Symantec Advanced Secure Gateway
Symantec ProxySG

If the issue you're reporting is not one that Symantec Support have experienced in the past, (or can reproduce in our lab environment) it's very important to this case that we get all of the information requested by your Technical Support Engineer.

*** If possible, please attempt to perform this issue reproduction during a maintenance window or after hours, so as to avoid invalidating the data with too many requests going through the proxy at one time.

Here's what we would like to have you gather:

1) Policy trace on proxy
2) http/debug -> https://:8082/http/debug
3) PCAP on Client PC
4) PCAP on SG
5) screen capture when the 'operation timed out' message appears.

Each of the above will need to be configured/set up before the test, then enabled at roughly the same time as you reproduce the issue, then stopped (or captured, as in the case with the debug) as soon as the page times out.  Instructions on configuring each are below:


Step 1, configure the policy trace:

• Open VPM, select Policy and create a new Web Access layer. This new Web Access layer will have just one rule in it.

• On source right click and select Set and then New. Select Client IP address/Subnet.

• Enter the IP address of the client you are running the testing from.  There is no need to enter a subnet.

• Select Add and then close. On the Set source object window select this client IP and then OK.

• Change the action to none. Right click on allow action and choose delete.

• Edit the Track tab.  Right click on "none" under Track and select Set, New, and then Trace.

• Select the Trace Level selection and Verbose tracing. Select trace file and give it a name. Then click on OK.

• Install policy.

Now all activity for the configured client IP address will be written to the policy trace file. 

Step 2, configure the HTTP debug:

• go to https://:8082/http/debug (replacing with the proxy's IP)

• click 'set debug mask'

• check all boxes except for tunnel, trace and ftp

• click submit

When the page times out, capture all of the text on this page and save it to a file.  You can upload that file via https://upload.bluecoat.com.

Step 3, client-side PCAP:

For the client PCAP, download and install wireshark, (www.wireshark.org) on the client's PC prior to the test.  Click start capture and select the NIC that connects this workstation to the LAN, (and the proxy) when the policy trace, proxy packet capture and debug are in place.
When finished, this capture can be uploaded via https://upload.bluecoat.com

Step 4, start a packet capture on the proxy:

• In the Management Console click Maintenance -> Service Information -> Packet Captures

• The packet capture filter enter the following packet capture filter :  ip host or host or port 53
  If you are in a WCCP deployment using GRE see the following article for crafting the pcap filter:  How do I filter a packet capture on a WCCP GRE encapsulated IP address in ProxySG?

   ***Note***
Unfiltered packet captures should only be provided to support when explicitly requested.

• Click Start

• Reproduce the issue

• Click Stop

In the management console click Maintenance -> Service Information -> Send information.

Enter the service request number for your case with Blue Coat support

Please check the following:

• Packet Capture

• Event Log

• SYSInfo

• Policy trace

Click send.

Please reply to this email with client IP address doing the test.   If the 'policy trace' check box is not available there, then the version of sgos you're running may not include this option.  Rather, you may need to go to https://x.x.x.x:8082/policy, (replacing x.x.x.x with your proxy's IP), click on the policy trace you created in step 1 and save it locally from the browser.  Once saved, you can upload it via your Mysymantec portal.