Can't access my internal web server when going through a ProxySG or ASG in a reverse deployment.
book
Article ID: 174024
calendar_today
Updated On:
Products
ProxySG Software - SGOS
Issue/Introduction
In a reverse proxy scenario, clients cannot access a specific internal web server.
Cause
There are many possible causes for this. Every step of the connection needs to be verified in order to determine where the connection is failing.
Resolution
For initiating troubleshooting, the requirement is usually the following:
Retrieve a packet capture with the following filter: host <client's IP> or host <server domain or IP>
This packet capture should contain the communication from the client (usually public IP) to the proxy, as well as the communication from the proxy to the server which is done via a forwarding host (most commmon point of failure).
Set up a policy trace with the appropriate client IP to make sure that the correct forwarding rule is matching and that the proxy service is intercepting the connection.
These two files can be uploaded to a Network Protection case with the Sysinfo and Event Log files for troubleshooting issues of this nature.