Troubleshooting

This section provides guidance on troubleshooting common issues with Tenable On-Prem connector deployments.

Connectivity Issues

  • Verify network connectivity: Ensure the gateway server can reach Tenable One over HTTPS (port 443) and UDP port 51820. Use tools like ping, traceroute, and telnet or nc to test connectivity:

    nc -v -u -z -w 3 site.url.com 51820

  • Check firewall rules: Verify that the necessary firewall rules are in place on the gateway server, any intermediate firewalls, and the network perimeter. Specifically, ensure that outbound HTTPS and UDP/51820 traffic is allowed, and that inbound UDP/51280 traffic to the gateway's public IP address is permitted.

  • DNS resolution: Ensure the gateway server can resolve the Tenable One hostname (e.g., gateway.TenableOne).

Authentication Issues

  • Verify the activation key: Double-check that the activation key was entered correctly during the gateway configuration.

  • Check gateway: Ensure the gateway is properly registered and activated within the Tenable Exposure Management application.

On-Prem Status

  • Check gateway status in Tenable Exposure Management: The Tenable Exposure Management interface provides information about the status of connected gateways. Check for any error messages or alerts.

    Tip: For more information, see Connector Status in the Tenable Exposure Management User Guide.

  • Check gateway logs: Examine the Tenable On-Prem connector logs on the server for any error messages. The location of these logs are available through the Tenable Core user interface (port 8000).

Data Fetching Issues

  • Verify scanner connectivity: Ensure that the Tenable scanner used by the gateway can communicate with the target assets.

  • Check network segmentation: Ensure that the gateway and scanner are located in a network segment that can reach the target assets.

  • Check credentials: Ensure that the provided credentials are correct and have the correct role associated with them.

General Troubleshooting Steps

For general help, do the following:

  • Consult the Tenable documentation and support resources.

  • Contact Tenable Support for assistance.

Tools

The following are some tools that can help you troubleshoot issues with your Tenable On-Prem connector configuration:

  • ping: Test basic network connectivity.

  • traceroute / tracert: Trace the route that packets take to reach a destination.

  • telnet / nc: Test connectivity to a specific port on a host. nc (netcat) is generally preferred over telnet.

  • nslookup / dig: Query DNS servers to troubleshoot name resolution.

  • ifconfig / ip addr: Display network interface configuration.

  • netstat / ss: Display network connections and listening ports.

  • docker logs: View the logs of a Docker container.

  • Firewall tools (e.g., iptables, firewall-cmd, ufw): Inspect and modify firewall rules.