Issue: web application page protected by Access Gateway timeout at 2 minutes?

Hi,

I have an issue that a function (report page) of the web application protected by Access Gateway is timeout at 2 minutes. 

So, I try 2 scenarios to check the cause.

1st: User launch a function through access gateway. The result is function timeout at 2 minutes. I check the network from browser trace and it shows that no response from web application. 

2nd: User launch a function directly at the web server. The result is function woking fine even time exceeding 2 minutes. 

My NAM environment is 4.5.2 and deployed as separate module (IDP, Access Gateway and Admin console). 

User flow is User -> Load Balancer -> Gateway -> Firewall -> Web Application Server.

Thanks,

  • Suggested Answer

    Hi!

    If I understand you correctly, you experience a problem when it takes more than 2 minutes for backend server to respond with report?

    Most likely this is connected to Data Read timeouts, which are often by default set to 120 seconds.

    In AM you have two of them:

    • One for connection between browser and Access Gateway: Open Access Gateway configuration->Reverse proxy, on top you have "TCP Listen Options" where you can set this data read timeout
    • One for connection between Access Gateway and backend application: Open Access Gateway configuration->Reverse proxy->Relevant proxy service->"Web Servers" tab, just above web server list there is "TCP Connect Options" where you can set this timeout.

    But please keep in mind that similar timeouts might also be set on Load Balancer and firewall, so you should make sure that no device between user's browser and backend application is terminating connection after 2 minutes.

    Kind regards,

    Sebastijan

  • I would do the following:

    1) Enable the X-MAG header debug option at the Access Gateway adding the Global Advanced Option

    # XMAG Debug Header (visible at browser with fiddler)
    #############################################
    NAGGlobalOptions DebugHeaders=on
    #############################################

    2) Install fiddler on your test workstation and enable SSL Decryption to make sure traffic can be decoded

    3) Make sure SSL Session Stickyness has been configured at your L4 Balancer correctly

    4) Start fiddler and run a direct session with the web application server and check if there is any script running regular requests during your 2min time window and use this as a reference to understand the problem. Run all subsequent tests by making use of fiddler

    5) make sure you configure your test workstation to make use of one Access Gateway only (out of the existing cluster) to make sure there is no content switch due to an idle time between AG cluster nodes and check if the problem does not come up.

    Usually I would expect the HTTP Connection: Keep-Alive header returned by the web application server would be used to maintain the session unless there is any other logic used by the application. Usually a session cookie will be used to identify / authenticate / authorize the user session

    With the above information you should get an understanding what might go wrong here

  • Review the configuration settings of the Access Gateway to ensure that there are no specific timeout limits set for requests to the web application generatepokemon. Look for any session or connection timeout settings that might be affecting the function's execution.