Functionality and expected behavior of the detect protocol feature.

book

Article ID: 167272

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

Detect Protocol (or Protocol Detection) is a ProxySG feature that looks into characteristics of a connection to determine what mechanism it should use to handle it.
 

Resolution

If an SSL connection comes into the ProxySG on port 80 (typically used for HTTP instead of SSL), and if Protocol Detection is enabled, the ProxySG will see that it is actually SSL traffic and handle it as such. If Protocol Detection is disabled (it is disabled by default) the connection will be tunneled as it is not valid HTTP traffic. Protocol Detection can also be used to identify peer-to-peer traffic and many other types of traffic which may attempt to use non-standard ports.

While advantageous to use Detect Protocol, it can cause delays for some traffic. If a connection comes to port 80 which is not readily identifiable as HTTP and Detect Protocol is enabled, there may be a 30-second delay until the ProxySG passes the traffic to the server. This is because a normal HTTP transaction will have some sort of request from a client as soon as the connection is opened. If a client uses an application that relies on the server to make the first request after the connection is open, that is not a standard HTTP mechanism and can cause a 30-second delay while the ProxySG waits for the client to send their request. If there is a  30-second delay, the proxy will establish the connection with the server on behalf of the client and the connection will work as usual. Disabling Protocol Detection on that service port will eliminate the 30-second delay if present.

If you encounter a site or application that is affected by Detect Protocol, please see TECH243402 for steps on how to disable this feature based on source or destination criteria.