Edge SWG (ProxySG) Policy Trace via CLI
search cancel

Edge SWG (ProxySG) Policy Trace via CLI

book

Article ID: 165464

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

Broadcom recommends executing a policy trace using the Management Console because the volume of output might be too much for an SSH or a serial console session.

Refer to Edge SWG Policy Trace for more details on how to perform policy trace using the Management Console.

However, if you must perform a policy trace via CLI and the traffic, CPU, and memory utilization is low, use the the steps provided in Resolution section. 

 

 

Resolution

Enabling global policy trace

ProxySG#policy trace all           <-- remember to disable this after completing the test

ProxySG#show advanced-url /Policy/Delete-All-Traces         <-- this will delete any old policy trace

Reproduce the issue with test browser

ProxySG#show advanced-url /Policy/Trace/default_trace.html   <-- this will show the policy trace entries press enter to show new line or press space key to show the whole page.
 


Tracing limited client IP

Note: The following command will overwrite existing local policy. If you can extract the existing policy via "show configuration" or via local configuration backup, you can append the CPL below to the existing local configuration, and replace the client IP below with the exact IP address of the test client.

To overwrite and wipe your existing local policy with this single policy trace, for newly factory default proxy or proxy without any local policy
ProxySG#(config)inline policy local EOF
<Proxy>
client.address=x.x.x.x trace.request(yes) trace.rules(all) trace.destination("trace.html")
EOF
  ok
ProxySG#(config)

If you would like to append this CPL with existing local policy
ProxySG#(config)inline policy local EOF
##ADD YOUR EXISTING POLICY ON TOP PORTION HERE##
<Proxy>
client.address=x.x.x.x trace.request(yes) trace.rules(all) trace.destination("trace.html")
EOF
  ok
ProxySG#(config)

ProxySG#show advanced-url /Policy/Delete-All-Traces         <-- this will delete any old policy trace

Reproduce the issue with test browser

ProxySG#show advanced-url /Policy/Trace/traces.html   <-- this will show the policy trace entries press enter to show new line or press space key to show the whole page.

 

Powered by Wolken Software