PAC file for automatic failover in TransProxy (Explicit proxy over IPsec) does not work

book

Article ID: 171549

calendar_today

Updated On:

Products

Web Security Service - WSS

Issue/Introduction

PAC file is used for the automatic failover in TransProxy. It will wait for the default TCP timeout value and look for other proxy defined in the PAC file. However, it never fails over to the secondary pod. 

Resolution

TransProxy (Explicit proxy over IPsec) traffic goes through the IPSEC tunnel. So, enabling DPD in the firewall is required for the failover to work.