Device cannot connect due to deep packet inspection
Overview
A device running a Code42 app cannot connect to a destination because an administrator is using deep packet inspection to examine traffic from devices to the Code42 cloud. This article describes the problem and how to resolve it.
Symptom
A Code42 app connects to the Code42 cloud then disconnects immediately.
Background
Communication between devices and the Code42 cloud uses transport-layer security (TLS). When an administrator uses a deep packet inspection tool to examine Code42 traffic, it can interfere with TLS.
Deep packet inspection is a common technique for analyzing traffic going over 443 and works well in most situations. However, using deep packet inspection for TLS traffic over port 443 can cause communication interruptions.
Recommended solution
To resolve the issue, we advise you to either turn off deep packet inspection altogether, or add our our IP addresses to the allowlist in the deep packet inspection tool.
Also do the following:
- Open ports 4287 and 443 for Code42 apps to use.
- Verify that network traffic settings are optimized for where your employees work.
For more ideas to resolve connection problems, see Cannot connect to destination.
Related topics
- Identify and resolve device issues in the Code42 console
- Monitor your Code42 environment health
- Resolve endpoints that are not reporting security events
- Device Status report reference
- Destination unavailable
- Cannot connect to destination
- IP addresses and ports used by the Code42 platform
- Test your network connection