| Traffic does not reach ETP
|
- Review DNS
traffic on the DNS Summary activity report. For more information
on this report, see Summary of DNS activity.
- If DNS traffic is
not logged, verify that the primary DNS server in your network
forwards requests to ETP DNS
servers.
You can also deploy ETP Client on end user machines to direct
requests to ETP. |
| Traffic does not reach ETP
Proxy |
- Review network
traffic on the Network Traffic activity report. For more
information on this report, see Network traffic.
- If proxy traffic is not reported:
- Confirm
that the domain or IP address of the traffic is not
configured in an exception list or the Allow custom list
that was migrated from Quick Lists.
- Confirm
that the domain or IP address of the traffic is not
configured in a custom list that is assigned an Allow
action in a policy. The Allow action permits domains and
IP addresses in the list to bypass the ETP proxy.
|
| TLS traffic is not inspected by the ETP proxy or the user receives certificate validation error
messages |
- Review network
traffic on the Network Traffic activity report. For more
information on this report, see Network traffic
- If TLS traffic is
not reported, confirm that the trusted root certificate an ETP
administrator generated or signed in ETP is
deployed to the user’s computer.
- Confirm that no TLS errors appear.
|
| A non-browser application is not available |
- Review network
traffic on the Network Traffic activity report. For more
information on this report, see Network traffic
- If the
application traffic is not logged, confirm that the certificate
is distributed and configured properly in your network. For
example, if certificate pinning is used, ensure that the
certificate you generated or signed with is correctly
saved.
To workaround this issue, you can also add the
application to a custom list that is configured in a policy with the
Allow action. The Allow action permits domains and IP addresses in
the list to bypass the ETP
proxy.
For more information, see Add a custom list
and Edit a policy.
|
| Malware is not blocked |
- Search for the
domain on the Indicator Search page and confirm the action that
was taken on the event. See Search for threats based on domain.
- Review existing custom lists and check whether the policy is
associated with a custom list.
- If the domain is assigned to a custom list, review existing
policies and confirm that the Allow or Monitor action is not
assigned to the custom list with the malicious domain.
|
| Client IP address is not reported for blocked traffic |
If events in ETP do not
report the client IP address (including Security Connector events), you
can do the following:
- Install and
distribute ETP Client on end user machines. See ETP Client for DNS only.
- Deploy Enterprise
Security Connector in your network. In a policy action, you can
then assign the Block - Sinkhole action for lists such as lists
that are assigned the Command and Control (C&C) category and
select the security connector you deployed. See Security Connector as a DNS sinkhole. To create or edit a policy,
see Create a policy or Edit a policy.
|
| Error page not visible |
The default Akamai
error page server does not respond to HTTPs requests as well as IPv6
only networks. To enable error pages for these requests, Enable selective proxy. This redirects blocked traffic through the proxy
which then gracefully serves error pages in all conditions. |