Proxy is now unreachable / Proxy is now reachable
search cancel

Proxy is now unreachable / Proxy is now reachable

book

Article ID: 233786

calendar_today

Updated On:

Products

SSL Visibility Appliance Software

Issue/Introduction

In the systems logs you see the proxy become unreachable. What is the mechanism behind the proxy availability? 

Environment

SSLV configured with proxy offloading. 

Resolution

Proxy availability is determined by ARP, originating from the SSLV outbound interface to the proxy. The APR requests are performed on a 4 second rotation and the SSLV will mark the proxy as unavailable after 4 consecutive ARP failures, meaning a 20 second failure timer, which is not configurable. 

In the below segment, the ARP packets would originate from interface 2, as determined left to right. 

In the below segment, the ARP packets would originate from interface 3, as determined left to right.

Additional Information

For example. I have attached a Packet Capture taken from the SSLV, specifically interface 2 of an "Active Inline Paired ProxySG Fail to Appliance segment", which demonstrated the ARP timing for the proxy availability checks. 

Powered by Wolken Software