We have the following challenge: Multiple thousand users are accessing a web service through a ProxySG, explicit deployment. At some point we will run into a port exhaustion issue.
Apart from increasing the source port range by setting “#(config) tcp-ip inet-lowport xxx” as explained in https://support.symantec.com/en_US/article.TECH243… the usual advice is to add more IP addresses to the proxy and split the connection between those IP addresses using reflect_ip(proxyIPaddress1), reflect_ip(proxyIPaddress2), etc.
Now my question is: What is the best way to distribute clients between the outgoing proxy IP addresses? I’d like to use a smarter solution than simple client subnets, as in
client.address=192.168.1.0/24 reflect_ip(proxyIPaddress1)
client.address=192.168.2.0/24 reflect_ip(proxyIPaddress2)because there are a lot of subnets and I’d have to manually calculate how many clients are in each subnet in average to create groups which are of equal size. Also of course new subnets are created, deleted, changed every once in a while. Is there a way to distribute the clients in an automatic way? I thought of creating groups like
<Forward>
condition=clientsForIP1 reflect_ip(proxyIPaddress1)
reflect_ip(proxyIPaddress2)
define condition clientsForIP1
client.address=*.*.*.1
client.address=*.*.*.3
client.address=*.*.*.5
...
endSo all clients with uneven IP address are automatically sent via IPaddress1, regardless how many subnets exists. However I’m not sure if this is really efficient. Do you have any other ideas? Is there a way how I can perform mathematical calculations inside CPL?