cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4622
Views
0
Helpful
5
Replies

AMP4E macOS - AMP Connector status is never "Connected"

zrouse
Level 1
Level 1

Does the macOS Connector only operate in an Offline mode? 

Device Trajectory has very minimal to almost no information compared to a Windows Connector. 

Also, scans executed by the AMP Console don't seem to actually occur and local scans never appear in the AMP Console.

 

In the AMP Console, the device hasn't appeared to communicate since the initial install.

 

Screen Shot 2019-11-08 at 11.59.30 AM.png

1 Accepted Solution

Accepted Solutions

Check out this documentation regarding unsupported proxy feature: https://docs.amp.cisco.com/en/A4E/AMP%20for%20Endpoints%20User%20Guide.pdf


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

5 Replies 5

Francesco Molino
VIP Alumni
VIP Alumni
Hi

Does your Mac has the firewall service enabled or any 3rd party tool line little snitch...?
Can you check on your event monitor or on your amp deamon log which is normally located in /Library/Logs/Cisco/

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

We have a proxy configured.  I noticed that the agent goes to Connected status when not connected to the Enterprise network, but Public.  The question then becomes, if proxy is the issue, then why did the Connector install and connect it to AMP Console and register it with a flash scan?

Here is the ampagent log from the path you gave:

Nov 12 10:28:10 DEVICE [23968] [ui]:[error]-[AppDelegate.m@651]:[4683010]: The network is down.
Nov 12 10:28:23 DEVICE [23968] [ui]:[error]-[AppDelegate.m@659]:[4683010]: The network is up.

It only shows these messages, this only happens when network is physically unplugged or connected.  I purposely did this to show some messages.

Check out this documentation regarding unsupported proxy feature: https://docs.amp.cisco.com/en/A4E/AMP%20for%20Endpoints%20User%20Guide.pdf


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

It was primarily a configuration issue.  We took out the http protocol from the address and just left the proxy server FQDN and it's working now.

Troja007
Cisco Employee
Cisco Employee

Hello @zrouse,

fyi, inside the TLS connection on port 443, from AMP connector to the AMP Cloud, there is no HTTP. So in any way, if a proxy system decrypts the TLS traffic, it will break the AMP communication.

Greetings,

Thorsten