client use explicit and when play some https website webpage loading too slow to enter page it long time to loading page
service https in proxy service config is bypass
when test with other https website (youtube facebook) it normal not slow.
thank you for your help.
Can you share some of this slow website as accessed by customer? Also taking a pcap and policy trace would give us clue on where the slowness is getting added. Common area of slowness are RDNS lookup or Authentication.
You need to have FWD configuration and FWD policy to make this work. You can find the config and policy below
FWD Config: Execute from SSh Console > config mode
create host "App_Otps" 188.8.131.52 https=443 ssl-verify-server=no server
Policy: Add the policy in your local policy file
define condition App_OTPS_Url
condition=App_OTPS_Url forward("App_Otps") forward.fail_open(yes)
Test with this and let us know
that shouldn't be a problem. This is just a health check and it will be based on IP address. When proxy communicats to the server, it will be using proper domain based client hello. So nothing to worry there.
The DNS query for app.otps.go.th is returning 2 IP addresses. "184.108.40.206" and "220.127.116.11". Out of this "18.104.22.168" is not responding to any request sent towards it. I have tried from my lab too and got no response from this IP. The other IP address "22.214.171.124" is working though. The issue is happening when proxy picks the IP address of "126.96.36.199" and tries to connect to that. I have filtered the communication from client, to IP address "188.8.131.52" and "184.108.40.206" in the attached packet capture.
We do have very limited control in such an issue. Updating the server team about the issue is the faster way to resolve. Another option is to try by creating a FWD host to the working IP address of "220.127.116.11" and then create a FWD Layer rule to forward this url requests to that IP address. Bit of an extra work but possible.
If you are satisfied with the solution provided, please select accept solution as it will mark it as solved and will also help others to track solved questions easily :)
Can you share a policy trace for this ?
Whether you are trying via proxy or direct, the response from IP address is crucial. May when customer is testing, the requests are hitting the working IP address of 18.104.22.168. You can take a client pcap to confirm this.
I didn't see any request in the trace attempting to got the site. This file seems to be a default trace. Can you disable the default trace and get a policy drivern trace while attempting this site?
how to config forwarding policy becase this website can enter by ip address
when i config forwarding rule cannot incert ip address if i insert host name when connect that website
maybe dns resolved 22.214.171.124 it will be slowly loading
please recommend if you know how to do.
ok iwill try to do again and when i access it still slowly.
but when i go to talk with customer.
my customer will tell why access through proxy it not slowly. not same when connect with proxy
do you have anything to explain it ? may be web browser have something to get website fast more than proxy.
many thank you so much for your help
today i remote to config follow you told me before and when access website it not slowly.
just waiting my customer to verify this issues again.
i did same you told me before but that website still slowly
proxy it still go to that ip 126.96.36.199
you can see from attach files.
maybe is not working because forwarding to website
it not access by ip address
ok thank you very much for your help.
after i go to test this issue on customer's network i will come to update to you again.
ok thank you so much.
you can see attach file.
this website >> https://app.otps.go.th
pcap and access log you can see from attach files.
Thank you very much. i will try to do that.
sorry my word is wrong
this website cannot enter by ip address