Hi,
In my scenario, I have one branch and one hub. My proxy server is on the Hub side. End client in branch uses proxy server for internet access. At branch, I want to do internet application steering between two links. Since I am using proxy server for internet access, whether application sensor can detect the application and do traffic steering or this traffic cant be detected with actual application (Example - Gmail) instead it detects this as proxy.http application. Any one has come across this situation and what is the solution to do application based steering in the proxy server scenario.
(This is SDWAN Hub and spoke solution)
Regards
Raja
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
from routing point of view, traffic will be detected only as proxy. So you can use sdwan rule and load-balance traffic to proxy server, but not traffic that is inside the proxy.
I'm afraid I will have to throw a wrench into your plans. Application-based steering wouldn't help you even if the App detection worked.
Application-based steering in SD-WAN is implemented as dynamically created and updated ISDB entries (destination IP X + port Y => Application Z). Since all of your traffic has the same destination IP:port (the proxy), all of it would always be treated as the most recently identified application, thus rendering any attempts to do per-app steering pointless.
I believe all the traffic will be detected as proxy.
so i dont think we can steer applications based on different applications.
Lets wait for our team mates confirmation on this
Hi,
from routing point of view, traffic will be detected only as proxy. So you can use sdwan rule and load-balance traffic to proxy server, but not traffic that is inside the proxy.
I'm afraid I will have to throw a wrench into your plans. Application-based steering wouldn't help you even if the App detection worked.
Application-based steering in SD-WAN is implemented as dynamically created and updated ISDB entries (destination IP X + port Y => Application Z). Since all of your traffic has the same destination IP:port (the proxy), all of it would always be treated as the most recently identified application, thus rendering any attempts to do per-app steering pointless.
Thank you Adrian and pminarik
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.