Network Connection Problem:
You can use the ping and traceroute commands to test the network connection.
- From Client PC & From the ProxySG
– Ping the Default Gateway
– Ping interface of ProxySG
– Ping a host name like yahoo.com to test for DNS
To test connectivity, use the following commands from the enable prompt:
ping: Verifies that a particular IP address exists and is responding to requests.
traceroute: Traces the route from the current host to the specified destination host.
test http get URL: Makes a request through the same code paths as a proxied client.
display URL: Makes a direct request (bypassing the cache device).
show services: Verifies the port of the Management Console configuration.
show policy: Verifies if policy is controlling the Management Console.
Web Interface is Not Accessible:
1) Verify that you have the correct IP address and port number.
2) Using the serial console: (in enabled mode) #sh config Allows you to verify BC’s IP address.
3) Verify that your work stations is configured properly by attempting to go to other URLs and then attempt to bypass the proxy.
4) If accessing BC via remote ntetwork, verify that other servers on that network are accessible.
5) Try Pinging the BC’s IP address to verify that the BC is accessible from the workstation. If no response verify that BC is operational.
DNS Troubleshooting in ProxySG:
1) Test DNS response via cli: (in enable mode) #test DNS <url>
Performs a DNS lookup and displays debugging information describes the lookup.
BluecoatSG#test dns www.google.com
Performing DNS lookup for: www.google.com
Sending A query for www.google.com to 10.105.12.36.
DNS Response data:
Official Host Name: www.l.google.com
Cache TTL: 155, cache MISS
DNS Resolver Response: Success
2) To display or delete a DNS entry in the ProxySG cache: Management Console>> Statistics tab > >Advanced > DNS >> Show list of DNS URLs. Here is where you can see DNS entries or delete them.
3) Clear all DNS cache: (in enable mode) # clear-cache dns-cache | In the GUI Maintenance >> System and Disk >> Tasks >> ‘Clear’ the DNS cache
Client HTML Requests Fail
When a request for a web document fials, it indiactes one of the followin is occuring:
- The web browser is not properly configured to use the ProxySG
- The ProxySG cannot access the requested document
- The ProxySG is not properly configured
- The ProxySG is not functioning
To isolate client HTML requests failing, perform the following steps:
1) Ensure that the route between the appliance and destination are correct via ping & traceroute commands from the CLI.
2) Ensure that the BC is not configured to deny access to address groups via the VPM.
3) If using explicitly check the Web browser for PAC file for auto-config. If using PAC file, verify that the address of the PAC file is correct and is accessible.
4) Try to ping from the workstation to the proxy and ping from the proxy to the workstation.
5) Verify the BC has the correct Default Gateway address and DNS address. Next ping both the Default Gateway & DNS addresses from the same network segment where the BC is connected.
6) Bypass the BC. If the Default Gateways is accessible, the problem most likely lies outside the local network.