This table lists resolutions to issues you may encounter.
| Issue | Resolution |
|---|
| Security Connector indicates that the provided explicit proxy port is already in use. | Make sure the provided port is not used for a DNS Forwarder or a transparent proxy configuration. |
| HTTP Forwarder cannot establish a connection |
- Review your HTTP Forwarder configuration. For more information on setting up HTTP Forwarder, see Configure HTTP Forwarder.
- Confirm that your clients do not require IPv6 traffic.
- If you have separate deployments of Security Connector on separate machines and one connector is a transparent proxy, while the other connector is an explicit proxy, confirm that the ports for each proxy do not overlap.
|
| Traffic cannot reach SIA Proxy |
- Review the DNS name server configuration. If you’ve entered a corporate resolver or DNS server, make sure the corporate resolver or server is forwarding traffic to SIA. Otherwise, provide the IP addresses of the SIA DNS servers. To view the IP addresses of your SIA DNS servers, see View DNS server information.
- In your policies, confirm that SIA Proxy is enabled. If you’ve configured a transparent policy, verify the origin ports.
|
| Policy associated with a sub-location is not applied | Make sure that any middlebox between the client and Security Connector do the following:
- Preserves the client IP address or uses a routing mechanism that preserves the client IP address.
- Adds the X-Forwarder-For (XFF) Header.
Also, confirm that the Trust XFF Header setting is enabled in the policy. |
| Internal domains do not bypass SIA Proxy from HTTP Forwarder. | Complete a health status check to make sure that the CAS backend service is running. For more information, see Troubleshoot health status failures and View Security Connector health status. |
