Problems accessing internal servers with a pass-through card or when a software bridge is enabled

book

Article ID: 166786

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

Problems accessing internal servers with a pass-through card or when a software bridge is enabled
The ProxySG is configured with a pass-through card, or a software bridge is enabled
Workstations are unable to access internal servers when the proxy is configured with a bridge
The client and server are on the same side of the pass-through card or software bridge
The client and server are on different subnets
The client requests pass through the proxy to reach the default gateway

Resolution

Troubleshooting Problems Accessing Internal Servers with a Pass-through Card or Software Bridge

There are specific scenarios that you should be aware of when using a pass-through card or a software bridge.

 

Scenario #1

Client and server are on the same side of the pass-through card or software bridge but on different subnets, and the client request passes through the proxy to reach its default gateway.

Client(subnet1) and Server(subnet2) <---> ProxySG <---> Default Gateway

Description:

Clients are attempting to connect to an internal server but their requests are required to go transparently through the proxy (to reach the workstation's default gateway).  If a pass-through card or software bridge is being used and proxy services are configured to intercept that TCP port, the request will be intercepted and a server-side connection may be initiated to the configured default gateway.  If the default gateway is an upstream router, the request will get sent back though the proxy causing the proxy to detect that the request originated from itself and terminate the connection.  The end user in this scenario will see an HTTP 504 Gateway Error.

Workaround:

To prevent the request from being sent to the default gateway and causing a loop to be initiated, a static route can be used.  Static routes can be installed using a text file or entered via the command line interface (CLI).  The format for configuring a static route is

<ip_address_of_internal_server> <subnet_mask> <gateway_to_internal_server>

 

Scenario #2

External clients are accessing an internal server that is not on the same subnet as the proxy and such requests go through the pass-through card or software bridge.

Internal Server <---> ProxySG (pass-through card) <---> Router <---> Internet and External Client

Description:

External clients are attempting to connect to an internal server and their requests are required to go transparently through the proxy.  If a pass-through card or software bridge is being used and proxy services are configured to intercept that TCP port, the request will be intercepted and a server-side connection may be initiated to the configured default gateway.  If the default gateway is an upstream router, the request will get sent back through the proxy causing the proxy to detect that the request originated from itself and terminate the connection.  The end user in this scenario will see an HTTP 504 Gateway Error.

Workaround:

To prevent the request from being sent to the default gateway and causing a loop to be initiated, a static route can be used.  Static routes can be installed using a text file or entered via the command line interface (CLI).  The format for configuring a static route is

<ip_address_of_internal_server> <subnet_mask> <gateway_to_internal_server>