Cannot access external websites when ADN is enabled in ProxySG
Article ID: 168245
Updated On:
Products
ProxySG Software - SGOS
Issue/Introduction
Users cannot access some external websites when ADN is enabled. Even though this feature is used between devices siting across a WAN link, packets sent to external websites can also be affected.
Cause
The issue is due to the use of "Options" field in the TCP header. Refer to the following example of an ADN enabled packet capture:
The size of the "Options" section is showing a high value of 36 bytes. This is due to the addition of ADN information by using this field. A normal TCP packet will have a size up to 20 bytes for "Options".
This issue doesn't happen for all websites; very few are known to have this issue. The root cause can be due to server incompatibility or a security device blocking modified TCP packets in case of a potential security threat.
The size of the "Options" section is showing a high value of 36 bytes. This is due to the addition of ADN information by using this field. A normal TCP packet will have a size up to 20 bytes for "Options".
This issue doesn't happen for all websites; very few are known to have this issue. The root cause can be due to server incompatibility or a security device blocking modified TCP packets in case of a potential security threat.
Resolution
Configure the ProxySG appliance to bypass the ADN for such websites so that this extra information is not added. Install the following policy:
<forward>
server_url.domain=<website domain> adn.server(no)
Some affected sites at the time of writing this article:
https://login.poems.com.sg
https://support.property.saiglobal.com
<forward>
server_url.domain=<website domain> adn.server(no)
Some affected sites at the time of writing this article:
https://login.poems.com.sg
https://support.property.saiglobal.com
Attachments
Feedback
Powered by
