NSS Aws connectivity

(Sarra) #1


i have an issue with the NSS server connectivity

my interfaces are in the Same Vlan but in different subnet , is that cause the issue

when i execute the nss test-firewall , i have all okey but in the report it make unable to resolve smcacluster.zscalertwo.net

also , when i execute nss netstat | grep tcp , i have only an Syn to NSS on port 443

could you give me idea ?


(Scott Bullock) #2

Hi Sarra,
Reading this, I think the best path to resolution would be to open a Zscaler support ticket. Do you have an open ticket?

(Gordon Wright) #3

Make sure the OS and NSS DNS servers are the same.
The test-firewall script tests the OS configured DNS servers not the ones you have configured in the NSS.

(Sarra) #4


how can i check this,


(Gordon Wright) #5

‘cat /etc/resolv.conf’ to check the OS and ‘nss configure’ to check the NSS,

(Sarra) #6

In the configuration of the nss, it doens’t ask me to configure the dns, only the ip and the gateway of the interface service,


(Gordon Wright) #7

You should get something like this:

[zsroot@name ~]$ sudo nss configure
nameserver:x.x.x.x (Options <c:change, d:delete, n:no change>) [n]

(Sarra) #8

Yes that’s what i have

i opened a ticket and Zscaler support escalate because i thing it’s a bug


(Gordon Wright) #9

nameserver = dns server