I am getting alert on one sensor that GTI file reputation is not reachable.However I have configured same DNS server ip that are configured on other sensors on which GTI is woring fine.Now I have checked from sensor CLI and it tells me that GTI server connection in not ok and gti server is not initialized.Connection test from manager for sensors dns are ok.I want to ask Will I have to reboot the sensor to take new affect with new config of gti?
Hi ! @User27622125
GTI file reputation errors are popped when the Sensor is unable to communicate to GTI Server over Port 53 UDP (DNS). Allow DNS traffic for the Sensor and error should be gone.
GTI Server connection Not Ok is for GTI IP Reputation. This feature works when Inspection policy is applied to the Sensor with correct configurations.
No, it is not required to reboot the Sensor for GTI configuration changes. These changes are pushed in real time to the Sensor.
This error indicates the Sensor is unable to communicate to GTI Server as DNS traffic hence you are getting the faults. Kindly get the output of command show gti config and look for the GTI Server IP. The Sensor is trying to reach that IP over DNS channel. Allow the DNS traffic from Sensor to that IP and fault should be cleared.
If the GTI Server IP is public IP, try replacing it with your DNS server with command set gtiserver ip x.x.x.x and then monitor.
No, it is not possible to check the DNS connectivity from the Sensor via CLI because it requires backend access of the device.
I hope this answers your question.
I have tried to changed gti ip by setting command and sensor cli says that gti server connection is ok.At time of configuration sensor shows that gti server ip is my local dns server ip.But issue is after few minutes or hour gti server ip changed automatically from local dns ip to public ip of subnet 161.x.x.x and I also got following error given below:
Fault Type: GTI File Reputation DNS Error
Source: srvlheklp01:Malware Artemis DNS Error
Condition Type: Unreachable
Alarm Type: Communication
Last Occurrence Time: 2020-Jun-09 09:19:25 GMT+05:00
Additional Text: Error connecting to local DNS server.
Creation Time: 2020-Jun-08 15:07:35 GMT+05:00
Once the GTI IP is configured manually it is unlikely to get changed automatically.
The error was reported because the Sensor couldn't connect to GTI Server IP 161.x.x.x over Port 53 UDP. Kindly allow the DNS traffic for Sensor and the error will be gone.