VTICS Service is unreachable: vDefend SSP Alarm
search cancel

VTICS Service is unreachable: vDefend SSP Alarm

book

Article ID: 384114

calendar_today

Updated On:

Products

VMware vDefend Firewall VMware vDefend Firewall with Advanced Threat Prevention

Issue/Introduction

Problem:

When the "reputation-service," which is responsible for the functionality of security features, experiences degradation on the Security Services Platform (SSP), it indicates a communication failure with the VTICS service. This situation triggers an alarm stating, "VTICS Service status is degraded."

Impact: 

VTICS Service unreachable issue would lead to the loss of threat intelligence data required for various features on SSP platform:

  • Signatures may not be up to date.
  • There is an increased possibility of false positives (e.g., files being marked as Malicious even when they are published by a trusted source).

Environment

vDefend SSP >= 5.0

Cause

Connectivity to the VTICS service can be disrupted due to several reasons, including but not limited to:

  • Intermittent network connectivity issues.
  • VTICS Health service being down.
  • Configuration issues, such as incorrect SSP proxy settings.

Resolution

Maintenance Window Required: No

To address connectivity issues with the VTICS service, please follow the steps outlined below:

1. Wait for Automatic Recovery

In many cases, once the root cause is resolved, the connection should automatically recover.
It is recommended to wait 10 to 15 minutes to allow the system to attempt an automatic reconnection before proceeding with any of the below steps.

2. Verify Network Connectivity

Ensure that connectivity to the VTICS service URL https://api.prod.nsxti.vmware.com is not blocked anywhere in the upstream network. Review any recent changes to firewalls, DNS settings, or network configurations that might be restricting access.
If any changes were made, revert them to allow access to the VTICS URL.

3. Verify SSP Proxy Settings

If applicable, ensure that your proxy settings are correctly configured. Please follow these steps:

a. Verify Connectivity to Proxy Server

Contact your network administrator to confirm:

  • The firewall allows traffic between the SSP subnet and the proxy server.
  • The proxy server has internet access.

b. Verify Proxy Server Configuration

Contact the proxy server administrator to confirm:

  • The proxy server is operational.
  • The correct configuration settings, including:
    • Proxy scheme (HTTP/HTTPS), host address, and port number.
    • Proxy credentials (username and password).
    • If necessary, import the updated server certificate.

c. Update Proxy Configuration

If any updates are required, go to System → Server Configurations on the SSP Platform and edit the Internet Proxy Server settings to reflect the correct information.

4. Mitigation Step

If connectivity issues persist, you can temporarily reduce false positives by utilizing the allow-listing feature of the Malware Prevention Service.
For instructions on how to enable allow-listing, please refer to this document for allow-listing.

If the issue persists, please collect the SSP Support Bundleraise a support ticket for further assistance, and upload the support bundle to the ticket.

Powered by Wolken Software