Support Center > Search Results > SecureKnowledge Details
Clients behind a Virtual System configured as Non Transparent HTTP/HTTPS Proxy are not able to connect to any site
Symptoms
  • Clients behind a Virtual System configured as Non Transparent HTTP/HTTPS Proxy are not able to connect to any site.

  • Traffic capture in FW Monitor (sk30583) shows that traffic from Clients passes all Inbound chains.

  • Kernel debug ('fw ctl debug -m fw + drop') does not show any drops related to these Clients and HTTP/HTTPS Proxy.

  • Disabling the HTTP/HTTPS Proxy on the involved Virtual System and installing the policy resolves the issue.

  • Kernel debug ('fw ctl debug -m WS all') shows that Virtual System sends a trap to User Space, which is not processes, and that eventually DNS resolving fails:

    ; Date Time;[vs_X];[tid_0];[fwN_0];fw_send_kmsg: No buffer for tsid 11;
    ; Date Time;[vs_X];[tid_0];[fwN_0];...:{connection} [SID: ...] ws_connection_dns_send_rad_trap: [ERROR]: fw_send_kmsg() failed;
    ... ... ...
    ; Date Time;[vs_X];[tid_0];[fwN_0];...:{connection} [SID: ...] ws_async_create_proxy_connection: [ERROR]: rad_kernel_api_async_get_resource failed;
    ... ... ...
    ; Date Time;[vs_X];[tid_0];[fwN_0];...:{connection} [SID: ...] ws_dns_proxy_resolve: [ERROR]: ws_async_create_proxy_connection failed;
    ; Date Time;[vs_X];[tid_0];[fwN_0];...:{connection} [SID: ...] ws_create_proxy_connection: [ERROR]: ws_dns_proxy_resolve failed;
    ; Date Time;[vs_X];[tid_0];[fwN_0];...:{connection} [SID: ...] ws_create_proxy_connection: ERROR ;
    ; Date Time;[vs_X];[tid_0];[fwN_0];...:{connection} [SID: ...] ws_open_proxy_connection: [ERROR]: ws_create_proxy_connection failed;
    ; Date Time;[vs_X];[tid_0];[fwN_0];...:{session} [SID: ...] ws_http_session_client_read: [ERROR]: failed to open session;
    ; Date Time;[vs_X];[tid_0];[fwN_0];...:{connection} [SID: ...] ws_connection_read_handler: [WARNING]: read request from session failed sn: 0x...;
Cause

Virtual System fails to resolve URLs because no wsdnsd process (DNS Resolver for HTTP/HTTPS Proxy in R77.30 and above) is not reachable from the context of Virtual System.


Solution
Note: To view this solution you need to Sign In .