Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
rajamanickam
Contributor

Application detection for a proxy traffic

Hi,

  In my scenario, I have one branch and one hub. My proxy server is on the Hub side. End client in branch uses proxy server for internet access. At branch, I want to do internet application steering between two links. Since I am using proxy server for internet access, whether application sensor can detect the application and do traffic steering or this traffic cant be detected with actual application (Example - Gmail) instead it detects this as proxy.http application.  Any one has come across this situation and what is the solution to do application based steering in the proxy server scenario.

 

(This is SDWAN Hub and spoke solution)

Regards

Raja

2 Solutions
akristof
Staff
Staff

Hi,

from routing point of view, traffic will be detected only as proxy. So you can use sdwan rule and load-balance traffic to proxy server, but not traffic that is inside the proxy.

Adrian

View solution in original post

pminarik
Staff
Staff

I'm afraid I will have to throw a wrench into your plans. Application-based steering wouldn't help you even if the App detection worked.

 

Application-based steering in SD-WAN is implemented as dynamically created and updated ISDB entries (destination IP X + port Y =>  Application Z). Since all of your traffic has the same destination IP:port (the proxy), all of it would always be treated as the most recently identified application, thus rendering any attempts to do per-app steering pointless.

[ corrections always welcome ]

View solution in original post

4 REPLIES 4
seshuganesh
Staff
Staff

I believe all the traffic will be detected as proxy.

so i dont think we can steer applications based on different applications.

Lets wait for our team mates confirmation on this

akristof
Staff
Staff

Hi,

from routing point of view, traffic will be detected only as proxy. So you can use sdwan rule and load-balance traffic to proxy server, but not traffic that is inside the proxy.

Adrian
pminarik
Staff
Staff

I'm afraid I will have to throw a wrench into your plans. Application-based steering wouldn't help you even if the App detection worked.

 

Application-based steering in SD-WAN is implemented as dynamically created and updated ISDB entries (destination IP X + port Y =>  Application Z). Since all of your traffic has the same destination IP:port (the proxy), all of it would always be treated as the most recently identified application, thus rendering any attempts to do per-app steering pointless.

[ corrections always welcome ]
rajamanickam

Thank you Adrian and pminarik

Labels
Top Kudoed Authors