Troubleshooting dropped traffic

David,

go to System > Diagnostics > Log Viewer and choose web filter to see what rule is applied and why is getting blocked.

Problem with that is it doesn't expose all dropped traffic through the log viewer so its kind of useless in this scenario.

Next version has a colour coded, pop out log viewer apparently so are holding out for that. 

Troubleshooting XG now is not very easy.

I am looking forward to seeing new version too. The other way to find blocked traffic is using console and type the command: drop-packet-capture "host ip" with quota.

I'm confident they will address all the issues, Ive found that searching the CyberRoam KB is useful too as it seems to resemble that OS more than the SG.

To their credit support has been helpful in addressing bugs Ive found.

Also helpful is "system diagnostics utilities bandwidth-monitor" to show interface throughput in realtime and
"conntrack -L | grep -o 'src=.*' | awk -F " " '{print $1}' | sort -n | uniq -c | sort -n"  to show sorted connection count per IP.

We need something like the bandwidth monitor tool but per IP not interface.

I am sure they will improve those aspects and bring back Flow Monitor and other nice stuff. You can use Live Connection under System > Current Activity but it is not enough and refresh is manual.

We need to wait!

[:)]

Were you able to figure out how to allow Windows Update traffic through? I have a rule configured to allow all LAN to WAN traffic through, tried it with "Allow All" and "None" policies, but Windows Update always reports an error. I'm sure the root cause is in the firewall, as Windows Update works just fine when I use an alternative network that's not routed through SFOS.

Yes I did, I thought it was a KB article but have been unable to find it for you.

The guidance was to create a client-less user in System > Authentication > Clientless Users - this will be the WSUS server thats downloading updates.

Create an Application Filter - Category= "Software Update" and Category = "Infrastructure"
Then create a new policy that is user based,
Identity is user created in clientless users - "Match rule based on user identity" is on.
Source is Zone=LAN / Networks=Any / Service=HTTP(s)
Destination is Zone=WAN / Networks=Any
Action=Accept
Select Application Filter from previous step.

Hope that helps.

David,

using the command drop-packet from CLI and filtering for WSUS server, does it show something?

I agree on the fact that there is a missing "advanced troubleshooting function" with some history.

I had the same issue with a application on a ipad, with the packet capture the problem was found fast, but to check it afterwards I was not able to find it. only live.

therefore I also like to see what is happening in the network focused on blocks, optimise network and/or take action on it

The reporting on the XG is way better then I had in mind.

the reason I post the message is to give the "advanced troubleshooting function" a little attention. I like also to have that onboard of the XG.

Regards

Jeroen

Hi I have done this, as well tried to change source and destination to ANY for both and Any for services but it is not working, any suggestion ?