Test private application connectivity
When you have completed setting up access to your private applications, test that you can access the application from outside your corporate network, using the endpoint client.
Use the Dashboard page to check that traffic is being reported and application access attempts are being logged.
Check the tunnel status on the Active.
page. If the tuinnel has seen traffic, the status changes to Note: Traffic can be sent through either tunnel. The connection status shown on the page for new tunnels will be displayed as Not connected until traffic has passed through the tunnel.
Basic troubleshooting steps
Follow these basic troubleshooting steps ensure that your connectivity is working and that the service has been configured correctly.
- Check that both tunnels from your application hosting site are up.
- Check that your test application has been defined on the page.
- Check that you have a policy rule for the application that allows access for your test user. Tip:
To rule out authentication issues, set the Users policy rule setting to All users and ensure that SAML authentication is not required.
To rule out issues with threat inspection, set the policy rule action for the application to Allow and bypass on the page.
- Check that your machine has a supported version of endpoint installed. See Knowledge Base article 19118.
- If you are using Cloud Security Gateway, check that the application has a bypass destination configured in the Cloud Security Gateway portal using the page, on the Proxy Bypass tab. Allow 10 minutes for the bypass rule to be reflected in your PAC file.
- Check that entries for your private application's FQDN and service edge appear in the PAC file used by your endpoint client.
- If your application uses HTTPS, ensure the Forcepoint root certificate is installed. This is required for traffic decryption and TLS inspection. On
a Windows machine, use
certmgr.msc
to check installed root certificates.