Solutions

Allowing traffic through the ProxySG, even though the proxy is overloaded

Solutions ID:    KB3505
Version:    2.0
Status:    Published
Published date:    10/21/2009
Updated:    10/26/2009
 

Problem Description

Allowing traffic through the ProxySG, even though the proxy is overloaded
How do I prevent traffic from stopping when my proxy is maxed out?
How can I bypass traffic on my ProxySG when resource thresholds are exceeded?
How can the proxy be set to fail open and allow excess traffic through without bringing down my Internet access?
The proxy is receiving an extreme amount of traffic load and it is failing to pass traffic

Resolution

Starting in SGOS 5.2.4.3 and later, the SGOS has an overload bypass feature which, when enabled, allows new connections to the ProxySG to be bypassed.  Once the extreme traffic load subsides or is eliminated, new connections will then be intercepted.  However, any existing connections that are bypassed will continue to be bypassed until those connections are closed.  By default the ProxySG is configured to drop new connections when resources are scarce.

IMPORTANT NOTE:  When the ProxySG is in overload bypass mode (as described below) and new connections are being bypassed, all policy, including bandwidth management, content filtering, ICAP (virus) scanning, and so forth will not be applied to these connections.  Please closely monitor any proxy that is susceptible to overloading.  Blue Coat recommends that any ProxySG that is susceptible to overload should have the configuration reviewed to make sure poorly implemented policy is not causing the issue.  Please see the the Policy Best Practices Technical Brief found at https://bto.bluecoat.com/doc/5181 for more information.  If the proxy is continually running in overload mode and the device is properly configured, the device may simply be underpowered for the amount of work it is configured to do.  Please contact your reseller or Blue Coat Sales at http://www.bluecoat.com/salesrep/search to see if the ProxySG you have is adequately sized.

Here are the steps necessary in order to enable "resource-overflow-action bypass" for your ProxySG:


ProxySG>enable
Enable Password:
ProxySG#config t
Enter configuration commands, one per line.  End with CTRL-Z.
ProxySG#(config)general
ProxySG#(config general)resource-overflow-action bypass
  ok
ProxySG#(config general)exit
ProxySG#(config)exit
ProxySG#

 

 


Rate this Page

Please take a moment to complete this form to help us better serve you.

Did this document help answer your question?
 
 
If you are finished providing feedback, please click the RATE CONTENT button. Otherwise, please add more detail in the following text box and then click RATE CONTENT.
 
 

Your response will be used to improve our document content.

Ask a Question