|
Configuration:
- Check the forward-server configuration.
config web-proxy forward-serve
edit "test1" ----> Server 1.
set ip 10.10.10.10
set port 80
set healthcheck enable
next
edit "test2" -----> Server 2.
set ip 10.10.20.10
set port 80
set healthcheck enable
next
end
-
Check the forward-server group configuration. If the forward-server-group configuration (optional).
config web-proxy forward-server-grou
edit "group"
set ldb-method active-passive ---> Using Active-passive.
config server-list
edit "test1"
set weight 30
next
edit "test2"
set weight 20
next
end
next
end
-
Check the forward-server / forward-server-group mapped to the firewall policy.
config firewall policy
edit 1
set type explicit-web
set uuid 1806c9b0-526e-51f0-0cc3-10af7cd02ac1
set dstintf "port3"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "webproxy"
set explicit-web-proxy "web-proxy"
set webcache enable
set webproxy-forward-server "group"
next
end
-
Check the user traffic passing through the same policy rule: Log & Report -> Forward Traffic.
-
Check if the FortiProxy can reach the forward server using Telnet.
execute telnet 10.10.10.10
diagnose sniffer packet any "host X.X.X.X" 4 0 l --> Host IP is a forward server IP.
-
Check whether the forward server is up/down on the FortiProxy.
diagnose debug reset
diagnose debug enable
diagnose test application wad 101
diagnose debug disable
diagnose wad webproxy forward-server detail
-
If FortiProxy is reachable and the port is listening to the forward server, but the forward server is still down. Disable the health check from the forward server
Sample output:
FortiProxylab $ diagnose wad webproxy forward-server detail
VDOM=root server_name=test1
addr=ip/10.7.2.6:8080 health_check=disable down-opt=block proto=3
conns: succ=262194 fail=28 ongoing=2 hits=131449 blocked=0 proto_mispatch=0
monitor: succ=0 fail=0
error: stats.no_report_err=4
num_worker_load=27 state=up psv_tm=58(sec)
arbiter: tm=12(sec) tx=92004 rx=26246133
proto=3 refers to both HTTP and SOCKS.
|
