Loading...
Loading...

INFO: Bluecoat Proxy SG fails to "Sense Settings" in ICAP mode with version 10

Expand / Collapse


This article applies to:

  • SWG 10.x
  • Bluecoat Proxy SGOS (seen with 5.5.x.x) 

Symptoms:

  • Maximum number of ICAP connections is 16K (16,384) in SWG 10.x.
  • ICAP client service configuration fails to detect and apply this value in ICAP Response mode (sense Request Mode settings work fine). Value is unchanged, and remains under 16K.

Causes:

  • In SWG 10.x, the maximum number of possible established connections to the proxy or ICAP port is 16K, and can be divided between all available ICAP clients. The RESP/REQ mode ratio is 70:30 (hard-coded value), but the weighting of connections to each ICAP client can be configured as desired.
    • Example: If using two ICAP clients weighted at 50:50, they are each capable of handling 8K (8,192) connections (see ICAP section under Scanner / "Devices"). Therefore, each ICAP client's theoretical maximum connections is 5,734 (70%) in RESP mode and 2,458 (30%) in REQ mode.
  • It appears that Bluecoat Proxy SG cannot use more than 4K (4,096) connections for one service. If SWG's "Sense Settings" tries to use a value higher than this, the configuration process fails to accept this higher value. 

Resolution:

    There are two options:
    • The preferred option is to change the weighting in SWG devices section and limit it to 35% per ICAP client (even if when combined they do not add up to 100%). Now "Sense Settings" should complete successfully.
    • Although not recommended, the second option is to skip "Sense Settings" and set 4096 manually in RESP mode.

    Notes:

    SWG's ICAP server responds correctly:



    Bluecoat SGOS does not accept the value:




    If set manually, Bluecoat SGOS returns an error:




    Solution: Limit weighting to 35%, as this will return a valid number and "Sense Settings" will successfully complete.





    To contact Trustwave about this article or to request support:


    Rate this Article:
         

    Add Your Comments


    Comment submission is disabled for anonymous users.
    Please send feedback to Trustwave Technical Support or the Webmaster
    .