Unable to reach Internal Application via Connector from the Endpoint
Problem
Managed endpoints are unable to establish a connection with the internal application via the Application Connector, resulting in a reachability failure.
Cause
The reachability failure occurs due to a break in the secure communication chain at one of two specific network legs:
Connectivity issue between the Managed Endpoint and the Application Connector
Connectivity issue between the Application Connector and the Internal Application.
Resolution
Check Endpoint to Connector Reachability
Run the following commands on your managed endpoint to verify connectivity to the Application Connector:
If the output indicates an established connection or a connection aborted message, the connectivity between the Endpoint and Application Connector is confirmed. Proceed directly to Step 2 to check reachability between the Connector and the Internal Application.
If the output shows a connection timed out error, there is a connectivity issue. There are two possible causes:
Firewall blocking traffic The firewall may be blocking outbound traffic on port 8443. Resolution: Allowlist port 8443 in the firewall for traffic between the managed endpoint and the Application Connector.
WAF inspecting the traffic A Web Application Firewall (WAF) may be inspecting the traffic between the endpoint and the connector, breaking the connection. Resolution: Provide direct access between the managed endpoint and the Application Connector, bypassing the WAF for this traffic path.
Check Connector to Internal Application Reachability
If the endpoint-to-connector connection is confirmed healthy, run the following command to verify connectivity to the internal application:
If the output indicates an established connection or a connection aborted message, the connectivity between the Connector and the Internal Application is confirmed. If either of the above outputs is observed, the issue may require deeper investigation. Please contact the support team for further assistance.
If the output shows a connection timed out error, there is a connectivity issue between the Application Connector and the Internal Application. Work through the following causes in order:
DNS Resolution The internal application's hostname may be resolving incorrectly on the Application Connector. Resolution: Verify that the hostname resolves to the expected IP address. If the hostname does not resolve or resolves to an incorrect IP address, fix the DNS configuration on the connector.
Host firewall on the internal application server The host-level firewall on the internal application may be blocking incoming connections from the Application Connector. Resolution: Update the host firewall rules on the internal application to explicitly allow inbound traffic from the Application Connector's IP on the application port.
Network firewall blocking traffic A network firewall may be blocking traffic between the Application Connector and the internal application on the application's port. Resolution: Open the application's port in the network firewall to allow traffic from the Application Connector to the Internal Application.
Service/server not running or unreachable on the expected port The internal application's server may be down, or the connector service may not be running or listening on the expected port. Run the following command to verify:
sudo systemctl status sse-gateway
Resolution: Verify that the server is up and the application service is active and listening on the correct port.
