This article applies to:
- SWG 10.x
- Bluecoat Proxy SGOS (seen with 5.5.x.x)
Symptoms:
- Maximum number of ICAP connections is 16K (16,384) in SWG 10.x.
- ICAP client service configuration fails to detect and apply this value in ICAP Response mode (sense Request Mode settings work fine). Value is unchanged, and remains under 16K.
Causes:
- In SWG 10.x, the maximum number of possible established connections to the proxy or ICAP port is 16K, and can be divided between all available ICAP clients. The RESP/REQ mode ratio is 70:30 (hard-coded value), but the weighting of connections to each ICAP client can be configured as desired.
- Example: If using two ICAP clients weighted at 50:50, they are each capable of handling 8K (8,192) connections (see ICAP section under Scanner / "Devices"). Therefore, each ICAP client's theoretical maximum connections is 5,734 (70%) in RESP mode and 2,458 (30%) in REQ mode.
- It appears that Bluecoat Proxy SG cannot use more than 4K (4,096) connections for one service. If SWG's "Sense Settings" tries to use a value higher than this, the configuration process fails to accept this higher value.
Resolution:
There are two options: - The preferred option is to change the weighting in SWG devices section and limit it to 35% per ICAP client (even if when combined they do not add up to 100%). Now "Sense Settings" should complete successfully.
- Although not recommended, the second option is to skip "Sense Settings" and set 4096 manually in RESP mode.
Notes:
SWG's ICAP server responds correctly:
Bluecoat SGOS does not accept the value:
If set manually, Bluecoat SGOS returns an error:
Solution: Limit weighting to 35%, as this will return a valid number and "Sense Settings" will successfully complete.
