Virtual RNA Troubleshooting

Connectivity

Verify

  • The virtual RNA is powered on in your hypervisor (VMware, Virtualbox, etc.).
  • The virtual RNA’s virtual network adapter is enabled in the virtual machine’s settings in the hypervisor.
  • There is activity on the network (network allows connected machine’s outbound connectivity to HTTPS sites, [for example, Google]).

  • View the console of the vRNA and see if there are any error messages on reboot. (Keep connected. See below.)

Configuration Verification

Verify the TCP/IP settings assigned to the RNA. These settings can be viewed by drilling into the Internal Network Profile within Fortra VM On-Premises. They include:

  • IP Address - The IP address for the scanner.

  • Netmask - The subnet mask for the scanner.

  • Gateway - The IP address for the gateway device available to the scanner.

  • Primary DNS - The IP address for the DNS server available to the scanner.

Debugging Console

From the RNA console, select Console for network debugging.

It is recommended that you run the status, and ping commands first to determine if you have basic network connectivity.

RNA Console Version 4.x.x

The following terminal commands are available to troubleshoot network connectivity:

ping Measures transit delay of packets (network latency) across the IP network
traceroute Displays the route (path) and measures transit delay of packets (network latency) across the IP network
ifconfig Displays the network configuration on the Ethernet adapter currently in use
onprem-ip Sets the IP address of the Fortra Admin Console to activate Fortra VM On-Premises.
route Displays the routes in the routing table
nc Creates TCP / UDP connections to test connectivity to other hosts
status Verifies the RNA can connect to the required domains. If you receive a failure, verify outbound perimeter security device access to the required domains.
exit Exits the console
reboot Reboots the RNA
factory-reset Resets the RNA back to factory defaults. Re-activation is required for the RNA to be used for scanning again.

Common Issues and Solutions

To determine which version of the RNA platform you're running, locate the core version description for the activated RNA in question. From the navigation pane, select the Scan Settings > Scanners. Select the RNA you're investigating and scroll down to locate the Installed Software section. The core item lists the RNA platform version.

RNA Console Version 4.0.0 and Later

Before attempting troubleshooting measures, verify there is nothing that blocks a WebSocket connection outbound, such as a firewall or web proxy.

  1. Check for the following: 

    1. Perimeter security device port restrictions

    2. IDS / IPS / Firewall / Web Proxy rules that could be blocking outbound traffic.

    2. Since the RNA is not "logging in" as an authenticated user on your network, it will not receive the policies in effect to allow it to transmit data.

  2. Add specific rule to your Perimeter Security Device/IDS/Web Filtering devices to allow all outbound traffic to the domains specified in the Troubleshooting section.

    1. Contact the network security device monitoring company to ensure the domains are not block-listed.

    2. Request the domains be allow-listed instead.

    3. NOTE: If there is a web proxy on the network, it's still possible that it's blocking the RNA even if the "status" command shows everything as OK. The "status" command does a basic TCP test to the required domains which may return that it is accessible when it is not based on the response of a web proxy or other network device. This has been observed with Zscaler, but other network devices may also behave similarly.

Troubleshooting

If you have issues with your RNA, ensure the Fortra Admin Console IP is added to the allow list if you are using a web proxy or some other security technology that may block the outbound connection to Fortra VM On-Premises from the RNA.

NOTE: Use the status command in the RNA Console to check that the RNA can connect to the required IP and ports.