Creating a custom protocol

Use the Filter Components > Protocols > Add Protocol page to define a new, custom protocol.

Steps

  1. Enter a Name for the protocol.

    The name cannot include any of the following characters:

    * < > { } ~ ! $ % & @ # . " | \ & + = ? / ; : ,

    A custom protocol can be assigned the same name as a pre-defined protocol, in order to extend the number of IP addresses or ports associated with the original protocol. See Adding to a pre-defined protocol for more information.

  2. Expand the Add protocol to this group drop-down list, and then select a protocol group. The new protocol appears in this group in all protocol lists and filters.
  3. Define a unique Protocol Identifier (set of ports, IP addresses, and transport methods) for this group. You can add additional identifiers later, from the Edit Protocols page.

    Follow these guidelines for creating protocol identifiers:

    • At least one criterion (port, IP address or transport type) must be unique for each protocol definition.
    • If you select All Ports or All external IP addresses, that criterion overlaps with any other ports or IP addresses entered in other protocol definitions.
    • Port ranges or IP address ranges are not considered unique if they overlap. For example, the port range 80-6000 overlaps with the range 4000-9000.
    Note:

    In Forcepoint URL Filtering deployments, use caution when defining a protocol on port 80 or 8080. Network Agent listens for Internet requests over these ports.

    Since custom protocols take precedence over web protection protocols, if you define a custom protocol using port 80, all protocols that use port 80 (potentially including HTTP) are managed according to the custom protocol definition.

    The following tables provide examples of valid and invalid protocol definitions:
    Port IP Address Transport Method Accepted combination?
    70 ANY TCP Yes - the port number makes each protocol identifier unique.
    90 ANY TCP
    Port IP Address Transport Method Accepted combination?
    70 ANY TCP No - the IP addresses are not unique. 10.2.1.201 is included in the “ANY” set.
    70 10.2.1.201 TCP
    Port IP Address Transport Method Accepted combination?
    70 10.2.3.212 TCP Yes - the IP addresses are unique.
    70 10.2.1.201 TCP
  4. Under Default Action, specify the action (Permit or Block) that should be applied to this protocol in all active protocol filters:
    • Indicate whether traffic using this protocol should be Logged. Protocol traffic must be logged to appear in reports and enable protocol usage alerts.
    • Indicate whether access to this protocol should be regulated by Bandwidth Optimizer (see Using Bandwidth Optimizer to manage bandwidth).
  5. When you are finished, click OK to return to the Edit Protocols page. The new protocol definition appears in the Protocols list.
  6. Click OK again to cache your changes. Changes are not implemented until you click Save and Deploy.