Troubleshoot contact between Secure SD-WAN Engines and the Management Server

Sometimes, the engine cannot establish initial contact to the Management Server, or all subsequent attempts to command the engine through the Management Client fail. There are several possible causes and solutions for these failures.

For a full list of all system communications in all configurations, see Default Communication Ports.

For more details about the product and how to configure features, click Help or press F1.

Steps

Apply normal network troubleshooting (for example, check speed and duplex settings and cabling).
If there is a local Engine between a remote site Engine and the Management Server, make sure that the local Engine does not block the communication.
A Engine with reversed management connections (for example, because it has a dynamic IP address) contacts the Management Server on port 8906. Create an Access rule in the policy of the main site Engine to allow the connection:
- Source: Remote site Engine
- Destination: Contact address of the Management Server
- Service: SG-dynamic-control
- Action: Allow