Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
rajamanickam
Contributor

Created on ‎05-11-2022 05:13 AM

Application detection for a proxy traffic

Hi,

  In my scenario, I have one branch and one hub. My proxy server is on the Hub side. End client in branch uses proxy server for internet access. At branch, I want to do internet application steering between two links. Since I am using proxy server for internet access, whether application sensor can detect the application and do traffic steering or this traffic cant be detected with actual application (Example - Gmail) instead it detects this as proxy.http application.  Any one has come across this situation and what is the solution to do application based steering in the proxy server scenario.

 

(This is SDWAN Hub and spoke solution)

Regards

Raja

Labels:
1989
0 Kudos
2 Solutions
akristof
Staff
Staff

Created on ‎05-12-2022 02:54 AM

Hi,

from routing point of view, traffic will be detected only as proxy. So you can use sdwan rule and load-balance traffic to proxy server, but not traffic that is inside the proxy.

Adrian

View solution in original post

1964
pminarik
Staff
Staff

Created on ‎05-12-2022 03:08 AM Edited on ‎05-12-2022 03:15 AM

I'm afraid I will have to throw a wrench into your plans. Application-based steering wouldn't help you even if the App detection worked.

 

Application-based steering in SD-WAN is implemented as dynamically created and updated ISDB entries (destination IP X + port Y =>  Application Z). Since all of your traffic has the same destination IP:port (the proxy), all of it would always be treated as the most recently identified application, thus rendering any attempts to do per-app steering pointless.

[ corrections always welcome ]

View solution in original post

1960
4 REPLIES 4
seshuganesh
Staff
Staff

Created on ‎05-12-2022 01:55 AM

I believe all the traffic will be detected as proxy.

so i dont think we can steer applications based on different applications.

Lets wait for our team mates confirmation on this

1927
0 Kudos
akristof
Staff
Staff

Created on ‎05-12-2022 02:54 AM

Hi,

from routing point of view, traffic will be detected only as proxy. So you can use sdwan rule and load-balance traffic to proxy server, but not traffic that is inside the proxy.

Adrian
1965
pminarik
Staff
Staff

Created on ‎05-12-2022 03:08 AM Edited on ‎05-12-2022 03:15 AM

I'm afraid I will have to throw a wrench into your plans. Application-based steering wouldn't help you even if the App detection worked.

 

Application-based steering in SD-WAN is implemented as dynamically created and updated ISDB entries (destination IP X + port Y =>  Application Z). Since all of your traffic has the same destination IP:port (the proxy), all of it would always be treated as the most recently identified application, thus rendering any attempts to do per-app steering pointless.

[ corrections always welcome ]
1961
rajamanickam
Contributor
In response to pminarik

Created on ‎05-23-2022 06:27 AM

Thank you Adrian and pminarik

1842
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.