FAQ

How to gather and upload data required to further troubleshoot a policy issue?

FAQ ID:    FAQ1249
Version:    1.0
Status:    Published
Published date:    01/24/2011
 

Answer

In order to determine why your users are experiencing this issue, we'll need to have you test while gathering some data. The policy trace will show us which rules you're hitting, while the packet capture will help us to see what happens on the wire as the user requests the site.  The steps to gather this data are below.

Prior to the test, please follow the steps below to configure a policy trace, then to start a packet capture.  As soon as you begin the packet capture, begin the test.  Upon failure with IE, stop the packet capture and follow the upload instructions at the end of this email. 

Step 1 - enable policy trace for a single IP address.

  • Open VPM, select Policy and create a new Web Access layer. This new Web Access layer will have just one rule in it.
  • On source right click and select Set and then New. Select Client IP address/Subnet.
  • Enter the IP address of the client you are running the testing from.  There is no need to enter a subnet.
  • Select Add and then close. On the Set source object window select this client IP and then OK.
  • Change the action to none. Right click on allow action and choose delete.
  • Edit the Track tab.  Right click on "none" under Track and select Set, New, and then Trace.
  • Select the Trace Level selection and Verbose tracing. Select trace file and give it a name. Then click on OK.
  • Install policy.


Now all activity for the configured client IP address will be written to the policy trace file. 


Step 2 - start a packet capture:

  • In the Management Console click Maintenance -> Service Information -> Packet Captures
  • Ensure the Filter section is blank 
  • Click Start
  • Reproduce the issue
  • Click Stop

In the management console click Maintenance -> Service Information -> Send information.

Enter the service request number for your case with Blue Coat Support

Please check the following:

  •   Packet Capture
  •   Event Log
  •   SYSInfo
  •   policy trace

Click send.


Please reply to this email with client IP address doing the test.   If the 'policy trace' check box is not available there, then the version of sgos you're running may not include this option.  Rather, you may need to go to https://x.x.x.x:8082/policy, (replacing x.x.x.x with your proxy's IP), click on the policy trace you created in step 1 and save it locally from the browser.  Once saved, you can upload it via https://upload.bluecoat.com.

Once sent, disable the policy trace rule you created in step 1.


Rate this Page

Please take a moment to complete this form to help us better serve you.

Did this document help answer your question?
 
 
If you are finished providing feedback, please click the RATE CONTENT button. Otherwise, please add more detail in the following text box and then click RATE CONTENT.
 
 

Your response will be used to improve our document content.

Ask a Question