Client traffic stops when enabling the interception for the traffic in an inline proxy deployment.
When the ProxySG responds to the SYN packet coming from the client, it will follow the routing configuration, therefore, the ProxySG will send the SYN-ACK to the static route match or the default gateway.
Since, in an inline deployment, the default gateway will either be the upstream router/firewall or the managment interface subnet, the return traffic will never reach the client. Therefore, you will need to make sure that the return-to-sender option is enabled for the inbound traffic. That feature will overwrite the routing table, as the ProxySG will use the same interface on which it got the SYN packet to send the return traffic to the client.
To check that the return-to-sender option is enabled for inbound:
if it is disabled for the return traffic, use the following CLI command to enable it:
(config)#return-to-sender inbound enable
Imported Document ID: 000008571
Subscribing will provide email updates when this Article is updated. Login is required.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.