ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Why doesn't a detect_protocol(no) rule work for some sites or applications when applied in the VPM?


Article ID: 167521


Updated On:


ProxySG Software - SGOS


When applying the rule Disable SSL Detection from within the VPM you are simply disabling the detection of SSL encrypted traffic over a non-standard port. The ProxySG will still attempt to detect other protocols. 

If you have an application that uses standard ports for non-standard communication(such as MS Lync), you may need to disable Protocol Detection altogether.  You can do this as a global setting on the ProxySG through Service Group configuration, however this will any traffic including any SSL encrypted sites over port 80.  

To do this as an exception rule you will need to add a CPL layer, or modify the Local Policy on your ProxySG with a rule based on the source or destination: For example:

<proxy> detect_protocol (none)

By destination IP Address
url.address= detect_protocol (none)

By User Agent(Not all applications report a User-Agent so this may not be an option for all scenarios):
User-Agent="application-sepcific-agent-name" detect_protocol (none)

If you have more than one URL, IP Address or User-Agent that needs this rule applied, please see the Content Language Policy Guide for your specific SGOS for more information on how to create 'Condition' rules to encompass more than one object in a single rule.