KEMP WAF - What steps to take if the LoadMaster cannot contact ALSI to download daily reputation data
Issue: The LoadMaster is unable to download the daily reputation data for WAF and GLSB and is reporting that the ASLI server is unreachable. A packet capture, taken on the LoadMaster can confirm if you are able to reach the ALSI server. The FQDN will differ depending on the LoadMaster firmware in use.
-
LoadMaster firmware version 7.2.53 or above (or 7.2.48.3 Long Term Support (LTS) and above): licensing.kemp.ax
-
LoadMaster firmware versions below 7.2.53 (or below 7.2.48.3 LTS): alsi.kemptechnologies.com and alsi2.kemptechnologies.com
This is usually the case when there is a local search domain is configured on the LoadMaster.
The search domain is configured under System Configuration > Network Setup > Host & DNS Configuration.
Check if the specific domain name for your firmware can be resolved by going to System Configuration > Logging Options > System Log Files > Debug Options > Ping Host, and change the Interface to Automatic.
If it fails, remove the search domain or confirm the DNS server can resolve appropriate domain name, then re-try the download.