Skip to main content
All CollectionsCloudGen Access Docs
Test Connectivity from Proxy to the Resource
Test Connectivity from Proxy to the Resource
Barracuda Admin avatar
Written by Barracuda Admin
Updated over 2 years ago

Resources should be accessible by the proxy. In addition, the proxy must be able to reach the IP:Port configured for the resource, and it should be able to resolve the Resource Host record, if any.

Connect to the Proxy VM/Container/Pod (connect to the Envoy container/pod if separate from the Orchestrator). Check the Internal Host name from the console (Access > Resources > Resource Details).

Next, try the following:

Example Internal Host – resource.example.org

? nslookup resource.example.org
Server – 10.0.0.1
Address – 10.0.0.1#53
Name – resource.example.org
Address – 10.0.0.20

For an HTTP resource, an HTTP request can be sent using curl.

? curl resource.example.org:80
HTTP/1.1 200 OK
[...]

For a non-HTTP resource, such as a redis resource, netcat can be used for connecting.

? nc resource.example.org 6379
PING
+PONG

If the proxy is not able to reach the Internal Host record, do the following:

  • Check that the DNS server is correctly configured, if the resource has a DNS record.

  • Confirm that intermediate firewall rules are not blocking access to the resource’s IP.

  • To prevent certificate mismatch errors in the HTTPS connection, the Public Host needs to match the configured hostname in the resource certificate. However, the Internal Host just needs to be something the CloudGen Access Proxy can resolve and access.

  • To leverage SSO for RDP domain joined hosts with NLA (Network Level Authentication) enabled, the Public Host must match the configured FQDN in the host.

Test Connectivity from Your Device to the Resource

Check the Public Host name from the console (Access > Resources > Resource).

Try to access to the resource.

If you cannot access the resource, first check the IP for the failing resource. It should return an IP in the following range:

  • 255.0.0.0/8 for Unix/Linux-based systems

  • 198.18.0.0/15 for Microsoft-based systems

? nslookup myresource.private
Server: 192.0.2.5
Address: 192.0.2.5#53
Name: myresource.private
Address: 255.0.0.12

Next steps:

  • Confirm that the CloudGen Access App is installed.

  • Confirm that the CloudGen Access App is running, and the tunnel is started.

  • Check that the CloudGen Access App is enrolled in a tenant.

  • Confirm that the resource is created in the CloudGen Access Enterprise Console.

  • Resource list update on CloudGen Access App can take up to 15 minutes. Force refresh if your CloudGen Access App version allows it.

  • Double-check the policies attached to the resource to ensure the resource is available to the user.

  • Make sure you do not have any other VPN- or DNS-interfering application running.

  • Some antivirus software is also known to interfere with the correct functionality of the CloudGen Access client. Please disable entirely when troubleshooting access issues.

  • Make sure you did not set static IP/DNS configuration.

Did this answer your question?