Platform connectivity test fails during installation the Rapid7 InsightVM Agent on WSS Agent host
Article ID: 275289
Updated On:
Products
Issue/Introduction
WSS Agent used to access internet sites via Cloud SWG.
When installing the Rapid7 InsightVM agent, the initial connectivity test fails as shown below and installation cannot complete.
Followed the Rapid7 network requirements and excluded all IPs/Domains from SSL interception.
Check the Cloud SWG logs, all requests appear as "Allowed" from the user trying to install Rapid7 agent.
Disabling the WSS Agent allows the installation to complete successfully.
Environment
WSS Agent.
Rapid 7 InsightVM Agent.
Cause
Rapid 7 InsightVM Agent cannot work via an SSL/HTTP proxy.
Resolution
Disable protocol detection for the Rapid 7 InsightVM Agent IP addresses defined in the above network requirements doc (different IP addresses per GEO).
Although Rapid 7 docs state that SSL interception must be disabled, doing so failed to resolve the issue.
"The Insight Platform will only accept data transmitted by an Insight Agent if the data is accompanied by the X.509 certificate that the Insight Platform is expecting. DPI technologies often replace this certificate with their own as a final step before allowing traffic to continue to its destination. Without the original certificate, the Insight Platform will not accept the data."
PCAPs confirmed that the SSL certificate was from the OCS, and that the SSL handshake would complete but the client / Rapid 7 application always closed the connection after an initial exchange of Application data with the client. To remove SSL protocol completely from the equation, we tested the generic TCP proxy with protocol detection disabled and this worked.
Feedback
