Re: Cisco Umbrella VAs in Azure randomly failing

aethalin · ‎10-26-2022

We are having an issue where a couple Umbrella VAs are receiving "This VA was syncing at one point but has since stopped" in the Umbrella portal. They are also have intermittent issues connecting to Umbrella DNS Servers. This is not consistent and sometimes resolved by rebooting the appliance. They are on 3.3 at the moment, and I do not have guest diagnostic settings set nor any other extension added the the VMs. I also see "Umbrella Cloud: SSL failed". We have the needed ports open.

Errors from "config va status"

This DNS Server: DNS ok (green)
UDP lookup of myip.OpenDNS.com @127.0.0.1 ok: 127.0.0.1
cloud: Umbrella Cloud: SSL failed (red)
SSL failed: api.opendns.com:443: Timeout
updates: Updates: SSL failed (red)
SSL failed: disthost.umbrella.com:443: Timeout
dns: Umbrella DNS Servers: All DNS fail (red)
UDP lookup of 208.67.220.220 @208.67.220.220 fails: connection timed out; no servers could be reached
UDP lookup of 208.67.222.222 @208.67.222.222 fails: connection timed out; no servers could be reached

Is there something else needing to be added for VAs residing in Azure? They are behind an NSG with the outgoing ports set for port 22, 25, 53, 443, 123, 80, 4766, and 5353 for the IPs listed on the site. Anything else I could be missing? They generally work but they fail enough to cause worry. The on prem VAs are not having the same issue.

Thank you!

Esha Goyal · ‎11-18-2022

Hello aethalin,

Do you have any FW in place that might be blocking the communication from the VA's to the cloud? check what logs are there.

Also, please make sure pre-req mentioned in our doc should be met : https://docs.umbrella.com/deployment-umbrella/docs/2-prerequisites-1#section-networking-requirements

I hope it helps.

Thank you