If you are having SCP connectivity and redirection issues, review the following common causes and solutions.
DNS Lookup Failure
Use the display filter dns contains cloud in the packet analysis to find the error No such name or other.
TCP Handshake Failure
A TCP handshake failure can be a block in the network, on the firewall, or on the ISP.
I can be like a needle in a haystack to find a specific connection where SYN packets without an ACK, or RST packets responded on SYN.
To find the relevant stream, you can get the cloud IP address from DNS queries, and then filter for that IP address using the display filter ip.addr eq <cloud IP>. Then search for any repeating SYN packets, right-click, and follow the TCP stream.
If you identify the connection, check for any other network device is blocking it.
Internet Availability Check Fails
In case the Internet Availability Check (GET http://mcp.webwasher.com/test/MCP.txt) or the Captive Portal Check fails (via proxy: GET http://mcp.webwasher.com/test/MCP.txt), then follow these steps to find the relevant stream:
Use display filter: http.request and http contains webwasher
These requests must reach the internet. If the packets are blocked, check the network for blockages.
Skyhigh Public IP Blocked by Website Host
While accessing an HTTP website, if a user receives the Skyhigh block page with the following errors because client context is not yet done:
- Bad Gateway
- Could not connect to destination in time
- 502 HTTP response code
- browser block page
Check the HAR trace to see if the response for any request is showing the Pending status and then times out, or has an HTTP response code 502. If so, raise an SR with all relevant information.
Policy Blocks the Request
In an event where the bypass rules are not working or if a block rule is triggered, the HTTP response code 403 is shown in the HAR trace in the browser.
Check for details on the block page to identify the rule and adjust the policy accordingly.