Troubleshoot your connection to the Addy service

You must establish a connection to the Addy service through ExtraHop Cloud Services from the Admin UI of your ExtraHop Discover or Command appliance. However, if the connection fails or you do not have a direct Internet connection, you can connect to the Internet through a proxy server specifically designated for ExtraHop Cloud services and Atlas connectivity. This guide explains how to troubleshoot common connectivity issues.

Before you begin

You must have a valid license to connect to the Addy service. See the License FAQ for additional information. Note that it can take up to 24 hours for a license update to be available for your ExtraHop appliance after your request for a valid license is enabled.

Note:The procedures in this topic require access to the ExtraHop Admin UI on your Discover appliance and require that you modify the Running Config file. The Running Config file manages default system configurations and can be modified when needed. You must save the Running Config file if you want the modified settings to be preserved after a system restart. For more information, see the Running Config section of the Admin UI Guide.

Configure your firewall rules

Before you can connect to the Addy service, you must allow access to the ExtraHop Cloud Services through any firewalls.

Connection to the Addy service requires that your environment is able to meet the following conditions:

  • The ability to perform a DNS lookup of *.extrahop.com
  • The ability to connect to ExtraHop Cloud Services through HTTPS (port 443)
The server IP address for ExtraHop Cloud Services might change periodically, but you can identify the current IP address by running the following command:
nslookup hc.extrahop.com

Connect to the Addy service through a proxy

If the connection fails or you do not have a direct internet connection, try connecting to the Addy service through an explicit proxy.

  1. Log into the Admin UI of the Discover appliance.
  2. In the Network Settings section, click Connectivity.
  3. Click Enable ExtraHop Cloud Proxy.
  4. Type the hostname for your proxy server, such as proxyhost.
  5. Type the port for your proxy server, such as 8080.
  6. Optional: If required, type a username and password for your proxy server.
  7. Click Save.

Bypass certificate validation

Some environments are configured so that encrypted traffic cannot leave the network without inspection by a third-party device. This device can act as an SSL/TLS endpoint, which decrypts and re-encrypts the traffic before sending the packets to ExtraHop Cloud Services.

If the ExtraHop appliance cannot connect to the proxy server because the certificate validation has failed, you can bypass certificate validation and connect to ExtraHop Cloud Services.

  1. Log into the ExtraHop Admin UI on the Discover appliance.
  2. In the Appliance Settings section, click Running Config.
  3. Click Edit config.
  4. Add the following line to the end of the Running Config file:
    "hopcloud": { "verify_outer_tunnel_cert": false }
  5. Click Update.
  6. Click View and Save Changes.
  7. Review the changes and click Save.
  8. Click Done.
Published 2017-11-20 17:13