Overview

This guide provides admins with a general procedure to follow in order to identify and troubleshoot common Internet Threat Protection issues. Use this doc to map symptoms to causes and apply resolutions before escalating to support.

Pre-requisites

• admin access to SIA org

General Troubleshooting Procedure

Step 1: Identify the symptom(s)

For example, a public website or a local website may be unexpectedly inaccessible or unexpectedly accessible to end users in your org; alternatively, end users in your org may be experiencing high latency.

Step 2: Verify the environment

Check for network connectivity, verify that the applicable ITP policy configuration is accurate and current (e.g., check which domain categories, apps, specific domains, and geo-locations you've selected to block), and verify your org's licensing (i.e., ensure that you have SIA licenses).

Step 3: Collect logs and diagnostic info

• Request that end users send logs via the CSE desktop app.
• Capture an HTTP Archive file (HAR file) to view calls and responses associated with a user's web session.
• Review how a specific domain is being handled by using the Lookup domain search function in the ITP policy.

Step 4: Apply relevant fixes

This may involve adjusting your ITP policy configuration to correct unexpected behaviours (e.g., adding a domain or an application bypass, or adding a URL exception or explicit block, if your org uses URL filtering) or adjusting your firewall rules to accept swg agent traffic.

Step 5: Escalate to support

If further assistance is required, reach out to support at support@sonicwall.com.

Diagnostics and Tools

Use Lookup domain to review how a domain is being classified and handled by the ITP policy

Request end users to send logs via the desktop app

Common Error Codes and Messages