Forum Discussion
CirrusBlueCoat ProxySG Load Balancing
I am attempting to LB 2 BlueCoat appliances with my F5 Big IP's. I am running version 11.6.0 HF1 on 2 Big IP 8900's. The issue I am running into is that when pointing to the Big IP's for LBing and access a site that is not authorized or cannot be resolved, the BC's return another users username and not my own. I am using SNAT and have enabled xForwarding but still seem to be running into the same issue. Any input is greatly appreciated. Thank you in advance.
15 Replies
nitass_89166Noctilucent
can you post the virtual server configuration?
tmsh list ltm virtual (name)
Dev_56330ltm virtual CENTCOMHQ_BlueCoat_LB { destination x.x.x.x:port ip-protocol tcp mask 255.255.255.255 persist {Cookie Persistence Profile { default yes } } pool BlueCoatPool profiles { BlueCoat_HTTP {} optimized-acceleration {} tcp-lan-optimized {} } source x.x.x.x/0 source-address-translation { type automap } vs-index xx
- nitass
Employee
can you post the virtual server configuration?
tmsh list ltm virtual (name)- Dev_56330ltm virtual CENTCOMHQ_BlueCoat_LB { destination x.x.x.x:port ip-protocol tcp mask 255.255.255.255 persist {Cookie Persistence Profile { default yes } } pool BlueCoatPool profiles { BlueCoat_HTTP {} optimized-acceleration {} tcp-lan-optimized {} } source x.x.x.x/0 source-address-translation { type automap } vs-index xx
- kunjan
Nimbostratus
You may want to check if the issue resolves, when optimized-acceleration profile is removed.
- Dev_56330I removed that previously and I am still receiving another users username from the proxy as if I am authenticating as someone else. Optimized-Acceleration is still disabled at this point. I have also modified the type to FastL4 and experience the same results.
kunjan_118660Cumulonimbus
You may want to check if the issue resolves, when optimized-acceleration profile is removed.
- Dev_56330I removed that previously and I am still receiving another users username from the proxy as if I am authenticating as someone else. Optimized-Acceleration is still disabled at this point. I have also modified the type to FastL4 and experience the same results.
- kunjan
Could it be caching problem at BC?
- Dev_56330That's a great question. My organization does not manage the BC's which we go through so unfortunately we are attempting to only troubleshoot this at the Big IP.
- kunjan_118660
Could it be caching problem at BC?
- Dev_56330That's a great question. My organization does not manage the BC's which we go through so unfortunately we are attempting to only troubleshoot this at the Big IP.
- nitass
does the problem happen when having only one member in the pool?
if not, can you try another persistence method such as source address?
- Dev_56330
I have not attempted pulling 1 of the nodes out of the pool though I did attempt to use source address persistence which had the same results. There must be a configuration guide from BlueCoat. I am trying to run that down in hopes this is not a problem with the Big IP's at all but rather an existing configuration on the BlueCoats.
- Dev_56330
I was only able to successfully LB the bluecoat proxies using a Fast Layer 4 VS versus a Standard VS with any type of optimization. BlueCoat never responded with load balancing requirements.
