Managing Gateway Connectors

After you've registered Gateway Connectors, you can specify a health check URL and restrict IP addresses for your connectors. If a health check URL is not specified, the DNS and HTTP information is not displayed in the health check status for a connector. For the Gateway Connectors, you do these actions:

Screen

Actions

On the Gateway Connectors list screen
  • View the number of connections that are active.
  • View the connector group that the Gateway Connector is a part of.
  • View additional health check metadata for each connector instance.
  • View the version of each connector instance.
  • View the status of your connectors.
  • Reload the Gateway Connectors information.
  • Download the log files of each connector instance.
  • Disable a connector to prevent new connections from being routed through the connector. Active network connections are not interrupted.

On the Connector info page
  • View the connector group that the Gateway Connector is a part of.
  • Edit the Private URL field for a connector and open the URL in a separate page.
  • Assign the connector to a different connector group.
  • Disable a connector to prevent new connections from being routed through the connector. Active network connections are not interrupted.
  • View the version of the connector.
  • View the connection status of the connector.
  • Download the log files for the connector.
  • View the Public Key
  • View the connection history of the connector. The connection history time is in UTC.

Restricting source IP addresses provides additional security to make sure that only Gateway Connectors with the IP addresses you specify can connect to your private network. If you restrict source IP addresses, your Gateway Connectors should have a fixed IP address, either by setting a static IP address for the Gateway Connector when it is deployed in a vSphere environment or ESXi environment, or creating a DHCP IP reservation on your network.

Depending on the number of active Gateway users in your environment, a component of the Protect Backend that is responsible for managing incoming tunnels from the connector might scale the resources that are allocated to your organization. Each Gateway Connector establishes a tunnel to this component and has a health check performed on it. The health check status and Status columns indicate the state of those tunnels from the connector to the component that is responsible for managing them. For example, if the Health Check column status displays X/2, this means that two of the components are allocated to your organization at that time. If the column displays 2/2, the connector has successfully established two tunnels to the component. If you see 0/2 or 1/2 that means the connector has either not established a tunnel or has established 1 out of the 2 tunnels that are required. If the status is The Attention icon, some but not all of your users are able to access resources on your private network.

The health check URL can be any URL within your private networks that you want Gateway users to be able to connect to. Gateway periodically sends an HTTP or HTTPS GET request, including a DNS lookup, through each Gateway Connector tunnel to this URL. The Health check status expands to display Tunnel, DNS, and HTTP connection status for each connector. A status of 2/2 indicates that everything is working correctly. A status of 0/0 indicates that the status check of a new connection is still pending.

The Status column displays the enrollment status of the Gateway Connector with the Protect Backend. The The Connected icon indicates that the Gateway Connector has successfully completed the enrollment process and has established a connection to the Protect Backend. The status column displays the connection state and might include a security message (for example, if the connector requires a restart to apply an update).

Column

Description

Health check status

This is the overall status of the Gateway Connector and includes this information:

  • Tunnel: This is the status of the Gateway Connector connection to the Protect Backend. If the status indicates a connection issue, contact your Arctic Wolf support representative.
  • DNS: This is the status of the DNS query made from the Gateway Connector to your specified DNS server. If the status indicates an issue, verify that you've correctly specified your private DNS server.
  • HTTP: This is the status of the HTTP query made to the Gateway Connector for the health check URL. If the status indicates an issue, verify that the health check URL can be reached from the Gateway Connector and that you have specified a DNS forward lookup zone.

Status
This is the overall status of the Gateway Connector connection to the Protect Backend, including the health check status.
  • The Initializing icon: The connector has not completed the enrollment process. This status is displayed only the first-time connector is enrolled.
  • The pending enrollment icon: The connector has completed the enrollment process and is establishing a connection to the Protect Backend.
  • The Attention icon: The connector has completed the enrollment process, but not all of the connections to the Protect Backend have been established. If this status is displayed, read the associated security message and verify that a health check URL has been specified in the connector group.
  • The Failed icon: The connector enrollment process has not completed or there is an error in establishing all the connections to the Protect Backend. These error messages might be displayed:
    • Failed to register due to storage error: Verify that you have sufficient disk space to register the Gateway Connector.
    • Failure: View the full health check status for the connector, including the Tunnel, DNS, and HTTP information. For example, if DNS displays "Fail", verify that your DNS settings are accurate.