Advanced features

​Akamai​ Guardicore Platform Agent includes various capabilities that enable advanced users and IT administrators to troubleshoot problems or test different configurations and policies.

Set Log Information Level

Log Information Level lets you control how much client information gets logged for troubleshooting purposes.

How to

  1. Left-click the Guardicore Platform Agent icon on the Windows desktop tray bar or the macOS menu bar.
    ​Akamai​ Guardicore Platform Agent opens.
  2. Click Settings.
  3. In Log Information Level, select the verbosity level of the logs depending on how much information is required:
  • Debug. Generates debug information about Guardicore Platform Agent and connectivity to native applications. This option can slow down the performance of the client due to the length of generated logs. It is intended for troubleshooting purposes for ​Akamai​ support and engineering.
  • Verbose. Logs the health of the client and other more detailed information in the Diagnostics > Alerts tab.
  • Default. Only error logs are reported for troubleshooting purposes. It can be errors in the Guardicore Platform Agent itself or connectivity issues between the native applications and the Guardicore Platform Agent on the computer.

Run client diagnostics

The Diagnostics tab lets you run a Quick Test or perform a Full Diagnostic of the client.

Quick Test

The Quick Test functionality examines the status of the Access and Threat Protection components, their connectivity, and configuration downloads from Enterprise Center. Green icon (✓) indicates success and red icon (✗) indicates failure. Orange icon (!) indicates that at least one of the components is disabled and couldn’t be tested or the client cannot perform the test at the moment.

How to

  1. Left-click the Guardicore Platform Agent icon on the Windows desktop tray bar or the macOS menu bar.
    ​Akamai​ Guardicore Platform Agent opens.
  2. Click Diagnostics > Quick Test.
  3. Click Run Quick Test.

If the installation is in good health, the configurations are successfully completed, and components are verified, green icons (✓) appear next to each check.

If any of the diagnostic results are unsuccessful, or marked with a red icon (✗) do the following:

  • For only a configuration failure, perform a sync operation.
    If this doesn't fix the issue or if all checks fail, continue to troubleshoot.
  • For a connectivity failure, contact your Zero Trust Client administrator to have them confirm that client services are allowed in your organization’s firewall.
  • Take a screenshot and provide it to your ​Akamai​ Guardicore Platform Agent administrator.
    Capture logs, device ID, Guardicore Platform Agent version and send them to ​​Akamai​. Contact support.

Full Diagnostic

The Full Diagnostic performs an in-depth analysis of the client and generates logs for further troubleshooting.
Guardicore Platform Agent logs are useful to troubleshoot issues and provide information to the help desk. You can access logs generated by the client and send a zipped version of the logs to your Guardicore Platform Agent administrator. This is useful when the administrator contacts ​Akamai​ support.

How to

  1. Left-click the Guardicore Platform Agent icon on the Windows desktop tray bar or the macOS menu bar.
    ​Akamai​ Guardicore Platform Agent opens.
  2. Click Diagnostics > Full Diagnostic.
  3. Click Run Full Diagnostic.
  4. Wait for the Full Diagnostic to complete.
  5. Click Save Logs so save the logs on your computer. This creates a zip file that includes all the log files necessary for troubleshooting.
  6. Select the folder or directory where the zipped logs should be saved.
    The Activity tab opens.
  7. In the Activity tab, you can see the filename and the location of the newly created logs.
  8. Click Open containing folder to find the zip file with your client logs.
    You can now view the logs in a text editor of your choice or share the zip file with your IT administrator for troubleshooting.

Send Guardicore Platform Agent logs to administrator

Once you’ve run full diagnostics, you can send the logs directly to ​Akamai​ support. To do this, click Send Logs to Admin in the Diagnostics > Full Diagnostic tab.

Check client posture and runtime environment

The Info tab displays device posture information, and lets you verify and monitor the security of your machine. This information is particularly useful when setting up or troubleshooting access control policies (ACL).

📘

Identity Provider is more commonly referred to by its abbreviated name, IDP or IdP.

InformationDescription
IDP Your identity provider creates, maintains, and manages identity information for users, services, or systems. You can check your currently configured IdP hostname here.
Authenticated as Displays the currently logged in username that you use to authenticate with the IdP.
Network TypeThe type of network you are connected to. The following network types are available:


  • On-premises. User is inside a trusted network, like a corporate IT network. This network type is available when you enable trusted network in the identity provider (IdP), and the user satisfies the trusted network policy. The user can override the trusted network settings on their computer inside Guardicore Platform Agent.


  • On-premises (using Proxy). User is inside a trusted network, like a corporate IT network and a proxy server is used. This network type is available when you enable trusted network in the IdP, the user satisfies the trusted network policy, and has authenticated with the proxy server (with the correct proxy credentials). The user can override the trusted network settings on their computer inside Guardicore Platform Agent.


  • Public. User is outside a trusted network, in a public network (like a cafe, or a hotel network). This network type is available when you enable trusted network in the IdP, and the user does not satisfy the trusted network policy. Also, you can see this network type indication when the trusted network feature is disabled in the IdP.


  • Public (using Proxy). When you enable a proxy server and authentication is done with the correct proxy credentials, Guardicore Platform Agent sends the traffic though the proxy server to reach the application server.


  • Captive portal. User is in a public network (like a cafe, or a hotel network) and connected to the captive portal page, but has not authenticated with the credentials. User is not connected to the Internet.


  • Not Connected. User has no Internet connection.

Signal Last Update Timestamp of the last Info tab update. To force an update, click the Refresh icon.
Device Local User Your Windows or macOS account username.
OS Your operating system. Either macOS or Windows.
Version Version number of your operating system.
Installed Browser(s)Names and versions of the browsers installed on your computer.
Client (device) ID Unique client ID generated by Guardicore Platform Agent.
Client version Guardicore Platform Agent version currently installed on your computer.
Anti-malware Informs whether your operating system is protected by anti-malware software.
Firewall Informs whether your network traffic is secured by a firewall.
Disk Encryption Informs whether your system disk is encrypted.
Threat ProtectionInforms about traffic protected by Threat Protection, if available.
DNS TransportIndicates how DNS traffic is transported to ​SIA​. This field may show one of these values:

  • DNS over TLS
  • DNS over HTTPS
  • DNS over UDP
HTTP ProtectionTransparent traffic interception status. To learn more, see SIA documentation.
Threat CaptureDisplays the current ETP mode set in Enterprise Center.
Segmentation Agent VersionVersion number of the Segmentation Agent currently running within Guardicore Platform Agent.
Segmentation Agent IDID used to identify the Agent in Centra.
Segmentation Aggregator IPIP addresses or hostnames of the Aggregator(s) to which Guardicore Platform Agent is associated.

Copy Guardicore Platform Agent status and device posture information

The Info tab provides useful information that you can share with your administrator to troubleshoot issues. Follow this procedure to copy your Info to clipboard.

How to

  1. Left-click the Guardicore Platform Agent icon on the Windows desktop tray bar or the macOS menu bar.
    ​Akamai​ Guardicore Platform Agent opens.
  2. Click Info.
  3. In the top right-hand corner, click copy info.
    The content of the Info tab is now available in your clipboard. You can paste it in an email or chat window and share it with your administrator.

Force Sync the Client

You can perform an explicit sync to force the configuration information from Enterprise Application Access to the ​Akamai​ Guardicore Platform Agent.
The ​Akamai​ Guardicore Platform Agent synchronizes to the EAA Login Portal every five minutes for any configuration changes in an application or identity provider. To immediately synchronize the ​Akamai​ Guardicore Platform Agent with Enterprise Application Access, you can force an explicit synchronization. If you have any issues with running diagnostics, try to sync.

How to

  1. Left-click the Guardicore Platform Agent icon on the Windows desktop tray bar or the macOS menu bar.
    ​Akamai​ Guardicore Platform Agent opens.
  2. Click Settings.
  3. Click Force Synchronization.

Check Alerts

You can check for different types of alerts in Guardicore Platform Agent and use this information to troubleshoot any problems. Increase log verbosity in Set Log Information Level to receive more alerts. Multiple occurrences of the same event are aggregated into a single entry and their total count is displayed.

How to

  1. Left-click the Guardicore Platform Agent icon on the Windows desktop tray bar or the macOS menu bar.
    ​Akamai​ Guardicore Platform Agent opens.
  2. Click Diagnostics.
  3. Click Alerts.

Example:
You add an IP address while configuring tunnel applications to access a local IP within your organization. If it is already present in the routing table, there is a route collision. You get a message:

IP based access may not be working,
reason: Existing specific route: 172.16.0.0 IP gw On-link
Contact Administrator

Here, 172.16.0.0 IP address is already present in the routing table of the gateway and cannot be used for IP based access by 172.16.0.0 IP.

Remote Proxy

Configure Guardicore Platform Agent when you have a forward proxy within your organization. Some organizations use a forward proxy server within the corporate network to connect to the Internet. The user's computer connects to the forward proxy server to perform operations like authentication, web filtering, and then the traffic is routed to the Internet.
If Guardicore Platform Agent is installed on these machines, organizations require Guardicore Platform Agent to forward all Access traffic to the forward proxy before reaching the Enterprise Application Access Cloud.

Before you begin

Specify your secure web proxy (HTTPS) in your OS settings:

How to

  1. Left-click the Guardicore Platform Agent icon on the Windows desktop toolbar or the macOS menu bar.
  2. Click Settings.
  3. Enable Remote Proxy.
  4. Enter your proxy credentials: Username, Password and Domain.
  5. Click OK.
    The details of your proxy connection are now displayed in the client.

To learn more about remote proxy, refer to the EAA Client proxy documentation.

On-premises network

An on-premises network is a network within your organization that can be securely accessed and only by the employees. If you are connected to an on-premises network and your IdP is configured to support it, you can enable On-premises to directly access your enterprise applications, bypassing the EAA Cloud and reducing connection delays. Disabling On-premises while connected to a corporate network forces Guardicore Platform Agent to route your traffic via EAA Cloud, just as if you were connected to a public network.

How to

  1. Left-click the Guardicore Platform Agent icon on the Windows desktop tray bar or the macOS menu bar.
    ​Akamai​ Guardicore Platform Agent opens.
  2. Click Options.
  3. Enable or disable On-premises.
    To learn more about the On-premises functionality, refer to the Enterprise Center for EAA documentation.

Segmentation Agent administration

To control the Segmentation Agent in Guardicore Platform Agent, refer to the available CLI commands in the Guardicore Segmentation documentation (requires ​Akamai​ ​Control Center​ login):