search cancel

Troubleshooting Web Isolation GIN or Content filtering


Article ID: 175701


Updated On:


Web Isolation


Web Isolation common issus with URL categorization and Threat Risk Scores are as below;

- From WI Activity logs, there is are no URL categories or Threat Risk scores appearing on the Logs for sites being accessed.

- From the WI Policy page, there is a warning "Warning : The policy contains URL Categories destination(s). Your license does not entitle you to use this Policy Entity."


GIN Checks
1. Ensure the Web Isolation Serial number is tied to an Intelligence Services Asset.
2. Download the license from MySymantec or License Portal to initiate a license sync. Wait 30mins for the back end servers to sync up.
- If this is the first time license attachment, create a passphrase else the license cannot be attached to WI for the first time.
3. From the WI GUI > System Configuration > Licensing > Edit the existing License and click Update
4. Ensure the Isolation Management Gateway has internet access
- Edit the Management Gateway > Access
- Enable Internet and DNS
- If the Management Gateway is not allowed for direct internet access, enable the "Next Hop Proxy/Server"

Data captures for GIN issues

System Configuration > Gateways > Management Gateway
- Edit
- Scroll Down to Advanced
- Debug Level set to Debug
- Install policy

1. Pcap
sudo tcpdump -nni eth0 dst host or host or port 53 -w /tmp/test.pcap

2. Debug Logs

grep GIN /var/log/fireglass_monit.log > /tmp/monit_gin.log
grep GIN /var/log/fireglass.log > /tmp/fg_gin.log

For the above PCAP and logs
- Start PCAP
- WI GUI > System Configuration > Licensing > Edit License > Click Update Online
- Install Policy
- From Command line "sudo fgcli service restart gin"
- Stop PCAP
- Copy/SCP the below /tmp files to the support case

3. Screenshot of the below;
- WI GUI > System Configuration > Licensing
- WI GUI > System Configuration > Licensing > Edit License