• The steps in this page are best performed from a desktop client

  • Troubleshooting using the mobile app is currently in development

Test connectivity from the device to the Fyde Access Proxy

  • Get the Fyde Access Proxy details from Fyde Enterprise Console

  • Try to open an SSL connection to the proxy

    → openssl s_client -host <proxy_host> -port <proxy_port>
    no peer certificate available
    No client certificate CA names sent
    SSL handshake has read 0 bytes and written 0 bytes
    New, (NONE), Cipher is (NONE)
    Secure Renegotiation IS NOT supported
    Compression: NONE
    Expansion: NONE
    No ALPN negotiated
        Protocol  : TLSv1.2
        Cipher    : 0000
        Start Time: 123456789
        Timeout   : 7200 (sec)
        Verify return code: 0 (ok)
  • If the request fails or the operation times out, that means you are not reaching the Fyde Access Proxy

  • Check the following:

    • Proxy Host DNS record is being resolved to the correct IP
    • Proxy Host IP, if using IP instead of DNS, is correct
    • NAT configuration in the device/service that is exposing the Fyde Access Proxy
    • Firewall rules to allow inbound communication to the configured Fyde Access Proxy

Check if the device is trying to access the Resource with the Fyde App

  • Check the IP for the failing Resource, it should return an IP in the range:

    • for Unix/Linux based Operative systems
    • for Microsoft Operative Systems
    → nslookup myresource.private
    Name: myresource.private
  • Next steps:

    • Confirm that Fyde App is running and the tunnel is started
    • Check that Fyde App is enrolled in a tenant
    • Confirm the Resource is created in Fyde Enterprise Console
    • Resource list update on Fyde App can take up to 15m, force refresh if your Fyde App version allows it

Test connectivity from Envoy Proxy to the Resource

  • The Envoy Proxy needs to be able to reach the Resource with the configured properties

  • Take note of the following resource:
    • Resource Name: My Resource
    • Public Host: myresource.private
    • Resource Host: myresource.internal
    • External Port: 80
    • Internal Port: 3000
    • Access Proxy: US-EAST-1-PROXY
  • Envoy Proxy needs to be able to resolve the Resource Host record

    → nslookup myresource.internal
    Name: myresource.internal
  • For an HTTP resource we can send an HTTP request using curl

    → curl myresource.internal:3000
    HTTP/1.1 200 OK
  • For a redis resource we can connect using netcat

    → nc myresource.internal 3000
  • Next steps:

    • Check that the DNS server is correctly configured
    • Confirm that intermediate firewall rules are not blocking access to the Resource
    • For HTTPS connection, the Public Host needs to match the configured hostname in the resource certificate, however the Resource Host just needs to be something the Fyde Access Proxy is able to resolve and access
    • Check more steps by platform below

Fyde Access Proxy troubleshooting by platform

Bare Metal / Virtual Machine

  • Check Envoy Proxy logs

    sudo tail /var/log/envoy/envoy.log -f
  • Check Fyde Access Proxy logs

    sudo journalctl -u fydeproxy -f
  • Check firewall rules

    sudo firewall-cmd --list-all-zones
    # or
    sudo iptables -L -xvn
  • Ensure Envoy Proxy is running

    sudo ps axuww | grep envoy
  • Ensure Envoy Proxy is listening on the correct port

    sudo ss -anp | grep envoy | grep LISTEN
    # or
    sudo netstat -anp | grep envoy | grep LISTEN


  • Confirm that both envoy-proxy and fyde-orchestrator containers are running

    sudo docker ps
  • Confirm that envoy-proxy container is mapping the correct port to the host

    • In the example above, and for the public port 443 the output should contain the following>443/tcp
  • Check Envoy Proxy logs

    sudo docker logs envoy-proxy -f
  • Check Fyde Access Proxy logs

    sudo docker logs fyde-orchestrator -f
  • Check that docker network is not conflicting with a remote network

    • Check the value for IPAM.Config.Subnet

    • For more information check compose-file

    sudo docker network inspect fyde


  • Correct the namespace if needed

  • Check all deployed resources

    kubectl get all \
      --namespace fyde-access-proxy
  • Check envoy logs

    kubectl logs \
      -l app=envoy-proxy -f \
      --namespace fyde-access-proxy
  • Check proxy logs

    kubectl logs \
      -l app=fyde-orchestrator -f \
      --namespace fyde-access-proxy
  • Check that envoy service is properly configured for your environment

    kubectl describe service envoy-proxy \
      --namespace fyde-access-proxy