Traffic is going to the wrong destination

Hello,

I’m currently implementing ZPA to give admin access to some devices (SSH).
So I started to create server1 (10.0.0.1), server2 (10.0.0.2), etc
I put all these servers in the same server groups (let say G-SERVER with Dynamic Server Discovery set to OFF).
For the app segment, I create a simple app like:
Applications : 10.0.0.0/24
Default Port Ranges : SSH.
Server Groups : G-SERVER

After starting client connector, I start an SSH session to 10.0.0.1, an SSH session is establised to the first server which is correct.
If I start another session 10.0.0.2, an session is established to… 10.0.0.1 !

In the diagnostic I can see in the details of the session
APPLICATION:PORT & PROTOCOL
10.0.0.2:22 TCP
SERVER IP:PORT & PROTOCOL
10.0.0.1:22 TCP

If I create two APP Segments (one for each server), I don’t face this issue (traffic is sent to the correct server)…

Regards,

HA

You should use dynamic server discovery to allow the connector to pass the traffic to the right IP address.
Creating “servers” in ZPA and then adding them to a servergroup is not advisable in most cases. “servers” are identical objects, and adding to a servergroup results in them being loadbalanced by the App Connector - which is why you’re experiencing this issue.

Regards

1 Like

Hi,

First, thanks a lot for your answer.
I’m not sure it’s doing load balancing because I always hit the first server (assume until it’s UP ??)…
But in fact my config needs to be changed !

Many thanks again

HA