Documentation Index

Fetch the complete documentation index at: https://support.appgate.com/llms.txt

Use this file to discover all available pages before exploring further.

Use case: What to look for in the troubleshooting files

  • Published on Jun 17, 2026
  • 1 minute read
Prev Next

The following use case shows how to use the troubleshooting files to understand why a device is receiving a specific risk level.

In this scenario, an end user is blocked from a resource they need for a routine task and reports the issue to an AppGate ZTNA administrator. The administrator confirms that the device is receiving a high risk level that is not a fallback by reviewing the end user's active session in the AppGate ZTNA admin UI. The company uses CrowdStrike ZTA for security posture information, and the administrator verifies that the CrowdStrike instance connected to ZTP is working correctly and that the risk rules and adapters in the Risk Engine are healthy.

To gather more information and determine why the device is receiving a high risk level, the administrator does the following:

  1. In the ZTP Cloud Console, go to Services > Risk Engine. Click the risk rule returning the high risk level—in this case, the CrowdStrike ZTA risk rule.

  1. Click the Troubleshooting tab and download the Usage Report file in CSV format. Search the report for the latest record of the device in question.

  1. The Usage Report shows the following for this device:

    • The device received a high risk level.

    • The device has an Agent ID—the unique identifier CrowdStrike uses for that device.

    • The result for the device is Unmatched.

In this case, the administrator finds that although CrowdStrike manages the device—and the device has an Agent ID—the Risk Engine is not receiving data from CrowdStrike for that device, which produces an Unmatched result. Further investigation reveals that the CrowdStrike ZTA adapter in the Risk Engine was configured against one CrowdStrike instance, while the device was being managed by a different CrowdStrike instance.

The Usage Report may show other situations for a device. For example:

  • No Agent ID: The device may be unknown to the third-party service.

  • High risk level with a Matched result: The Risk Engine is receiving data from the third party and applying the adapter's risk mapping normally. The third-party data itself is the reason for the high risk level. Review this information with your third-party service. If that is not possible, download the Host Log from the Troubleshooting tab to examine the data the third party provided and understand how the Risk Engine used it to determine the risk level.

Related articles