Product Documentation
NetScaler Application Delivery Management service
View PDF

Troubleshoot Gateway Insight issues

May 2, 2023
Contributed by:
S R

If the Gateway Insight solution is not functioning as expected, the issue might be with one of the following. Refer to the checklists in the respective sections for troubleshooting.

  • Gateway Insight configuration.
  • Connectivity issue between NetScaler and NetScaler ADM.
  • Record generation in NetScaler.
  • Validations in NetScaler ADM.

Gateway Insight configuration checklist

  • Make sure that the AppFlow feature is enabled in NetScaler. For details, seeEnabling AppFlow.

  • Check Gateway Insight configuration in the NetScaler running configuration.

    Run theshow running | grep -i command to check the Gateway Insight configuration. Make sure that the bind type is REQUEST. For example;

    bind vpn vserver afsanity -policy afp -priority 100 -type REQUEST

  • For single-hop, Access Gateway, or Unified Gateway deployment, make sure that Gateway Insight AppFlow policy is bound to the VPN virtual server, where VPN traffic is flowing. For details, seeEnabling HDX Insight data collection.
  • Checkappflowlogparameter in NetScaler Gateway/VPN virtual server. For details, seeEnabling AppFlow for Virtual Servers.

Connectivity between NetScaler and NetScaler ADM checklist

  • Check AppFlow collector status in NetScaler. For details, seeHow to check the status of connectivity between NetScaler and AppFlow Collector.

  • Check Gateway Insight AppFlow policy hits.

    Run the commandshow appflow policy to check the AppFlow policy hits.

    You can also navigate toSystem > AppFlow > Policiesin the GUI to check the AppFlow policy hits.

  • Validate any firewall blocking AppFlow ports 4739 or 5557.

Record generation in NetScaler checklist

  • Run thensconmsg -d stats -g ai_totcommand and check for the stats increments in NetScaler.
  • Capturenstracelogs and check for CFLOW packets to confirm NetScaler exports AppFlow records.

Validations in NetScaler ADM

  • Run thetail -f /var/mps/log/mps_afdecoder.log | grep -i "Data Record: vpn_"命令检查日志确认NetScaler ADMis receiving AppFlow records.
  • Make sure that the NetScaler instance is added to NetScaler ADM.
  • Make sure that the NetScaler Gateway/VPN virtual server is licensed in NetScaler ADM.

Gateway Insight stats

The following Gateway Insight stats are available.

  • ai_tot_preauth_epa_export
  • ai_tot_auth_export
  • ai_tot_auth_session_id_update_export
  • ai_tot_postauth_epa_export
  • ai_tot_vpn_update_export
  • ai_tot_ica_fileinfo_export
  • ai_tot_app_launch_failure
  • ai_tot_logout_export
  • ai_tot_skip_appflow_export
  • ai_tot_sso_appflow_export
  • ai_tot_authz_appflow_export
  • ai_tot_appflow_pol_eval_failure
  • ai_tot_vpn_export_state_mismatch
  • ai_tot_appflow_disabled

Contact Citrix technical support

For a speedy resolution, make sure that you have the following information before contacting Citrix technical support:

  • Details of the deployment and network topology.
  • NetScaler and NetScaler ADM versions.
  • Tech support bundle for NetScaler and NetScaler ADM.
  • nstracecapture during the issue.

Known Issues

Refer ADC release notes for known issues on Gateway Insight.

Troubleshoot Gateway Insight issues
May 2, 2023
Contributed by:
S R
May 2, 2023
Contributed by:
S R

In this article

Site feedback | Privacy and legal terms | Cookie preferences | Consent settings | docs.cloud.com
© 1999-Cloud Software Group, Inc. All rights reserved.