Problem:
Traceroute not allowed to AWS instance.
Possible resolution:
1. Ensure a Connector ID agent is installed on the machine that is initiating the remote session and that the CID is communicating to the hub. If you are using your laptop to remote into the AWS instance, the CID agent needs to be installed on your laptop, because it looks for the remote port of the session on that machine.
2. In the Stratusphere Web UI, navigate to Hub Administration> Connector ID Keys> Connector ID Key Properties> Configure Metrics> Perform Trace Route on Remote Sessions must be checked along with right protocol. Save the settings
3. If a Windows server, Windows firewall blocks inbound Echo requests by default. Allow Echo requests by creating a windows firewall exception:
- Go to Start and type Windows Firewall with Advanced Security
- Select Inbound Rules
- Right click on File and Printer Sharing (Echo Request ICMPv4-In)and choose Enable Rule (There may be separate rules for public/private or domain. Depending on domain of hub and machines, you may have to check this for desktops as well)
4. Enable ICMP in AWS managment console
- First make sure the EC2 instance has a public IP. If it has a Public DNS or Public IP address (circled below) then you should be good. This will be the address you ping.
- Next make sure the Amazon network rules allow Echo Requests. Go to the Security Group for the instance, right click, select inbound rules
A. select Add Rule
B. Select Custom ICMP Rule - IPv4
C. Select Echo Request
D. Select either Anywhere or My IP(this would be the client machine)
E. Select Save
The traceroute should now be working. You can verify ICMP is allowed by pinging the instance from the client machine. A Traceroute inspector should appear in Stratusphere UX> Advanced> Inspectors
Product: Stratusphere FIT/UX
Product Version: All
Expires on: 365 days from publish date
Updated: November 21, 2018