首页帮助文档按产品找软件故障案例按场景找工具工具全景图兼容性查询在线实验平台服务信息查询产品安全中心订单验收材料下载
零信任访问控制系统aTrust
零信任访问控制系统aTrust 【aTrust】编辑代理网关区域地址导致代理网关离线

【aTrust】编辑代理网关区域地址导致代理网关离线

更新时间:2023-06-13 23:26:46
编辑代理网关区域地址导致代理网关离线
1、代理网关突然离线,在代理网关控制台操作重新加入控制中心出现报错

2、在控制中心控制台确认到开启了SPA,但是白名单内未添加代理网关地址,导致代理网关离线


3、确代理网关是突然离线,之前使用正常,从管理员日志内确认到存在编辑区域分组的日志,紧接着出现SYSTEM编辑SPA配置的日志


编辑区域分组日志内容为删除了多余的地址,且这删除的地址中存在代理网关地址
Details :
addresses: {"lan":["30.3.161.252:441","30.3.161.252","30.3.161.252:4435"],"wan":["117.172.54.246:441","117.172.54.246:44435"]} -> {"lan":["30.3.161.252:441"],"wan":["117.172.54.246:441"]}
SYSTEM编辑SPA配置的日志为在白名单里删除了代理网关的地址
Details :
update spa allow ip list: {"enable":1,"udpSpa":{"enable":1,"durationTimeSecs":180,"periodTimeSecs":60},"mode":"shared","sdpcProtectType":["4431","client"],"proxyProtectType":["441","client"],"spaAllowIpList":["125.70.9.4-125.70.9.10","171.218.34.87","218.88.22.29","223.85.227.242","30.3.161.252"],"timeVerifyWindow":300} -> {"enable":1,"udpSpa":{"enable":1,"durationTimeSecs":180,"periodTimeSecs":60},"mode":"shared","sdpcProtectType":["4431","client"],"proxyProtectType":["441","client"],"spaAllowIpList":["125.70.9.4-125.70.9.10","171.218.34.87","218.88.22.29","223.85.227.242"],"timeVerifyWindow":300}

 
 
编辑区域分组的时候有删除代理网关地址的操作,导致SPA白名单内的地址被同步删除,当前区域分组地址和SPA白名单地址的同步增删逻辑有问题,后续会出TD优化
手动添加SPA白名单解决