I'm hoping to get some insights from the community on a frustrating issue I've been facing for the past four days after we switched firewalls in our data center from VMware SSL to a Palo Alto VM. After reconfiguring multiple IPSEC tunnels, we're experiencing unpredictable timeouts on an IIS Server that hosts a FrontEnd and a proxy for our application.
Here's the setup: the FrontEnd runs on port 443 with all our webpages, while the proxy, which listens on port 8443, handles API requests and forwards them to our backend via an IPSEC tunnel. The frustrating part is that while most of the website operates smoothly, users encounter random timeouts specifically when uploading files through certain API endpoints, like `api/customer/files`. Sometimes it fails on the second upload, sometimes the sixteenth. Oddly, logging off and logging back in seems to fix the problem temporarily, even though everything else continues to function normally after the timeout.
From what I can see in the IIS logs, the failed requests aren't reaching the backend; it's like the FrontEnd or Proxy never sends them. On the Palo Alto firewall side, I can see incoming SSL packets, but not the responses for the uploads through the tunnel. We've tried numerous adjustments, such as disabling slow upload aborts and increasing timeout values, and the network connectivity between the FrontEnd and backend servers is stable.
Has anyone had similar experiences or could provide insights into what might be causing these timeouts? Could the firewall change have led to this, or is there something else I should consider? Thanks in advance!
2 Answers
Have you checked if DNS issues might be causing it? Maybe the caching or race conditions are to blame? Sometimes it can feel like everything is set perfectly, but DNS can still be the sneaky culprit. Just a thought! Also, don't overlook the certificates or potential time sync issues; they can be tricky.
By the way, is everything really working fine with previous setups? If this has been a recurring issue after the firewall switch, it's worth the effort to revisit the configurations to see if there are any overlooked rules or settings. Good luck!
From what you're describing, it seems like the setup with the proxy on the same server as the FrontEnd might be contributing to the issue. It’s unusual for the proxy to handle user requests like that. If it was working fine before the migration, could it be possible that the firewall might be filtering certain types of traffic during those uploads?
Also, have you considered testing the API calls directly without going through the proxy for a moment? It could help pinpoint whether the proxy setup is part of the problem. Sometimes a new network environment can affect upload behaviors in funny ways.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures