search cancel

Health check traffic is appearing in the Cloud SWG access log when proxy forwarding is enabled

book

Article ID: 256109

calendar_today

Updated On:

Products

ProxySG Software - SGOS Cloud Secure Web Gateway - Cloud SWG

Issue/Introduction

Health checks are cluttering the Cloud Secure Web Gateway (Cloud SWG) (formerly Web Security Service (WSS)) access log, causing confusion and distractions.

Cause

When setting up your Edge Secure Web Gateway (Edge SWG) (formerly ProxySG) appliance to forward traffic to the Cloud SWG, the Edge SWG appliance automatically configured health checks for the forwarding entries and hosts. By default, this health check traffic appears in the Cloud SWG access log. These health checks are all L4 health checks and the Cloud SWG cannot distinguish L4 health checks from user requests.

For example, you configure a forwarding host named “WSSHTTP8080” on the Edge SWG appliance. When this host forwards traffic to the Cloud SWG, the Cloud SWG creates a health check entry called “fwd.WSSHTTP8080”. Because this health check is an L4 health check, the Cloud SWG treats the health check like a user request by creating an entry in the access log.

 

Resolution

To enable the Cloud SWG to distinguish health checks from user requests, modify the L4 health checks to be L7 health checks. To modify the health checks, on the Edge SWG appliance, use the CLI command #(config)heath-check to:

  • Set the health check URL for ports 8080 and 8084 to http://healthcheck.threatpulse.net/.
  • Set the health check URL for port 8443 to https://healthcheck.threatpulse.net/. 

The following example CLI commands show port 8080 being set to http://healthcheck.threatpulse.net/ for a forwarding host named “WSSHTTP8080”.

#(config)health-check

#(config health-check)edit fwd.WSSHTTP8080

#(config health-check fwd.WSSHTTP8080)type http http://healthcheck.threatpulse.net/

 

For more information, see the #(config health-check) command in the CLI Reference.