Follow

How to verify connectivity to Threatstop servers using dig

Typically making dig requests to various ThreatSTOP servers will validate the expected connectivity.
 
First, it is useful to confirm that the device that should be pulling policy/uploading logs has the external IP address you think it has. You can do this by the following dig command on the device. The response will be the external IP address of the device as perceived by ThreatSTOP
 

dig @ns1.myip.threatstop.com [tdid_from_admin_portal].myip.threatstop.com

 

Second, assuming that the device's external IP address has been correctly configured as a device in the ThreatSTOP admin portal then you should query the ThreatSTOP DNS servers that handle policy
 

dig +tcp @ts-dns.threatstop.com soa basic.threatstop.local

 
For A10 the DDOS connectivity can be checked by:
dig +tcp @a10-rpz.threatstop.com soa ddos-drones.rpz.a10.local
 
Assuming you get a valid SOA response from the first dig command (or both for A10 devices) then you have connectivity to the ThreatSTOP policy servers
If you have configured a device using the web-automation method then you should probably try connecting to the configuration server on port 5353
 
 

telnet ts-ctp.threatstop.com 5353

 
If it says connected then you have connectivity. If it times out, you do not.

Was this article helpful?
0 out of 0 found this helpful

Comments