Troubleshoot connectivity test failures

If you ran a connectivity test, this table includes solutions for areas where the connectivity test reported failures. To confirm the overall status of the security connector, see Security Connector status.

Solutions for connectivity test failures

Failed connectivity test checkSolution
Management interface is upVerify that you entered valid network settings for the en2 interface (formerly the management interface). The current settings for the security connector are shown when you access the main menu, the network menu, and the diagnostics menu. To change the en2 interface settings, see Configure the en2 interface.
Data interface is upVerify that you entered valid network settings for the en1 interface (formerly the data interface). The current settings for the security connector are shown when you access the main menu, the network menu, and the diagnostics menu. To change the en1 interface settings, see Configure the en1 interface.
Domain Name Resolution for Akamai Management GatewayConfirm the settings for the DNS name servers.

If you configured DHCP and are using the populated network settings, review the settings for the en1 and en2 interfaces.

To change the settings associated with the DNS name servers, see Configure DNS name servers.
Domain Name Resolution for ‚ÄčSIA‚Äč CAS serviceConfirm the settings for the DNS name servers.

If you configured DHCP and are using the populated network settings, review the settings for the en1 and en2 interfaces.

To change the settings associated with the DNS name servers, see Configure DNS name servers.
Domain Name Resolution for CSI Log Push serviceConfirm the settings for the DNS name servers.

If you configured DHCP and are using the populated network settings, review the settings for the en1 and en2 interfaces.

To change the settings associated with the DNS name servers, see Configure DNS name servers.
Domain Name Resolution for Akamai Software RepositoryConfirm the settings for the DNS name servers.

If you configured DHCP and are using the populated network settings, review the settings for the en1 and en2 interfaces.

To change the settings associated with the DNS name servers, see Configure DNS name servers.
Domain Name Resolution for Akamai DoT CloudConfirm the settings for the DNS name servers.

If you configured DHCP and are using the populated network settings, review the settings for the en1 and en2 interfaces.

To change the settings associated with the DNS name servers, see Configure DNS name servers.
Cert Validation for Akamai Management GatewayIf certificate validation fails while the TCP operations pass, an on-premises web proxy may interfere with the validation. If your network has a web proxy, make sure that you configure it to bypass the IP address of the en2 interface or the domains of the Akamai Management Gateway (AMG), CAS, and CSI services.

To find the domains of the AMG, CAS, and CSI services, see View debug information.
Cert Validation for ‚ÄčSIA‚Äč CAS serviceIf certificate validation fails while the TCP operations pass, an on-premises web proxy may interfere with the validation. If your network has a web proxy, make sure that you configure it to bypass the IP address of the en2 interface or the domains of the AMG, CAS, and CSI services.

To find the domains of the AMG, CAS, and CSI services, see View debug information.
Cert Validation for CSI Log Push ServiceIf certificate validation fails while the TCP operations pass, an on-premises web proxy may interfere with the validation. If your network has a web proxy, make sure that you configure it to bypass the IP address of the en2 interface or the domains of the AMG, CAS, and CSI services.

To find the domains of the AMG, CAS, and CSI services, see View debug information.
Cert Validation for Akamai DoT CloudIf certificate validation fails while the TCP operations pass, an on-premises web proxy may interfere with the validation. If your network has a web proxy, make sure that you configure it to bypass the IP address of the en2 interface or the domains of the AMG, CAS, and CSI services.

To find the domains of the AMG, CAS, and CSI services, see View debug information.
TCP Connectivity to Akamai Management GatewayTCP connectivity issues are likely related to your firewall configuration. Confirm that your organization's firewall allows traffic on TCP port 443 or 853 and UDP port 123. If the TCP failures are not resolved, confirm the network settings of the en1 and en2 interfaces and the DNS name servers.

Note: The port number depends on the port that you configured for DoT in Security Connector.
TCP Connectivity to ‚ÄčSIA‚Äč CAS ServiceTCP connectivity issues are likely related to your firewall configuration. Confirm that your organization's firewall allows traffic on TCP port 443 or 853 and UDP port 123. If the TCP failures are not resolved, confirm the network settings of the en1 and en2 interfaces and the DNS name servers.

Note: The port number depends on the port that you configured for DoT in Security Connector.
TCP Connectivity to CSI Log Push ServiceTCP connectivity issues are likely related to your firewall configuration. Confirm that your organization's firewall allows traffic on TCP port 443 or 853 and UDP port 123. If the TCP failures are not resolved, confirm the network settings of the en1 and en2 interfaces and the DNS name servers.

Note: The port number depends on the port that you configured for DoT in Security Connector.
TCP Connectivity to Akamai Software RepositoryTCP connectivity issues are likely related to your firewall configuration. Confirm that your organization's firewall allows traffic on TCP port 443 or 853 and UDP port 123. If the TCP failures are not resolved, confirm the network settings of the en1 and en2 interfaces and the DNS name servers.

Note: The port number depends on the port that you configured for DoT in Security Connector.
TCP Connectivity to Akamai DoT CloudTCP connectivity issues are likely related to your firewall configuration. Confirm that your organization's firewall allows traffic on TCP port 443 or 853 and UDP port 123. If the TCP failures are not resolved, confirm the network settings of the en1 and en2 interfaces and the DNS name servers.

Note: The port number depends on the port that you configured for DoT in Security Connector.