Sign in
Follow

How to troubleshoot sensor setup -- If the NetWatcher Sensor is not connecting to NetWatcher cloud to allow it to be setup

Please refer to the setup documentation prior to troubleshooting:

  • Installing from the Customer Portal (here)
  • Installing from the Partner Portal (here)

in the portal is the sensor Red, Yellow, Green or Doesn't exist?

  • Red - The sensor is NOT connecting to the NetWatcher cloud.  
  • Yellow - The sensor is connecting but the Network IDS is not seeing traffic on the mirror port
  • Green - All is working
  • Doesn't Exist - Setup has not been run on the sensor to copy credentials to the device 

This article is to troubleshoot situations where the sensor is 'Red'.

  1. Before beginning, reboot the sensor.
  2. Make sure there is only 1 cable connected between the sensor and the switch for the sensor’s connectivity to the cloud. (Ensure mirror port cable is not connected until you get connectivity resolved).
  3. Check to ensure the sensor is turned on (on the hardware sensor the green light is lit on the power button).
  4. Check to make sure nothing is blocking the sensor from connecting to the cloud – check and make sure your firewall is not blocking any of the following ports outbound:
    • TCP 22 => portal.netwatcher.com
    • TCP 8443 => p.netwatcher.com
    • UDP 443 => vpn.netwatcher.com
    • TCP 443 => vpn-tcp.netwatcher.com
    • TCP 443 => index.docker.io
    • TCP 443 => registry-1.docker.io
    • TCP 443 => public.update.core-os.net
    • TCP 80 to google.com => Used to test internet/DNS connectivity
  5. Check to make sure the sensor is getting an IP address that can get to the internet.
    1. Get the sensor IP address from the switch or DHCP server (for a physical sensor you can look for a Lanner MAC address starting with ‘00:90:0b’) and ping the sensor
      1. IF YOU CAN’T FIND THE IP ADDRESS or If you don’t get a ping response then the sensor likely does not have an IPV4 address. If this is the case connect a monitor/keyboard to the sensor hardware (or open up the console for the VM) and hit enter on the keyboard and see if there is an IPV4 address on the screen. 
        1. If there is an error on the screen (once you hook monitor/keyboard), then the sensor storage may have become corrupt.
        2. If there is not an IPV4 address then the sensor is likely not getting a lease from DHCP. If this is the case you need to understand why this is occurring AND/OR setup a static IP (more here https://support.netwatcher.com/hc/en-us/articles/226547827-How-to-set-a-static-IP-Address-for-the-on-premise-sensor ).  You will need to login to the sensor using config/config and using a one-time passcode that changes every 30 seconds.  You can find the one-time passcode on the sensor details page (note that the bios of the sensor need to be set to UTC time and be accurate for the one-time passcode to work).
          • Getting the one time passcode from the Partner Portal: From Partner Portal: Login to the Partner Portal and go to the Sensors Page (upper right-hand corner choose your name, then ‘sensors’ off of the global menu). Find the sensor in the unknown sensors list and choose the sensor name.  On the sensors detail page look for the button at the top for the 'one time passcode'.
          • Getting the one time passcode from the Customer Portal: Go to https://portal.netwatcher.com/sensor/sensors and choose the sensor name and choose 'one time passcode'
      2. If you do get a ping response from the sensor then you need to figure out why the sensor’s IP cannot get to the internet to talk to the NetWatcher cloud. Since you have an IP address working you can likely connect to the sensor directly using the URL below and login with config/config and a one-time passcode (retrieved from the sensors detail page noted above):  https://<sensoripaddress>:8443 simply login to the sensor and verify there are no errors on the console.  
  6. If you are using a Virtual machine then you should verify your networking settings for the VM are setup properly.  Please contact your VM host provider for support VM networking issues.

 

Comments

Powered by Zendesk