vSRX
Showing results for 
Search instead for 
Do you mean 
Reply
New User
Posts: 1
Registered: ‎06-23-2017
0 Kudos

vSRX on AWS. Service plane cannot connect to sky ATP

File submission to skyATP was not successful due to data plane connection failure (control plane connection is up).


-  I have made sure that the outgoing revenue interface and mgmt interface are able to access internet
-  No DNS issues.
-  I have also enabled PMTU.
-  I have configured jumbo MTU on the relevant interfaces and the chosen AWS instance type also supports jumbo MTU. I don’t understand why the below screenshot shows path mtu is 0 and socket connection not established
-   I have also started afresh with the new instance and allowed all kinds of traffic without blocking anything but it didn’t work.

 

root> request services advanced-anti-malware data-connection test status
fpc0: Test failed. Reason: Connect error. Test time: xxxx UTC.

root> show services advanced-anti-malware status
    Server connection status:
    Server hostname: xxxxxxxxxx
    Server port: 443
    Control Plane:
    Connection time: xxxxx UTC
    Connection status: Connected
    Service Plane:
    fpc0
    Connection active number: 0
    Connection retry statistics: 744

 

root> request services advanced-anti-malware diagnostics xxxxxx detail

    [INFO] Try to get IP address for hostname xxxxxxxxxx
    DNS check : [OK]
    [INFO] Try to test SKYATP server connectivity
    SKYATP reachability check : [OK]
    [INFO] Try ICMP service in SKYATP
    SKYATP ICMP service check : [OK]
    [INFO] To-SKYATP connection is using , according to route
    To-SKYATP connection through Packet Forwarding Engine: [OK]
    [: invalid: unexpected operator
    expr: syntax error
    [: -le: unexpected operator
    [INFO] Check IP MTU with length
    IP Path MTU check : [OK]
    IP Path MTU is 0, the outgoing interface's MTU is invalid interface
    type in 'mtu': mtu
    Couldn't connect: Socket is not connected
    Fatal error waiting for socket to open
    SSL configuration consistent check** : [OK]

 

Please help me fix this.

 

Highlighted
Super Contributor
Posts: 157
Registered: ‎03-31-2016
0 Kudos

Re: vSRX on AWS. Service plane cannot connect to sky ATP

Hi,

 

What source interface have you configured for advanced-anti-malware, you can check it using the below command:

 

show services advanced-anti-malware

 

If you havn't configured a source interface then please configure one accordingly and check.

 

Eg:

 

# show services advanced-anti-malware

connection {

    url https://xxxxxxxxx

    authentication {

        tls-profile aamw-ssl;

    }

    source-interface ge-0/0/0.0;

}

 

Thanks,

Vikas