- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Network Shell Access
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-20-2019 01:45 PM
Hi Everyone,
Need an expert opinion on the working of ATC agent.
The agent is not working properly because it is blocked to access network shell (netsh.exe). Is there any possibility for agent work fine without given privilage of netsh.exe?
Thanks in advance.
Best Regards,
Bilal
Re: Network Shell Access
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-21-2019 12:50 AM
even I am facing a similar issue.
I have a deadline to get this solved.
hope this community helps.
thank you in advance.
Re: Network Shell Access
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-26-2019 12:22 PM
I am also facing the same issue with the Agent. can any one help me with this issue.
Re: Network Shell Access
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-01-2019 01:34 AM
Functionality wise there is no need for the agent to have netsh.exe privileges. This has been brought up before and in those cases it was a communication issue from the client to the cloud.
Please check the following:
For Active Trust Endpoints below port should be opened:
443/TCP → csp.infoblox.com (for user registration, network configuration and software updates),
443/TCP, 443/UDP, 53/UDP, 53/TCP → 52.119.40.100
Depending on the proxy configuration, additional configuration may be required:
If the proxy is configured in the browser, browser will send all requests (URLs) directly to the proxy. ActiveTrust Endpoint will not receive any DNS queries. You should ask to configure the proxy to send its DNS queries to ActiveTrust Cloud.
If the proxy sits in the network and passes all traffic through, behavior depends on configured policies:
Authentication: If the proxy has an authentication policy configured for every single request (over HTTP/HTTPS), then ActiveTrust Endpoint’s heartbeat to the CSP portal will fail. You should ask to add a policy to bypass authentication for connections to csp.infoblox.com.
DNS proxy and policies: If a proxy is configured with a policy to block or otherwise modify or intercept DNS, you should ask to add a policy to bypass DNS queries to 52.119.40.100.
If this doesn't help, please open a support ticket. Thank you.
Escalations Engineer EMEA