ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Connection timeouts when connect to a proxy server.

book

Article ID: 212868

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

We are conducting connectivity testing before migrating to API Gateway v10. Iptables nat tcp 80 to tcp 9080. Firewall rules are allowing the traffic.

When performing curl -v telnet://<internal_Ip>:80, connection times out and no  FW log entries. When performing curl -v telnet://<internal_IP-diff subnet>:80, FW is logging as deny which is correct.

The ip routes look correct

 

Environment

Release : 10.0

Component : API GATEWAY

Resolution

Gateway the RECEIVED and SEND - iptables

On the SEND there is nothing in the configuration at the OS level or gateway appliance that prevents it from sending on any interface, IP address,  or port 

On RECEIVED

Gateway 10 appliance to allow traffic on lower ports, such as 443 and 80 you need to configure Firewall Rule from policy manger - see link below 

https://techdocs.broadcom.com/us/en/ca-enterprise-software/layer7-api-management/api-gateway/10-0/security-configuration-in-policy-manager/tasks-menu-security-options/manage-listen-ports/manage-firewall-rules.html#concept.dita_fae8acb476cb1a904d88e3b64b70fac489699014_ConfiguringtheGatewayforPorts80and443

 

Additional Information

The gateway appliance handles IPTABLES at the app level at configuration time and threw policy manager, this include the firewall rules to allow gateway to receive request on lower ports like 80 and 443

Not recommended to run OS level iptable changes this could have adverse and unpredictable affects on functionality