Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Troubleshooting Connectivity Issues with Digital Experience Capabilities

Overview

While using the SSE Solution which includes,  Skyhigh Web Gateway (SWG), Private Access (PA), Cloud Firewall,  Client Proxy and Cloud Access Security Broker (CASB), customers often face issues related to application performance, network performance - slow and inconsistent connectivity to Private Applications, web, and sanctioned applications, service performance issues across the network, etc. This leads to a bad user experience thereby affecting the overall customer journey with the Product. These issues may occur irrespective of the customer's location and the applications or websites that the customers are trying to access. 

Digital Experience Capabilities

The Digital Experience Capabilities present in Skyhigh SSE solution empower the end users/administrators to Troubleshoot the Connectivity Issues efficiently. It also enables a remote administrator to address the majority of the IT related challenges of the end user.

With the Digital Experience Capabilities present in Skyhigh SSE solution, the user/admin can identify the root cause of the network/application/endpoint problems quickly and effectively.

Skyhigh SSE

When the traffic traverses from the user endpoint system to the destination (it can be Web, Private Applications, or Sanctioned Applications) the below information is captured for all the segments of the traffic (Endpoint to POP, POP to POP, and POP to Application). Administrators can analyze this Time-Stamp information to identify the network or application related issues.  

  • Transaction Time: Transaction Time represents the overall processing time for a request i.e., the total time taken by the traffic to reach the destination from the SWG or SSE cloud and vice-versa. This includes the time duration for Anti-Virus scanning and network communication. 
  • Processing Time: Total Processing Time is the time taken by the web proxy rule engine to process the forwarded packets. This includes the waiting time for the filter. This is also called SWG Internal Processing Time.
  • Time to First Byte From Server: This is the time difference between the Time of the last request byte sent to the server and the first response byte received from the server. This represents server side communication latency and helps gauge the network and server responsiveness.
  • Time to Last Byte From Server: This is the time from First Byte from Server to Last Byte from Server: This is a gauge of the server side bandwidth.

clipboard_ef7a9ae69cefa343f91b8dad97e78e12b.png

You can view the above information in the detailed logs of SWG and Private Access.

  • To view the detailed logs in the Private Access:
    • Login to the SSE Console > Analytics > Private Access > Private Access Users.
  • Under Private Access Users section, you can see all the listed users. To view the details, you need to click on the value present in the PA Connections column. Once you click on the above mentioned values, you are redirected to a PA Connections Detail Page, where you will be able to view the below details along with the Transaction Time, Processing Time, Time to First Byte from Server, Time to Last Byte from Server.
  • User-Name
  • Host
  • Application Name
  • Protocol
  • Application Group
  • Connector
  • Device Profile
  • Download and Upload Speed
  • App Connection Status
  • PA Policy
  • Access/Block Reason

NOTE: Similar details are available for the PA users if they navigate to the SSE Console > Analytics > Private Access > Private Access Usage section.

  • To export data in the PA Connections Detailed Page, click on the Export CSV option.
  • For Web Traffic going through the SWG, you can analyse and identify;
    • The total time spent from the time the traffic entered the SWG for the destination and when the response traffic leaves the SWG back to the client. This provides the total transaction time.
    • The Processing time indicates the amount of time the traffic spent in the SWG.
    • The time to first byte from the server & time to last byte from the server indicates the time taken by the traffic to reach the destination once the traffic leaves the SWG.
  • End-Users/Administrators can analyze the transaction time to identify the issues related to network efficiency between the SWG/SSE and the destination. 
  • End-Users/Administrators can monitor the processing time to identify if there is any slowness observed in the SWG.
  • The time to first byte from the server & time to last byte from the server, indicates to the customer, the time taken by the traffic to reach the destination once the traffic leaves the SWG. This can be monitored to identify if there is any network related latency.

Skyhigh Client Proxy

We have the Skyhigh Client Proxy (SCP) that is installed in the endpoints (Windows and macOS). Client Proxy helps in the interception and redirection of the traffic from endpoints to the SSE Console which includes SWG, PA, and Cloud Firewall.

  • The Monitoring Section in the Client Proxy client enables the users/administrator to have visibility on:
    • Traffic Related Information
    • System Related Information
    • Network Related Information

Under Monitoring Option:

  • Traffic Tab:

Click on the Traffic Tab to get visibility on the:

  1. Number of Connections: Here you can view the average number of connections per second. You will have flexibility in viewing the average connections for
  • Last 1 hour
  • Last day
  • Last Week.

  1. Inbound/Outbound Traffic: This option provides information on the amount of Inbound and Outbound Traffic. You will have the flexibility of viewing the Inbound and Outbound Traffic Data for:
  • Last 1 hour
  • Last day
  • Last Week.

  1. Average Round Trip Time:
    • Click on the Average Round Trip Time to identify the total roundtrip time taken when the traffic leaves the Client Proxy and the response to the traffic is received by the Client Proxy. You will have the flexibility of viewing the Average Round Trip Time for:
      • Last 1 hour
      • Last day
      • Last Week.

  • System Tab:

Click on System Tab to get the information related to CPU and Memory Utilization of the End-Point System & Client Proxy.

This will help to perform the root cause analysis for any system related issue and will also help identify if the issue is with Client Proxy or is with the system.

  • Network Tab:

Click on the Network tab to get information on the ISP connection speed and Wi-Fi strength.

This section includes details such as Latency, Download and Upload speed, and Packet Loss information for the network to which the system is connected.

You can also gauge the strength of the  Wi-Fi that you are connected to.

You can analyze the above mentioned information provided in the Client Proxy Client to identify the endpoint related issues.

  • End-Users/Administrators can analyze the transaction time to identify the issues related to network efficiency between the SWG/SSE and the destination. When considering the client side of the connection, the user or administrator can look at the Network Tab present under Monitoring section which provides information on ISP Connectivity and Wi-Fi Strength. Administrators or end-users can also look at the System Tab for any CPU Utilization related issues that would have catered to the slowness of packet flow to SWG.
  • End-Users/Administrators can monitor the processing time to identify if there is any slowness observed in the SWG.
  • The time to first byte from the server & time to last byte from the server, indicates to the customer, the time taken by the traffic to reach the destination once the traffic leaves the SWG. This can be monitored to identify if there is any network related latency.
  • Administrators can analyze the Average Round Trip Time & the Transaction Time to identify if there is a slowness observed in the SCP
  • The Inbound and Outbound Traffic can be analyzed to check for any traffic congestion in the end-point/client.
  • Was this article helpful?