Authentication to the Reverse Gateway

Hi We have a reverse gateway setup where the internal IS server connects to the reverse proxy server in the DMZ.
OS: Windows Server 2008 R2 in VM.
IS Version 8.0.1.0
Updates IS_8-0_SP1

This is the functionality that I had noticed.
a) The IS server Security logs an entry that says that ‘Internal Server successfully authenticated to the Reverse Gateway’ at times even every single second.
b) The Reverse Proxy does not show any sign of an incoming connection from the IS server.
c) Sometimes the log entry in the IS server does not come at all for few minutes.
d) At times when we do not see the log entry for a log time the client would complain that the system is not accessible and we end up bouncing the IS and Reverse Proxy.

My question is,

  1. Is the frequency of the log entries in IS server configurable.
  2. Is there a similar logging in Reverse Proxy.
  3. Is there a way to find from Reverse Proxy that the IS is not making a connection.
  4. Do we have a better option that bouncing the server.

Thanks and regards

Thahir

Hi Thair,

That is a very complicated issue which you have asked for in one shot. Let me try and explain

My question is,

  1. Is the frequency of the log entries in IS server configurable. - Not sure, but yes there is WATT setting for the same.
  2. Do we have a better option that bouncing the server. - You need to check why the connections are getting terminated as that looks line an issue.

  1. Is there a similar logging in Reverse Proxy.
  2. Is there a way to find from Reverse Proxy that the IS is not making a connection.

Now for 2 and 3 please have a look at the logs below:

If i have a RI Server (182.20.25.201/182.20.25.202) I would have logs like

[ISP.0046.0022D] Accepted a connection from the internal server /182.16.25.204 on port 8889.
[ISP.0046.0022D] Accepted a connection from the internal server /182.16.25.203 on port 8889.
[ISP.0046.0022D] Accepted a connection from the internal server /182.16.25.203 on port 8889.
[ISP.0046.0022D] Accepted a connection from the internal server /182.16.25.204 on port 8889.

And for the corresponding Back End Server (182.16.25.203/182.16.25.204) i would have logs like

[ISP.0046.0019C] Unable to establish connection to the Reverse Gateway server 182.20.25.201:4444, Exception --> Connection refused.
[ISP.0046.0019C] Unable to establish connection to the Reverse Gateway server 182.20.25.201:4444, Exception --> Connection refused.
[ISP.0046.0021D] Established a connection to the Reverse Gateway server 182.20.25.202:8889.
[ISP.0046.0021D] Established a connection to the Reverse Gateway server 182.20.25.202:8888

Hope this explains the association between the logs.

Hi Sam.

Can you please tell us what logging level you have used to get those logged in RG you have shown from server.log?

If i have a RI Server (182.20.25.201/182.20.25.202) I would have logs like

[ISP.0046.0022D] Accepted a connection from the internal server /182.16.25.204 on port 8889.
[ISP.0046.0022D] Accepted a connection from the internal server /182.16.25.203 on port 8889.
[ISP.0046.0022D] Accepted a connection from the internal server /182.16.25.203 on port 8889.
[ISP.0046.0022D] Accepted a connection from the internal server /182.16.25.204 on port 8889.

TIA,
RMG

Hi RMG,

Default is set to Warn with certain parameters like 0006/0009/0012/0038/0039/0040/0046/0047/0079 set to trace. The highlighted parameters are more to do with certificates, ssl,http, RI and Authentication.

Hope this helps.

Thanks for the inputs:

0079 - Reverse Invoke / 0046 and 0047 - HTTP and HTTP Listener normally would do the trick.

Hi,

We have a reverse gateway server setup in UAT, the messages from external client is hitting our server and they are getting a HTTPS 200 ok, and our External Server(RI) is showing the logs of “Accepted a connection from the internal server /(IP of the internal server)IP on port 5886” but there is no sign of message in the internal server.

CAn anyone suggest.
Thanks,
Nitin