vSRX on AWS. Service plane cannot connect to sky ATP

07.05.17   |  
‎07-05-2017 02:54 PM

File submission to skyATP was not successful due to data plane connection failure (control plane connection is up).

-  I have made sure that the outgoing revenue interface and mgmt interface are able to access internet
-  No DNS issues.
-  I have also enabled PMTU.
-  I have configured jumbo MTU on the relevant interfaces and the chosen AWS instance type also supports jumbo MTU. I don’t understand why the below screenshot shows path mtu is 0 and socket connection not established
-   I have also started afresh with the new instance and allowed all kinds of traffic without blocking anything but it didn’t work.


root> request services advanced-anti-malware data-connection test status
fpc0: Test failed. Reason: Connect error. Test time: xxxx UTC.

root> show services advanced-anti-malware status
    Server connection status:
    Server hostname: xxxxxxxxxx
    Server port: 443
    Control Plane:
    Connection time: xxxxx UTC
    Connection status: Connected
    Service Plane:
    Connection active number: 0
    Connection retry statistics: 744


root> request services advanced-anti-malware diagnostics xxxxxx detail

    [INFO] Try to get IP address for hostname xxxxxxxxxx
    DNS check : [OK]
    [INFO] Try to test SKYATP server connectivity
    SKYATP reachability check : [OK]
    [INFO] Try ICMP service in SKYATP
    SKYATP ICMP service check : [OK]
    [INFO] To-SKYATP connection is using , according to route
    To-SKYATP connection through Packet Forwarding Engine: [OK]
    [: invalid: unexpected operator
    expr: syntax error
    [: -le: unexpected operator
    [INFO] Check IP MTU with length
    IP Path MTU check : [OK]
    IP Path MTU is 0, the outgoing interface's MTU is invalid interface
    type in 'mtu': mtu
    Couldn't connect: Socket is not connected
    Fatal error waiting for socket to open
    SSL configuration consistent check** : [OK]


Please help me fix this.



Re: vSRX on AWS. Service plane cannot connect to sky ATP

07.05.17   |  
‎07-05-2017 07:21 PM



What source interface have you configured for advanced-anti-malware, you can check it using the below command:


show services advanced-anti-malware


If you havn't configured a source interface then please configure one accordingly and check.




# show services advanced-anti-malware

connection {

    url https://xxxxxxxxx

    authentication {

        tls-profile aamw-ssl;


    source-interface ge-0/0/0.0;