Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1167
Views
0
Helpful
2
Replies

upstream proxy connectivity issue

Chirag Prajapati
Level 1
Level 1

‎08-20-2014 03:19 AM

Hi,

I have recently installed WSA S170 in one site which is pointing to one of the existing proxy. I have defined routing policy in new proxy through which some of the local domain is accessible through new proxy and rest of the domain will be through existing proxy.

User's are facing slowness when they are accessing other than local domain at the same time local domain is working fine.

I have disabled all scanning feature in new proxy for all other domain to avoid delay but still issue persist.

Connection flow.

For local Domain :

Client ----> New Proxy---> Internet

Other domain :

Client ---> new proxy---> Existing proxy---> Internet

 

Version information : 

New proxy : cisco wsa s170  OS : 7.7.0 - 753

Exising proxy : cisco wsa s670  OS : 7.5.1 - 201

Is it becuse of dual proxy connection hapening for other domain? 

Please suggest.

Regards 

Chirag

Labels:
0 Helpful
2 Replies 2

kushsriva
Level 1
Level 1

‎08-20-2014 12:19 PM

Hi,

 

In cases wherein we have an upstream proxy, we need to make the following configuration on the WSA:

-- Go to 'Network' tab > 'Upstream Proxy' > Configure the Upstream Proxy

-- Go to 'Web Security Manager' > 'Routing Policy' > Configure a policy to use the Routing Destination  pointing to the Upstream Proxy configured above.

-- If the upstream proxy is performing authentication, you will need to disable authentication on the Cisco Ironport Web Security Appliance.

Note: If the path to get to the software update site is also through the same upstream proxy, then Go to 'System Administration' > 'Upgrade and Update Settings' > Edit Update Settings > configure the Proxy Server section. 

 

 

Do rate if Helpful----

 

Regards,

Kush

0 Helpful

Chirag Prajapati
Level 1
Level 1
In response to kushsriva

‎08-21-2014 03:41 AM

Hi 

Thanks for your reply.

I am facing performance issue (Slowness) in this setup so not sure what could be the reason.

I have disabled all scanning facility in donstream proxy which could delay the connection. (Outbound malware scanning, Decryption policy is pass through, added those domain in bypass setting though proxy is working in explicit mode.)

Please suggest.

Regards

Chirag

0 Helpful
Customers Also Viewed These Support Documents