Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 1 subscriber
  • Views 544 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

poor performance using a parent proxy

AndrewDean
Hi guys,
I am trialing 7.3 ASG and a local web proxy. 
Our network topology has us as a node on a large WAN, our only internet access is via an upstream web proxy and we don't have access to resolve internet dns hostnames directly.

I have configured ASG to become a AD member and have turned on SSO. I can test AD access successfully. I have also entered the upstream proxy as its parent proxy.

When a client pc uses the ASG as its local web proxy it takes a very long time for a web page to be served. Checking the HTTP Access live log show it trying to resolve the web page directly rather than just pass the request unto the parent proxy .
here's some of the log:
2008:09:25-00:00:16 (none) httpproxy[4157]: [     (nil)] sc_resolve_server (scr_scanner.c:390) DNS: cffs07.astaro.com: Temporary failure in name resolution
2008:09:25-00:00:36 (none) httpproxy[4157]: [     (nil)] sc_resolve_server (scr_scanner.c:390) DNS: cffs08.astaro.com: Temporary failure in name resolution
2008:09:25-00:10:56 (none) httpproxy[4157]: [     (nil)] sc_resolve_server (scr_scanner.c:390) DNS: cffs01.astaro.com: Temporary failure in name resolution
2008:09:25-00:11:16 (none) httpproxy[4157]: [     (nil)] sc_resolve_server (scr_scanner.c:390) DNS: cffs02.astaro.com: Temporary failure in name resolution
2008:09:25-00:11:36 (none) httpproxy[4157]: [     (nil)] sc_resolve_server (scr_scanner.c:390) DNS: cffs03.astaro.com: Temporary failure in name resolution
2008:09:25-00:11:56 (none) httpproxy[4157]: [     (nil)] sc_resolve_server (scr_scanner.c:390) DNS: cffs04.astaro.com: Temporary failure in name resolution
2008:09:25-00:12:16 (none) httpproxy[4157]: [     (nil)] sc_resolve_server (scr_scanner.c:390) DNS: cffs05.astaro.com: Temporary failure in name resolution
2008:09:25-00:12:36 (none) httpproxy[4157]: [     (nil)] sc_resolve_server (scr_scanner.c:390) DNS: cffs06.astaro.com: Temporary failure in name resolution
2008:09:25-00:12:56 (none) httpproxy[4157]: [     (nil)] sc_resolve_server (scr_scanner.c:390) DNS: cffs07.astaro.com: Temporary failure in name resolution
2008:09:25-00:13:16 (none) httpproxy[4157]: [     (nil)] sc_resolve_server (scr_scanner.c:390) DNS: cffs08.astaro.com: Temporary failure in name resolution


This thread was automatically locked due to age.
  • 0
    Andrew, make sure your DNS setting on the ASG are pointing at valid DNS servers that can resolve external hostnames.  If you are using internal DNS servers for this, make sure you create a packet filter rule and a Masqueurade NAT rule so those internal DNS servers can query the root DNS servers out there.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.