Test Connectivity from the Device to the CloudGen Access Proxy
Get the CloudGen Access Proxy details from the CloudGen Access Enterprise Console.
Try to open an SSL connection to the proxy and confirm that the first lines reference
Fyde Root Certificate Authority
→ openssl s_client -showcerts -servername <proxy_host> -connect <proxy_host>:<proxy_port>
CONNECTED(00000006)
depth=3 CN = Fyde Root Certificate Authority
verify error:num=19:self signed certificate in certificate chain
verify return:1
depth=3 CN = Fyde Root Certificate Authority
verify return:1
depth=2 CN = Fyde Intermediary Certificate Authority
verify return:1
depth=1 CN = fyde://xxxx-xxxxxx-xxxx/
verify return:1
depth=0
verify return:1
...
If the request fails or the operation times out, that means you are not reaching the CloudGen Access Proxy.
Check the following:
Proxy Host DNS record is being resolved to the correct IP.
Proxy Host IP, if using IP instead of DNS, is correct.
NAT configuration in the device/service that is exposing the CloudGen Access Proxy.
Firewall rules to allow inbound communication to the configured CloudGen Access Proxy.
Check if the Device Is Trying to Access the Resource with the CloudGen Access App
Check the IP for the failing resource. It should return an IP in the following range:
255.0.0.0/8 for Unix/Linux-based systems
198.18.0.0/15 for Microsoft-based systems
→ nslookup myresource.private
Server: 192.0.2.5
Address: 192.0.2.5#53
Name: myresource.private
Address: 255.0.0.12
Next steps:
Confirm that the CloudGen Access App is running and the tunnel is started.
Check that the CloudGen Access App is enrolled in a tenant.
Confirm the resource is created in the CloudGen Access Enterprise Console.
Resource list update on CloudGen Access App can take up to 15 minutes. Force refresh if your CloudGen Access App version allows it.
Test Connectivity from Envoy Proxy to the Resource
The Envoy Proxy needs to be able to reach the resource with the configured properties.
Take note of the following resource:
Resource Name – My Resource
Public Host – myresource.private
Resource Host – myresource.internal
External Port – 80
Internal Port – 3000
Access Proxy – US-EAST-1-PROXY
Envoy Proxy must be able to resolve the Resource Host record.
→ nslookup myresource.internal
Server – 10.0.0.1
Address – 10.0.0.1#53
Name – myresource.internal
Address – 10.0.0.20
For an HTTP resource, an HTTP request can be sent using curl.
→ curl myresource.internal:3000
HTTP/1.1 200 OK
[...]
For a redis resource, netcat can be used for connecting.
→ nc myresource.internal 3000
PING
+PONG
Next steps:
Check that the DNS server is correctly configured.
Confirm that intermediate firewall rules are not blocking access to the resource.
For HTTPS connection, the Public Host needs to match the configured hostname in the resource certificate. However, the Resource Host just needs to be something the CloudGen Access Proxy can resolve and access.