Skip to main content

Welcome to Skyhigh Security!

Skyhigh Security

Connector V2 CLI

  1. Last updated
  2. Save as PDF
Limited Availability: Connector V2 CLI is a Limited Availability feature. To enable admins to know the status, manage, run diagnostics, and troubleshoot their secure app connectors, contact Skyhigh Support

Connector V2 CLI enables admins to know the status, manage, run diagnostics, and troubleshoot their secure app connectors by connecting to the host using SSH (secure shell)

  • Log on to the connector host using SSH (Secure Shell) and execute the required commands to troubleshoot a connector.
  • If you are a a root user or anon-root user, execute pa_connector the script from anywhere on the host. 

Verification of Secure App Connector V2 

Provides the list of commands you can execute: 

  1. Run the Status option to verify the status of the connector deployment.

Status-option2.png

Check tunnel status

  • The connector shows the status as Normal when tunnels are up. 
  • The connector shows the status as Critical when tunnels are down. 

image

 

  1. Run the Diagnostics tests option to verify the connector setup.

MicrosoftTeams-image (84).png

Troubleshooting Secure App Connector V2

Provides the list of commands you can execute: 

  1. Run the Troubleshooting option to help you troubleshoot the Secure App Connector-related issues. 

Option 3 .png

  1. Select Download Logs to download all logs and configuration details to a temp (/tmp/) folder on the host once diagnostics tests are completed.

Option 6.png

Download Logs

You can download all logs and configuration details to /tmp/Connector-logs-2023-07-12_06-32-26.tar.gz

  1. Log on to the connector host using SSH. 
  2. Execute pa_connector > enter 6.
    Downloads /tmp/Connector-logs-2023-07-12_06-32-26.tar.gz file to the temp (/tmp/) folder once the command is executed completely.

  3. You can upload the latest file /tmp/Connector-logs-2023-07-12_06-32-26.tar.gz to the support portal for review.

Resolving Host Names  

For a Connector to function, the system Domain Name Service (DNS) should be able to resolve both Skyhigh Security URLs and Private Application URLs. You can do the following to resolve host names using the system DNS:

Perform the following to check if the system DNS is resolving both Skyhigh Security and Private Application URLs:

  1. Log on to the connector host using SSH (Secure Shell). 

  1. Execute pa_connector >  enter 3 >  enter a > enter the domain name.

clipboard_e31624c399371bcb937c85f3590893003.png

Test the system proxy

Perform the following to test if a private application connection is established with the connector via the system proxy:

  1. Log on to the connector host using SSH. 

  1. Execute pa_connector > enter 3 > enter b > enter the system proxy address.
    Displays if the private application connection is established with the connector via system proxy. 

clipboard_ecc182e578ffb54ce544fd7da2988fc2b.png  

Test Ping

Perform the following to test ping:

  1. Log on to the connector host using SSH. 

  1. Execute pa_connector> enter 3 > enter c.

clipboard_ed6eab648c68803cba10d8df655a6e82a.png

Run TCP dump for Private Application

Perform the following to check the private application connectivity:

  1. Log on to the connector host using SSH. 

  1. Execute pa_connector > enter 3 > enter d.
    Downloads .pcap file to the temp (/tmp/) folder once the command is executed completely.

  2. You can upload the latest file pa_capture-currentdate.pcap to the support portal for review. 

clipboard_eb9ecc267bc721960b1c9294b473d3cfa.png

Manage connectors

Perform the following to manage connectors:

  1. Log on to the connector host using SSH. 

  1. Execute pa_connector > enter 4 > enter <g or h or i>.

Connectorcommands.png

Start connector services

Perform the following to start all connector services:

  1. Log on to the connector host using SSH. 

  1. Execute pa_connector > enter 4 > enter h.

Restart connector services

Perform the following to restart all services that run in a connector:

  1. Log on to the connector host using SSH. 

  1. Execute pa_connector > enter 4 > enter i.

Stop a connector

  1. Log on to the connector host using SSH. 

  1. Execute pa_connector> enter 4 > enter g.

Manage Secure App Connector V2

Provides the list of commands you can execute: 

  1. Run the Manage option to manage (start or stop) Secure App Connector.

Option 4.png

  1. Select the About option to know the Secure App Connector version.

Option 1 .png

  1. Enter 0 to exit from the command console.

MicrosoftTeams-image (11).png

Common Errors and Workaround 

Task When  Error Workaround
Private Application list sync   Check the /.../mount/logs/paListsync.logif Skyhigh cloud API is not reachable. If this is not reachable, then ensure it is reachable to synchronize the private application list with the connector. 
Private Application is not reachable    

Run the command on the connector pod:

curl -v -k https://app-server

If curl also fails, then ensure that the IP of the connector pod and host IP are not on the same subnet (10.254.254.x)
Accessing Private Application Able to access Private Application using Firefox browser, but failed to access the same application on the Chrome browser Google Chrome - Taking Too Long to Load

Disable the Use secure DNS option on Google Chrome. 

The Use secure DNS option should be disabled to access private applications. Go to Chrome browser > Settings > Privacy and Security > Disable the Use Secure DNS option.
Dual stack VMs/Hosts Connector installation in a dual stack VM/host Pods don't come to running state If the VM/host is enabled for both IPv4 and IPv6, ensure that it gets proper IP addresses for both the IPv4 and IPv6 interfaces. If IPv6 is disabled in the network, then the IPv6 interface on the host should also be disabled.
  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    1. TOPIC ID 771