Imal Upalakshitha
asked on
use letsencrypt certificates for Sonic wall firewall
can we use letsencrypt certificates for Sonic wall firewall.
issue: DPI SSl is enabled for users & firewall self signed SSL certificate is pushed to clients by GPO. but when applying the filtering rules for mobile users (smart phones, Iphones, IPads & other computers that are not part of internal domain) they get SSL not trusted error. cannot perform https filtering with this error. so is there any way to use a publicly trusted certificate for my sonic wall local IP or any workaround to filter https for those clients.
Sonic OS 6.5 later
thank you.
issue: DPI SSl is enabled for users & firewall self signed SSL certificate is pushed to clients by GPO. but when applying the filtering rules for mobile users (smart phones, Iphones, IPads & other computers that are not part of internal domain) they get SSL not trusted error. cannot perform https filtering with this error. so is there any way to use a publicly trusted certificate for my sonic wall local IP or any workaround to filter https for those clients.
Sonic OS 6.5 later
thank you.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Using a proxy, problem is those would allow SSL traffic also to pass through transparantly.
You probably would need to filter on the enddevices themselves to do it correctly.
But i have seen some implementation where banking applications complained about invalid certificates or where google whould indicate unreliable links because the "firewall" applications provided the same kind of service.
stripping SSL and examining content. SSL is designed to prevent examining & modifying data.
You probably would need to filter on the enddevices themselves to do it correctly.
But i have seen some implementation where banking applications complained about invalid certificates or where google whould indicate unreliable links because the "firewall" applications provided the same kind of service.
stripping SSL and examining content. SSL is designed to prevent examining & modifying data.
ASKER
Individual proxy config cannot do for external users every time. windows computers can work with auto proxy config. but mobile devices still not support that.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thanks everybody for great help
ASKER
Then what is the workarround. I want to block unwanted content for non domain computer and other devices.