Protocol detection with Cloudflare Gateway

Cloudflare Gateway has introduced protocol detection support for its secure web gateway (SWG), allowing users to detect, log, and filter network protocols regardless of source or destination port. This feature simplifies policy setting without relying on well-known ports and reduces the risk of over/under-filtering activity that could disrupt user productivity. Currently available to Enterprise users, it supports a growing list of protocols including HTTP, HTTPS, SSH, TLS, DCE/RPC, MQTT, and TPKT. The new feature is designed to manage devices via protocols like SSH, which are still extensively used despite the rise of RESTful APIs and GraphQL. It helps prevent over-blocking or under-blocking legitimate traffic, reducing support tickets for administrators. Gateway protocol filtering can be set up by specifying the protocol within a Gateway Network policy on the Zero Trust dashboard. The feature is currently available to Cloudflare One Enterprise account holders and will soon expand to Pay-as-you-go and Free customer accounts, along with an expanded list of supported protocols.