Troubleshooting guide - Secured Internet at the Edge in

NSW Department of Education | Secured Internet at the Edge – SCHOOL-OWNED MANAGED DEVICES – TROUBLESHOOTING GUIDE Page 1 of 11

TROUBLESHOOTING GUIDE Secured Internet at the Edge in schools FOR SCHOOL-OWNED WINDOWS DEVICES

Description This troubleshooting guide is designed to be used in conjunction with the quick reference guide (QRG) for school-owned Windows devices. The diagram below shows successful operation of a school-owned Windows device in a school with the Internet at Edge connection.

The troubleshooting steps for school-owned Windows devices fall into the following main stages: Know how a blocked page looks like ...................................................................................... 2

Validate Internet at Edge user identification.......................................................................... 4

Validate IP settings and connectivity ................................................................................... 10

NSW Department of Education | Secured Internet at the Edge – SCHOOL-OWNED WINDOWS DEVICES – TROUBLESHOOTING GUIDE Page 2 of 11

Know how a blocked page looks In Internet at Edge site, a blocked page will show different for HTTP and HTTPS URLs. If you navigate to an unsecured (HTTP) internet site, you may see one of the following results:

Site contents:

You are already authenticated to the Internet at Edge and authorised to view the page.

Enjoy your browsing

Blocked site alert:

You are authenticated to the Internet at Edge but NOT authorised to view the site.

If you believe you should have access to this page, let your teacher know.

Internet at Edge login page:

You are NOT authenticated to the Internet at Edge.

Login with your DoE account. Make sure you use the same username format as: firstname.lastname@detnsw Click Login.

If you navigate to a secured (HTTPS) internet site, you may see one of the following results:

Site contents: You are already authenticated to the Internet at Edge and authorised to view the page.

Enjoy your browsing

mailto:firstname.lastname@detnsw


This site can’t be reached:

You are authenticated to the internet at the Internet at Edge, but NOT authorised to view the page.

Seeing this response may also mean your network connection is not working. To verify if this page is blocked, navigate to HTTP version of this URL. For example, if you tried access https://cisco,com and it fails, navigate to http://cisco.com to see if cisco.com page is blocked. Also check if the sites that you have access to are working. If you believe you should have access to this page, let your teacher know.

“Your connection is not private” or “Your connection is not secure” certificate warning.

You are NOT authenticated to the Internet at Edge.

Navigate to detnsw.net to authenticate to Internet at Edge.

If you come across this prompt, press cancel and navigate to detnsw.net to authenticate your Internet at Edge connection:

https://cisco,com/

http://cisco.com/


Validate Internet at Edge user identification

INSTRUCTIONS SCREENSHOT | CLARIFICATION

Check user Identity To validate user authentication, launch a web browser and go to detnsw.net

If the single sign-on process worked, you will see Authorised page as shown to the right. Click My Details.

If clicked within 10-25 seconds after the user sees the desktop, My Details page will likely show UIA as authentication mode. If clicked 10-25 seconds after the user sees the desktop, My Details page will likely show GP as authentication mode. Check if username shown is that of the logged in user. Check that the user’s group for Internet access is show and is correct. If username is different, call EDConnect and ask that a ticket be escalated to the Operations.T4L Centre, stating that the Wrong user name on Internet at Edge single sign-on. If group name is not shown or different, call EDConnect and ask that a ticket be escalated to the Operations.T4L Centre, stating that the Internet at Edge group mapping is not working. Otherwise, continue troubleshooting.



If Single Sign-On process for whatever reason fails, you will be prompted to authenticate with your DoE username. If this happens, continue troubleshooting as suggested in steps below. (Optional) At this stage, user still will be able to browse Internet if he/she logs in at this window. Make sure you use the same username format as: firstname.lastname@detnsw. Click LOGIN.

Check GPAgent software Go to Command Prompt: click Start, type cmd and press the Enter key on your keyboard. Type tasklist | find PanGPA (Press Shift and \ keys for | pipe symbol) If the output shows PanGPA.exe task, call EDConnect and ask that a ticket be escalated to the Operations.T4L Centre, stating that the Internet at Edge single sign-on is not working. Otherwise, continue troubleshooting.

Access list of installed software: Click Start, start typing Apps & features. Click Apps & features when shown.

mailto:firstname.lastname@detnsw



In the Apps & features window, start typing globalprotect (in one word). Check that GlobalProtect software is shown. If the GlobalProtect software is NOT shown, Call EDConnect and ask that a ticket be escalated to the Operations.T4L Centre, stating that the Global Protect Agent software not installed. If GlobalProtect software is shown, call EDConnect and ask that a ticket be escalated to the Operations.T4L Centre, stating that the Global Protect Agent software not starting.


Validate proxy settings If browsing Internet still fails, this may be caused by incorrect proxy settings. The way to check/set proxy settings varies between Windows 7 and Windows 10.

Windows 10 Start Internet at Edge and select Menu / Settings.

Scroll down to and click Advanced settings.

Scroll down to and click Open proxy settings.

Verify the settings are as shown and have setting http://pac.det.nsw.edu.au/fib/proxy.pac in the Script address field. If settings are NOT consistent with the expected results, call EDConnect and ask that a ticket be escalated to Operations.T4L Centre team, stating that issue is proxy settings are set incorrectly in Group Policy. Otherwise, continue troubleshooting.

Windows 7 Start Internet Explorer and select Menu / Internet Settings.

http://pac.det.nsw.edu.au/fib/proxy.pac


Then select Connections tab and click LAN settings button.

Verify the settings are as shown and have setting: http://pac.det.nsw.edu.au/fib/proxy.pac in the Use automatic configuration script field. If settings are NOT consistent with the expected results, call EDConnect and ask that a ticket be escalated to the Operations.T4L Centre, stating that issue is proxy settings are set incorrectly in Group Policy. Otherwise, continue troubleshooting.


PAC file contents

In the Internet Explorer or Internet at Edge, navigate to http://pac.det.nsw.edu.au/fib/proxy.pac This should result in downloading an empty file.

If the result is NOT consistent with the expected, call EDConnect and ask that a ticket be escalated to the Operations.T4L Centre, stating that issue is Incorrect proxy.pac served to Internet at Edge site.

Verify access

After successful authentication and GP, the user should be able to browse the internet and use applications that required internet connection. To verify if the user’s authentication to the Internet at Edge firewall was successful, navigate to http://detnsw.net

http://pac.det.nsw.edu.au/fib/proxy.pac


Validate IP settings and connectivity Most of the issues with Internet connectivity relate to incorrect IP settings


DHCP operation To validate IP settings on your device, click Start, type cmd and click Enter key on your keyboard.

Windows 10

Windows 7

In the black command prompt, type ipconfig /all and click Enter. In the output, look for Wireless LAN adapter or ethernet adapter Local Area Connection or ethernet adapter ethernet.

Verify that DNS Server is listed as 10.254.254.254

If DNS server is not 10.254.254.254, execute ipconfig /renew or restart the device.

After ipconfig renew or restart, repeat steps in this section to validate IP and DNS settings. If settings are still NOT consistent with the expected results, call EDConnect and ask that a ticket be escalated to the Operations.T4L Centre, stating that the DHCP DNS server settings are incorrect for Internet at Edge site. If the settings are consistent with the expected results, continue troubleshooting.

IP Connectivity and DNS resolution

While still in MS DOS prompt window (black window) ping 10.254.254.254 If the response is timed out, call EDConnect and ask that a ticket be escalated to the Operations.T4L Centre, stating that issue is Internet at Edge firewall does not respond.


INSTRUCTIONS SCREENSHOT | CLARIFICATION If the command response is Reply from, continue troubleshooting.

In the same window, ping edgeportal.det.nsw.edu.au If the response is could not find the host, call EDConnect and ask that a ticket be escalated to the Operations.T4L Centre, stating that issue is Internet at Edge firewall does not resolve DNS. If the command response is Reply from, continue troubleshooting.

Web browsers

Operation of the Internet at Edge was successfully tested with the following browsers: • Internet Explorer • Google Chrome • Firefox • Safari

Need further assistance? For technical support, call EDConnect 1300 32 32 32 or raise a ticket through the self-service portal

https://servicemanagement.det.nsw.edu.au/kinetic/DisplayPage?name=Identify_Client&form=SelfService

https://servicemanagement.det.nsw.edu.au/kinetic/DisplayPage?name=Identify_Client&form=SelfService

Documents

Troubleshooting guide - Secured Internet at the Edge in