Logs & Settings Action Plan for Teams-Protector

SphereShield proxy solution is involved in 2 processes

1. A proxy server capturing Teams traffic between the client and the cloud

2. Scripts injection from Agat cloud directly to the client

Possible issues in SphereShield proxy solution

1. User can’t sign in to Teams

2. Slow sign in process

3. Slowness in messages reaching destination

4. Slowness joining meetings \ user can’t join meetings

Issues (1) and (2) can be server\database issue or script injection issue

Issues (3) and (4) are probably server\database issues

How do I know to which Bastion server the client is connected?

From a client connected to Agat proxy run:

https://teams.microsoft.com/teams_protection/healthcheck/proxytest

In the response you should see the “Server Name”

Open

Collecting logs for issues (1) or (2)

1. Browse C:\Agat\Bastion\filters\fw_proxy

2. Edit Teams_Protector.xml; <severity>debug</severity>

Open

3. Save

4. Restart Bastion service

5. Reproduce issue

Collect server logs:

• D:\Agat\Logs\Teams_Protector - Collect the current log. If no current log there, enter “Archive” folder and collect the last modified one

• D:\Agat\Logs\InternalServicesAPI - Collect the current log

• D:\Agat\Logs\InternalServicesAPI\EW_InternalServicesAPI - Collect the current log (For Ethical Wall solution)

• D:\Agat\Logs\InternalServicesAPI\DLP_InternalServicesAPI - Collect the current log (For DLP solution)

Collect client logs:

Gathering Teams Client Logs to Send to AGAT

Proxy diagnostic

• From a Teams client machine, browse https://proxytest.agatcloud.com and take a screenshot of the output

• From a Teams client machine, browse https://teams.microsoft.com/teams_protection/healthcheck/proxytest and take a screenshot of the output

Prepare logs to Agat:

• Comperes server and client logs + screenshots

• Browse https://customers.agatsoftware.com

• Enter ticket number (password will be provided by Agat)

• Upload compressed file

• In the ticket you open to Agat specify username and time of issue as well as screenshots if available

Collecting logs for issues (3) or (4)

1. Browse C:\Agat\Bastion\filters\fw_proxy

2. Edit Teams_Protector.xml; <severity>debug</severity>

3. Save

4. Restart Bastion service

5. Reproduce issue

Collect server logs:

• D:\Agat\Logs\Teams_Protector - Collect the current log. If no current log there, enter “Archive” folder and collect the last modified one

• D:\Agat\Logs\InternalServicesAPI - Collect the current log

• D:\Agat\Logs\InternalServicesAPI\EW_InternalServicesAPI - Collect the current log (For Ethical Wall solution)

• D:\Agat\Logs\InternalServicesAPI\DLP_InternalServicesAPI - Collect the current log (For DLP solution)