Forwarding to an internal HTTPS site is not working


Article ID: 167579


Updated On:


Advanced Secure Gateway Software - ASG ProxySG Software - SGOS


  • Customer wants to forward all requests coming to a domain to an internal HTTPS web server, but is not working.
  • Policy trace shows as allowed, but the browser shows “Page Cannot be Displayed.”
    • Example: Forward all communications to internalsite.local to an internal HTTTPS server
  • Forwarding layer policy not working


This issue happens when you don't have a valid SSL License. Without an SSL License, the ProxySG appliance will try to tunnel the traffic, but will fail to pass the connection. A sample transaction is given below, where no SSL License is available on the ProxySG.

start transaction -------------------

  CPL Evaluation Trace: transaction ID=617330057
    MATCH:     ALLOW url.domain=""
    MATCH:     server_url.domain=// forward("123_testdomain") forward.fail_open(no)
    MATCH:     client.address= trace.request(yes) trace.rules(all) trace.destination(AccessTest.html)

  connection: HTTP client.address= proxy.port=8080
  time: 2013-09-20 07:00:00 UTC
  CONNECT tcp://
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; .NET CLR 1.1.4322; .NET CLR 3.0.04506.30; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
  user: unauthenticated
    url.category: [email protected] Coat none
  application.operation: none
  DSCP client outbound: 65
  DSCP server outbound: 65

stop transaction --------------------


The example policy trace shows that the forwarding rule gets hit, but it will not work without an SSL License.

Note: This only needs the presence of a valid SSL License. SSL interception is not a must.

Reference How to setup a forwarding rule ProxySG or ASG