Support
      Back to home
      1. SecureDynamics Knowledge Base
      2. Support

      ZIA Troubleshooting Using ZIA Analytics

      πŸ“Œ Purpose

      This article guides using ZIA Analytics for effective troubleshooting of common Zscaler Internet Access (ZIA) issues. It focuses on leveraging ZIA’s built-in diagnostics, such as Web Insights, SSL Inspection Logs, Firewall Logs, and HTTP header traces.

      🧰 Prerequisites

      πŸ”Ž Step-by-Step Troubleshooting Using ZIA Analytics

      1. βœ… Confirm ZIA Service Status

      1. Ask the end user to visit https://ip.zscaler.com.

      2. Check that:

        • Service Status is ON in ZCC

        • Correct Data Center (ZEN) is used

        • Client details and authentication are shown

      If no ZIA service is shown, verify:

      • Traffic is forwarded via PAC, GRE/IPSec, or ZCC

      • No local network or DNS issues.

      2. πŸ“Š Use Web Insights to Identify Policy and Access Issues

      Go to:

      ZIA Admin Portal β†’ Analytics β†’ Web Insights

      • Filter by user, timestamp, and destination

      • Look for:

        • Blocked requests

        • SSL errors

        • Inspection errors

      • Common error reasons: "Blocked due to SSL decryption failure", "URL Category block", "Unencryptable traffic"

      Fix: Create SSL bypass rules or review Access/URL filtering policies.

      3. πŸ” Use SSL Inspection

      Check:

      Policy β†’ SSL Inspection

      • Ensure rules cover authentication and critical business apps

      • Look for unintended β€œDo Not Inspect” entries

      • Use HTTP Header capture from browser dev tools (Ctrl+Shift+I β†’ Network tab) to verify inspection results.

      4. 🌐 Use Firewall Insights for Connectivity Blocks

      Go to:

      Analytics β†’ Firewall Insights

      Use this to:

      • Check outbound port blocks

      • Identify IPS/Geo-IP rules blocking traffic

      • Investigate dropped or denied connections

      πŸ” Common Scenarios and Analytics Application

      Issue Tool Diagnosis Tips
      No Internet Access ip.zscaler.com, DNS tools, Analyzer Validate PAC/GRE/IPSec; Check DNS & client routing
      Website Load Failures Web Insights, Header Traces Check for inspection blocks, missing segments
      Slow Access MTR, Webload, Packet Capture Confirm latency at hops or retransmissions
      Authentication Errors Web Insights, SAML logs Check IdP certs, SAML config, user provisioning
       

      πŸ“š Additional Resources 

      βœ… Summary

      Using ZIA Analytics tools effectively speeds up issue resolution by pinpointing exact failure points in traffic flow, authentication, or policy enforcement.