search cancel

drtr.rating_service Health Check failing, no response from webpulse.es.bluecoat.com

book

Article ID: 256195

calendar_today

Updated On:

Products

ASG-S200 ISG Proxy ProxySG Software - SGOS Advanced Secure Gateway Software - ASG

Issue/Introduction

 Proxy has DRTR check failed WARNING - drtr.rating_service

  • License valid and reloaded, SSL certs recreated (optional upgrade of SW)
  • All the subscriptions updates are ok
  • webpulse.es.bluecoat.com domain is allowed and not ssl-intercepted
  • DNS test and ping to webpulse.es.bluecoat.com works
  • DNS resolves the domain webpulse.es.bluecoat.com fine with success (DNS 168.149.132.97)
  • The appliance sends the Hello msg to the webpulse.es.bluecoat.com but does not get Server Hello,
  • DRTR config is set correctly, DRTR rating server is using the right port 443 and right interval 10800 sec
  • No rejects seen in the pcap
  • There is Client Hello sent, but there is no Server Hello message back for the exchange of certs

 

Communication in Wireshark:

 Cipher suite for Client Hello  (OK, DEFAULT 6.7.5.x)

 

 

CUSTOMER SSL DEVICE PROFILES: DEFAULT   (OK, DEFAULT 6.7.5.x)

CUSTOMER SSL DEVICE PROFILES: BLUECOAT-APPLIANCE-CERTIFICATE  (OK, DEFAULT 6.7.5.x)

SIMAH_BC#show ssl keyring appliance-key

·        Keyring ID:               appliance-key

·        Private key showability:  no-show

·        Signing request:          absent

·        Certificate:              present

·        Certificate subject:      /C=US/ST=CA/O='Blue Coat Systems'/OU=CLP/CN=3118330047

·        Certificate issuer:       /C=US/ST=California/L=Sunnyvale/O=Blue Coat Systems, Inc./OU=Blue Coat, ABRCA/CN=abrca.bluecoat.com/[email protected]

·        Certificate valid from:   Dec 13 21:09:50 2022 GMT

·        Certificate valid to:     Dec 14 21:09:50 2027 GMT

·        Certificate thumbprint:   <XXXXXXXXXXXXXXXXXXXX>

·        Keylist membership:   

Environment

Release : 6.7.5.11 / 6.7.5.21

Cause

Fireye service is intercepting connection on port 443 between Proxy and Broadcom License server causing lack of response from Broadcom servers with Server Hello

Resolution

Disable interception of Fireye on port 443 to Proxy appliance and recheck the connectivity status

Attachments