Why doesn't a detect_protocol(no) rule work for some sites or applications when applied in the VPM?

book

Article ID: 167521

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

When applying the rule Disable SSL Detection from within the VPM you are simply disabling the detection of SSL encrypted traffic over a non-standard port. The ProxySG will still attempt to detect other protocols. 

If you have an application that uses standard ports for non-standard communication(such as MS Lync), you may need to disable Protocol Detection altogether.  You can do this as a global setting on the ProxySG through Service Group configuration, however this will any traffic including any SSL encrypted sites over port 80.  

To do this as an exception rule you will need to add a CPL layer, or modify the Local Policy on your ProxySG with a rule based on the source or destination: For example:

By URL:
<proxy>
url.domain=example.com detect_protocol (none)

By destination IP Address
<proxy>
url.address=10.10.10.10 detect_protocol (none)

By User Agent(Not all applications report a User-Agent so this may not be an option for all scenarios):
<proxy>
User-Agent="application-sepcific-agent-name" detect_protocol (none)

If you have more than one URL, IP Address or User-Agent that needs this rule applied, please see the Content Language Policy Guide for your specific SGOS for more information on how to create 'Condition' rules to encompass more than one object in a single rule.