Web Isolation common issus with URL categorization and Threat Risk Scores are as below;
- From WI Activity logs, there is are no URL categories or Threat Risk scores appearing on the Logs for sites being accessed.
- From the WI Policy page, there is a warning "Warning : The policy contains URL Categories destination(s). Your license does not entitle you to use this Policy Entity."
GIN Checks
==========
1. Ensure the Web Isolation Serial number is tied to an Intelligence Services Asset.
2. Download the license from MySymantec or License Portal to initiate a license sync. Wait 30mins for the back end servers to sync up.
- If this is the first time license attachment, create a passphrase else the license cannot be attached to WI for the first time.
3. From the WI GUI > System Configuration > Licensing > Edit the existing License and click Update
4. Ensure the Isolation Management Gateway has internet access
- Edit the Management Gateway > Access
- Enable Internet and DNS
- If the Management Gateway is not allowed for direct internet access, enable the "Next Hop Proxy/Server"
Data captures for GIN issues
============================
System Configuration > Gateways > Management Gateway
- Edit
- Scroll Down to Advanced
- Debug Level set to Debug
- Install policy
1. Pcap
sudo tcpdump -nni eth0 dst host subscription.es.bluecoat.com or host webpulse.es.bluecoat.com or port 53 -w /tmp/test.pcap
2. Debug Logs
grep GIN /var/log/fireglass_monit.log > /tmp/monit_gin.log
grep GIN /var/log/fireglass.log > /tmp/fg_gin.log
For the above PCAP and logs
- Start PCAP
- WI GUI > System Configuration > Licensing > Edit License > Click Update Online
- Install Policy
- From Command line "sudo fgcli service restart gin"
- Stop PCAP
- Copy/SCP the below /tmp files to the support case
test.pcap
monit_gin.log
fg_gin.log
3. Screenshot of the below;
- WI GUI > System Configuration > Licensing
- WI GUI > System Configuration > Licensing > Edit License