Internet Threat Protection (ITP) Troubleshooting Guide

A step-by-step troubleshooting procedure admins can follow to resolve general ITP issues

Updated on Sep 04, 2025
5 minutes to read
Contributors

Overview
Pre-requisites
General Troubleshooting Procedure
Diagnostics and Tools
- Use Lookup domain to review how a domain is being classified and handled by the ITP policy
- Request end users to send logs via the desktop app
Common Error Codes and Messages

Overview

This guide provides admins with a general procedure to follow in order to identify and troubleshoot common Internet Threat Protection issues. Use this doc to map symptoms to causes and apply resolutions before escalating to support.

Pre-requisites

admin access to SIA org

General Troubleshooting Procedure

Step 1: Identify the symptom(s)

For example, a public website or a local website may be unexpectedly inaccessible or unexpectedly accessible to end users in your org; alternatively, end users in your org may be experiencing high latency.

Step 2: Verify the environment

Check for network connectivity, verify that the applicable ITP policy configuration is accurate and current (e.g., check which domain categories, apps, specific domains, and geo-locations you’ve selected to block), and verify your org’s licensing (i.e., ensure that you have SIA licenses).

Step 3: Collect logs and diagnostic info

Request that end users send logs via the CSE desktop app.
Capture an HTTP Archive file (HAR file) to view calls and responses associated with a user’s web session.
Review how a specific domain is being handled by using the Lookup domain search function in the ITP policy.

Step 4: Apply relevant fixes

This may involve adjusting your ITP policy configuration to correct unexpected behaviours (e.g., adding a domain or an application bypass, or adding a URL exception or explicit block, if your org uses URL filtering) or adjusting your firewall rules to accept swg agent traffic.

Step 5: Escalate to support

If further assistance is required, reach out to support at support@sonicwall.com.

Diagnostics and Tools

Use Lookup domain to review how a domain is being classified and handled by the ITP policy

Request end users to send logs via the desktop app

Common Error Codes and Messages

Error code	Definition
403	server understands but denies authorization of request
400	invalid request; improper syntax or content
401	authentication required or authentication failed
404	resource doesn’t exist