I have an issue with rule tracing in web gateway cluster environment.
I can't see the analysis results of rule tracing in tracing pane while tracing connections from client IP, it just remains empty.
However I see the rule tracing files created from each client request to web gateway , and I can just click on analyze button and the result appears in tracing pane, but not while real time rule tracing.
The issue is not permanent and appears on and off while tracing requests from different client ip's from different segments in organization network .
Most often this issue happens, when traffic pass through second member in cluster.
Please help to solve it. I attached some screenshots from real time rule tracing.
Next to the field where you enter the Client IP address you need to select the appliance from the dropdown menu which is receiving the traffic. Is the right box selected here?
You mean the cluster member, that client IP is sending request to ? (attached screenshot).
Yes, I chose the right one. When I'm sending request to the VIP , I see which cluster member starts creating the rule tracing files. the problem is , that the content of those files are not displaying on trace pane .
Is your cluster load-balanced? We have that, an have to explicitly define the proxy on the client to ensure the traffic goes to just one proxy. Once we do that, we have very few issues doing rule traces on specific IPs at specific proxies. If it's load-balanced, and you don't specify, all bets are off on which proxy will get the traffic
It is load-balanced. We are working with MCP client, which redirects the traffic to proxy VIP, than the traffic load balance between cluster nodes.
I am not aware of any reason why the rule trace central should not show the traces, if the IP address is matching and the tracing is started on the correct machine.
It might make sense to file a request with support, add one of the rule traces that does not show up in the UI (but ends up in the logs/debug/ruleengine_traces folder, in case I understood correctly). and a feedback, so we can take a look and check if there is anything obvious.
At the moment I have no further idea. Is the load balancing done by MWG of by a load balancer? In that case it might be required to type in the IP address of the load balancer, it depends a bit on what IP address MWG sees as the source IP (a rule trace given to support could shed some light).