4 Replies Latest reply: Aug 2, 2017 10:52 AM by Anna Ebner RSS

    Qlik Sense Proxy node in DMZ - Hub doesn't open

    Anna Ebner

      Hi all!

       

      We're trying to deploy QlikSense (June2017) in a 2-node environment.

      • Central node (installed on a virtual server within the companies domain)
      • Proxy node (installed on a server in the DMZ, outside the companies domain)

      The proxy node has an external IP address. Our aim is to give access to anonymous users from outside the companies domain via the proxy node.

       

      There were no problems/errors during the installation. Opening the hub from internal (via the internal Hostname) is working fine. But when we try to open the hub from outside the companies network via the external IP address we receive an error message

      ("The proxy awaits a new session")

      proxy fehler.PNG

       

      Our QMC settings for the new proxy node:

           Node Service activation: Repository & Proxy

           Both proxies allow HTTP

           Virtual proxy (external): anonymous accessmode: always anonymous users

          Load balancing nodes: both nodes added in both virtual proxies

           Host white list on both virtual proxies: Hostnames & IP addresses of both servers added

       

      The proxy Logfile on the external node gives us an error message (see attached file)

      Error connecting to capability service: The remote name could not be resolved

       

      Does anyone have an idea what could cause this problem?

       

      Thank you!

        • Re: Qlik Sense Proxy node in DMZ - Hub doesn't open
          Pranav Patel

          Hi Anna - I am guessing the external IP traffic comes via some network device like F5?  Do you know if all the necessary ports are allowed access through such firewall?  Qlik usually needs to communicate via ports 80/443 and 4244.  It sounds like the external traffic is blocked somewhere down the line.

           

          Pranav

            • Re: Qlik Sense Proxy node in DMZ - Hub doesn't open
              Anna Ebner

              Hi Pranav,

               

              Thanks for your input. I've checked the ports on the external node. 80/443 and 4244 are listening.

              According to the help.qlik.com there is a list of other ports that allow communication between the central and the proxy node.

              Port 4949 doesn't appear in the list of ports on the external node (using the cmd command netstat -ano|more)

              Usually this port is used by the dispatcher service - do you think it could have something to do with that?

               

              ports trnqv02.PNGportoverview.PNG

                • Re: Qlik Sense Proxy node in DMZ - Hub doesn't open
                  Pranav Patel

                  Hi Anna - The log file you had attached mentions something about the fact that your external DNS (trnb...-bi.com) cannot be resolved and there was an issue opening a web socket connection. I am assuming that's your external DNS.  Do you guys have some external IP address assigned to that DNS?  Also, is the external IP and the DNS whitelisted in the proxy settings?  I am not sure if port 4949 is an issue at this stage as it is used for data profiling task or something.  You should have an issue with that port once you are in the application.  But the fact that you cannot even get a session to start, shows that there are issues at the network layer. 

                   

                  Pranav