In many networks, business-critical applications send traffic over port 80 because it is used as a generic route through the firewall. However, the ProxySG appliance HTTP proxy engine encounters problems when it receives non-HTTP requests from clients or browsers. The client receives an exception page and the connection closes. The following deployment operations create this situation:
The client request from an application or browser is not HTTP.
The request is HTTP, but it also contains components that are not HTTP.
The request contains an unexpected formatting error in a line or header.
The ProxySG appliance provides an option that enables the HTTP proxy to tunnel the connection when it receives non-HTTP traffic or broken HTTP request. The transactions remain labeled as HTTP; therefore, the access logs and the Traffic Mix and Active Sessions Active statistics display TCP TUNNELED to indicate when a connection passed through the HTTP proxy engine.
For the SSL proxy engine, the Tunnel on Protocol Error option applies when non-SSL traffic arrives at the SSL port (443 by default). A common scenario that causes this is having peer-to-peer applications (Skype, viz, BitTorrent, Gnutella, older AOL-IM) configured to enable port 443 for peer-to-peer traffic without SSL set as the transport protocol. A ProxySG appliance transparently intercepting all 443 traffic cannot process these connections, rendering the application unusable.
This setting can only be configured globally in the following location in the Management Console:
Configuration > Proxy Settings > General > Tunnel on Protocol Error
Imported Document ID: 000022238
Subscribing will provide email updates when this Article is updated. Login is required.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.