SIA

This table provides suggestions on how to troubleshoot issues in SIA:

Problem	Suggested Steps
Traffic does not reach SIA	Review DNS traffic in the DNS Summary activity report. For more information on this report, see Summary of DNS activity. If DNS traffic is not logged, verify that the primary DNS server in your network forwards requests to SIA DNS servers. You can also deploy ETP Client on end user machines to direct requests to SIA.
Traffic does not reach SIA Proxy	Review network traffic in the Network Traffic activity report. For more information on this report, see Network Traffic. If proxy traffic is not reported: Confirm that the domain or IP address of the traffic is not configured in an exception list or the Allow custom list that was migrated from Quick Lists. Confirm that the domain or IP address of the traffic is not configured in a custom list that is assigned an Allow action in a policy. The Allow action permits domains and IP addresses in the list to bypass the SIA proxy.
TLS traffic is not inspected by the SIA proxy or the user receives certificate validation error messages	Review network traffic in the Network Traffic activity report. For more information on this report, see Network Traffic. If TLS traffic is not reported, confirm that the trusted root certificate an SIA administrator generated or signed in SIA is deployed to the user’s computer. Confirm that no TLS errors appear.
A non-browser application is not available	Review network traffic in the Network Traffic activity report. For more information on this report, see Network Traffic. If the application traffic is not logged, confirm that the certificate is distributed and configured properly in your network. For example, if certificate pinning is used, ensure that the certificate you generated or signed with is correctly saved. To workaround this issue, you can also add the application to a custom list that is configured in a policy with the Allow action. The Allow action permits domains and IP addresses in the list to bypass the SIA proxy. For more information, see Add a custom list and Manage a policy.
Malware is not blocked	Search for the domain on the Indicator Search page and confirm the action that was taken on the event. See Search for threats based on domain. Review existing custom lists and check whether the policy is associated with a custom list. If the domain is assigned to a custom list, review existing policies and confirm that the Allow or Monitor action is not assigned to the custom list with the malicious domain.
Client IP address is not reported for blocked traffic	If events in SIA do not report the client IP address (including Security Connector events), you can do the following: Install and distribute ETP Client on end user machines. See ETP Client for DNS only. Enterprise Security Connector in your network. In a policy action, you can then assign the Block - Sinkhole action for lists such as lists that are assigned the C&C category and select the security connector you deployed. See Security Connector as a DNS sinkhole. To create a policy, see Create a policy. For more on policies, see Manage a policy.
Error page not visible	The Akamai hosted error page server does not respond to HTTPs requests as well as IPv6 only networks. This applies to the default error pages and the error pages that your organization has customized. To enable error pages for these requests, see Enable selective proxy or Enable full web proxy. This redirects blocked traffic through the proxy which then gracefully serves error pages in all conditions.