Wednesday, 22 May 2013

Blue Coat Troubleshooting Basics

A few useful 'set piece' procedures for gathering diagnostic information from a Blue Coat Proxy SG appliance.

Full policy trace

Enable this under Configuration > Policy > Policy options > enable full policy execution. Then, go to https://x.x.x.x:8082/policy (where x.x.x.x is the IP of your proxy) and delete the default trace. Also make sure there are no tracing rules in CPL or the VPM otherwise the trace will not work. Then, replicate the problem by going to the problematic website a few times (making a note of the IP address the client is using) and then turn off the policy trace.

Filtered policy trace

Add the following to your local policy file (replacing z.z.z.z with the IP address of the client you are testing from).
<proxy>
client.address=z.z.z.z trace.rules(all) trace.request(yes) trace.destination(trace.html)
Then, replicate the issue.
Then go to https://x.x.x.x:8082/policy (where x.x.x.x is the IP of your proxy) and download the file trace.html

Sysinfo

Go to https://x.x.x.x:8082/sysinfo (replacing x.x.x.x with the IP address of your proxy) and save the page as a text file. Then please zip and email it to me.


Sysinfo stats

Go to https://x.x.x.x:8082/Diagnostics/Snapshot/sysinfo_stats/download/all to download an archive of all the available snapshots on the SG.

HTTP Debug:

The HTTP debug can be done using the advanced URL https://xx.xx.xx.xx:8082/HTTP/Debug. Set the mask enabling all options and clear the log just before browsing to the site both times. Saving the output from each.

Packet capture

Login to https://x.x.x.x:8082/PCAP/statistics and make sure filtering is off. Then, start the packet capture, try to access the problematic site through the proxy and then stop the capture. Then please download and compress the packet capture and send it to me with a note of the client IP address, proxy IP address and the IP address and URL of the website you tried to view.

No comments:

Post a Comment