We are enabling the Session Assurance with DeviceDNA feature in our environment, and we want to do some tests before. Which logs do we have to check in Access Gateway for troubleshooting? There is any way to enable debugging?

In Access Gateway there is a Session Assurance application log stored by default in the following location:

<AG_install_path>/proxy-engine/logs/SessionAssuranceApp.log 

Note that this log will not be generated until the first request is performed.

You can edit the following file to define the desired log levels for each component:

<AG_install_path>/Tomcat/webapps/sessionassuranceapp/WEB-INF/classes/log4j.properties

The following values are the valid log levels available, ordered from less to more verbosity:

ERROR
WARN
INFO (which is the default value)
DEBUG
TRACE

Also, you can enable audit logs in the Policy Server to get more information on the authentication and authorization activity related to Session Assurance.

R12.6 - Session Assurance - Log Files for Troubleshooting