ProxySG is dropping bypassed traffic received via Policy Based Routing (PBR)

book

Article ID: 167623

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

When packets reach the proxy via Policy Base Routing (PBR) in transparent mode, the destination IP address of the packets are that of the intended server but the destination MAC address is that of the receiving proxy. By default the ProxySG will drop these packets if it is not set to intercept the particular traffic. For example, if you have PBR sending traffic to a proxy that is configured to intercept HTTP traffic and bypass FTP traffic, by default the ProxySG will drop all FTP packets. To allow the ProxySG to simply forward this bypassed traffic on to the next hop, you must enable a feature called "IP Forwarding".

For more information on IP Forwarding and how to enable it, see 000015285.

 

Resolution

Note: This scenario is not only true for a PBR deployment but also applies to anytime the destination IP address of the traffic is not the proxy's but the destination MAC address is the proxy's, such as with WCCP using L2 forwarding and default-gateway which are other forms of transparent proxy deployment modes.