Can't access my internal web server when going through a ProxySG or ASG in a reverse deployment.
Last Updated March 17, 2019
In a reverse proxy scenario, clients cannot access a specific internal web server.
There are many possible causes for this. Every step of the connection needs to be verified in order to determine where the connection is failing.
For initiating troubleshooting, the requirement is usually the following:
Retrieve a packet capture with the following filter: host <client's IP> or host <server domain or IP>
This packet capture should contain the communication from the client (usually public IP) to the proxy, as well as the communication from the proxy to the server which is done via a forwarding host (most commmon point of failure).
Set up a policy trace with the appropriate client IP to make sure that the correct forwarding rule is matching and that the proxy service is intercepting the connection.
These two files can be uploaded to a Network Protection case with the Sysinfo and Event Log files for troubleshooting issues of this nature.
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe