You can monitor, test, and troubleshoot network problems such as firewall and connection issues from your Unified Access Gateway instance with various tools and commands such as tcpdump and curl.

Install and Run tcpdump

tcpdump is a command-line tool that you can use to analyze TCP packets for troubleshooting and testing purposes.

If you have not installed tcpdump on your Unified Access Gateway instance, run the following command from the command-line to install tcpdump:

/etc/vmware/gss-support/install.sh

The following examples show tcpdump usage:

  • Run the following commands to monitor traffic over specific ports.

    Note: If you specify port 8443, ensure that UDP 8443 is not blocked by an outer firewall.
    1. tcpdump -i eth0 -n -v udp port 8443
    2. tcpdump -i eth0 -n -v tcp port 8443
    3. tcpdump -i any -n -v port 22443

  • Run the following commands to trace the packets that are coming to and from the RADIUS server to Unified Access Gateway: 

    nslookup <radius-server-hostname>
tracepath <radius-server-hostname>
tcpdump -i any -n -v port 1812

  • Run the following commands to trace the packets that are coming to and from the RSA SecurID server to Unified Access Gateway. 

    nslookup <rsa-auth-server-hostname>
tracepath <rsa-auth-server-hostname>

Using the curl command

You can also use the curl command to retrieve information about network connections.

  • Run the following command to test the connection to a back end connection server or a web server:

    curl -v -k https://<hostname-or-ip-address>:443/

    You can view the back end server connection issues in the esmanager.log file: 
    07/14 07:29:03,882[nioEventLoopGroup-7-1]ERROR
view.ViewEdgeService[onFailure: 165][]: Failed to resolve hostname
address in proxyDestinationUrl:xref:mbxxx-cs.xyz.in

  • You cannot test connections to back end virtual desktops such as PCoIP 4172 and Blast 22443 using tcpdump as the desktops do not listen on these port numbers until a session is ready. See the logs to look at possible connection failures on these ports.

    • Run the following command for Horizon Framework Channel TCP connection:

      curl -v telnet://<virtualdesktop-ip-address>:32111

    • Run the following command for Horizon MMR/CDR TCP connection:

      curl -v telnet://<virtualdesktop-ip-address>:9427

    • Run the following command to test port connectivity from Unified Access Gateway to the virtual desktop. Ensure that the session to the virtual desktop is active before running this command.

      curl -v telnet://<virtualdesktop-ip-address>:22443

PowerShell Commands

Run the following commands from the PowerShell command-line to monitor connectivity for specific ports:

  1. Test-NetConnection <uag-hostname-or-ip-address> -port 443
  2. Test-NetConnection <uag-hostname-or-ip-address> -port 8443
  3. Test-NetConnection <uag-hostname-or-ip-address> -port 4172