COSGrid SASE – Troubleshooting Guide

1. Troubleshooting Approach

Step 1: Identify the Layer

Identity issue → Login / MFA
Device issue → Agent / Posture
Network issue → Connector / Overlay
Policy issue → Access rules

Step 2: Validate Basics

Internet connectivity
Correct user credentials
Agent status (if applicable)

Step 3: Check Logs

Event logs
Access logs
Agent diagnostics

Step 4: Isolate Scope

Single user or multiple users?
Single app or all apps?
Agent-based or agentless?

2. Identity & Authentication Issues

Issue: User Unable to Login
- Possible Causes:
  - Incorrect credentials
  - IdP misconfiguration
  - User not provisioned
- Troubleshooting Steps:
  - Verify username/password
  - Check IdP configuration (SAML/OIDC)
  - Confirm user exists in system
  - Validate JIT provisioning settings
Issue: MFA Not Working
- Possible Causes:
  - Time sync issue
  - Incorrect MFA setup
  - Device mismatch
- Troubleshooting Steps:
  - Check device time synchronization
  - Reconfigure MFA
  - Verify MFA policy enforcement
Issue: User Not Getting Access After Login
- Possible Causes:
  - No policy assigned
  - User not mapped to group
- Troubleshooting Steps:
  - Check group membership
  - Validate access policy
  - Confirm policy conditions

3. MicroZAccess (Agent-Based ZTNA) Issues

Issue: Agent Not Connecting
- Possible Causes:
  - Network/firewall blocking
  - Orchestrator unreachable
  - Agent service not running
- Troubleshooting Steps:
  - Check internet connectivity
  - Verify required ports are open
  - Restart agent service
  - Check agent logs
Issue: Application Not Accessible
- Possible Causes:
  - Z3 Connector not configured
  - Incorrect app onboarding
  - Policy restriction
- Troubleshooting Steps:
  - Verify application onboarding details
  - Check connector status
  - Validate access policy
  - Confirm app backend is reachable
Issue: Z3 Connector Not Working
- Possible Causes:
  - Connector not registered
  - Network routing issue
- Troubleshooting Steps:
  - Check connector registration
  - Verify connectivity to orchestrator
  - Restart connector service
Issue: Device Posture Check Failing
- Possible Causes:
  - Device non-compliant
  - DPC policy misconfigured
- Troubleshooting Steps:
  - Check posture requirements
  - Validate device compliance
  - Review DPC logs
Issue: Slow Application Access
- Possible Causes:
  - High latency
  - Overlay routing via relay
- Troubleshooting Steps:
  - Check network latency
  - Verify direct vs relay connection
  - Analyze resource usage

4. SwiftZAccess (Agentless ZTNA) Issues

Issue: Domain Not Accessible
- Possible Causes:
  - Incorrect domain onboarding
  - Backend server unreachable
  - DNS misconfiguration
- Troubleshooting Steps:
  - Verify domain entry (no https)
  - Check backend mapping
  - Validate DNS resolution
Issue: Access Denied (Agentless)
- Possible Causes:
  - Policy restriction
  - User not mapped
- Troubleshooting Steps:
  - Check policy rules
  - Verify user/group mapping
  - Confirm domain access permissions
Issue: Page Not Loading Properly
- Possible Causes:
  - Reverse proxy misconfiguration
  - Unsupported web components
- Troubleshooting Steps:
  - Validate proxy configuration
  - Check browser compatibility
  - Inspect developer console logs

5. Secure Web Access (SWA) Issues

Issue: Website Blocked Unexpectedly
- Possible Causes:
  - URL category blocked
  - Policy misconfiguration
- Troubleshooting Steps:
  - Check URL category
  - Review SWA policy
  - Whitelist domain if required
Issue: HTTPS Sites Not Loading
- Possible Causes:
  - SSL inspection issue
  - Certificate problems
- Troubleshooting Steps:
  - Verify SSL inspection settings
  - Check certificate installation
  - Disable inspection temporarily for testing
Issue: Slow Internet Browsing
- Possible Causes:
  - Traffic inspection overhead
  - Network latency
- Troubleshooting Steps:
  - Check bandwidth usage
  - Review policy rules
  - Optimize inspection settings

6. Zero Trust - Network Access Control ( ZT-NAC ) Issues

Issue: Device Not Getting Network Access
- Possible Causes:
  - Device not authenticated
  - Policy restriction
- Troubleshooting Steps:
  - Verify device registration
  - Check NAC policy
  - Confirm authentication status
Issue: Device Marked Non-Compliant
- Possible Causes:
  - Missing patches
  - Security tools not installed
- Troubleshooting Steps:
  - Check compliance requirements
  - Update device security
  - Re-evaluate posture
Issue: Guest Access Not Working
- Possible Causes:
  - Guest policy misconfigured
  - Network isolation issue
- Troubleshooting Steps:
  - Verify guest access policy
  - Check VLAN/network segmentation
  - Validate time-based rules

7. Monitoring & Diagnostics

Logs to Check
- Authentication logs
- Access logs
- Policy evaluation logs
- Agent logs
Remote Diagnostics
- Admins can:
  - Trigger diagnostics remotely
  - Collect logs
  - Analyze failures
Resource Monitoring
- Check:
  - CPU usage
  - Memory usage
  - Network usage

8. Common Cross-Platform Issues

Issue: Access Works for Some Users Only
- Root Cause:
  - Group-based policy mismatch
Issue: Works on One Device, Not Another
- Root Cause:
  - Device posture failure
Issue: Works on Network, Not Remote
- Root Cause:
  - Firewall or routing issue

9. Quick Troubleshooting Checklist

Before escalating:

User exists and is active
Correct group assigned
Policy configured properly
Application/domain onboarded
Agent/connector running
Network connectivity verified