Troubleshoot HTTP Forwarder

This table lists resolutions to issues you may encounter.

IssueResolution
Security Connector indicates that the provided explicit proxy port is already in use.Make sure the provided port is not used for a DNS Forwarder or a transparent proxy configuration.
HTTP Forwarder cannot establish a connection

  • Review your HTTP Forwarder configuration. For more information on setting up HTTP Forwarder, see Configure HTTP Forwarder.

  • Confirm that your clients do not require IPv6 traffic.

  • If you have separate deployments of Security Connector on separate machines and one connector is a transparent proxy, while the other connector is an explicit proxy, confirm that the ports for each proxy do not overlap.

Traffic cannot reach ‚ÄčSIA‚Äč Proxy

  • Review the DNS name server configuration. If you‚Äôve entered a corporate resolver or DNS server, make sure the corporate resolver or server is forwarding traffic to ‚ÄčSIA‚Äč. Otherwise, provide the IP addresses of the ‚ÄčSIA‚Äč DNS servers. To view the IP addresses of your ‚ÄčSIA‚Äč DNS servers, see View DNS server information.

  • In your policies, confirm that ‚ÄčSIA‚Äč Proxy is enabled. If you‚Äôve configured a transparent policy, verify the origin ports.

Policy associated with a sub-location is not appliedMake sure that any middlebox between the client and Security Connector do the following:

  • Preserves the client IP address or uses a routing mechanism that preserves the client IP address.

  • Adds the X-Forwarder-For (XFF) Header.

Also, confirm that the Trust XFF Header setting is enabled in the policy.
Internal domains do not bypass ‚ÄčSIA‚Äč Proxy from HTTP Forwarder.Complete a health status check to make sure that the CAS backend service is running. For more information, see Troubleshoot health status failures and View Security Connector health status.