cancel
Showing results for 
Search instead for 
Did you mean: 
slizka
Level 7
Report Inappropriate Content
Message 1 of 1

Proxy HA with 2 legs

Hi,

Does anyone have some experience with proxy in HA with two legs? One leg to clients and second leg to internet?

If my assumption is correct the config. is same like with normal proxy HA, but it needs also static routes so that the traffic is returned to clients and not leaves to def. gw., right?

I have one environment where I deployed the proxy like this, but customer is complaining, that the connection is slow and some appliacations transactions are failling with timeout(or whatever...). So I made some pcaps and such and although I've seen some resets on the scanning node, those were usually following after e.g. FIN,ACK, so not really that bad, the packets looked quite fine.

So I tried to simulate it in my testlab, made similar configuration(just different networks) and when I made pcap on the director node with static routes, it looks quite weird, like following (192.168.21.56 is client, 192.168.21.154 is the VIP):

pcap_director_with_static.JPG

After that I thought that I could check how it looks like when there are no static routes, and the pcap on director looked much better:

pcap_director_without_static.JPG

With that, I'm now thinking if this is intended behaviour or if we can't use the proxyHA with two legs or I just messed up something 🙂

 

Apreciate any comments/sarcastic remarks 🙂

 

Best regards

Ales

 

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community