This table provides suggestions on how to troubleshoot issues in ‚ÄčSIA‚Äč:

ProblemSuggested Steps
Traffic does not reach ‚ÄčSIA‚Äč
  1. Review DNS traffic in the DNS Summary activity report. For more information on this report, see Summary of DNS activity.
  2. If DNS traffic is not logged, verify that the primary DNS server in your network forwards requests to ‚ÄčSIA‚Äč DNS servers.

You can also deploy ‚ÄčETP Client‚Äč on end user machines to direct requests to ‚ÄčSIA‚Äč.
Traffic does not reach ‚ÄčSIA‚Äč Proxy
  1. Review network traffic in the Network Traffic activity report. For more information on this report, see Network Traffic.
  2. If proxy traffic is not reported:
    1. Confirm that the domain or IP address of the traffic is not configured in an exception list or the Allow custom list that was migrated from Quick Lists.
    2. Confirm that the domain or IP address of the traffic is not configured in a custom list that is assigned an Allow action in a policy. The Allow action permits domains and IP addresses in the list to bypass the ‚ÄčSIA‚Äč proxy.
TLS traffic is not inspected by the ‚ÄčSIA‚Äč proxy or the user receives certificate validation error messages
  1. Review network traffic in the Network Traffic activity report. For more information on this report, see Network Traffic.
  2. If TLS traffic is not reported, confirm that the trusted root certificate an ‚ÄčSIA‚Äč administrator generated or signed in ‚ÄčSIA‚Äč is deployed to the user‚Äôs computer.
  3. Confirm that no TLS errors appear.
A non-browser application is not available
  1. Review network traffic in the Network Traffic activity report. For more information on this report, see Network Traffic.
  2. If the application traffic is not logged, confirm that the certificate is distributed and configured properly in your network. For example, if certificate pinning is used, ensure that the certificate you generated or signed with is correctly saved.
To workaround this issue, you can also add the application to a custom list that is configured in a policy with the Allow action. The Allow action permits domains and IP addresses in the list to bypass the ‚ÄčSIA‚Äč proxy.

For more information, see Add a custom list and Manage a policy.
Malware is not blocked
  1. Search for the domain on the Indicator Search page and confirm the action that was taken on the event. See Search for threats based on domain.
  2. Review existing custom lists and check whether the policy is associated with a custom list.
  3. If the domain is assigned to a custom list, review existing policies and confirm that the Allow or Monitor action is not assigned to the custom list with the malicious domain.
Client IP address is not reported for blocked trafficIf events in ‚ÄčSIA‚Äč do not report the client IP address (including Security Connector events), you can do the following:
Error page not visibleThe default ‚ÄčAkamai‚Äč error page server does not respond to HTTPs requests as well as IPv6 only networks. To enable error pages for these requests, Enable selective proxy. This redirects blocked traffic through the proxy which then gracefully serves error pages in all conditions.