Internet proxy down: vDefend SSP Alarm
search cancel

Internet proxy down: vDefend SSP Alarm

book

Article ID: 384115

calendar_today

Updated On:

Products

VMware vDefend Firewall VMware vDefend Firewall with Advanced Threat Prevention

Issue/Introduction

Problem:
The Security Services Platform (SSP) is unable to establish internet connectivity through the configured web proxy.

Symptom:
The alarm message “Internet Proxy Down” will be triggered in the SSP -> Home -> Alarms, indicating a disruption in internet access via the proxy.

Environment

vDefend SSP >= 5.0

Cause

Connectivity to the Internet through the proxy server can be broken for a variety of reasons, including, but not limited to:

  • Firewall rules blocking traffic between the Security Service Platform and the Internet Proxy Server, or between the Internet Proxy Server and Internet.
  • The internet proxy server previously configured has stopped functioning.
  • The configuration of the Internet proxy server has changed.  This may include:
    • Available proxy scheme, http or https.
    • The server host address and listening port.
    • The need to provide a user credential or change of user credentials to use the proxy.
    • The availability of the URL specified for connectivity test.

Resolution

  1. Verify Connectivity to Proxy Server:

    • Contact your network administrator to ensure that:
      • The firewall allows traffic between the SSP subnet and the proxy server.
      • The proxy server can reach the internet.

  2. Verify Proxy Server Configuration:

    • Contact the proxy server administrator to verify:
      • The proxy server is operational.
      • The correct configuration properties and credentials, including:
        • Proxy scheme (HTTP/HTTPS), host address, and port number.
        • Username and password.
      • If a new server certificate is required, then import the updated certificate.

  3. Update Proxy Configuration on SSP:

    • On the SSP UI, navigate to System → Server Configurations and edit the Internet Proxy Server settings to reflect any updated information.

  4. Additional Notes on Certificates:

    • If a new certificate is required to be added to the SSP:
      • Navigate to System → Certificates and under Certificates → Import → Import Certificate.
      • Add the new certificate with a unique name and set the Used By field to SSP Web Proxy CA.
      • After importing the certificate, select it within the System - Server Configurations - Proxy Server page.

If the issue persists, please collect the SSP Support Bundle, raise a support ticket for further assistance, and upload the support bundle to the ticket.

Powered by Wolken Software