A manually-configured tcp health check may fail due to the A record being cached, and if it also has a long ttl the cached IP address record may prevent the proxy from performing a new DNS query. 

The health checks system is honouring the TTL returned by the DNS server. For cases where the wrong TTL is advertised, the TCP health check can be set to use the "Maximum time to live for DNS results" field to force the DNS lookup.


 

Deleting the health check and creating a new health check resolves the issue.

Workaround

1. Go to the ProxySG appliance Management Console > Configuration > Health Checks > Background DNS 

• Change the value of "Minimum time to live for DNS results" to 5
• Change the value of "Maximum time to live for DNS results" to 6