Typically making dig requests to various ThreatSTOP servers will validate the expected connectivity.
First, it is useful to confirm that the device that should be pulling policy/uploading logs has the external IP address you think it has. You can do this by the following dig command on the device. The response will be the external IP address of the device as perceived by ThreatSTOP
dig @ns1.myip.threatstop.com [tdid_from_admin_portal].myip.threatstop.com
Second, assuming that the device's external IP address has been correctly configured as a device in the ThreatSTOP admin portal then you should query the ThreatSTOP DNS servers that handle policy
dig +tcp @ts-dns.threatstop.com soa basic.threatstop.local
For A10 the DDOS connectivity can be checked by:dig +tcp @a10-rpz.threatstop.com soa ddos-drones.rpz.a10.local
Assuming you get a valid SOA response from the first dig command (or both for A10 devices) then you have connectivity to the ThreatSTOP policy servers
If you have configured a device using the web-automation method then you should probably try connecting to the configuration server on port 5353
telnet ts-ctp.threatstop.com 5353
If it says connected then you have connectivity. If it times out, you do not.
Comments