Solved: WSA policy , performance or website question

360rundll · ‎03-22-2016

Hi， All

I meet a question.

I haved changed nothing in WSA, but same user group's user visit it that https://www.icis.com was blocked at some time. But another time

that user can vist that website. like the capture,

I haven't create policy "NONE". Is it perfomance can not be satisfied with our lan or websites's bug? Only one website, other websites are normal.

And it can visit that webiste normal bypass WSA at that time.

Thanks!

Sincerely Yours

Handy Putra · ‎03-23-2016

the capture that you did is from the client machine only, you will need to do the same from WSA appliance (client and server side connection) to see the overall picture of the traffic

recommend to open a case with the TAC team to assist you further with your traffic flow, since from the look of it the issue is more toward your network path

View solution in original post

Handy Putra · ‎03-22-2016

From the block screenshot that you attached, looks like when it was blocked due to gateway timeout.

Would suggest taken packet captures from your client machine(using wireshark) and at the same time from WSA capture client ip address and destination address so you can see client and server side connection and check who is not responding correctly when the issue occurs and start troubleshooting from there.

Suspect if WSA is getting gateway timeout, WSA is not getting response from outside at that time.

360rundll · ‎03-22-2016

Dear Handy

I have tracerted https://www.icis.com/Dashboard/LogOn?ReturnUrl=%2fDashboard%2f and http://www.icis.com。 I can vist https://www.icis.com/Dashboard/LogOn?ReturnUrl=%2fDashboard%2f normal while I tracert in WSA see

System Administration > Policy Trace

Final Result
Request completed
Details: Request processing failed
Trace session complete

How can I analyst it ?

Sincerely Yours

360rundll · ‎03-22-2016

Dear Handy

I found that visit some websites has same symptom.

like

http://www.52pojie.cn/

http://forum.cnsec.org/

http://code.91ysa.com/newgoppp.php?MTA0NDZ8NzYwNHw5OXwyfDB8fDE0NTg3MTMxMTd8OTQ0MjE5N2RjNWU3MjE5MDg0NDA3ZWQyMmZhZDRmODB8MHwxMDB8MXwxfDF8MHww

Bypass WSA,I can visit it easily.Why?

And I capture it so that you can analyst. That is it.Thanks!

Sincerely Yours

Handy Putra · ‎03-23-2016

the capture that you did is from the client machine only, you will need to do the same from WSA appliance (client and server side connection) to see the overall picture of the traffic

recommend to open a case with the TAC team to assist you further with your traffic flow, since from the look of it the issue is more toward your network path

360rundll · ‎03-23-2016

I have policy trace in WSA, you can see the picture. How to capture from WSA? In CLI?

360rundll · ‎03-23-2016

or rspan from switch and then capturefrom computer?

darren.mulholland@henderson-gr · ‎01-23-2019

Was experiencing the same issue.

Removing the http:// or https:// from the URL in the policy trace resolved the problem