Support Center

How to test connectivity between a sensor, Pulse and the update servers

Last Updated: Jun 06, 2018 12:36PM EDT
Sensors require exclusions through proxy servers or web filtering solutions.

Pwnie Express sensors do NOT support the use of a proxy server, application or web filtering solution when communicating with Pulse or when retrieving updates.

This is attributed to the sensors leveraging a customized implementation of SSL and bi-directional exchange of certificates to ensure secure communication is maintained at all times. Additionally providing encryption of the data in transit between sensors and Pulse.

If a proxy server, application or web filtering solution is used within the network the sensor is located, to allow sensors to fully communicate with Pulse and to retrieve updates, the following exclusions *are* required to be in place *before* the sensor can be connected with Pulse.

Note: The value of "subdomain" represents the subdomain associated with your assigned Pwn Pulse environment. For example, if the Pulse environment is accessible as "https://widgets.pwnieexpress.net", then "widgets" is the subdomain.

Allow TCP port 443 for SSL to subdomain.pwnieexpress.net
Allow TCP port 443 for SSL to sensors.subdomain.pwnieexpress.net
Allow TCP port 443 for SSL to updates.pwnieexpress.com
Allow TCP port 443 for SSL to kalirepo.pxinfra.net
Allow TCP port 873 for RSYNC to feed.openvas.org

If there is doubt or if there is a desire to verify connectivity from the sensor to the above, please perform the following.

1. Establish an SSH connection with the sensor and login with the "pwnie" user account.
2. Next, type sudo su and press Enter, then re-type the password and press Enter to become superuser.
2. Type px-connection-dr -d subdomain and press Enter.

The results will appear similar to the following:

Attempting connection to sensors.widgets.pwnieexpress.net:443... [SUCCESS]
Waiting on server status confirmation... [SUCCESS]
Checking SSL server certificate... [VALID]

Attempting to connect to updates.pwnieexpress.com:443... [SUCCESS]
Checking SSL server certificate validity for updates.pwnieexpress.com:443... [VALID]

Attempting to connect to kalirepo.pxinfra.net:443... [SUCCESS]
Checking SSL server certificate validity for kalirepo.pxinfra.net:443... [VALID]

Attempting to connect to feed.openvas.org:873 via rsync... [SUCCESS]

px-connection-dr status: SUCCESS


In the output displayed all results should indicate either SUCCESS or VALID highlighted in green as shown above. If there is a single occurrence of a FAIL or INVALID highlighted in red, this indicates that portion of the test failed. This failure must be resolved before the sensor can be updated or registered (joined) to Pulse.

*** For sensors that are not registered to Pulse, only the following exclusions are reqiured

Allow TCP port 443 for SSL to updates.pwnieexpress.com
Allow TCP port 443 for SSL to kalirepo.pxinfra.net

Contact Us

support@pwnieexpress.com
http://assets3.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete