503 Service Unavailable - Accessing Internal Domains/Servers alongside External Domains
search cancel

503 Service Unavailable - Accessing Internal Domains/Servers alongside External Domains

book

Article ID: 372304

calendar_today

Updated On:

Products

ISG Proxy ProxySG Software - SGOS

Issue/Introduction

It's recommended to make use of the Forwarding Layer to forward requests to internal domains/servers via the Edge SWG (ProxySG).

Using a Forwarding layer in the Visual Policy Manager (VPM) to forward requests to internal domains or servers is a straightforward way to manage internal and external traffic on ProxySG. This method allows you to set up a dedicated layer for handling forwarding rules, which can be more efficient and organized. 

Environment

SG/ASG/ISG-Proxy

Resolution

Here's how to implement this:

Step 1: Define Internal and External Domains

Identify your internal domains (e.g., *.yourcompany.com) and the IP addresses or hostnames of your internal servers.

Step 2: Define/Configure Forwarding Hosts

  1. Log in to the ProxySG Management Console.

  2. Go to Configuration > Forwarding > Forwarding Hosts.

  3. Add your internal forwarding host:

    • Click New.
    • Enter the name (e.g., 'InternalProxy').
    • Enter the IP address or hostname of your internal proxy or server.
    • Specify the port (default is 8080 for HTTP or 443 for HTTPS).
    • Click OK.

Step 2: Define Forwarding Groups

  1. Go to Configuration > Forwarding > Forwarding Groups.
  2. Click New to create a forwarding group.

    • Enter the name (e.g., InternalForwardingGroup).
    • Add the forwarding hosts you created (e.g., InternalProxy).
    • Configure load balancing and failover settings as needed.
    • Click OK.

Step 3: Create a Forwarding Layer in VPM

  1. Go to the Policy tab.
  2. Open the Visual Policy Manager (VPM).
  3. Click on Add New Layer and select Forwarding Layer.

Step 4: Add Rules for Internal Domains in the Forwarding Layer

  1. Add a new rule in the Forwarding Layer.
  2. Source: Set to Any (or specify internal user groups/subnets if needed).
  3. Destination: Define the internal domains.
     
    • Click Set.
    • Choose New... and select Request URL Object.
    • Enter the internal domain pattern (e.g., *.yourcompany.com).

  4. Action: Set to forward to the internal forwarding host or group.

    • Click on the Action cell.
    • Choose Set > Forward > New Forwarding Host or New Forwarding Group.
    • Select the forwarding host (InternalProxy1) or group (InternalForwardingGroup) you created.

Step 5: Add Rules for External Domains in the Forwarding Layer

  1. Add another rule below the internal rule.
  2. Source: Set to 'Any'.
  3. Destination: Set to 'Any'.
  4. Action: Set to 'None' to allow normal processing by the ProxySG.

Step 6: Install the Policy

  1. Click Install Policy to apply the changes.
  2. Confirm the installation.

Example Configuration

Ref.:

Creating Forwarding Hosts

Example of Using Forwarding

Note: SSL Interception is required. Without an SSL Interception, the ProxySG appliance will try to tunnel the traffic, but will fail to pass the connection. If implemented as guided, the reported error should be resolved.

Powered by Wolken Software