Block Storage

 View Only
  • 1.  TUF upload issue

    Posted 20 days ago

    Customer has strict internet access policies. Even after whitelisting tuf.hitachivantara.com we are not able to upload files. from browser dev tool I can see that tufportal.hds.com is getting blocked by Zscalar (error 403 forbidden).
    I am looking for a list of all the URLs where file upload may get redirected to so that I can get them whitelisted from the security team. Please help.

    I know I have created this thread in wrong section but I dont have any choice.


    #VSP5000Series

    ------------------------------
    Nikhil Ayare
    Hitachi Vantara
    ------------------------------


  • 2.  RE: TUF upload issue

    Posted 19 days ago


    ------------------------------
    Joshua Dinen
    Hitachi Vantara
    ------------------------------



  • 3.  RE: TUF upload issue

    Posted 19 days ago

    Hello @Nikhil Ayare,

    I experienced, and watched the browser console network tab, and it looks like https://tuf.hitachivantara.com/upload may now be requiring auth0 authentication. Please make sure https://auth.hitachivantara.com is also on the allow list.

    I also also ran a nslookup on tuf.hitachivantara.com and here were the other cnames that should probably be added to the allow list:

    tuf.hds.com
    tuf.gtm.hds.com

    If the customer wants to troubleshoot a little with built in tools:
    1) Check DNS (Command Prompt or PowerShell)
    nslookup tuf.hitachivantara.com

    2) Check TCP connection to HTTPS (PowerShell)
    Test-NetConnection tuf.hitachivantara.com -Port 443 -InformationLevel Detailed


    -- Matthew Griesinger





    ------------------------------
    Matthew Griesinger
    Hitachi Vantara
    ------------------------------



  • 4.  RE: TUF upload issue

    Posted 18 days ago

    Hello Nikhil,

    I had a similar issue with Zscalar as well. It turned out that there was a separate firewall between my devices and the Zscalar. Run this command in your environment from your device and see if it works. curl -v -x http://<replace with your ip for your zscaler proxy server>:443 https://ip.zscaler.com  If it is successful, then it would be something related to the zcalar rules. If it fails, that means you have a firewall between your devices and the zscaler. Getting the intermediate firewall rules in place is what resolved my issue without any changes to the zscaler proxy. Hope this helps.



    ------------------------------
    John Hendricks
    Storage Administrator
    FIS Total Issuing Services
    ------------------------------



  • 5.  RE: TUF upload issue

    Posted 18 days ago

    Hello Nikhil, 

    Try using the following URL, https://tuf.hitachivantarta.com/upload.php

    That is what works for me, however, I don't think that is going through zscaler. I think it going through a checkpoint proxy server.

    Thanks,



    ------------------------------
    John Hendricks
    Storage Administrator
    FIS Total Issuing Services
    ------------------------------



  • 6.  RE: TUF upload issue

    Posted 18 days ago
    Edited by Nikhil Ayare 18 days ago

    We are facing 403 forbidden error during file upload to Hitachi TUF portal on chrome browser dev tools

    Observed that upload traffic to:

    https://tufportal.hds.com/api/files/...

    is being intercepted by Zscaler.

    and tufportal.hds.com is an mft site where files are actually uploaded and saved.



    ------------------------------
    Nikhil Ayare
    Hitachi Vantara
    ------------------------------



  • 7.  RE: TUF upload issue

    Posted 18 days ago

    Please see the below KB that has been published -

    https://knowledge.hitachivantara.com/portal/app/portlets/results/viewsolution.jsp?solutionid=260612022319000



    ------------------------------
    Ian White
    Senior Manager, GCSS Digital Strategy
    Hitachi Vantara
    ------------------------------



  • 8.  RE: TUF upload issue

    Posted 17 days ago

    Do we have to whitelist https://tufportal.hds.com as well?



    ------------------------------
    Nikhil Ayare
    Hitachi Vantara
    ------------------------------



  • 9.  RE: TUF upload issue
    Best Answer

    Posted 6 days ago

    There are 3 domains that you need to whitelite to enable access to upload files to TUF these are:

    tuf.hitachivantara.com
    tuf.hds.com
    tufportal.hitachivantara.com

    All traffic to TUF is using SSL and Port 443.


     



    ------------------------------
    Mark Perino
    Hitachi Vantara
    ------------------------------