For branches that contain multiple ProxySGs deployed in-path, it is possible that a connection can be leaving the company network on one ProxySG, and be entering the network on another ProxySG.
Connection forwarding is designed to handle asymmetric routing issues, as described here. All the ProxySGs that are in the critical network paths will form a cluster, so that every ProxySG knows the state of every other ProxySG in the same connection forwarding cluster. This feature is typically used in conjunction with ADN, but its application is not limited to WAN optimization deployments. Currently, the connection forwarding tunnel is IPv4 only, but it is capable of handling both IPv4 and IPv6 traffic.
Note that the list of ProxySGs needs to include itself. Currently, the tunnel between the ProxySGs participating in the cluster is IPv4 only. But this should not impact the overall usability since the user traffic can be both IPv4 and IPv6.
4. Enable connection forwarding:
5. Enable the desired services. We are using HTTP in this example:
edit “External HTTP”
#(config External HTTP)
intercept transparent 80
6. The blue line illustrated in the following network diagram indicates how the packets are routed through the network. The packets that get forwarded between the ProxySGs are IPv6, although the tunnel indicated in this diagram is IPv4 only.
Imported Document ID: 000014415
Subscribing will provide email updates when this Article is updated. Login is required.