USM Anywhere™

View Network Testing Information

When you open a ticket with AT&T Cybersecurity Technical Support, you may be required to test the sensor's network connectivity with the system debugging tool to assist the support engineer with diagnosing your issue. The USM Anywhere Sensor console provides a function that you can use to collect this information.

To view sensor network test information for the sensor

  1. Open your virtualization management console and connect to the USM Anywhere Sensor virtual machine (VM).

    Alternatively, you can open an SSH session to the sensor VM. When using an SSH session, the default username is sysadmin.

    Important: If you are accessing a Microsoft Azure Sensor through SSH and you specified a username other than the default (sysadmin) for SSH access for the sensor VM, you must use the following commands at the command line to "sudo up" and access the sensor console:

    # sudo su – sysadmin

  2. From the USM Anywhere Sensor console System Menu, select Maintenance and press Enter.

    Select the Maintenance option from the console System menu

  3. From the Maintenance menu, select Debugging Tools and press Enter.

  4. From the Debugging Tools menu, select Network and press Enter.

    Debugging tools menu

  5. From the Network menu, select Network Test and press Enter.

    The network test runs and displays the test results.

Network Test Results

The test displays a screen with the results of the sensor's network test. There are seven tests that are displayed. Each test displays a SUCCESS or ERROR result.

Results of the sensor debug test.

This table lists the individual tests with a potential diagnosis for a test failure.

Individual Tests with a Potential Diagnosis for a Test Failure
Test Purpose Failure Diagnosis

Ping to default gateway

This test determines if the sensor can ping its default gateway or router.

If this test fails, confirm that the sensor is using the correct default gateway and subnet.

An error for this test results in a sensor connection failure.

Important: Sometimes this test can fail because some providers don't allow users to ping their gateway.

DNS test to Control Node <your subdomain>

This test determines if the sensor can resolve the IP of the USM Anywhere subdomain.

If this test fails, confirm that the sensor is using the correct Domain Name System (DNS) server and can resolve the IP address of the domain. This can be tested from another machine using the following command:

nslookup <SUBDOMAIN> <DNS-IP-Address>

An error for this test results in a sensor connection failure.

Testing connection to Control Node port 443

This test determines whether a full TCP connection is possible to the domain on port 443.

If all previous tests are successful, this test can fail due to a firewall or a similar device blocking the connection.

An error for this test results in a sensor connection failure.

See USM Anywhere Sensor Deployments for sensor configuration requirements.

Testing connection to Control Node port 7100

This test determines whether a full TCP connection is possible to the domain on port 7100.

If all previous tests are successful, this test can fail due to a firewall or similar device blocking the connection.

An error for this test results in a sensor connection failure.

See USM Anywhere Sensor Deployments for sensor configuration requirements.

Testing SSL Certificate of the Control Node

This test determines whether the OpenSSL certificate is being returned.

If this test fails, it is most likely due to a firewall or proxy duplicating the OpenSSL certificate.

An error for this test results in a sensor connection failure.

See USM Anywhere Sensor Deployments for sensor configuration requirements.

Testing connection to update.alienvault.cloud on por 443 This test determines whether a full TCP connection is possible to update.alienvault.com on port 443.

If all previous tests are successful, this test can fail due to a firewall or similar device blocking the connection.

A failure means that the initial setup will fail and future updates of the sensor will also fail.

See USM Anywhere Sensor Deployments for sensor configuration requirements.

Testing connection to reputation.alienvault.com on port 443 This test determines whether a full TCP connection is possible to reputation.alienvault.com on port 443.

If all previous tests are successful, this test can fail due to a firewall or a similar device blocking the connection.

A failure means that communication with the AT&T Alien Labs™ team threat intelligence can't be successful.

See USM Anywhere Sensor Deployments for sensor configuration requirements.

Testing connection to otx.alienvault.com on port 443 This test determines whether a full TCP connection is possible to otx.alienvault.com on port 443.

If all previous tests are successful, this test can fail due to a firewall or a similar device blocking the connection.

A failure means that communication with AT&T Alien Labs™ Open Threat Exchange® (OTX™) and that OTX threat intelligence can't be downloaded.

See USM Anywhere Sensor Deployments for sensor configuration requirements.

Testing connection to prod-usm-saas-tractorbeam.alienvault.cloud on port 22 This test determines whether a full TCP connection is possible to usm-saas-tractorbeam.alienvault.cloud on port 22.

If all previous tests are successful, this test can fail due to a firewall or similar device blocking the connection.

A failure means that a support session can't be open to the sensor.

See USM Anywhere Sensor Deployments for sensor configuration requirements.

Testing connection to prod-usm-saas-tractorbeam.alienvault.cloud on port 443 This test determines whether a full TCP connection is possible to usm-saas-tractorbeam.alienvault.cloud on port 443.

If all previous tests are successful, this test can fail due to a firewall or similar device blocking the connection.

A failure means that a support session can't be open to the sensor.

See USM Anywhere Sensor Deployments for sensor configuration requirements