Avamar: Proxy Management Proxy Status ERROR: "Proxy is unreachable. Check the network settings"

Avamar reports an error in the Avamar HTML5 Administrator UI (AUI) Proxy Management > Proxy Status menu. Despite this error, the proxy accepts backup and restore jobs, and the Avamar server can reach it on all standard TCP ports.

The Avamar Proxy Deployment Manager (PDM) uses a simple TCP synchronization to port 7 (xinetd echo) to verify that the proxy's IP address is free during deployment (to avoid IP conflicts) and to confirm the proxy is operational. This check occurs before initiating a more comprehensive connection to the vami-sfcb service to verify the status of critical services (Jetty, vami-sfcb, Avagent, vmwareflr, vmtools).

This legacy service port is not typically used, and the proxy responds to the TCP synchronization with a reset. However, in environments where a firewall drops the synchronization packet, the PDM Proxy Status feature reports that the proxy is unreachable.

This behavior is expected and indicates that the firewall is dropping the TCP synchronization packet on port 7. To resolve this issue, consider the following options:

1. Allow TCP Port 7 Traffic: Modify the external firewall rules to allow TCP port 7 traffic, enabling the Avamar proxy to send its own reset request. This ensures the proxy status check functions reports correctly.

2. Configure Firewall to Reject TCP Port 7 Traffic: Instead of dropping the packets, configure the firewall to reject traffic on TCP port 7. Note that rejecting traffic on this port disables the PDM IP conflict detection feature, preventing it from identifying in-use IP addresses.

As an alternative workaround, can add a custom internal software rule to the Avamar configuration to handle this scenario. For detailed instructions, see the following knowledge base article: 000019911