Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Content Gateway Analysis > Scanning options > Tunneled protocol detection
Tunneled protocol detection
Web Security Help | Web Security Solutions | Version 7.8.x
Related topics:
Tunneled protocol detection analyzes traffic to discover protocols that are tunneled over HTTP and HTTPS. Traffic that is allowed to tunnel over specific ports is also analyzed. Such traffic is reported to Filtering Service for protocol-based policy enforcement. When tunneled protocol detection is enabled, analysis is performed on both inbound and outbound traffic, regardless of other scanning settings.
HTTP tunneling occurs when applications that use custom protocols for communication are wrapped in HTTP (meaning that standard HTTP request/response formatting is present) in order to use the ports designated for HTTP/HTTPS traffic. These ports are open to allow traffic to and from the Web. HTTP tunneling allows these applications to bypass firewalls and proxies, leaving a system vulnerable.
The tunneled protocol detection feature analyzes HTTP and HTTPS traffic and, when it detects a protocol, forwards it to Filtering Service for policy enforcement. At this point, a protocol is blocked or allowed based on policy definitions. This feature can be used to block protocols used for instant messaging, peer-to-peer applications, and proxy avoidance. Note that some applications running over HTTP (for example, Google Video) may not display the protocol block page. See Managing access to categories and protocols for information about protocol-based policy enforcement.
 
Note 
Use the Settings > Scanning > Scanning Options page to enable and configure tunneled protocol detection:
1.
Select Off to disable tunneled protocol detection.
2.
Select On (default) to analyze all traffic to detect protocols tunneling over HTTP or HTTPS. Such traffic is reported to Filtering Service for policy enforcement.
3.
Click OK to cache your changes. Changes are not implemented until you click Save and Deploy.
Use the Settings > Scanning > Scanning Exceptions page to specify trusted sites that are never analyzed (Scanning exceptions).

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Content Gateway Analysis > Scanning options > Tunneled protocol detection
Copyright 2016 Forcepoint LLC. All rights reserved.