NSS Aws connectivity


(Sarra) #1

Hi

i have an issue with the NSS server connectivity

my interfaces are in the Same Vlan but in different subnet , is that cause the issue

when i execute the nss test-firewall , i have all okey but in the report it make unable to resolve smcacluster.zscalertwo.net

also , when i execute nss netstat | grep tcp , i have only an Syn to NSS on port 443

could you give me idea ?

regards


(Scott Bullock) #2

Hi Sarra,
Reading this, I think the best path to resolution would be to open a Zscaler support ticket. Do you have an open ticket?


(Gordon Wright) #3

Make sure the OS and NSS DNS servers are the same.
The test-firewall script tests the OS configured DNS servers not the ones you have configured in the NSS.


(Sarra) #4

hi,

how can i check this,

regards


(Gordon Wright) #5

‘cat /etc/resolv.conf’ to check the OS and ‘nss configure’ to check the NSS,


(Sarra) #6

In the configuration of the nss, it doens’t ask me to configure the dns, only the ip and the gateway of the interface service,

regards


(Gordon Wright) #7

You should get something like this:

[zsroot@name ~]$ sudo nss configure
nameserver:x.x.x.x (Options <c:change, d:delete, n:no change>) [n]


(Sarra) #8

Yes that’s what i have

i opened a ticket and Zscaler support escalate because i thing it’s a bug

regards


(Gordon Wright) #9

nameserver = dns server