Jump to content
Welcome to our new Citrix community!

SSL Inspection and Forwarding proxy

David Boxall

Recommended Posts

Question we have the following setup :


PAC File to point certain client traffic to the netscaler Proxy where traffic is Inspected, with a fall back to another proxy should the netscaler go down or offline.


We are seeing traffic to one of these url still hitting the non-netscaler proxy for some clients, we would expect all clients to go out via the netscaler.  Its almost like the netscaler doesnt respond in time to clients so they fall back to the next proxy.   We are using MPX with SSL Card so i would expect it to have no issues with processing traffic, are there some default buffers that need to be adjusted based on number of incomming sessions etc ?



Link to comment
Share on other sites

First better see with nstrace too see that the traffic is reaching the netscaler and to see what and when the netscaler returns reply.



You may also check the active sessions for the client.





Maybe debug the pac file to make certain that the issue is not with the workstation as the pac file does not support timeout options and when times out depends on the web blowser and so on(maybe the pcap too fast timeouts the connection to the netscaler).




Caqn you provide the pac file?

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...