In a reverse proxy scenario, clients cannot access a specific internal web server.

There are many possible causes for this. Every step of the connection needs to be verified in order to determine where the connection is failing.

For initiating troubleshooting, the requirement is usually the following:

• Retrieve a packet capture with the following filter: host <client's IP> or host <server domain or IP>
• This packet capture should contain the communication from the client (usually public IP) to the proxy, as well as the communication from the proxy to the server which is done via a forwarding host (most commmon point of failure).
• Set up a policy trace with the appropriate client IP to make sure that the correct forwarding rule is matching and that the proxy service is intercepting the connection.
• These two files can be uploaded to a Network Protection case with the Sysinfo and Event Log files for troubleshooting issues of this nature.