Error: "potential firewall issue. check SSPI & host connection at 443" SSP Pre-check VM Creation Fails
search cancel

Error: "potential firewall issue. check SSPI & host connection at 443" SSP Pre-check VM Creation Fails

book

Article ID: 407524

calendar_today

Updated On:

Products

VMware vDefend Firewall VMware vDefend Firewall with Advanced Threat Prevention

Issue/Introduction

SSP Pre-check VM Creation Fails Due to Firewall Blocking Port 443

During SSP deployment, the pre-check stage may fail when attempting to create the pre-check VM. The following error is observed on the UI while deploying:

 

 "error running govc import.ova/depot/5.0.0.0.0.24631123/ssp-precheck-node/ova/ssp-precheck-node-5.0.0.0.0.24631129.ova. [K[12-08-25 12:29:35] Uploading ssp-precheck-node.vmdk... Error: Post "https://vCenter-host-name-or-ip/nfc/.../disk-0.vmdk": dial tcp <v-center-ip>:443: connect: connection timed out potential firewall issue. check SSPI & host connection at 443"

As a result, the pre-check VM enters an error state and the deployment cannot continue.

Environment

 

  • Security Services Platform (SSP)

  • Version: 5.0

 

Cause

The SSP Installer VM requires HTTPS (TCP 443) connectivity to vCenter in order to upload the pre-check OVA and its VMDK.
In this case, a firewall rule was blocking port 443 between the SSP Installer VM and the vCenter Server.

Resolution

 

  • Verify connectivity from the SSP Installer VM to the vCenter Server on port 443:

    curl -vk https://<vcenter-fqdn>:443

  • If the connection fails, review your firewall logs or rules.

    • Identify if traffic between the Installer VM (source IP) and vCenter (destination IP) is being dropped.

  • Work with the firewall/network team to allow TCP 443 between:

    • Source: SSP Installer VM

    • Destination: vCenter Server

  • Re-run the SSP deployment pre-check.

 

Powered by Wolken Software