Why is the ProxySG dropping bypassed traffic received via Policy Based Routing?

<< Back to Knowledge Search



When packets reach the proxy via Policy Base Routing (PBR) in transparent mode, the destination IP address of the packets are that of the intended server but the destination MAC address is that of the receiving proxy. By default the ProxySG will drop these packets if it is not set to intercept the particular traffic. For example, if you have PBR sending traffic to a proxy that is configured to intercept HTTP traffic and bypass FTP traffic, by default the ProxySG will drop all FTP packets. To allow the ProxySG to simply forward this bypassed traffic on to the next hop, you must enable a feature called "IP Forwarding".

For more information on IP Forwarding and how to enable it, see 000015285.

Note: This scenario is not only true for a PBR deployment but also applies to anytime the destination IP address of the traffic is not the proxy's but the destination MAC address is the proxy's, such as with WCCP using L2 forwarding and default-gateway which are other forms of transparent proxy deployment modes.

Additional Information
Bug Number
InQuira Doc IdFAQ2052

Article Feedback

Hide Properties
First Published      10/01/2014
Last Modified      10/01/2014
Last Published      10/01/2014
Article Audience
Product      ProxySG
Topic      Configuration / WUI / CLI, Services
Article Number      000016633
Was this helpful?
Previous MonthNext Month