How do I ensure that the Proxy uses my forwarding host for cache refreshing and pipelining?
When refreshing cache or pre-fetching requests for users, (pipelining) the ProxySG fails to make use of a forward host configuration. In a Proxy chain deployment, this can lead to these clientless connections being sent to the default gateway rather than the upstream forward host. This causes these clientless connections to fail, as the upstream parent proxy is required to reach the Internet
Monitoring a packet capture while this issue occurs, you will see many packets sourced at the ProxySG IP address in syn_sent state, but with no reply.
Policy tracing will only show this issue when used in a <cache> layer (or web content layer in visual policy) as it's related to requests generated by the Proxy's cache engine.
To ensure that the ProxySG uses the upstream parent proxy to reach the Internet for these clientless connections, there are several options available.
1) Create a default sequence in the forwarding section of the Management Console.
2) Use policy to forward clientless connections to the appropriate Forwarding host.
Add the below rule to the local or central policy files, or in a CPL layer in the Visual Policy Manager:
*Replace (upstream) with the name of the forward host.
Rate this Page
Please take a moment to complete this form to help us better serve you.