Blocked IP Range

Answered

Arashk Vatandoust

October 12, 2020 05:07

Hi, 

All the servers are showing offline/unreachable when connected through a firewall. All the necessary proxies have been added and running application alongside wireshark shows no ACK responses. 

I have been asked by my networks team to contact NX to allow NAT IP Range:

"

Can you please ask NX networks team to allow the NAT IP range (147.200.26.160- 147.200.26.190, 147.200.27.160- 147.200.27.190,147.200.0.1 & 147.200.1.1) ? From the below we can see the packet leave the firewall but it isn’t sending a response from the NXCloud server.

 

[Expert@G1DMZFWL02:2]# tcpdump -penni bond321.1526 -s 0 host 10.28.37.9 and host 52.21.26.248

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on bond321.1526, link-type EN10MB (Ethernet), capture size 65535 bytes

15:19:06.407860 00:1c:7f:6c:e4:d1 > 00:00:5e:00:01:c8, ethertype IPv4 (0x0800), length 74: 10.28.37.9.11108 > 52.21.26.248.443: S 742178688:742178688(0) win 5840 <mss 1460,sackOK,timestamp 3330795076 0,nop,wscale 10>

15:19:09.406971 00:1c:7f:6c:e4:d1 > 00:00:5e:00:01:c8, ethertype IPv4 (0x0800), length 74: 10.28.37.9.11108 > 52.21.26.248.443: S 742178688:742178688(0) win 5840 <mss 1460,sackOK,timestamp 3330798076 0,nop,wscale 10>

 

 

Thanks,

Ash

0

• 

  Norman

  • Network Optix team

  October 12, 2020 09:25

  Hi Arashk Vatandoust,

  The Nx Cloud instances do not block any IP addresses, so there is no reason to add IP addresses to a pass list. 

  Please check if they added the domains to the pass list and not the individual IP addresses, since the IP addresses are likely to change and this would clarify why the communication is blocked. 

  Please check THIS support article for the URLs that might be required to be added to the pass list in their firewall. 

  0

Please sign in to leave a comment.