If any SSL/TLS handshake with SNI was detected, SNI mode would be automatically activated, and also following TCP connections with same session IDs. This is not just only for HTTPS/443, but also non-443 traffic with SSL/TLS+SNI .
HTTP/80 should also be judged by "host-name" headers, perhaps as an optional feature.
Otherwise non-SNI and non-HTTP traffic must be forwarded as plain TCP connections.
With SNI and HTTP covered, it means most nowadays traffic will be re-routed in the gateway.
As a transparent proxy when tproxying all TCP:
With SNI and HTTP covered, it means most nowadays traffic will be re-routed in the gateway.