Deep Packet Inspection with True Protection

True Protection by Jag includes a deep packet inspection (DPI) engine that examines the actual content of network traffic rather than just headers. DPI enables detection of threats that attempt to hide within legitimate-looking traffic.

What DPI Inspects

HTTP/HTTPS Traffic: Examines web traffic for malicious payloads, command-and-control communications, and data exfiltration attempts.
Email Protocols: Inspects SMTP, POP3, and IMAP traffic for phishing attachments and malicious links.
File Transfers: Scans files being transferred via FTP, SMB, and other file sharing protocols.
DNS Traffic: Detects DNS tunneling and other DNS-based data exfiltration techniques.
Custom Protocols: Configurable inspection rules for proprietary or specialized network protocols.

Enabling DPI

Step 1: Navigate to Network > Deep Packet Inspection.
Step 2: Enable DPI and select which protocol categories to inspect.
Step 3: Configure the inspection depth (Standard or Thorough). Thorough inspection examines more payload data but uses more CPU resources.
Step 4: Review and accept the SSL/TLS inspection certificate if you want to inspect encrypted traffic.

Privacy Considerations

DPI of encrypted traffic requires installing a local root certificate. This allows True Protection to decrypt, inspect, and re-encrypt HTTPS traffic. Sensitive domains (banking, healthcare portals) can be excluded from SSL inspection under Network > DPI > SSL Exclusions. All DPI processing occurs locally on your device and no traffic data is transmitted externally.