Check the connectivity to the Sealights server from my machine

Some network security policies may prevent agents from reaching the SeaLights platform. This is normally caused due to security policies related to Firewalls, or other networking-related security configurations that prevent access to the SeaLights API.

To verify this is the case, try running a cURL command to your dashboard URL:

curl -I https://<YourCustomDNSName>.sealights.co

Invoke-WebRequest -Uri https://<YourCustomDNSName>.sealights.co -UseBasicParsing | Select-Object StatusCode,StatusDescription

If you don't have the URL of your dedicated Sealights account or if you need a generic Sealights endpoint, you can use https://connect.sealights.co in the above command.

HTTP/2 200 code should be returned. If this code is received, you can access the SeaLights API and there is no need for this document.

If using a proxy, you should add the relevant parameter to the command

curl -vI https://<YourCustomDNSName>.sealights.co --proxy http://myproxy.mycompany.int

Invoke-WebRequest -Proxy <MyProxyUri> -Uri https://<YourCustomDNSName>.sealights.co -UseBasicParsing | Select-Object StatusCode,StatusDescription

In case this command fails, it is important to understand why. Looking at the detailed output (given by the -vI flags) can point us in the right direction.

For Windows, more details can be found on Microsoft’s Official documentation page.

Important note: We have seen cases in which different machines/containers had different permissions with regard to an outbound connection to Sealights. Please consider repeating this connectivity test from your CI machines and the machines that run your tests and your system under test.

How to resolve connectivity issues

In case a firewall is present, it needs to allow network traffic to reach the SeaLights platform, and depending on your organization’s policy, you can use one of the following solutions.

Allowing outbound traffic to Sealights' domain

The Firewall should allow outbound connections on port 443 (TLS v1.2) to our domain https://*.sealights.co. For a more restrictive rule, you can open the connections to your Sealights dashboard URL only.

Allowing outbound traffic to Sealights' range of IP addresses

As SeaLights' networking is managed in AWS, the full list of subnets pointing to our platform can be found in the ip-ranges.json file supplied by AWS.

Be sure to follow the next steps to understand which IP addresses need to be added to your exceptions list:

Download the provided ip-ranges.json file from AWS.
From the file, filter out the entries related to CloudFront (using jq tool for example): cat ip-ranges.json | jq '.prefixes[] | select(.service=="CLOUDFRONT")'
Add the subnets output from the previous stage to your Firewall exception list for outbound connections on port 443 (TLS v1.2)

Some customers may have their servers managed via F5 Volterra, therefore the IP Ranges should be configured based on the following information Firewall or Proxy Reference for Network Cloud | F5 Distributed Cloud Tech Docs

Last updated 1 year ago