This behavior can sometimes appear in contradiction to RFC2817 which stipulates that when a Proxy returns a (2xx) response to a connect request, it means that the proxy has established a connection to the origin server. When looking at packet captures, we sometimes see the proxy return a (2xx) response and then reset the client connection, and at the same time not attempt to connect to the OCS.
It is also possible that in the event where the origin server is not available, the client still gets a (2xx) from the proxy.
This behavior changes depending on the protocol detection feature.
When protocol detection is disabled, the Proxy won't examine the connection and simply relay the information to the origin server. In this case here, a simple tunnel is established and the ProxySG will not send a (2xx) response back to the client without first checking with the origin server
When protocol detection is enabled, the ProxySG needs to examine what the client sends before it opens a connection to the origin server, which in turn means the proxy needs to return a (2xx) to the client so that the client starts sending it's first request. In this case here, the ProxySG is partly acting as an origin server and RFC2817 mentions that an origin server can return a (2xx) response when a connection is established.
Imported Document ID: 000016478
Subscribing will provide email updates when this Article is updated. Login is required.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.