Disable Protocol Detection in Cloud SWG (WSS) portal policy
search cancel

Disable Protocol Detection in Cloud SWG (WSS) portal policy


Article ID: 176450


Updated On:


Cloud Secure Web Gateway - Cloud SWG


How do I disable Protocol Detection when using the Cloud SWG portal policy?


Reasons to disable Protocol Detection: 

  • For websites using non-standard services over standard ports
  • For websites using unsupported ciphers (such as TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, etc.)
  • For mobile applications (like WhatsApp or Face Time, etc.) that use non-standard ports for communication
  • Websites that use mutual x509 authentication


There is no dedicated policy setting to directly disable Protocol Detection in the Cloud SWG (WSS) portal policy.  But Protocol Detection can be disabled by: 

  1. Add the destination domain or IP address as a Malware scanning exemption at: 
    Cloud SWG Portal: Policy > Content and Malware Analysis > Scanning Exemptions > Destinations

Note: SSL interception will be disabled when Protocol Detection is disabled (because we cannot identify what the TCP traffic is).