High response times seen in Health Check Statistics
Dynamic real time rating (DRTR) slow or fails
Receive failed. Using service drtr_service_x_x_x_x seen in the event logs
Proxy hierarchy deployment
To resolve these issues, add the DRTR servers IP addresses to the "Set Reverse DNS restrictions" section of VPM (VPM -> Configuration -> Set Reverse DNS Lookup Restrictions…). of the parent proxy.
The best way to identify which IP addresses to add is to search the sysinfo for "drtr.rating_service" this is under the "Health check statistics" section of the sysinfo here you will find entries like
"IP address: 188.8.131.52 Enabled OK UP"
There is one for each IP address that you need to add Set Reverse DNS restrictions section of VPN plus the mask 255.255.255.255
As DRTR responses are cacheable you may find the parent proxy is caching the DRTR health check response and serving these to the child proxies to prevent this apply the following policy on the parent proxies then flush the object cache on the parent proxy
define condition __CondList1DRTR-servers
Imported Document ID: 000016940
Subscribing will provide email updates when this Article is updated. Login is required.