ProxySG & Advanced Secure Gateway

 View Only
  • 1.  CAS configured but Traffic is not being Sent

    Posted Sep 28, 2020 04:09 PM
    Hello All ,

    I have two CAS and Two Proxy appliances where i want configure all of them in HA .
    So i tried to include both cas in one icap group . 
    but thats not working , i cant see any traffic in cas .

    Please suggest


  • 2.  RE: CAS configured but Traffic is not being Sent

    Broadcom Employee
    Posted Sep 29, 2020 01:34 PM
    Hi Neha,

    The ICAP group should not have any affect on you not seeing the traffic. I would verify the following:

    • Verify that the health check on the ProxySG of both CAS devices are healthy
    • Verify that at least one CAS has a weight greater than 0 in the ICAP group
    • Verify through a policy trace or packet capture that the traffic you are testing with is making it through the ProxySG that you think it is
    • Verify through a policy trace that the traffic you are testing with is pure HTTP, or if it is HTTPS, that it is being SSL decrypted (you see GET or some other HTTP method instead of unknown ssl)
    • Verify through a policy trace that the you are both
      • matching a rule to perform response analysis
      • not matching a rule to override the response analysis rule
    Hope this helps!


  • 3.  RE: CAS configured but Traffic is not being Sent

    Posted Sep 29, 2020 01:59 PM
    Hello Neha
    Do You have indication of that  ICAP group in policy f.e. VPM (Web Content Layer)?
    Please look at
    https://techdocs.broadcom.com/content/dam/broadcom/techdocs/symantec-security-software/web-and-network-security/proxysg/common/CA_SG_MA_Integration_Guide_v24.pdf    -> page 40
    Best regards


  • 4.  RE: CAS configured but Traffic is not being Sent

    Posted Sep 30, 2020 04:37 AM
    Hello All

    Reply On behalf 
    after we check the logs we get the listed error.
    i am sending some of them please evaluate.

    2020-09-17T21 39 12.929195+00 00 CAS avservice[12695] ERROR     SubscriptionLicenseNotifier received error 500 Error subscription.es.bluecoat.com Name or service not known for 'https //subscription.es.bluecoat.com/islicense/database'
    2020-09-17T21 39 14.008285+00 00 CAS avwatchdog[12593] ERROR     SubscriptionLicenseNotifier received error 500 Error subscription.es.bluecoat.com Name or service not known for 'https //subscription.es.bluecoat.com/islicense/database'
    2020-09-17T21 39 16.934756+00 00 CAS avservice[12695] ERROR     SubscriptionLicenseNotifier received error 500 Error subscription.es.bluecoat.com Name or service not known for 'https //subscription.es.bluecoat.com/islicense/database'
    2020-09-17T21 39 18.011805+00 00 CAS avwatchdog[12593] ERROR     SubscriptionLicenseNotifier received error 500 Error subscription.es.bluecoat.com Name or service not known for 'https //subscription.es.bluecoat.com/islicense/database'
    2020-09-17T21 39 20.940068+00 00 CAS avservice[12695] ERROR     SubscriptionLicenseNotifier received error 500 Error subscription.es.bluecoat.com Name or service not known for 'https //subscription.es.bluecoat.com/islicense/database'
    2020-09-17T21 39 22.014757+00 00 CAS avwatchdog[12593] ERROR     SubscriptionLicenseNotifier received error 500 Error subscription.es.bluecoat.com Name or service not known for 'https //subscription.es.bluecoat.com/islicense/database'
    2020-09-17T21 39 24.946309+00 00 CAS avservice[12695] ERROR     SubscriptionLicenseNotifier received error 500 Error subscription.es.bluecoat.com Name or service not known for 'https //subscription.es.bluecoat.com/islicense/database'






    Thanks & Regards

    Rishav Shrivastava | Technical Consultant

    +91 9511965267

    rishav.shrivastava@sattrix.com


     

    Planned Leave : None

    SATTRIX Desc


        




    Please do not print this email unless it is absolutely necessary. The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.