Generate a Diagnostic Report from the Diagnostic Report tab in SpanVA.

Status should normally be green for all items. If not green - resolve any errors.

Note: Diagnostic report may not always report a problem depending on the connectivity issue.
Also there may be exceptions to everything being green in Diagnostics, such as if the company's
internal DNS Server is restricted from querying public domains.

API Name resolution failures such as below may be normal in that case:

Verify the proxy configuration includes the port detail in the SpanVA using the format: http://<DNS_or_IP_of_Proxy>:<port> (like http://proxy.example.com:8080)

If authentication is required, include the user and password: http://<proxy_user_id>:<proxy_user_password>@<DNS_or_IP_of_Proxy>:<port> (like https://[email protected]:[email protected]:8080)

Verify the proxy certificate imported into SpanVA is valid.

Verify the proxy and firewall has whitelisted the DNS and or IP address *.storage.googleapis.com at port 443

Google Cloud Storage (GCS) IP addresses consist of many blocks. GCS uses the same netblocks as all other Google APIs and services. These netblocks change periodically. There are no simple fixed static network blocks from Google. Google provides the following recommendations in determining its service IP address blocks for a customer’s firewall rule use.

• Not advised, but clients can use the complete list of IP ranges that Google publishes to the internet in a JSON file goog.json 
• These IP ranges are updated approximately two to four times per year. Use a script to monitor the file change, and update firewall rules accordingly.
• Use firewalls to securlist *.storage.googleapis.com if possible to avoid monitoring the IP range changes. If this isn’t feasible, use a script to manage rules based on the Google-published IP address list file goog.json, adding and removing ranges resulting from the changes.

Google Cloud Storage doesn’t provide regional URLs and IP ranges. It uses a global load balancer to route traffic to the region where a GCS storage bucket resides. The bucket name is in the GCS URL path rather than in the hostname when the GCS is accessed. The Broadcom CloudSOC Audit Service uses GCS in EU regions for customers in the EU, and GCS in the US for other customers.