Health check drtr.rating_service keeps constantly failing and you're getting warning message on an ASG.
It can be either one drtr server communication errors or all:
Enabled OK for some IPs UP
IP address: 18.104.22.168 Enabled Check failed DOWN
Last status: A communication error has occurred.
This is potential bug, where ASG sends request on port 80 which gets no response from upstream.
To verify this, please start a pcap on proxy with failing DRTR server IP address and then go to Configuration -> Health checks -> General and perform drtr service health check to force the connection.
You can verify the pcap and port used.
This is potential bugID#SG-26497, due to workaround this was never fixed.
It is required to run below steps via CLI:
#(config content-filter) bluecoat
#(config bluecoat) service disable
#(config bluecoat) service service-name webpulse.es.bluecoat.com
#(config bluecoat) service port secure 443
#(config bluecoat) service enable
Unfortunately sometimes when the service is failing it is difficult to disable. You can try this if above steps fails with error:
Warning: WebPulse service or its health check is in use by policy
% WebPulse service could not be disabled
#(config health-check)edit drtr.rating_service
#(config drtr.rating_service)threshold sick 10800
It might be required to reboot device after these steps to start all the proxy processes once again
This way proxy should reach out to drtr server on correct 443 port: