Can only be used for troubleshooting intercepted traffic (not bypassed).
A trace can be setup per rule , using the Track column of the rule, or by criteria, by setting up a trace rule.
Policy tracing can be enabled globally (not recommended) or filtered for specific traffic.
Globally enabled via Configuration>Policy>Policy Options>Default Policy tracing
To perform a policy trace for specific access:
Create a new layer for the access you want to trace. For example, create a web access layer with a client ip of 10.1.1.1. In the track column, select Verbose tracing. Install policy
Once a policy trace is turned on, you can view the trace file created by going to https://
Each transaction is evaluated separately
Policy is traced until a match is made in policy. For example, if there are 3 rules on a layer, and the 1st rules matches the traffic. Rules #2 and 3 are not evaluated.
The results in the trace reflects the browser transactions and not necessarily the user transactions.
Posts
0 comments:
Post a Comment