### COLLECT ENVIRONMENT DETAILS ###

1. What is the version of Web Isolation and is it on-prem or cloud based?
2. What is the URL of the website that is not being PASSED? https://example.com
3. What is the setup in your environment? 
4. CLIENT >> PROXYSG >> WEB ISOLATION >> INTERNET?
5. Do you have any Proxy rule that could prevent the domain to be properly forwarded to the Web Isolation instance?
6. Does the site loads with PASS rule?

### TESTING PLAN  ###

1. Test site in isolation mode (bad scenario recreation) rule for the domain
2. Test site with other Isolation Profile (ex. GRM) rule for the domain
3. Test site with Inspect Action rule for the domain
4. Test site with PASS Action rule for the domain

### EXTENDED LOG COLLECTION FOR THE INCORRECTLY ISOLATED WEBSITE ###

STEP1

Indicate which version of Web Isolation you’re running: on-prem or cloud

(cloud tenants are deployed with <domain>.fire.glass>) 

STEP2

Indicate the Web Isolation version

STEP3

Verify what is the Isolation Mode is the default one set

Go to Profiles >> Isolation Profiles >> Check what is default one

Verify what Isolation Profile is your website using

Go to Policies >> My Policy >> Policy <your policy for URL> >> Action >> Isolation profile

STEP4

(Only if on-prem) Enable Debug Level on the gateway involved with the request (remember to disable it afterwards to prevent any performance impact). In System Configuration > Gateways > Edit (pencil icon) the gateway, scroll down till the end, click More... and set the Debug Level from Default to Debug in the Advanced section.

(NEEDS TO BE REVERTED AFTER ALL TESTS ARE DONE)

STEP5

(Only if on-prem) Go to Profiles > Application Data Protection > Edit (pencil icon):

- Under Permissions section > Additional Resources > check the box for "Open developer tools remotely"

(NEEDS TO BE REVERTED AFTER ALL TESTS ARE DONE)

STEP6

Go to System configuration -> Advanced configuration -> “client.console.LogLevel” change from “0” to “2" > Click UPDATE and PUSH SETTINGS…

(NEEDS TO BE REVERTED AFTER ALL TESTS ARE DONE)

STEP7

Record the video of the failure if possible, screenshots of bad scenario

STEP8

Recreate the scenario under Isolation mode, open https://<URL-address> in Chrome browser

STEP9

If the page can be isolated, press Ctrl+Alt+Shift+K on the browser and click "Show Minimized Canvas".

STEP10

If the page can be isolated, press Ctrl+Alt+Shift+K on the browser and click "Show Client Monitor". This is to identify which TIE gateway browser is connected. Take a screenshot while this tool is running.

or it is listed under System Configuration > Gateways

STEP11

Enable Traffic Server debug on the gateway found earlier

11.1.ssh to gateway (ex. isoproxy.symcdemos.local  cred fireglass/password)

11.2. enter the traffic server container

?> sudo -i

#> sudo docker ps -a | grep fireproxy

#> sudo docker exec -it <container_id> bash

11.3. Backup traffic server config file

cp /etc/trafficserver/records.config /etc/trafficserver/records.config.backup

11.4. Open traffic server config file:

#> vi etc/trafficserver/records.config

KB: How to use VI https://staff.washington.edu/rells/R110/

11.5. Add to line CONFIG proxy.config.diags.debug.tags STRING additional tags:

CONFIG proxy.config.diags.debug.tags STRING fgl.*|async.*|http.*|dns.*|parent.*|atscppapi.*|socket.*|iocore_net.*|net_queue.*|pmgmt.*|ip-allow.*|hostdb.*

11.6. exit and save (esc + :wq) and reload the configuration (this doesn’t restart the traffic server or affect traffic)

#> traffic_ctl config reload

11.7 Traffic capture the proxy&tie gateway

#> sudo tcpdump -i any -v -w /tmp/proxy_gateway.pcap 

STEP12

Open the website. Press Ctrl+Q on the browser to display the Advanced Options screen and click Remote Developer Tools.

- Click on Network Tab and make sure that Disable Cache and Preserve Logs in enabled.
- Reproduce the issue while the new developer tool tab that appears is running.
- Right click on any request in remote devtools and select Copy -> Copy all as HAR.

- Use Ctrl+C to copy the HAR on clipboard and paste it in notepad and save it as remote_devtools.HAR. 

STEP13

Run fgdiag (https://<URL-address>/fgdiag) on the Chrome browser, take a screenshot (including expanded left side window) and save the output after it finishes loading.

STEP14

Open browser Developer tools (press F12) and save a client HAR file. Follow this article: https://knowledge.broadcom.com/external/article?legacyId=tech248780

Chrome> Developer tools > Network Tab >> Record >> Refresh website >> Export HAR

STEP15

15.1 Navigate to chrome://net-export

Select raw bytes and then start logging to disk to a netexport.log

15.2 Open a new tab and navigate to the website

15.3 Open WI Console log(CTRL+\)

15.4 Open the Chrome Developer Tools > Console tab > Settings

Select Preserve log and Log XML Http

15.5 Go to Network tab, refresh with CTRL+R and recreate the scenario once again. Export the HAR file site_debug_client.HAR

15.6 Go back to the export tab and stop logging

15.7 Check if the file with log was created

STEP16

(Only if on-prem) Return to SSH gateway(s) session (fireglass/password) that you run pcap earlier. Terminate PCAP file CTRL+C and execute machine status information

fireglass@isoproxy?# fg_machine_status

- This will generate a file in the /var/tmp directory. SCP and save both files 

• /tmp/machine_status…….
• /tmp/proxy_gateway.pcap 

TRAFFIC SERVER changes from STEP11 needs to be reverted

cp /etc/trafficserver/records.config.backup /etc/trafficserver/records.config

STEP17

Export Activity Logs by going to Reports > Activity Logs and clicking EXPORT... This will generate a CSV file that you can download when the prompt saying Export Complete appears.

STEP18

Take output from the fireglass Proxy and the TIE. Check the IP addresses in the  System Configuration > Gateways

> ssh [email protected]

fireglass@isoproxy?> sudo -i

fireglass@isoproxy?# sudo fgcli service status -v 

> ssh [email protected]

fireglass@isoproxy?> sudo -i

fireglass@isoproxy?# sudo fgcli service status -v 

Save both outputs in text file  status_iso.txt status_mgmt.txt

STEP19

Export with SCP the file/var/log/fireglass_monit.log  log from the management, fireglass proxy, and the TIE

STEP20

Save the outputs to folder ISOLATE mode. Which then you late will upload the files through your Broadcom Portal.

### CHECK IF SITE CAN BE ISOLATED UNDER GRID RENDERING MODE (OTHER THAT WAS SET) ###

1. Please go to WI > Profiles > Isolation Profiles

Check what is the default Rendering Profile. If you use Vector Rendering as the default one. Please create a new Web Isolation Profile for Grid Rendering as follows:

WI > Profiles > Isolation Profiles > New Isolation Profile

• Profile name: GRID rendering
• Description : GRID rendering
• Isolation mode: GRID rendering
• Default: disabled

SAVE

KB:https://techdocs.broadcom.com/us/en/symantec-security-software/web-and-network-security/web-isolation/1-15/Configuring-Security-Policy/Defining-Profiles/Defining-Isolation-Profiles.html

2. Please go to WI >> Policies >> All policies >> Create or Open your existing Policy for the websites that are not working:

Ex. *.example.com

In ACTION tab for Policy, please choose Isolate and change Isolation Profile to Grid Rendering and save

KB:https://techdocs.broadcom.com/us/en/symantec-security-software/web-and-network-security/web-isolation/1-15/Configuring-Security-Policy/Defining-Security-Policies/Defining-Policy-Rules.html

3. Test the website once again under the Isolation mode with GRM mode and collect HAR logs.

Open browser Developer tools (press F12) and save a client HAR file. Follow this article: https://knowledge.broadcom.com/external/article?legacyId=tech248780

Chrome> Developer tools > Network Tab >> Record >> Refresh website >> Export HAR

4. Save the Result to ISOLATION GRM FOLDER

### CHANGE THE ISOLATION MODE TO INSPECT AND RETEST ###

1. Please go to WI >> Policies >> All policies >> Create or Open your existing Policy for the websites that are not working:

Ex. *.example.com

In ACTION tab for Policy, please choose Inspect and use default Isolation Profile 

2. Save HAR file from Chrome Developer Tools

Open browser Developer tools (press F12) and save a client HAR file. Follow this article: https://knowledge.broadcom.com/external/article?legacyId=tech248780

Chrome> Developer tools > Network Tab >> Record >> Refresh website >> Export HAR

### CHANGE THE PASS MODE AND RETEST ###

1. Please go to WI >> Policies >> All policies >> Create or Open your existing Policy for the websites that are not working:

Ex. *.example.com

In ACTION tab for Policy, please choose Pass and use default Isolation Profile 

2. Save HAR file from Chrome Developer Tools

Open browser Developer tools (press F12) and save a client HAR file. Follow this article: https://knowledge.broadcom.com/external/article?legacyId=tech248780

Chrome> Developer tools > Network Tab >> Record >> Refresh website >> Export HAR

### CHECK THE ISOLATION WITH VANILLA CEF VERSION CHROME APP ###

• ·Download 73.3683.1.13 or 81.4044.main.384
•  cefclient from here:https://cef-builds.spotifycdn.com/index.html#windows64:73
• ·Choose your platform
• ·Download the “Sample Application”
• ·In the Downloaded archive - Extract the folder “Release” to your PC
• ·Run the file: cefclient.exe on Client machine
• ·A browser like chrome will open - This is Cef Client.
• ·Try to replicate the issue and save debug.log from the folder