2

SSL also prevents legitimate parties, such as network admins and firewalls, from inspecting the traffic that passes through their network. Hackers can exploit this “blind spot” to smuggle harmful code to devices, which can compromise the whole network.

Fortunately, SonicWall has the capacity for Deep Packet Inspection (DPI), a proprietary version of SSL Inspection. Enabling DPI confers some critical benefits:

  • It allows the firewall to inspect all traffic and function properly
  • It allows you to confirm that users are complying with privacy and security standards
  • It ensures administrators have complete information on network usage

SecureW2’s PKI services include the ability to install SSL Inspection certificates on devices, along with the myriad other security benefits that digital certificates provide. Our world-class onboarding service will guide you through creating a config that preps devices for automatic enrollment of certificates, removing the hassle of manual setup.

Ready to take back control of your network and enable DPI on SonicWall? Below is a quick overview of the process, followed by a step-by-step guide.

Tech Overview

  1. Configure SecureW2 for DPI on SonicWall
    • Generate a .p12 file to upload later to the Firewall for SSL Inspection (DPI). Be sure to save it somewhere safe since you only get one.
    • Set up the onboarding device profile that will be pushed to all devices so they can easily self-enroll for Wi-Fi certificates.
    • Create and download the Root CAs for the devices.
  2. Enroll devices for certificates through SecureW2.
    • We generate a custom landing page that you direct users to. A quick download and setup wizard enrolls their devices without any hassle.
    • To keep track of your issued certificates, SecureW2’s dashboard allows you to create a custom report. We’ll walk you through the steps of downloading a report that contains the information of all your devices with issued certificates.

Prerequisites

  1. You have access to SonicWall University
  2. You have access to your Antivirus Software
  3. You have an active subscription to SecureW2’s CloudConnector SSL Inspection License.

Configuring SecureW2 for SonicWall

Navigate to Device Onboarding and, underneath that section, select Getting Started.

Here you will see our Getting Started wizard, which will configure everything you need to start your deployment of DPI SSL/SSL Inspection. Configure the settings for the wizard as shown in the screenshot below.

After clicking create, two things will happen.

  1. A .p12 file will be generated.
    • Before it is generated, you will be prompted to create a password, which will be used to password-protect the .p12 file.
    • This .p12 file is what will be uploaded to your Sonicwall Firewall for DPI SSL/SSL Inspection configuration.
    • This .p12 file is only generated once. Make sure it’s saved in a safe place.
  2. A landing page will be generated.
    • This landing page can be used to install DPI SSL/SSL Inspection certificates on end-user devices.
    • This landing page automatically detects the device’s operating system and deploys the appropriate client to install the certificate.

Distributing the Landing Page to End Users

The most common way we see this done is by obtaining the URL of the landing page generated for SSL Inspection and sending it to end users via email. The SecureW2 landing page requires only a few clicks from end users and provides instructions, so all MSP/Admin needs to do is send them the URL.

To get the URL:

  1. Navigate to Device Onboarding > Profiles.
  2. On the Profiles page, click Open Landing Page for the profile you created using the Getting Started wizard. The landing page opens.
  3. Copy the URL and send it to your users via email.

Tracking Devices and their Certificates

Here, we will configure a report of all the devices that have installed DPI SSL/SSL Inspection certificates. It will be configured to run automatically on intervals with the updated report sent via email, creating a set-and-forget mechanism to monitor how many devices have installed a certificate.

To start tracking devices and their certificates, perform the following steps:

  1. Navigate to Data and Monitoring > Reports > Custom Reports.
  2. Click Add Report.
  3. In the Basic tab, enter the name of the custom report in the Name field.
  4. In the Description field, enter a suitable description for the report.
  5. From the Report Type drop-down list, select Scheduled to configure the report to run at automated intervals.
  6. From the Time Interval drop-down list, select the desired interval for the report to run and be sent by email.
  7. Select Notify via Email and enter the email addresses in the Addresses field where you want the reports to be sent.
  8. Click Save.
  9. Click the Configuration tab.
  10. From the Pre-defined Template drop-down list, select Total Devices.
  11. From the Operating System drop-down list, select All.
  12. Click Update.
  13. Click Run Report. After the report runs successfully, a message appears stating, “Started running report ‘Devices Managed’. Please click on the ‘Download Report’ icon for details.


  14. Click the report you created, and then navigate to the Downloads tab. From this tab, you can download the report as a .csv or .xlsx file.

SecureW2 offers a cost-effective solution to streamline device onboarding and strengthen network security. Head over to our pricing page to learn more.