OS-Orchestrator:
Here, 172.16.20.1 is the LAN-Interface IP of the VOS and port 5000 [For this Lab for example] is what is used for the explicit proxy.
versa@vs-OSU-orch:~$ sudo /opt/versa/os-upgrade/versa/util/configure_poxy.sh -a configure -h 172.16.20.1 -p 5000
versa@vs-OSU-orch:~$ vsh list-proxy-config
HTTP Proxy: http://172.16.20.1:5000
HTTPS Proxy: http://172.16.20.1:5000
No Proxy: 127.0.0.1,localhost
Configuration on the VOS end, acting as the Web-Proxy for the OS-Orchestrator:
[admin@Branch: ~] $ vsh connect vsmd
vsm-vcsn0> show vsf session all brief
Handle TNT WT Proto SIP DIP SPort DPort -->Pkts <--Pkts -->Drops <--Drops application
------------ --- -- ----- --------------- --------------- ----- ----- ------- ------- -------- -------- ---------------
0x2000004 2 1 6 10.0.0.82 10.0.0.0 1154 1234
0x200112c 2 1 17 169.254.0.3 1.2.3.4 1157 12
0x20013aa 2 1 17 10.48.55.153 10.48.255.255 138 138 5 0 5 0 mailslot/(predef)
0x20013ab 2 2 17 10.48.55.151 10.48.255.255 138 138 5 0 5 0 mailslot/(predef)
0x20013ac 2 1 17 10.48.55.118 10.48.255.255 138 138 1 0 1 0 mailslot/(predef)
0x20013ad 2 2 6 172.16.20.2 172.16.20.1 50522 5000 432 826 0 0 ubuntu/(predef) <<<<<< sessions to the Canonical/Ubuntu Gateways.
0x20013af 2 2 6 172.16.20.2 172.16.20.1 50526 5000 4420 12180 0 0 ubuntu/(predef) <<<<<<
0x20013b1 2 2 6 172.16.20.2 172.16.20.1 50528 5000 17335 52798 0 0 ubuntu/(predef) <<<<<<
0x20013b3 2 1 2 10.48.10.21 224.0.1.140 0 0 1 0 1 0 -
0x20013b4 2 1 17 10.48.1.103 10.48.255.255 138 138 2 0 2 0 mailslot/(predef)
0x20013b5 2 1 17 10.48.30.249 10.48.255.255 138 138 1 0 1 0 mailslot/(predef)
0x20013b6 2 1 17 169.254.0.3 1.2.3.4 1157 12 1 0 0 0 -
0x20013b7 2 2 17 10.48.1.103 10.48.255.255 137 137 3 0 3 0 nbns/(predef)
vsm-vcsn0> exit
Appliance-CLI:
admin@Branch-cli> show orgs org-services Snehal_Parent_Org vfp statistics profile TEST
vfp statistics profile TEST
Successful sessions 79
Deleted sessions 79
Sessions failed due to lack of memory 0
Sessions failed due to lack of SNAT IP/Port 0
Sessions failed due to server connection failure 0
Sessions failed due to NAT flow install failure 0
Sessions failed due to connection resets 32
Sessions failed due to Invalid Domain Name 0
Sessions ignored due to already natted 0
Sessions failed due to DNS lookup failure 0
Sessions held for DNS lookup 79
Sessions resumed after DNS lookup 79
DNS lookup cancelled 0
Sessions held for FQDN lookup 0
Sessions resumed after FQDN lookup 0
FQDN lookup cancelled 0
Number of Auth Server Redirect Success 0
Auth-server redirect fails 0
Number of Domain Matched For Proxy Service 0
Number of Domain Matched For Local Breakout 0
Total Bytes Sent 10900557
Total Bytes Received 842069520
Total Packets Sent 195700
Total Packets Received 565288
Number of PBF honored for Proxy Service 0
Number of Nexthop received from DNS lookup 79
Number of SNAT request using nexthop 79
Number of User notification 0
Number of Http Method Get 1009
Number of Http Version 1.1 1009
How to check if the Web Proxy is indeed correctly hitting and if yes, if there is any errors or is the traffic going through correctly?
How to check if the SNAT Pool is hitting correctly or not?
To read/understand more about Explicit proxy, please refer to this document: