Protocol detection
Gateway supports the detection, logging, and filtering of network protocols using packet attributes.
Protocol detection only applies to devices connected to Zero Trust via the WARP client in Gateway with WARP mode.
- In Zero Trust ↗, go to Settings > Network > Firewall.
- Turn on Protocol Detection.
You can now use Detected Protocol as a selector in a Network policy.
Gateway supports detection and filtering of the following protocols:
| Protocol | Notes |
|---|---|
| HTTP | The policy builder includes separate values for HTTP/1.1 and HTTP/2. |
| SSH | |
| TLS | Gateway detects TLS versions 1.1 through 1.3 with the TLS value. |
| DCE/RPC | |
| MQTT | |
| TPKT | TPKT commonly initiates RDP sessions, so you can use it to identify and filter RDP traffic. |
| DNP3 |
You can create network policies that filter traffic based on protocol detections rather than common ports. For example, you can block all SSH traffic on your network without blocking port 22 or any other non-default ports:
| Selector | Operator | Value | Action |
|---|---|---|---|
| Detected Protocol | in | SSH | Block |