Product: Stratusphere FIT/UX
Product Version: All
Expires on: 365 days from publish date
Updated: November 21, 2018
Traceroute not allowed to AWS instance.
1. Ensure a connector ID is installed on both endpoint machines (client and AWS) and that they are communicating to the hub.
2. In the Stratusphere Web UI, navigate to Hub Administration> Connector ID Keys> Connector ID Key Properties> Configure Metrics> Perform Trace Route on Remote Sessions must be checked along with right protocol. Save the settings
3. If a Windows server, Windows firewall blocks inbound Echo requests by default. Allow Echo requests by creating a windows firewall exception:
- Go to Start and type Windows Firewall with Advanced Security
- Select Inbound Rules
- Right click on File and Printer Sharing (Echo Request ICMPv4-In)and choose Enable Rule (There may be separate rules for public/private or domain. Depending on domain of hub and machines, you may have to check this for desktops as well)
4. Enable ICMP in AWS managment console
- First make sure the EC2 instance has a public IP. If has a Public DNS or Public IP address (circled below) then you should be good. This will be the address you ping.
- Next make sure the Amazon network rules allow Echo Requests. Go to the Security Group for the instance, right click, select inbound rules
A. select Add Rule
B. Select Custom ICMP Rule - IPv4
C. Select Echo Request
D. Select either Anywhere or My IP(this would be the client machine)
E. Select Save
The traceroute should now be working. You can verify ICMP is allowed by pinging the instance from the client machine. A Traceroute inspector should appear in Stratusphere UX> Advanced> Inspectors