Why is URL categorization not working on my PacketShaper?
Last Updated May 13, 2017
Please go through the following checklist:
1. URL categorization is OFF by default—you have to turn it ON for it to work.
2. You also have to create a new class for ‘URL category: All Categories’ and enable traffic discovery on that class. Alternatively, you can enable traffic discovery on the HTTP and/or SSL classes.
3. Make sure that your PS has proper DNS settings, and can access the Internet without any problems. Check the security settings on the PS and allow the needed IP addresses for the following sites or set outside to unsecure for testing. If you have any other security device, you have to allow the IP addresses for these servers (use nslookup to resolve the IP).
4. Make sure that the PS has a valid support contract. In the banner message or on the Info page, you may see something like the following:
PacketShaper support contract has expired. WebPulse queries will stop after 12 days
No response from Support Server. WebPulse queries will not work
5. If your support contract has expired, you need to renew the support contract. If you are not getting a response from the support server, then you need to check your network connectivity.
a. Make sure that you do not have a firewall or something blocking the HTTP/HTTPS/SSL queries going out from the PS.
b. If the PS has to go through an Explicit Proxy Server to go to the Internet, you will have to add the WebProxy settings on the PS and also edit the Proxy rules to allow connections to/from the PS.
In the example below, 10.9.66.12 is the proxy server and 8000 is the port it is listening on.
setup web-proxy server 10.9.66.12:8000 setup web-proxy on|off setup web-proxy show (to check the setting)
PS will do a HTTPS/SSL query to check the support contract status to updates.bluecoat.com. Make sure that you can ping updates.bluecoat.com.
Manual way of viewing or updating the support contract status:
PacketShaper# setup support update
Updating support status for this PacketShaper...DONE!
PacketShaper Support Contract Status: *** expired *** <====== means your HTTPS query worked—it was able to get the status from the update server as expired. If there is a network connectivity issue, the status will be unknown.
Last status update was on Tue Nov 23 13:52:06 2010 Expired on Mon Oct 4 12:48:06 2010 WebPulse queries will stop after 12 days
PacketShaper# setup support update
Updating support status for this PacketShaper...DONE! PacketShaper Support Contract Status: *** unknown *** <====== means there is network connectivity issue; you will also notice a few seconds delay when you run the above command.
Last status update was on Tue Nov 23 14:09:03 2010 Status check failed since Mon Oct 4 12:48:06 2010 WebPulse queries will stop after 12 days
If the contract status is unknown, you need to resolve the network connectivity issue. The most common issues are due to firewall or proxy/security devices blocking the contract validation query. (Also see PS security settings.) If the PS has to go through the explicit proxy server to get to the Internet, you need to enable ‘webproxy’ on the PS and also edit the rules in the proxy to accept connections from PS.
You will have to get the packet capture on the Localhost class while you run the setup support update command and look for SSL/HTTPS packets from the PS IP address.
Note: If you are analyzing the packet trace from a Web proxied network, keep in mind that the DNS queries will go to the DNS servers, but HTTP/HTTPS packets will not go to the end server addresses; they will go to the proxy server. Therefore, you will not see the flows going to the server’s IP address that DNS resolved to. Instead, you will see it going to the proxy’s IP address. Also the request may no longer be using an SSL destination port number; it will be using the port number for the Web proxy. Applications like Wireshark may not show the connection as SSL.
6. If you have a valid support contract and still have problems, run the following command and look for any obvious errors.
setup webpulse map-download setup webpulse show service setup webpulse update <URL> setup show
If you still have problems, please open a case with Blue Coat Support.
This document was originally written for the Legacy PacketShaper platform (8.7.x, 9.2.x).
The PacketShaper S series does not have a support status command (setup support)
Imported Document ID: 000016619
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe