/
Connectivity check - Agents cannot reach SeaLights platform (unreachable network errors)

Connectivity check - Agents cannot reach SeaLights platform (unreachable network errors)

Owned by Saar Avishai (Unlicensed)
Last updated: Feb 12, 2025 by Jason Wides
2 min read

Problem: My network contains security policies that prevent agents from reaching the SeaLights platform

This is normally caused due to security policies related to Firewalls, or other networking-related security configurations that prevent access to the SeaLights API. To verify this is the case, try running a cURL command to your dashboard URL:

curl -vI https://<YourCustomDNSName>.sealights.co

HTTP/2 200 code should be returned. If this code is received, you can access the SeaLights API and there is no need for this document.

 

If using a proxy, you should add the relevant parameter

curl -vI https://<YourCustomDNSName>.sealights.co --proxy http://myproxy.mycompany.int

If you need a generic Sealights endpoint, you can use https://connect.sealights.co in your command.

In case this command fails, it is important to understand why. Looking at the detailed output (given by the -vI flags) can point us in the right direction.

The above cURL commands runs on native Linux.

  • If using Windows, you will need to run it from a PowerShell prompt as it allows curl commands as an alias to the native Invoke-WebRequest cmdlet that you can use as well.
    For example, Invoke-WebRequest -Uri https://<YourCustomDNSName>.sealights.co -UseBasicParsing | Select-Object StatusCode,StatusDescription
    If a proxy is required, you can add -Proxy <Uri> parameter to the first part of the command. More details can be found in Microsoft’s Official documentation page.

  • If running on a Linux container without cURL, you can install it using apt-get update && apt-get install -y curl or use the wget equivalent.
    For example, wget --server-response --spider https://<YourCustomDNSName>.sealights.co . If a proxy is required, you can add -e use_proxy=yes -e http_proxy=<proxy_url> parameters to your command.

Solution

In case a firewall is present, it needs to allow network traffic to reach the SeaLights platform, and depending on your organization’s policy, you can use one of the following solutions.

Allow outbound traffic to Sealights' domain

The Firewall should allow outbound connections on port 443 (TLS v1.2) to our domain https://*.sealights.co.
For a more restrictive rule, you can open the connections to your Sealights dashboard URL only.

Allow outbound traffic to Sealights' range of IP addresses

Sealights works with F5 Volterra, therefore the IP Ranges should be configured based on the following information https://docs.cloud.f5.com/docs/reference/network-cloud-ref

Related articles

Related content

Downloading the java agent files
Downloading the java agent files
Support
More like this
SeaLights CD Agent
SeaLights CD Agent
Support
More like this
SeaLights CD Agent for Java Application
SeaLights CD Agent for Java Application
Support
Read with this
Generating a Browser token
Generating a Browser token
Support
More like this
Using Python agent - Command Reference
Using Python agent - Command Reference
Support
Read with this
Generating an API token
Generating an API token
Support
More like this