"RW: SSL connection to server failed" found in the event log is an indication that the Retrieval Workers (RWs) are trying to get out to the Internet but failing.  Retrieval workers are processes that refresh cached objects and perform pipelining.

Active refreshing of cached objects have been disabled by default since SGOS 6.3.x. Pipelining was disabled by default since SGOS 6.7.1.1 since it increases CPU and the benefit is limited (release notes attached).

Multiple RWs were seen ramping up CPU utilization to a point where incoming TCP connections were not processed as a result of being a lower priority, thus causing an outage. This made new incoming connections queue up. The TCP receive queue can be tracked with statistic labeled TCP1.186 in the Sysinfo and Snapshot_sysinfo_Stats.

Disabling Active Refresh and pipelining resolved the outage and RW events are no longer seen in the Event Logs.

To disable Active Refreshing:

1. SSH to the proxy 

2. Issue the following command 

conf t

caching 

refresh bandwidth 0

To disable pipelining:

Select Configuration > Proxy Settings > HTTP Proxy > Acceleration in the Management Console. Under Acceleration Settings, clear the checkboxes beside the following options:

• Pipeline embedded objects client request
• Pipeline redirects for client request
• Pipeline embedded objects in prefetch request
• Pipeline redirects for prefetch request

Click Apply to save your changes.

The associated CLI commands to disable pipelining are as follows:

http no pipeline client requests 
http no pipeline client redirects
http no pipeline prefetch requests
http no pipeline prefetch redirects

One can check if RW is enabled by issuing the command in CLI 

en

conf t 

caching 

view 

RW disabled CLI output:

ProxySG#(config caching)view

Refresh:

  Refreshing is disabled

Policies:

  Automatically regulate caching to maximize performance

  Do not cache objects larger than 10000 megabytes

  Cache negative responses for 0 minutes

  Let the ProxySG Appliance manage freshness

FTP caching:

  Caching FTP objects is enabled

  FTP objects with last modified date, cached for 10% of last modified time

  FTP objects without last modified date, initially cached for 24 hours

RW Enabled CLI output:

ProxySG#(config caching)view

Refresh:

  Estimated access freshness is 100.0%

  Use no more than 1 kilobits/sec for bandwidth

  Current bandwidth used is 0 kilobits/sec

Policies:

  Automatically regulate caching to maximize performance

  Do not cache objects larger than 10000 megabytes

  Cache negative responses for 0 minutes

  Let the ProxySG Appliance manage freshness

FTP caching:

  Caching FTP objects is enabled

  FTP objects with last modified date, cached for 10% of last modified time

  FTP objects without last modified date, initially cached for 24 hours