ProxySG & Advanced Secure Gateway

 View Only
  • 1.  ProxySG- Appliance Error (internal_error)

    Posted Apr 17, 2019 03:01 AM

    Hi Team,

     

     

    Please advise on the below error. user facing some issue like webpage content not loading properly on one proxy02 and worked fine in other proxy01(both having same configuration and same version)

    We observed that the ".js " format file was getting 500 error in the browser dev tools. Then we tired to access this url in the browser other proxy can show the script and other proxy getting "Appliance Error ( internal_error)

     

    url: https://www.google-analytics.com/analytics.js

     

    Chrome Developer tool logs:

    ======================

    Non-working (proxy02).

     

    Request URL: https://www.google-analytics.com/analytics.js

    Request Method: GET

    Status Code: 500 Internal Server Error

    Remote Address: 10.180.49.118:8080

    Referrer Policy: no-referrer-when-downgrade

    Cache-Control: no-cache

    Connection: close

    Content-Length: 5824

    Content-Type: text/html; charset=utf-8

    Pragma: no-cache

    Proxy-Connection: close

    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3

    Accept-Encoding: gzip, deflate, br

    Accept-Language: en-US,en;q=0.9

    Cache-Control: max-age=0

    Connection: keep-alive

    Host: www.google-analytics.com

    If-Modified-Since: Wed, 16 Jan 2019 20:01:45 GMT

    Upgrade-Insecure-Requests: 1

    User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

     

    Working (proxy01).

     

    Request URL: https://www.google-analytics.com/analytics.js

    Request Method: GET

    Status Code: 200 OK

    Remote Address: 10.180.49.117:8080

    Referrer Policy: no-referrer-when-downgrade

    Age: 4578

    Alt-Svc: quic=":443"; ma=2592000; v="46,44,43,39"

    Cache-Control: public, max-age=7200

    Connection: Keep-Alive

    Content-Encoding: gzip

    Content-Length: 17543

    Content-Type: text/javascript

    Date: Wed, 17 Apr 2019 02:34:49 GMT

    Expires: Wed, 17 Apr 2019 05:06:53 GMT

    Last-Modified: Wed, 16 Jan 2019 20:01:45 GMT

    Server: Golfe2

    Strict-Transport-Security: max-age=10886400; includeSubDomains; preload

    Timing-Allow-Origin: *

    Vary: Accept-Encoding

    X-Content-Type-Options: nosniff

    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3

    Accept-Encoding: gzip, deflate, br

    Accept-Language: en-US,en;q=0.9

    Cache-Control: max-age=0

    Connection: keep-alive

    Host: www.google-analytics.com

    Upgrade-Insecure-Requests: 1

    User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

     

     

    Thanks,

    Ram



  • 2.  RE: ProxySG- Appliance Error (internal_error)

    Posted Apr 17, 2019 03:20 AM

    Dear Ramkumar,

     

    This seem mostly to be authentication issue. Can you share policy trace file.



  • 3.  RE: ProxySG- Appliance Error (internal_error)

    Posted Apr 17, 2019 03:31 AM

    Hi Aboonaim,

     

    it seems like authenticated. I have shared the policy trace from proxy01(working) and proxy02(not working) via private chat.

     

    Thanks,

    Ram

     



  • 4.  RE: ProxySG- Appliance Error (internal_error)

    Posted Apr 17, 2019 02:53 PM

    Hi Ram,

    Are proxy01 and proxy02 in the same network boundary, or are they at different locations? If they're in the same network boundary, are they load-balanced/distributed via explicit or transparent proxy?

     



  • 5.  RE: ProxySG- Appliance Error (internal_error)

    Posted Apr 19, 2019 05:24 AM

    Hi Matt,

     

    They are in the same location only. they are loadbalancing traffic via PAC file. If i configure via Proxy01 its working but proxy02 not working.

     

    if i disable protocol detection its working fine, client concern is why its working in proxy 01 without any modification since both are running similare version and configuration,

     

    Thanks,

    Ram



  • 6.  RE: ProxySG- Appliance Error (internal_error)

    Posted Apr 23, 2019 11:47 AM

    Hi Ram,

    If you point the client workstation to each Proxy individually without using the PAC, does the failure still occur? 

    If you're able to test, this test may indicate whether it's a device config/policy out-of-synch issue if the failure still occurs, or it's the PAC file load-balancing method if it doesn't.

    Are you able to share the policy traces with me as well?



  • 7.  RE: ProxySG- Appliance Error (internal_error)

    Posted Jul 10, 2020 05:44 PM
    Hi Ram,

    have you found any fix for this issue??
    I am encountering the same issue.


  • 8.  RE: ProxySG- Appliance Error (internal_error)

    Broadcom Employee
    Posted Jul 10, 2020 06:23 PM
    HI Deepak,

    Internal error can be several things, and so a policy trace will probably give you more details or what kind of an internal error it is, if you aren't seeing a full fledged exception page. As mentioned before, authentication can be an issue, as mentioned in the below KB, but the policy trace should tell you more and help you know where to troubleshoot next. Be sure also to check the client and server response codes in the policy trace as well to make sure that the ProxySG isn't merely forwarding the 500 from upstream. In essence, if you see

    server.response.code: 500
    client.response.code: 500

    then you know the ProxySG is merely forwarding that errror, and you need to continue looking upstream. Here is that KB:

    https://knowledge.broadcom.com/external/article/170267/appliance-error-authentication-agent-rej.html

    Aside from looking at the policy trace, you can also use the CPL troubleshooting code in the below KB with a test user to help narrow which service (if any) is causing the issue.

    https://knowledge.broadcom.com/external/article?legacyId=tech243229

    Thanks!