Skip to content

Frequently Asked Questions

Connectivity issues: Is my UTM Firewall the reason?

Some firewalls aggressively block Wireguard™ connections, but only after a few packets have been successfully exchanged. This can lead to a situation where the XplicitTrust broker service assumes a direct connection is possible and doesn't use the relay services. The result is unstable connectivity for the affected clients.

If your UTM firewall has application filtering enabled, make sure it isn't blocking Wireguard™. Take a look at the log files, some of them detect Wireguard™ traffic as well as other VPN products. If in doubt, try configuring an exception for Wireguard™ and see if connectivity improves.

Connectivity issues: Is SSL decryption the reason?

Firewalls, web filters and even endpoint security products often provide HTTPS inspection based on SSL decryption. This can interfere with communication with the XplicitTrust services and have a negative impact on connectivity.

It is highly recommended to configure exceptions for the XplicitTrust services.

I have configured a DNS server, but clients can't resolve hostnames.

Clients must be granted access to DNS servers via Policies in order to reach them.

Asset Registration vs Authentication/Authorization

The admin user account provided for registering an asset via xtna-util is only used during the registration process. After the asset has been registered, it is authenticated using a machine token.

Which services need to be reachable?

It is highly recommended to configure exceptions for the XplicitTrust services.

Service Instances Description
Service Discovery https://xtsa.xplicittrust.com Provides information about service instances assigned to a XplicitTrust tenant.
API https://api.xplicittrust.com Cloud controller API frontend.
Broker https://broker.xplicittrust.com https://broker2.xplicittrust.com Connection classification and orchestration service.
Relay https://relay.xplicittrust.com https://relay2.xplicittrust.com https://relay3.xplicittrust.com https://relay4.xplicittrust.com Relay service for indirect connections.
Log https://log.xplicittrust.com Log collector for agent logs.

Where can I find technical information about the control and data plane connections?

Please have a look at the high level architecture overview.

Missing an answer to your question?

Please let us know via email to support(at)xplicittrust.com