Cb Response: Sensor Can't Connect to Server Through Direct Access (always on VPN)
Article ID: 290172
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
Sensor Can't Connect to Server Through Direct Access (always on VPN).
Environment
- Cb Response Sensor: All versions
Cause
The way MS Direct Access is configured, any ipv4 traffic heads through the DA and turned into ipv6 and once received by the internal network would have a comms_ip of the DA appliance.
Resolution
Sensor to CB Server communications do not currently support IPv6, and communication must occur over IPv4.
The possible workaround to route traffic from cb sensors who have direct access configured is to add the CB server address to the NPRT table, have those external clients refresh group policy, and keep port 443 open in firewall to allow CB traffic to flow in.
The possible workaround to route traffic from cb sensors who have direct access configured is to add the CB server address to the NPRT table, have those external clients refresh group policy, and keep port 443 open in firewall to allow CB traffic to flow in.
Feedback
Yes
No
Powered by
