SecureWeb 10.x: HTTP 1.1 Gateway timeout error while accessing external/internal websites from Secure Web.
Article ID: CTX227220
Updated On:
Description
While accessing any internal/external websites using Secure we get the following error in Secure web
Error : Http/1.1 gateway timeout error
Unable to find the requested server or DNS Error.
Resolution
This error is mostly seen when Netscaler is unable to resolve the DNS query received from Secure web client.
Check the following on Netscaler
1.If the Split tunnel is OFF on Netscaler ensure that the SNIP has inbound and outbound internet access
2. Check if you are able to resolve the address of internal/external websites from the Netscaler- take putty access for NS and ping the destination address - this will confirm weather the DNS resoluton is happening or not.
3. You can create a service on Netscaler for the website that you are trying to reach and verify if the service is up or down
4. Check if the DNS server is configured correctly on UDP protocol
5. If you have configured DNS LB Vserver on Netscaler, check if the services bound to the LB are up.
6. Collect a Netscaler trace and verify if Netscaler is able to successfully do a DNS resolution for those external/internal sites.
7. You can validate if its a Secure web issue by setting the Network Mode to Unrestricted and access the site.
8. the secure web doesnt have proxy configured there is no need for no proxy policy - unbind it
9. If Split Tunnel is ON on Netscaler, make sure we add an Intranet app range:
In the configuration utility, on the Configuration tab, in the navigation pane, expand NetScaler Gateway > Resources and then click Intranet Applications.
In the details pane, click Add.
In Name, type a name for the profile.
In the Create Intranet Application dialog box, select Transparent.
In Destination Type, select IP Address and Netmask.
In Protocol, select the protocol that applies to the network resource.
In IP Address, type the IP address.
In Netmask, type subnet mask, click Create and then click Close.
Check the following on Netscaler
1.If the Split tunnel is OFF on Netscaler ensure that the SNIP has inbound and outbound internet access
2. Check if you are able to resolve the address of internal/external websites from the Netscaler- take putty access for NS and ping the destination address - this will confirm weather the DNS resoluton is happening or not.
3. You can create a service on Netscaler for the website that you are trying to reach and verify if the service is up or down
4. Check if the DNS server is configured correctly on UDP protocol
5. If you have configured DNS LB Vserver on Netscaler, check if the services bound to the LB are up.
6. Collect a Netscaler trace and verify if Netscaler is able to successfully do a DNS resolution for those external/internal sites.
7. You can validate if its a Secure web issue by setting the Network Mode to Unrestricted and access the site.
8. the secure web doesnt have proxy configured there is no need for no proxy policy - unbind it
9. If Split Tunnel is ON on Netscaler, make sure we add an Intranet app range:
In the configuration utility, on the Configuration tab, in the navigation pane, expand NetScaler Gateway > Resources and then click Intranet Applications.
In the details pane, click Add.
In Name, type a name for the profile.
In the Create Intranet Application dialog box, select Transparent.
In Destination Type, select IP Address and Netmask.
In Protocol, select the protocol that applies to the network resource.
In IP Address, type the IP address.
In Netmask, type subnet mask, click Create and then click Close.
Problem Cause
This is a most common issue when- Netscaler is unable to successfully do a DNS resolution
- doesnt have access to internt in case the splittunnel is off
- incorrect DNS policies .
- Spilt tunnel is ON and Intranet app range is not added and SNIP does not have access to External Sites.
Issue/Introduction
HTTP 1.1 Gateway timeout error while accessing external/internal websites from Secure Web when traffic is tunneled through the NetScaler. This issue occurs when the MDX Policy is set for Secure Browse. If the preferred VPN mode on the app is set to FULL VPN TUNNEL, then the issue will not occur.
Was this article helpful?
Yes
No
Powered by
