Support Center

How to test connectivity between a sensor, Pulse and the update servers

Last Updated: Nov 14, 2019 12:12PM EST
Pwnie Express sensors do NOT support the use of a proxy server, application/web filtering or SSL Filtering solutions when communicating with Pulse or when retrieving updates.

This is attributed to the sensors leveraging a customized implementation of SSL/TLS, which includes the bi-directional exchange of client and server certificates to ensure the security of communication and the encryption of data is maintained at all times in transit between sensors and Pulse.

If a proxy server, application/web filtering, or SSL Filtering solution is used within the network the sensor is located, the following exclusions *are* required.

Note: The value of "subdomain" represents the subdomain associated with your assigned Pulse environment. For example, if the Pulse environment is accessible as "https://widgets.pwnieexpress.net", then "widgets" is the subdomain.

Allow TCP port 443 for SSL to subdomain.pwnieexpress.net
Allow TCP port 443 for SSL to sensors.subdomain.pwnieexpress.net
Allow TCP port 443 for SSL to updates.pwnieexpress.com
Allow TCP port 443 for SSL to kalirepo.pxinfra.net
Allow TCP port 873 for RSYNC to feed.openvas.org


To verify connectivity from the sensor to the above is working without issue, please perform the following steps:
  1. Establish an SSH connection with the sensor and login with the "pwnie" user account.
  2. Next, type sudo su and press Enter, then re-type the password and press Enter to become superuser.
  3. Type px-connection-dr -d subdomain and press Enter.

The results will appear similar to the following:

Attempting connection to sensors.widgets.pwnieexpress.net:443... [SUCCESS]
Waiting on server status confirmation... [SUCCESS]
Checking SSL server certificate... [VALID]

Attempting to connect to updates.pwnieexpress.com:443... [SUCCESS]
Checking SSL server certificate validity for updates.pwnieexpress.com:443... [VALID]

Attempting to connect to kalirepo.pxinfra.net:443... [SUCCESS]
Checking SSL server certificate validity for kalirepo.pxinfra.net:443... [VALID]

Attempting to connect to feed.openvas.org:873 via rsync... [SUCCESS]

px-connection-dr status: SUCCESS



In the output displayed *all* results should indicate either SUCCESS or VALID highlighted in green as shown above. If there is an occurrence of FAIL or INVALID highlighted in red, this indicates that portion of the test failed. This failure must be resolved before the sensor can be updated or registered (joined) to Pulse.

*** For sensors that are not registered to Pulse, only the following exclusions are required to allow the sensor to obtain updates.

Allow TCP port 443 for SSL to updates.pwnieexpress.com
Allow TCP port 443 for SSL to kalirepo.pxinfra.net

Contact Us

support@pwnieexpress.com
http://assets1.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete