ProxySG is dropping bypassed traffic received via Policy Based Routing (PBR)
Last Updated April 21, 2018
When packets reach the proxy via Policy Base Routing (PBR) in transparent mode, the destination IP address of the packets are that of the intended server but the destination MAC address is that of the receiving proxy. By default the ProxySG will drop these packets if it is not set to intercept the particular traffic. For example, if you have PBR sending traffic to a proxy that is configured to intercept HTTP traffic and bypass FTP traffic, by default the ProxySG will drop all FTP packets. To allow the ProxySG to simply forward this bypassed traffic on to the next hop, you must enable a feature called "IP Forwarding".
For more information on IP Forwarding and how to enable it, see 000015285.
Note: This scenario is not only true for a PBR deployment but also applies to anytime the destination IP address of the traffic is not the proxy's but the destination MAC address is the proxy's, such as with WCCP using L2 forwarding and default-gateway which are other forms of transparent proxy deployment modes.
Imported Document ID: 000016633
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.