To help root cause the following issue, please perform the following steps:
- Review the EVENT logs on the PPS/PCS appliance for any error messages that may indicate the reason for the failed registration. If no EVENT logs are visible relating to Pulse One, refer to Step 2.
- Navigate to Troubleshooting > Tools > Commands. Select PING from the COMMAND dropdown menu.
- In the Target server field, enter : api.pulseone.net (or the FQDN of your Pulse One appliance)
- Select the INTERNAL PORT.
- Select the INTERNAL PORT in the VLAN dropdown menu.
- Click OK.
The following output should appear:
PING api.pulseone.net (18.104.22.168) from 10.10.1.175 : 56(84) bytes of data.
--- api.pulseone.net ping statistics ---
10 packets transmitted, 0 received, 100% packet loss, time 19000ms
If the device is unable to resolve api.pulsesecure.net, please review the DNS settings on the PCS/PPS appliance and verify that the DNS server is operational. As a test, please use 22.214.171.124. This is the Google public DNS server.
- Pulse One will not respond to ICMP packets and so it is normal for the PINGs to timeout.
- In PPS 5.3/5.2 and PCS 8.2/8.1, the appliance will communicate via the INTERNAL port only. In later builds, there is a preferred network interface drop-down menu that will allow you to use the management port rather than only the internal. Note that the management port must be enabled for this option to be available.
If the device is able to resolve api.pulsesecure.net, verify connectivity between the PCS/PPS and api.pulsesecure.net on all firewall policies for tcp port 443.
The cloud instance of Pulse One is hosted in AWS (Amazon Web Services) and will have multiple IP addresses for load balancing purposes. Consult your firewall documentation to determine how often it resolves hostnames in its firewall rules. You may forced to allow HTTPS outbound traffic from the appliance to <ANY> destination.