EDR Server is Not Responding to Syn Packets with Ack Responses
Article ID: 403168
Updated On:
Products
Carbon Black EDR
Issue/Introduction
- All sensors are offline after network changes
- tcpdump may show Syn packets from sensors with no corresponding Ack responses
- EDR server is multi-home using multiple NICS
- /var/log/cb/nginx/access.log is showing no communication from sensors
Environment
- EDR Server: All Supported Versions
- RHEL: All Supported Versions
Cause
This can happen if Reverse Path Filtering is enabled on the OS
Resolution
Follow the OS recommendations for troubleshooting and resolving
Feedback
Yes
No
Powered by
