I have an NSA3600 and have just setup CFS with SSL-DPI. I've around 300 devices on my LAN all obtaining ip addressing via a Windows DHCP server/ Approximately half of these devices are AD domain joined Windows clients, the other half are tablets, iphones, macs, etc.
I have deployed the SonicWall cert to the Windows devices via GPO. The problem i have is the non-domain joined devices all have web browsing issues as they don't have the SonicWall cert installed.
Is there an easy way to push the cert out to these devices?
If not, is it possible to skip SSL-DPI checking if the device does not have the cert installed? I know this is not ideal but trying to identify 150 devices and excluding them from CFS would be a nightmare and very time consuming.
Alternatively, I am open to any other suggestions?