Troubleshoot connectivity test failures
If you ran a connectivity test, this table includes solutions for areas where the connectivity test reported failures. To confirm the overall status of the security connector, see Security Connector status.
Solutions for connectivity test failures
| Failed connectivity test check | Solution |
|---|---|
| en1 interface is up | Verify that you entered valid network settings for the en2 interface (formerly the management interface). The current settings for the security connector are shown when you access the main menu, the network menu, and the diagnostics menu. To change the en2 interface settings, see Configure the en2 interface. |
| en2 interface is up | Verify that you entered valid network settings for the en1 interface (formerly the data interface). The current settings for the security connector are shown when you access the main menu, the network menu, and the diagnostics menu. To change the en1 interface settings, see Configure the en1 interface. |
| Domain Name Resolution for Security Connector Management Gateway | Confirm the settings for the DNS name servers. If you configured DHCP and are using the populated network settings, review the settings for the en1 and en2 interfaces. To change the settings associated with the DNS name servers, see Configure DNS name servers. |
| Domain Name Resolution for SIA CAS service | Confirm the settings for the DNS name servers. If you configured DHCP and are using the populated network settings, review the settings for the en1 and en2 interfaces. To change the settings associated with the DNS name servers, see Configure DNS name servers. |
| Domain Name Resolution for CSI Log Push service | Confirm the settings for the DNS name servers. If you configured DHCP and are using the populated network settings, review the settings for the en1 and en2 interfaces. To change the settings associated with the DNS name servers, see Configure DNS name servers. |
| Domain Name Resolution for Security Connector Software Repository | Confirm the settings for the DNS name servers. If you configured DHCP and are using the populated network settings, review the settings for the en1 and en2 interfaces. To change the settings associated with the DNS name servers, see Configure DNS name servers. |
| Domain Name Resolution for Security Connector DoT Cloud | Confirm the settings for the DNS name servers. If you configured DHCP and are using the populated network settings, review the settings for the en1 and en2 interfaces. To change the settings associated with the DNS name servers, see Configure DNS name servers. |
| Cert Validation for Security Connector Management Gateway | If certificate validation fails while the TCP operations pass, an on-premises web proxy may interfere with the validation. If your network has a web proxy, make sure that you configure it to bypass the IP address of the en2 interface or the domains of the Security Connector Management Gateway, CAS, and CSI services. To find the domains of the Security Connector Management Gateway, CAS, and CSI services, see View debug information. |
| Cert Validation for SIA CAS service | If certificate validation fails while the TCP operations pass, an on-premises web proxy may interfere with the validation. If your network has a web proxy, make sure that you configure it to bypass the IP address of the en2 interface or the domains of the Security Connector Management Gateway, CAS, and CSI services. To find the domains of the Security Connector Management Gateway, CAS, and CSI services, see View debug information. |
| Cert Validation for CSI Log Push Service | If certificate validation fails while the TCP operations pass, an on-premises web proxy may interfere with the validation. If your network has a web proxy, make sure that you configure it to bypass the IP address of the en2 interface or the domains of the Security Connector Management Gateway, CAS, and CSI services. To find the domains of the Security Connector Management Gateway, CAS, and CSI services, see View debug information. |
| Cert Validation for Security Connector DoT Cloud | If certificate validation fails while the TCP operations pass, an on-premises web proxy may interfere with the validation. If your network has a web proxy, make sure that you configure it to bypass the IP address of the en2 interface or the domains of the Security Connector Management Gateway, CAS, and CSI services. To find the domains of the Security Connector Management Gateway, CAS, and CSI services, see View debug information. |
| TCP Connectivity to Security Connector Management Gateway | TCP connectivity issues are likely related to your firewall configuration. Confirm that your organization's firewall allows traffic on TCP port 443 or 853 and UDP port 123. If the TCP failures are not resolved, confirm the network settings of the en1 and en2 interfaces and the DNS name servers. Note: The port number depends on the port that you configured for DoT in Security Connector. |
| TCP Connectivity to SIA CAS Service | TCP connectivity issues are likely related to your firewall configuration. Confirm that your organization's firewall allows traffic on TCP port 443 or 853 and UDP port 123. If the TCP failures are not resolved, confirm the network settings of the en1 and en2 interfaces and the DNS name servers. Note: The port number depends on the port that you configured for DoT in Security Connector. |
| TCP Connectivity to CSI Log Push Service | TCP connectivity issues are likely related to your firewall configuration. Confirm that your organization's firewall allows traffic on TCP port 443 or 853 and UDP port 123. If the TCP failures are not resolved, confirm the network settings of the en1 and en2 interfaces and the DNS name servers. Note: The port number depends on the port that you configured for DoT in Security Connector. |
| TCP Connectivity to Security Connector Software Repository | TCP connectivity issues are likely related to your firewall configuration. Confirm that your organization's firewall allows traffic on TCP port 443 or 853 and UDP port 123. If the TCP failures are not resolved, confirm the network settings of the en1 and en2 interfaces and the DNS name servers. Note: The port number depends on the port that you configured for DoT in Security Connector. |
| TCP Connectivity to Security Connector DoT Cloud | TCP connectivity issues are likely related to your firewall configuration. Confirm that your organization's firewall allows traffic on TCP port 443 or 853 and UDP port 123. If the TCP failures are not resolved, confirm the network settings of the en1 and en2 interfaces and the DNS name servers. Note: The port number depends on the port that you configured for DoT in Security Connector. |
Updated 9 days ago