RNA™ Troubleshooting
Power and Connectivity
Desktop | Rackmount | Virtual | ||
VERIFY:
Connect a monitor and keyboard to the RNA and see if there are any error messages on reboot. (Keep connected. See below.) |
VERIFY:
View the console of the vRNA and see if there are any error messages on reboot. (Keep connected. See below.) |
Physical Layer
- Verify that there is power to the unit by checking the power connection on the RNA and its Uninterruptible Power Source (UPS).
- Check for Hard Disk Drive (HDD) activity.
- Check for activity lights on both the RNA Network Interface Card (NIC) and the RNA switch port.
- Connect a keyboard and monitor (or KVM switch for Rackmounted units) and verify the “Logon” prompt is visible.
Configuration Verification
Verify the TCP / IP settings assigned to the RNA. These settings can be viewed by drilling into the Internal Network Profile within Fortra VM. They include:
IP Address: | The IP address for the scanner. |
Netmask: | The subnet mask for the scanner. |
Gateway: | The IP address for the gateway device available to the scanner. |
Primary DNS: | The IP address for the DNS server available to the scanner. |
External RNA IPs
The RNA will utilize the following external IP addresses as the source of scanning traffic. Set these IPs to your allow lists to facilitate all Fortra VM scanning.
us.frontline.cloud External RNA IPs
209.163.151.0/24
18.233.91.252
3.219.143.59
3.234.19.229
3.91.114.138
54.144.81.241
18.119.31.28
18.189.0.135
3.138.53.66
3.141.139.5
3.141.173.8
52.13.110.124
52.32.146.206
52.39.199.83
54.190.210.87
54.191.129.125
3.222.21.65
3.217.24.124
44.213.167.13
3.146.42.96/27
uk.frontline.cloud External RNA IPs
3.8.36.25
35.178.136.143
35.178.163.231
13.50.164.192/27
jp.frontline.cloud External RNA IPs
18.177.132.124
18.178.24.42
18.178.53.188
18.182.162.60
35.75.27.80
tryfrontline.cloud External RNA IPs
34.207.241.142
34.207.247.203
Debugging Console
From the RNA console, select Console for network debugging.
It is recommended that you run the status
, and ping
commands first to determine if you have basic network connectivity.
RNA Console Version 3.x.x
The following terminal commands are available to troubleshoot network connectivity:
ping | Measures transit delay of packets (network latency) across the IP network |
traceroute | Displays the route (path) and measures transit delay of packets (network latency) across the IP network |
ifconfig | Displays the network configuration on the Ethernet adapter currently in use |
route | Displays the routes in the routing table |
nc | Creates TCP / UDP connections to test connectivity to other hosts |
toggle | Toggles between ports 443 and 22, if you experience connectivity issues with either port |
status | Displays RNA network uplink status. If you receive a failure, verify outbound perimeter security device access to 18.208.54.25 on port 443 or 22 |
exit | Exits the console |
reboot | Reboots the RNA |
RNA Console Version 4.x.x
The following terminal commands are available to troubleshoot network connectivity:
ping | Measures transit delay of packets (network latency) across the IP network |
traceroute | Displays the route (path) and measures transit delay of packets (network latency) across the IP network |
ifconfig | Displays the network configuration on the Ethernet adapter currently in use |
route | Displays the routes in the routing table |
nc | Creates TCP / UDP connections to test connectivity to other hosts |
toggle | Toggles between ports 443 and 22 for support mode, if you experience connectivity issues with either port when trying to configure support mode. |
status | Verifies the RNA can connect to the required domains. If you receive a failure, verify outbound perimeter security device access to the required domains. |
exit | Exits the console |
reboot | Reboots the RNA |
factory-reset | Resets the RNA back to factory defaults. Re-activation is required for the RNA to be used for scanning again. |
support-test | Verify support mode connectivity. |
Common Issues and Solutions
To determine which version of the RNA platform you're running, locate the core version description for the activated RNA in question. From the navigation pane, select the System menu item and select Scanner Management. Select the RNA you're investigating and scroll down to locate the Installed Software section. The core item lists the RNA platform version.
RNA Console Version 3.X.X and Earlier
Run the "status" command from the RNA Console to see if any connectivity issues are highlighted.
Confirm that there is nothing restricting outbound SSH traffic on port 443 or 22 to the Proxy server hosted in AWS. (IP address 18.208.54.25).
- Check for the following:
- Perimeter security device port restrictions.
- IDS / IPS rules that could be blocking outbound traffic.
Using a workstation on the same subnet that the RNA is configured to work on, attempt to Telnet to 18.208.54.25 443 or 18.208.54.25 22.
-
From a command prompt or the Run line in Windows, type the following command:
telnet 18.208.54.25 22 -
Since the RNA is not “logging in” as an authenticated user on your network, it will not receive the policies in effect to allow it to transmit data.
-
Add a specific rule to your Perimeter Security Device /IDS / Web Filtering devices to allow all outbound traffic to use 18.208.54.25 on ports 443 or 22
- Contact the IDS / IPS monitoring company to ensure that the IP is not blocklisted.
- Request that the IP address be allowlisted instead.
If a SSH banner is not received back, verify that the outbound traffic is not restricted based on security privileges (Policy).
Firewall
- In some cases, a firewall outbound rule may be necessary to permit the RNA to communicate with IP 18.208.54.25 via port 443 (for TryFrontline.Cloud evaluation: 52.20.219.197 via port 443 ).
- If your firewall has a service policy configured, an exception is needed for the RNA. In cases where that is not possible (e.g. service policy is global), the RNA will need to be replaced with a virtual RNA.
Proxy
- If your web traffic is routed through a proxy, appropriate changes are needed to allow the RNA to establish a connection with IP 18.208.54.25 via port 443 (for TryFrontline.Cloud evaluation: 52.20.219.197). Check with your proxy administrator.
RNA Console Version 4.0.0 and Later
Before attempting troubleshooting measures, verify there is nothing that blocks a WebSocket connection outbound, such as a firewall or web proxy.
-
Check for the following:
-
Perimeter security device port restrictions
-
IDS / IPS / Firewall / Web Proxy rules that could be blocking outbound traffic.
-
-
Add specific rule to your Perimeter Security Device / IDS / Web Filtering devices to allow all outbound traffic to the domains specified in the Troubleshootingsection.
-
Contact the network security device monitoring company to ensure the domains are not block-listed.
-
Request the domains be allow-listed instead.
-
Since the RNA is not "logging in" as an authenticated user on your network, it will not receive the policies in effect to allow it to transmit data.
Troubleshooting
If you have issues with your RNA, you may have to add a few domains to the allow list if you are using a web proxy or some other security technology that may block the outbound connection to Fortra VM.
threatapi.<lineup domain>
updates.<lineup domain>
checkpoint.<lineup domain>
docker.<lineup domain>
edge-uplink.<lineup domain>
scanner-support.<lineup domain>
Where lineup domain could be:
us.frontline.cloud
uk.frontline.cloud
tryfrontline.cloud
jp.frontline.cloud
Domains required regardless of lineup:
*.touchback.frontline.cloud
Testing Connectivity
Run the following utility to verify proper connectivity from the RNA console. This command can be used to check if the RNA can connect to the specified domain to help rule out connectivity issues prior to requiring support.
nc -v <domain> 443
The command checks connectivity and then prints a status message to the command line.
Additionally, it is recommended to run "traceroute -T -p 443 -n edge-uplink.<lineup domain>". It may help diagnose a connectivity issue and would be helpful to have in any submitted support requests.