Troubleshoot your connection to ExtraHop Cloud Services

You must establish a connection to ExtraHop Cloud Services to enable the Machine Learning Service (formerly Addy) and access the Detections page. However, if the connection fails or you do not have a direct internet connection, you can connect to the internet through a proxy server specifically designated for ExtraHop Cloud Services and Atlas connectivity. This guide explains how to troubleshoot common connectivity issues.

Before you begin

  • You must have a valid license to connect to the ExtraHop Machine Learning Service. See the License FAQ for additional information. Note that it can take up to 24 hours for a license update to be available for your ExtraHop appliance after your request for a valid license is enabled.
  • You must have unlimited privileges to access the ExtraHop Admin UI and to connect to ExtraHop Cloud Services.
  • You must have familiarity with modifying the Running Config file. The Running Config file manages default system configurations and must be saved if you want the modified settings to be preserved after a system restart.

Configure your firewall rules

Before you can connect to the Machine Learning Service, you must allow access to the ExtraHop Cloud Services through any firewalls.

Connection to ExtraHop Cloud Services requires that your environment is able to meet the following conditions:

  • The ability to perform a DNS lookup of *.extrahop.com
  • The ability to connect to ExtraHop Cloud Services through HTTPS (port 443)

The server IP address for ExtraHop Cloud Services might change periodically, but you can identify the current IP address by running one of the following commands, based on your geographic location.

Portland, U.S.A.:

nslookup pdx.hopcloud.extrahop.com

Sydney, Australia:

nslookup syd.hopcloud.extrahop.com

Frankfurt, Germany:

nslookup fra.hopcloud.extrahop.com

Connect to the Machine Learning Service through a proxy

If the connection fails or you do not have a direct internet connection, try connecting to the Machine Learning Service through an explicit proxy.

  1. Log into the Admin UI of the Discover appliance.
  2. In the Network Settings section, click Connectivity.
  3. Click Enable ExtraHop Cloud Proxy.
  4. Type the hostname for your proxy server, such as proxyhost.
  5. Type the port for your proxy server, such as 8080.
  6. Optional: If required, type a username and password for your proxy server.
  7. Click Save.

Bypass certificate validation

Some environments are configured so that encrypted traffic cannot leave the network without inspection by a third-party device. This device can act as an SSL/TLS endpoint, which decrypts and re-encrypts the traffic before sending the packets to ExtraHop Cloud Services.

If the ExtraHop appliance cannot connect to the proxy server because the certificate validation has failed, you can bypass certificate validation and connect to ExtraHop Cloud Services.

  1. Log into the ExtraHop Admin UI on the Discover appliance.
  2. In the Appliance Settings section, click Running Config.
  3. Click Edit config.
  4. Add the following line to the end of the Running Config file:
    "hopcloud": { "verify_outer_tunnel_cert": false }
  5. Click Update.
  6. Click View and Save Changes.
  7. Review the changes and click Save.
  8. Click Done.
Published 2018-11-09 13:57