search cancel

Can't access my internal web server when going through a ProxySG or ASG in a reverse deployment.

book

Article ID: 174024

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

In a reverse proxy scenario, clients cannot access a specific internal web server.

Cause

There are many possible causes for this. Every step of the connection needs to be verified in order to determine where the connection is failing.

 

Resolution

For initiating troubleshooting, the requirement is usually the following:

  • Retrieve a packet capture with the following filter: host <client's IP> or host <server domain or IP>
  • This packet capture should contain the communication from the client (usually public IP) to the proxy, as well as the communication from the proxy to the server which is done via a forwarding host (most commmon point of failure).
  • Set up a policy trace with the appropriate client IP to make sure that the correct forwarding rule is matching and that the proxy service is intercepting the connection.
  • These two files can be uploaded to a Network Protection case with the Sysinfo and Event Log files for troubleshooting issues of this nature.