topic WSA policy , performance or website question in Cloud Security

WSA policy , performance or website question

360rundll — Sat, 09 Mar 2019 01:39:00 GMT

Hi， All

I meet a question.

I haved changed nothing in WSA, but same user group's user visit it that https://www.icis.com was blocked at some time. But another time

that user can vist that website. like the capture,

I haven't create policy "NONE". Is it perfomance can not be satisfied with our lan or websites's bug? Only one website, other websites are normal.

And it can visit that webiste normal bypass WSA at that time.

Thanks!

Sincerely Yours

From the block screenshot

Handy Putra — Tue, 22 Mar 2016 23:33:39 GMT

From the block screenshot that you attached, looks like when it was blocked due to gateway timeout.

Would suggest taken packet captures from your client machine(using wireshark) and at the same time from WSA capture client ip address and destination address so you can see client and server side connection and check who is not responding correctly when the issue occurs and start troubleshooting from there.

Suspect if WSA is getting gateway timeout, WSA is not getting response from outside at that time.

Dear Handy

360rundll — Wed, 23 Mar 2016 04:41:28 GMT

Dear Handy

I have tracerted https://www.icis.com/Dashboard/LogOn?ReturnUrl=%2fDashboard%2f and http://www.icis.com。 I can vist https://www.icis.com/Dashboard/LogOn?ReturnUrl=%2fDashboard%2f normal while I tracert in WSA see

System Administration > Policy Trace

Final Result
Request completed
Details: Request processing failed
Trace session complete

How can I analyst it ?

Sincerely Yours

Dear Handy

360rundll — Wed, 23 Mar 2016 06:19:34 GMT

Dear Handy

I found that visit some websites has same symptom.

http://www.52pojie.cn/

http://forum.cnsec.org/

http://code.91ysa.com/newgoppp.php?MTA0NDZ8NzYwNHw5OXwyfDB8fDE0NTg3MTMxMTd8OTQ0MjE5N2RjNWU3MjE5MDg0NDA3ZWQyMmZhZDRmODB8MHwxMDB8MXwxfDF8MHww

Bypass WSA,I can visit it easily.Why?

And I capture it so that you can analyst. That is it.Thanks!

Sincerely Yours

the capture that you did is

Handy Putra — Wed, 23 Mar 2016 07:00:18 GMT

the capture that you did is from the client machine only, you will need to do the same from WSA appliance (client and server side connection) to see the overall picture of the traffic

recommend to open a case with the TAC team to assist you further with your traffic flow, since from the look of it the issue is more toward your network path

I have policy trace in WSA,

360rundll — Wed, 23 Mar 2016 07:07:27 GMT

I have policy trace in WSA, you can see the picture. How to capture from WSA? In CLI?

or rspan from switch and then

360rundll — Wed, 23 Mar 2016 07:22:27 GMT

or rspan from switch and then capturefrom computer?

Re: the capture that you did is

darren.mulholland@henderson-gr — Wed, 23 Jan 2019 15:44:14 GMT

Was experiencing the same issue.

Removing the http:// or https:// from the URL in the policy trace resolved the problem