How do I ensure that the Proxy uses my forwarding host for cache refreshing and pipelining?

<< Back to Knowledge Search


When refreshing cache or pre-fetching requests for users, (pipelining) the ProxySG fails to make use of a forward host configuration if certain triggers are in use in policy. For example proxy.port, client.address and As long as there are no triggers which would apply to only requests with a client (such as client.address), forwarding rules should apply equally to both regular and clientless (refresh/pipeline) requests..  In a Proxy chain deployment, this can lead to these clientless connections being sent to the default gateway rather than the upstream forward host.  This causes these clientless connections to fail, as the upstream parent proxy is required to reach the Internet

Monitoring a packet capture while this issue occurs, you will see many packets sourced at the ProxySG IP address in syn_sent state, but with no reply.

Policy tracing will only show this issue when used in a <cache> layer (or web content layer in visual policy) as it's related to requests generated by the Proxy's cache engine.



To ensure that the ProxySG uses the upstream parent proxy to reach the Internet for these clientless connections, there are several options available.

1) Create a default sequence in the forwarding section of the Management Console.

•In the Configuration tab, go to Forwarding > Default Sequence.
•Find your preferred forward host in the list on the left, move it to the Selected Aliases list on the right

•Click Apply.

2) Use policy to forward clientless connections to the appropriate Forwarding host.

Add the below rule to the local or central policy files, or in a CPL layer in the Visual Policy Manager:

       has_client=no forward.fail_open(no) forward(upstream)

*Replace (upstream) with the name of the forward host.

3) Redesign your forwarding policy and remove source triggers like proxy.port, client.address,
Additional Information
Bug Number
InQuira Doc IdKB4625

Article Feedback

Hide Properties
First Published      10/01/2014
Last Modified      02/09/2015
Last Published      02/09/2015
Article Audience
Product      ProxySG
Article Number      000010322
Was this helpful?
Previous MonthNext Month