Before you install Endpoint, ensure that you check the following; otherwise, Endpoint might not function properly.
- Your host machine must have enough capacity to run Endpoint. On average, Endpoint consumes less than 0.5% of CPU and less than 50 MB of memory. Note that these numbers vary based on the host hardware configuration.
- Your local device is not running any DNS service.
- If your device is running MAC OS X, ensure that you turn off Internet Sharing.
- Do not apply any firewall rules to block TCP port 443 due to the following:
- Endpoint must be able to access both 220.127.116.11 and 18.104.22.168 using TCP port 443.
- Endpoint must be able to access the Cloud Services Portal using TCP port 443.
- Do not apply any firewall rules to block UDP port 53 due to the following:
- Endpoint must be able to access 22.214.171.124 and 126.96.36.199 using UDP port 53. The UDP port 53 query is used to identify (1) the public IP address of the Endpoint and (2) the AWS region to which Endpoint is connected.
- Allow ICMP ping from all Endpoints to 188.8.131.52 and 184.108.40.206 (DNS server). The ICMP ping is used by the proxy (used to forward DNS queries to the cloud) to keep the connection to the cloud alive. If the ICMP times out, the proxy might close the connection, but this would not cause any query failure.
- Allow HTTPS traffic to s3.amazonaws.com for auto upgrade. You must allow HTTPS traffic to access s3.amazonaws.com to automatically upgrade Endpoint.
- If you have a VPN client, ensure that the VPN connection is established in the “Split tunnel” mode for every network protocol (IPv4 or IPv4/IPv6 for dual stack).
Note the following best practices after you have installed Endpoint on your network devices.
- Do not disable and then delete any active devices that have Endpoint installed through the Cloud Services Portal. If you do so, the devices will not be protected, nor will it appear on the Endpoints page even if you uninstall and reinstall Endpoint on it. To correct this problem and retrieve device data, you might need to contact Infoblox Technical Support to restore the database.
No Internet Access Warning Message in Windows
In some rare circumstances, BloxOne Endpoint can make Windows incorrectly display a “No Internet Access” warning, although the connectivity is working fine. This is caused by a limitation in Microsoft Network Connectivity Status Indicator (NCSI) feature.
NCSI uses Active DNS probes to validate internet connectivity on each network interface. However, these DNS checks are restricted and NCSI will refuse to send them to a DNS server on a different interface (such as 127.0.0.1). Since BloxOne Endpoint runs a DNS forwarder on the loopback interface (127.0.0.1) as part of its core operation, these specific checks are not compatible with endpoint. This limitation does not cause any problem in majority of the environments, because Windows also performs some other checks to validate the connectivity.
To remedy this situation if it occurs in your configuration, do the following. NOTE: This fix must be deployed to the Local Group Policy.
- Locate gpedit.msc. The setting for gpedit.msc within "Computer Configuration -> Administrative Templates -> Network -> Network Connectivity Status Indicator".
- Enable the 'Specify Global DNS' setting.
- Run gpupdate /force.
- Reboot your system. A reboot is required to clear the existing issue.
This page has no comments.