What data is needed to troubleshoot network slowness that could be related to authentication?

book

Article ID: 167188

calendar_today

Updated On:

Products

Advanced Secure Gateway Software - ASG ProxySG Software - SGOS

Issue/Introduction

To help Blue Coat Customer Support troubleshoot network slowness that could be related to authentication issues, make sure that you have the following data:

  • Policy trace
  • Packet captures (from the client, ProxySG appliance, and the BCAAA server)
  • SysInfo, event log, snapshots_sysinfo, and snapshot_sysinfo_stats

Resolution

Collecting all of the data above allows you to capture the issue concurrently on the client, the appliance, and in BCAAA.

To prevent trace loss, add the following temporary troubleshooting layer:

  1. In the Management Console, select Configuration > Policy > Policy Options.
  2. In the Default Policy Tracing section, select No default tracing of policy execution.
  3. Click Apply.
  4. Select Configuration > Policy > Visual Policy Manager > Launch.
  5. In the Visual Policy Manager, select Policy > Add Web Access Layer. Make this the last layer.
  6. Right click the following columns and add/set the following:
    • Source: Add a new Client IP Address/Subnet object.
    • Action: Click Delete. The cell should say None.
    • Track:  Add a new Trace object with the Trace Level set to Verbose tracing. Enable the Trace File and enter "trace" for the filename.
  7. For all other columns, select any option.
  8. Click Install policy.

Configure and perform packet captures and policy trace:

  1. In the web browser, go to https://<IP_address>:8082/policy.
  2. Click Delete all policy traces.
  3. Return to the Management Console screen.
  4. Select Maintenance > Service Information > Packet Captures.
  5. Start a client packet capture (PCAP) using a packet analyzer such as Wireshark.
  6. Start a BCAAA PCAP.
  7. Enable BCAAA debug logging (see Gather BCAA Debug Logs).
  8. Apply the following filter and then  start the capture on the appliance:
    Ip host <client ip> or host <test website domain hostname,  e.g.,  www.msn.com> or port 53
  9. Reproduce the issue by accessing the test website in the previous step.
  10. Stop all packet captures.
  11. Save the client and BCAAA packet captures, and upload them and the BCAAA debug to your case via the MySymantec Potal Account.
  12. Disable the layer that you created in the previous procedure.

Upload Sysinfo, Snapshots, policy trace, PCAPs, and Event logs from the appliance to the SR:

  1. In the Management Console, select Maintenance > Service Information > Packet Captures > Send Information.
  2. In the Service Request Number field, enter the SR number.
  3. In the list, select Packet Capture, Policy Trace File, Snapshots, Event Log, and SYSInfo.
  4. Click Select snapshots to send. In the dialog that appears, select each snapshot listed under Snapshots Not Selected and click Add To Selected.
  5. Ensure that all snapshots are in the list of Snapshots Selected, and then click OK.
  6. Click Send.