Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 18 subscribers
  • Views 4784 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ZTNA - no healthy upstream

Leonardo Mota

Hello.

I`m using Sophos Firewall as a Gateway.

Im trying to access a agentless resource using ZTNA, the configuration process was OK and the DNS configurations OK as well.

When we try to access a resource that is on port 9001  we get a no healthy upstream. 

Authentication is happening fine before accessing the resouce and the internal FQDN leads to the internal IP. 

Maybe im missing something in the Firewall to let access by to those ports? 




This thread was automatically locked due to age.
Parents
  • 0

    No healthy upstream basically means, the app is not reachable from the firewall. 

    Check the IP / FQDN you used as "internal" in ZTNA. Then check if the firewall can reach this IP. 

    __________________________________________________________________________________________________________________

Reply
  • 0

    No healthy upstream basically means, the app is not reachable from the firewall. 

    Check the IP / FQDN you used as "internal" in ZTNA. Then check if the firewall can reach this IP. 

    __________________________________________________________________________________________________________________

Children
  • 0 in reply to LuCar Toni

    Hello, thanks for your answers. 

    Yes, we can reach the ip from the firewall. And the Internal FQDN points to the internal IP as well.

  • 0 in reply to Leonardo Mota

    Is the resource HTTP or HTTPS based? Did you check if It's configured correctly at Sophos Central? Mismatching the protocol can cause a "no healthy upstream" error.

    Can you send a screenshot of the resource, showing it's configuratios?

    Also, you can verify if the Firewall has connection to the resource by SSH'ing to the Firewall, going to advanced shell, and doing a "curl -v resource.domain".

    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v21 GA @ Home

    Sophos ZTNA (KVM) @ Home

Unfiltered HTML