A common feature in today’s firewalls is the ability to inspect traffic encrypted by secure sockets layer (SSL). It’s a helpful feature for giving you visibility into user traffic, but it can also affect secure client-server communications, such as those done by Auvik.
If your Auvik collector is unable to connect to Auvik’s cloud infrastructure, check your firewall’s configuration. It may be set to hand out its own SSL certificates to endpoints in an attempt to monitor traffic. To make sure your data integrity isn’t compromised, the Auvik collector won’t function when a firewall is attempting to present its own SSL certificate.
You’ll be able to tell if your Auvik collector hasn’t connected if:
- (Windows service) You see a message in your Auvik client dashboard, of Auvik collector is offline.
- (OVA / scripted Linux install) You’re not seeing an Auvik status of Running, Connected, Approved on the collector's console.
To fix the issue:
- Investigate whether your firewall has SSL inspection capabilities.
- Whitelist the IP address(es) of your Auvik collector(s) to bypass this feature and be able to send/receive SSL traffic without inspection by the firewall.
If you have questions, don’t hesitate to contact Auvik Support.