search cancel

Unified Agent unable to connect via TCP due to tunnel error

book

Article ID: 175299

calendar_today

Updated On:

Products

Web Security Service - WSS

Issue/Introduction

Repeatedly getting the error message below in Unified Agent (UA) logs, as well as a CTC response with "ACTIVE(POSTCHK)" with the IP addresses of three data centers.

Setting client to RETRY because of a tunnel error

Attempting to connect to cloud via TCP

Environment

Web Security Service

Unified Agent

Resolution

Ensure traffic generated by UA is not being intercepted by other security measures between the client and your gateway. This includes putting it on the bypass lists of any intrusion detection, network inspection, or protocol detection systems that inspect traffic on your internal network. These disrupt the flow of packets that are meant to form a tunnel and cause UA to fail to establish a connection to a data center.

Refer to Required Locations, Ports, and Protocols for documentation on UA network requirements.