SonicWall DPI-SSL: Encryption Has Met Its Match

90% of the world’s web traffic is now encrypted. That’s a lot of places for attacks to hide, if your solution can’t inspect encrypted traffic.


Encryption is a fundamental building block in the secure operation of the internet. It protects the confidentiality and integrity of information transmitted over the network, preventing unauthorized third parties from accessing sensitive data.

The need for data encryption on the internet became apparent in the early stages of the World Wide Web. In its early days, information was transmitted in clear text, which meant that anyone intercepting the communication could read it. This lack of security led to the development of SSL in 1994 by Netscape Communications.

From SSL to TLS 1.3

SSL was the first protocol designed to provide a secure encryption layer over internet communications. Its purpose was to protect data transmitted between a client and a server. With SSL, data was encrypted before being sent over the Internet and decrypted at the destination, preventing attackers from intercepting the information. It enabled the secure transmission of sensitive data and helped fuel the growth of e-commerce.

While SSL laid the foundation for internet encryption, weaknesses in the protocol were discovered over time, leading to its successor, TLS, in 1999. TLS boasts significant improvements in terms of encryption algorithms and authentication protocols. It’s become the de facto standard for Internet security, and today it’s used in applications ranging from secure web browsing to email transmission and messaging services.

Today, the most commonly used versions of TLS are TLS 1.2 and TLS 1.3.

  1. TLS 1.2: As of this writing, TLS 1.2 is still widely used. It offers a robust level of security and supports a wide range of systems and applications. Many websites and online services still use TLS 1.2 to ensure secure communications. But efforts are being made to encourage the adoption of TLS 1.3 due to its security and performance improvements.
  2. TLS 1.3: TLS 1.3 is the latest and most advanced version of TLS, and was designed to minimize the complexity and vulnerabilities that existed in previous versions. TLS 1.3 is rapidly gaining ground, and its use is essential to ensure fast and secure connections in a constantly evolving environment.

Why should we inspect encrypted traffic?

To ensure secure and efficient online communications in today’s internet environment, the adoption of TLS 1.3 is highly recommended. But while TLS 1.3 addresses many concerns by ensuring that connections are more resistant to attacks and more efficient in terms of performance, online security threats remain prevalent. With more than 90% of internet traffic currently encrypted, this danger will only continue to grow.

The 2024 SonicWall Cyber Threat Report found that encrypted threats rose 117% in 2023, making it the highest year-to-date volume of any year since SonicWall began tracking this threat type.

Defeat Encrypted Threats with SonicWall DPI-SSL

SonicWall’s Gen 7 firewall appliances feature TLS 1.3 support, which allows inspection and securing of encrypted traffic. The ability to inspect this traffic with a firewall is important for a number of reasons:

  1. Detection of hidden threats: DPI-SSL decrypts incoming encrypted data so it can be analyzed and security policies can be applied. This allows the firewall to examine the actual content of encrypted communications, which may include threats such as malware, exploits and zero-day attacks hiding behind encryption to evade being detected. DPI-SSL enables SonicWall to identify and block these threats, providing an additional layer of security.
  1. Data leakage protection: Encryption can be used to bypass security policies and leak sensitive data without being detected. DPI-SSL also helps prevent confidential data leakage by inspecting and controlling encrypted traffic. It can enforce policies to ensure that sensitive data is not transferred in an unauthorized manner over secure connections, which is critical for regulatory compliance and intellectual property protection.
  2. Application control and security policies: Firewalls that inspect encrypted traffic allow organizations to enforce application usage policies more effectively. SonicWall DPI-SSL enables security policy enforcement, content filtering and application control even over encrypted connections. This is essential to ensure proper use of the network.
  3. Regulatory compliance: Some industries and jurisdictions require the inspection of encrypted traffic. In sectors that handle sensitive data, such as healthcare or finance, DPI-SSL can help organizations meet the encrypted traffic inspection requirements needed to ensure data security and meet regulatory compliance.
  4. Advanced threat analysis: By inspecting encrypted traffic, SonicWall firewalls can use advanced threat analysis techniques, such as deep packet inspection, to identify suspicious patterns or malicious behavior. This is crucial to defend against sophisticated threats.
  5. Visibility and control: Encrypted traffic inspection provides greater visibility into what’s happening on the network, allowing admins to take proactive measures to ensure network security and performance.
1. Client initiates TLS/SSL handshake with server 4. Server completes handshake and builds a secure tunnel between itself and NGFW
2. NGFW intercepts request and establishes session using its own certificates in place of server 5. NGFW re-encrypts traffic and sends along to client
3. NGFW initiates TLS/SSL handshake with server on behalf of client using admin defined TLS/SSL certificate 6. NGFW decrypts and inspects all traffic coming from or going to client for threats and policy violations

SonicWall DPI-SSL plays a critical role in enabling secure inspection of encrypted traffic. By efficiently decrypting and analyzing SSL/TLS traffic, SonicWall DPI-SSL helps protect networks and systems from cyberthreats hiding via encryption. This is essential in an ever-evolving cybersecurity environment, where the security of encrypted communications is critical to maintaining data integrity and privacy.

Sebastián Yáñez
Senior Solutions Engineer | SonicWall
Sebastián Yáñez is a Senior Solutions Engineer with over 20 years of experience in the industry. He covers the network security portfolio, which includes the TZ, NSa, NSsp and NSv series NGFWs, as well as SonicWave Wi-Fi access points and switches. His efforts support the sales team in selling solutions to key organizations such as MSSPs, governments, education, and large and distributed enterprises, providing them with seamless protection that stops even the most evasive cyberattacks. In his current and past roles, he has worked extensively in technical support, pre-sales, design, and implementation of security solutions.