Troubleshoot Docker networking issues in Cortex XSOAR, including Docker networking stack, Docker containers with host networking, and Engines.
In Cortex XSOAR, integrations and automation scripts run either on the server or in a Docker container.
Server-based integrations
Integrations and automation scripts that run on the server include native integrations (part of the server binary) and JavaScript integrations. JavaScript integrations run within the Cortex XSOAR server process using a JS virtual environment. These integrations use the same network IPs as the server.
Docker-based integrations
These include integrations written in Python or Powershell. Docker creates its own networking, thus the integrations are using a different networking stack from the Cortex XSOAR server. The source IPs for these integrations are different and provided according to the Docker networking configuration.
When running integrations or automations that run within Docker containers you might encounter cases that networking fails for these integrations. The following are several examples of error messages that indicate a networking issue:
[Errno -2] Name does not resolve
[Errno 110] Operation timed out
Failed to establish a new connection: [Errno -3] Try again
It is recommended that you use the Docker networking stack because it provides networking isolation and to consult the Docker documentation to resolve Docker networking issues.
If there are issues running Docker's networking stack, you have the option to run Docker containers with the host networking. In this mode, the container will share the host’s network stack and all interfaces from the host will be available to the container. The container’s host name will match the hostname on the host system. To enable host networking, add the following advanced server configuration in Cortex XSOAR:
Key:
python.pass.extra.keys
Value:
--network=host
After you add the server configuration, run the /reset_containers
command from the Cortex XSOAR CLI to reset all containers and to begin using the new configuration.
For multi-tenant deployments, you need to add this setting to each tenant.
Engines
If you have Docker networking issues when using an engine, you need to modify the d1.conf file.
On the machine where the Engine is installed, open the d1.conf file.
Add to the d1.conf file the following:
{ "LogLevel": "info", "LogFile": "/var/log/demisto/d1.log", "EngineURLs": [ "wss://1234.demisto.live/d1ws" ], "AgentURLs": [ "wss://1234.demisto.live/d2ws" ], "BindAddress": ":443", "EngineID": "XYZ", "ServerPublic": "ABC" "ArtifactsFolder": "", "TempFolder": "", "python.pass.extra.keys": "--network=host" }
Save the file.
Restart the engine using
systemctl restart d1
orservice d1 restart
.