Diagnostics

If you see access failure, denial, latency, or disconnects, follow this order. In most cases, you can isolate the issue direction in about 10 minutes.

Step 1: confirm device online state

In Nodes, confirm source device is online.
In Nodes, confirm target device is online.
Verify device names to avoid selecting stale or similarly named nodes.

If a device is offline, fix that first before moving on.

Step 2: confirm ACL allow rules

In ACLs, confirm the subject is your account or expected user group.
Confirm target device is correct.
Confirm protocol and port match your real request.

If ACL was just updated, wait a few seconds and retry.

Step 3: confirm subnet routing (if subnet is involved)

In Routers, confirm subnet route approval status.
Verify the subnet range is correct.
Retry the subnet endpoint.

Step 4: confirm relay path

Free shared relay is already available by default for all users.
If you need lower latency or stronger stability, use dedicated relay.
If you use user-managed relay, verify address and ports carefully.

Step 5: run one positive and one negative test

Test with an authorized account and confirm success.
Test with an unauthorized account/device and confirm denial.

This quickly proves whether your policy behavior matches expectation.

Step 6: if unresolved, send this info to support

Time of issue
Account and tenant name
Source and target device names
Protocol and port
Steps already tested

Step 1: confirm device online state​

Step 2: confirm ACL allow rules​

Step 3: confirm subnet routing (if subnet is involved)​

Step 4: confirm relay path​

Step 5: run one positive and one negative test​

Step 6: if unresolved, send this info to support​