Global Support
      Back to home
      1. Technical Information and Help Center
      2. Global Support

      Troubleshoot a Sensor

      Steps to troubleshoot a Sapphire Eye that does not appear in the network topology

      • The first step should be to verify and validate all ports and addresses on page Sapphire Eye Ports and Protocols (7signal.com)
      • Ping the sensor to make sure it has IP address.
        • Out of the box, the sensor uses DHCP and should get an IP address from your DHCP server. If the sensor does not get an IP address, the issue could be related to VLAN and DHCP configuration, cabling, ACL/Firewall, MAC address filtering on DHCP.
      • Verify that the sensor is listed under Registered Eyes. In Configurator, go to Manage > Security > Registered Eyes and check that the Ethernet MAC-address of the sensor is listed correctly in the menu.  Registered Eyes

      If the sensor's MAC-address is found in the cloud, then proceed to the next steps to check for connectivity on ports 7799 and 7800. Otherwise, please contact 7SIGNAL Support.



      • Next, verify that you are allowing outbound traffic on ports 7799, 7800 and 53, to the 7SIGNAL cloud (Northern America: IP address range 64.65.61.0/24). 
      • If you are not sure whether the traffic is allowed through your firewall, you can run the following command to check if connectivity to 7SIGNAL's cloud can be established.
        • Connect to the sensor via SSH (ask 7SIGNAL Support for credentials)
        • Type command: 7config conn check redirector
        • If the cloud server is not reachable, check your firewall configuration.
        • If the output returns the what is seen in the box below, then your organization is likely redirecting or blocking external DNS
      Checking Eye Eye-B8-99-19-63-02-9D.eye.7signal.com in redirector 64.65.61.4

      Error: DNS server was reachable but the Eye was not found in it.


      • Next, run the following command to check connectivity on ports 7799 and 7800:
        • 7config conn check carat
          • As long as you see it return the following two lines you can ignore the certificate errors in the beginning of the output.
      Success: TLS connection established to Carat 64.65.61.252:7799

      Success: TLS connection established to Carat 64.65.61.252:7800
          • If the command shows failure for one of the TLS connectivity checks, please check your firewall settings.
          • Below is the full output of a successful command:
      root@77:~# 7config conn check carat

      Checking connectivity to Carat server, address 64.65.61.252 and ports 7799 7800

      Success: Carat server reachable by using 64.65.61.252:7799


      Checking TLS connection to Carat 64.65.61.252:7799
      Can't use SSL_get_servername
      depth=0 C = US, ST = Ohio, L = Independence, O = 7signal Solutions Inc, OU = WQA, CN = carat.eye.sapphire.syte.cloud.7signal.com, emailAddress = support@7signal.com
      verify error:num=20:unable to get local issuer certificate
      depth=0 C = US, ST = Ohio, L = Independence, O = 7signal Solutions Inc, OU = WQA, CN = carat.eye.sapphire.syte.cloud.7signal.com, emailAddress = support@7signal.com
      verify error:num=21:unable to verify the first certificate
      CONNECTION ESTABLISHED
      Protocol version: TLSv1.3
      Ciphersuite: TLS_CHACHA20_POLY1305_SHA256
      Requested Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA1:RSA+SHA1
      Peer certificate: C = US, ST = Ohio, L = Independence, O = 7signal Solutions Inc, OU = WQA, CN = carat.eye.sapphire.syte.cloud.7signal.com, emailAddress = support@7signal.com
      Hash used: SHA256
      Signature type: RSA-PSS
      Verification error: unable to verify the first certificate
      Server Temp Key: X25519, 253 bits
      DONE
      Success: TLS connection established to Carat 64.65.61.252:7799


      Success: Carat server reachable by using 64.65.61.252:7800


      Checking TLS connection to Carat 64.65.61.252:7800
      Can't use SSL_get_servername
      depth=0 C = FI, ST = Uusimaa, L = Helsinki, O = 7signal Oy, OU = WQA, CN = carat.eye.sapphire.default.7signal.com, emailAddress = cert-auth@7signal.com
      verify error:num=20:unable to get local issuer certificate
      depth=0 C = FI, ST = Uusimaa, L = Helsinki, O = 7signal Oy, OU = WQA, CN = carat.eye.sapphire.default.7signal.com, emailAddress = cert-auth@7signal.com
      verify error:num=21:unable to verify the first certificate
      CONNECTION ESTABLISHED
      Protocol version: TLSv1.3
      Ciphersuite: TLS_CHACHA20_POLY1305_SHA256
      Requested Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA1:RSA+SHA1
      Peer certificate: C = FI, ST = Uusimaa, L = Helsinki, O = 7signal Oy, OU = WQA, CN = carat.eye.sapphire.default.7signal.com, emailAddress = cert-auth@7signal.com
      Hash used: SHA256
      Signature type: RSA-PSS
      Verification error: unable to verify the first certificate
      Server Temp Key: X25519, 253 bits
      DONE
      Success: TLS connection established to Carat 64.65.61.252:7800

       

      If you need assistance, please contact 7SIGNAL Support.