Extended log collection for isolation mode not working on Web Isolation
search cancel

Extended log collection for isolation mode not working on Web Isolation

book

Article ID: 248037

calendar_today

Updated On:

Products

Web Isolation Cloud

Issue/Introduction

There are issues with rendering website with Web Isolation

Environment

Web Isolation Cloud

Cause

Isolation engine not working or policy is blocking the website from loading

Resolution

### COLLECT ENVIRONMENT DETAILS ###

  1. Web Isolation version.
  2. URL of the incorrectly rendered website.
  3. Describe the topology. Is Web Isolation accessed directly, or via Edge SWG, Cloud SWG or 3rd-party downstream proxy?
  4. Is there any Proxy rule that could prevent the domain to be properly forwarded to the Web Isolation instance?
  5. Is the webpage rendered correctly using Pass rule?

### TESTING PLAN  ###

  1. Test site in Isolation mode (failure reproduction) rule for the domain
  2. Test site with different Rendering Mode (e.g. GRM) rule for the domain
  3. Test site with Inspect Action rule for the domain
  4. Test site with Pass Action rule for the domain

### EXTENDED LOG COLLECTION FOR THE INCORRECTLY ISOLATED WEBSITE ###

STEP 1

Find the tenant name. It can be extracted from Web Isolation Management Console URL: https://<tenant-name>-mgmt.prod.fire.glass

STEP 2

Indicate the Web Isolation version

 

STEP 3

  1. Verify what is the Isolation Mode is the default one set
    • Go to Profiles >> Isolation Profiles >> Check what is default one
  2. Verify what Isolation Profile is your website using
    • Go to Policies >> My Policy >> Policy <your policy for URL> >> Action >> Isolation profile

STEP 4

Enable Debug Level on the gateway involved with the request (remember to disable it afterwards to prevent any performance impact).

  1. In System Configuration > Gateways > Edit (pencil icon) the gateway
  2. Scroll down till the end
  3. Click More... 
  4. Set the Debug Level from Default to Debug in the Advanced section.

(NEEDS TO BE REVERTED AFTER ALL TESTS ARE DONE)

STEP 5

  1. Go to Profiles > Application Data Protection > Edit (pencil icon):
  2. Under Permissions section > Additional Resources > check the box for "Open developer tools remotely"

(NEEDS TO BE REVERTED AFTER ALL TESTS ARE DONE)

STEP 6

Go to System configuration -> Advanced configuration -> “client.console.LogLevel” change from “0” to “2" > Click UPDATE and PUSH SETTINGS…

(NEEDS TO BE REVERTED AFTER ALL TESTS ARE DONE)

STEP 7

Record the video of the failure if possible, screenshots of bad scenario

STEP 8

Recreate the scenario under Isolation mode, open https://<URL-address> in Chrome browser

STEP 9

If the page can be isolated, press Ctrl+Alt+Shift+K on the browser and click "Show Minimized Canvas".

STEP 10

  1. If the page can be isolated, press Ctrl+Alt+Shift+K on the browser and click "Show Client Monitor". This is to identify which TIE gateway browser is connected.
  2. Take a screenshot while this tool is running.

or it is listed under System Configuration > Gateways

STEP 11

  1. Open the website.
  2. Press Ctrl+Q on the browser to display the Advanced Options screen
  3. Click Remote Developer Tools.
  4. Click on Network Tab and make sure that Disable Cache and Preserve Logs in enabled.
  5. Reproduce the issue while the new developer tool tab that appears is running.
  6. Right click on any request in remote devtools and select Copy -> Copy all as HAR.
  7. Use Ctrl+C to copy the HAR on clipboard and paste it in notepad and save it as remote_devtools.HAR. 

STEP 12

  1. Run fgdiag (https://<URL-address>/fgdiag) on the Chrome browser
  2. Take a screenshot (including expanded left side window).
  3. Save the output after it finishes loading.

STEP 13

  1. Open browser Developer tools (press F12).
  2. Save a client HAR file.
  3. Follow this article: Obtain a HAR file

Chrome> Developer tools > Network Tab >> Record >> Refresh website >> Export HAR

STEP 14

  1. Navigate to chrome://net-export
  2. Select raw bytes and then start logging to disk to a netexport.log
  3. Open a new tab and navigate to the website
  4. Open WI Console log(CTRL+\)
  5. Open the Chrome Developer Tools > Console tab > Settings
  6. Select Preserve log and Log XML Http
  7. Go to Network tab, refresh with CTRL+R and recreate the scenario once again. Export the HAR file site_debug_client.HAR
  8. Go back to the export tab and stop logging
  9. Check if the file with log was created

STEP 15

Export Activity Logs by going to Reports > Activity Logs and clicking EXPORT... This will generate a CSV file that you can download when the prompt saying Export Complete appears.

 

STEP 16

Revert steps 4, 5, 6

STEP 17

Save the outputs to folder ISOLATE mode. Which then you later will upload the files through your Broadcom Portal.

### CHECK IF SITE CAN BE ISOLATED USING DIFFERENT RENDERING MODE ###

  1. Go to WI > Profiles > Isolation Profiles

Check what is the default Rendering Profile. If you use Vector Rendering as the default one. Please create a new Web Isolation Profile for Grid Rendering as follows:

WI > Profiles > Isolation Profiles > New Isolation Profile

  • Profile name: GRID rendering
  • Description : GRID rendering
  • Isolation mode: GRID rendering
  • Default: disabled

SAVE

Define Isolation Profiles

  1. Go to WI >> Policies >> All policies >> Create or Open your existing Policy for the websites that are not working:

Ex. *.example.com

In ACTION tab for Policy, please choose Isolate and change Isolation Profile to Grid Rendering and save

Define Policy Rules

  1. Test the website once again under the Isolation mode with GRM mode and collect HAR logs.

Open browser Developer tools (press F12) and save a client HAR file. Follow Obtain a HAR file

Chrome> Developer tools > Network Tab >> Record >> Refresh website >> Export HAR

  1. Save the Result to ISOLATION GRM FOLDER

 

### CHANGE THE ISOLATION MODE TO INSPECT AND RETEST ###

  1. Go to WI >> Policies >> All policies >> Create or Open your existing Policy for the websites that are not working:

Ex. *.example.com

In ACTION tab for Policy, please choose Inspect and use default Isolation Profile 

  1. Save HAR file from Chrome Developer Tools

Open browser Developer tools (press F12) and save a client HAR file. Follow this article: Obtain a HAR file

Chrome> Developer tools > Network Tab >> Record >> Refresh website >> Export HAR

 

### CHANGE THE PASS MODE AND RETEST ###

  1. Go to WI >> Policies >> All policies >> Create or Open your existing Policy for the websites that are not working:

Ex. *.example.com

In ACTION tab for Policy, please choose Pass and use default Isolation Profile 

  1. Save HAR file from Chrome Developer Tools

Open browser Developer tools (press F12) and save a client HAR file. Follow this article: Obtain a HAR file

Chrome> Developer tools > Network Tab >> Record >> Refresh website >> Export HAR

 

### CHECK THE ISOLATION WITH VANILLA CEF VERSION CHROME APP ###

  1. Download version 91 (used in Web Isolation Cloud as of writing this article) and the latest one of cefclient from here: https://cef-builds.spotifycdn.com/index.html
  2. Choose your platform 
  3. Download the “Sample Application”
  4. In the Downloaded archive - Extract the folder “Release” to your PC
  5. Run the file: cefclient.exe on Client machine
  6. A browser like chrome will open - This is Cef Client.
  7. Try to replicate the issue and save debug.log from the folder

Additional Information

Powered by Wolken Software