I have 2 NAC appliances that I cannot enforce

  • 19 June 2020
  • 4 replies

Inside the Console they are registered with SNMPv3 and they are in green, but in the Access Control part they appear in orange and with an exclamation point in yellow and it gives me the following:
Problems Detected (engine cannot connect to management server).

When I try to do the enforce it sends me the following error: no response from nac appliance for 10 seconds

Already reinstalled the Netsight server, raise the database from 0 but the problem persists. The server is on Windows.

Does anyone of you have any idea what might be happening?

4 replies

Userlevel 7

You can monitor the engine from any IP by SNMP (by default) that explains the green status in console.


When you install the engine you specify IP of the management. This is the only IP what can enforce the setting.


option 1: the IP configured in engine is not the IP of XMC


Option 2: you have more IPs on the XMC and the IP the engine is trying to connect is not the eth0 (by default)


option 3: there is firewall/NAT blocking the internal communication from Engine to XMC


Userlevel 6

NetSight/NAC communication primarially uses port 8443 and 8444. I can’t remember which one but I believe one of these ports is sourced from the NAC so it would be seen as unsolicited by the windows firewall. 


I would go with option 3 from Z above as a guess.




Userlevel 7

I am sure there were more ports used in the past between Engine (nac-gw) and XMC (NetSight). You may need to check the port list in the documentation.

Thank you very much for your comments, I really do not know if something has happened to the server where the netsight was installed, I could solve it by reinstalling the netsight server and so I was able to enforce the NACs.