Start free trial
Troubleshooting network connectivity from the Foldr appliance · Self-hosted

Troubleshooting network connectivity from the Foldr appliance

Updated 4 May 2026 Server Deployment Self-hosted only

Troubleshooting network connectivity from the Foldr appliance

When Foldr can’t reach a directory server, an SMB share, a cloud API or anything else on your network, the appliance console is where you find out where the break is. This article walks through the common categories of network problem and the commands to diagnose each.

Where to run these commands

Open the appliance console:

  • Through the hypervisor: open the VM’s console window (vSphere web client, Hyper-V Manager, AHV console, etc.) and sign in with the fadmin account.
  • Over SSH: if SSH is enabled on the appliance, connect with the fadmin account.

For a full command list (not just network), see The Appliance Console: Command List.

Tools at a glance

CommandPurpose
ping <host>ICMP reachability. Is the host even up?
traceroute <host>Path discovery. Where does the packet die?
dig <host> / nslookup <host>DNS lookups. Is the name resolving correctly?
show-resolv-confPrint the appliance’s current DNS resolver configuration
http-test <fqdn>HTTPS connectivity and certificate diagnostics
ldap-test (filter)LDAP/AD connectivity using ldapsearch
netstatActive connections and listening ports on the appliance
net-devices, net-device -s ...Inspect and configure network adapters
nmcliLower-level adapter configuration
iptables, iptables-saveInspect and modify the appliance firewall

Diagnostic flow by problem

DNS not resolving

Symptoms: features that worked yesterday now fail with “host not found” or unreachable cloud services.

  1. show-resolv-conf: confirm the resolvers Foldr is actually using.
  2. dig <hostname>: check that the hostname resolves at all, and to the right address.
  3. dig @<other-resolver> <hostname>: compare against a known-good resolver to isolate whether the issue is at your DNS server or in the appliance config.

If short-name lookups work but FQDN-only behaviour is broken, see DNS does not seem to be functioning correctly.

Reachability: is the host up and on the path?

  1. ping <host>: fastest sanity check. ICMP failures aren’t conclusive (some networks block it), but success rules out a lot.
  2. traceroute <host>: find the hop where the packet stops. A break inside your own network points at a routing or firewall problem; a break outside points at upstream.

Service-specific connectivity

Once you know the host is reachable, check the service itself:

  • LDAP / Active Directory: ldap-test runs an ldapsearch against the directory configured in Foldr Settings. Errors here usually mean credentials, base DN, or LDAPS certificate trust.
  • HTTPS endpoints (Microsoft Graph, Google APIs, OCR services, update repository): http-test <fqdn> opens a TLS connection and reports the certificate chain. Useful for diagnosing TLS interception by a corporate proxy.
  • SMB shares: SMB uses TCP 445. traceroute to the file server, then check your firewall isn’t blocking 445. There are SMB-specific articles for share visibility and Kerberos auth once the network path is verified.

Adapter, IP, and routing

If the appliance itself can’t reach its default gateway, the problem is local:

  1. net-devices: list adapters and their current state.
  2. nmcli device show: full adapter detail.
  3. net-routes -s "adapter" "<network> <gateway>": add a static route if Foldr needs to reach a network not via the default gateway (common with split-tunnel VPNs and DMZ deployments).

For a step-by-step network reconfigure, see Foldr v10: Configuring the network.

Firewall

The appliance ships with iptables and a few default rules. If something stopped working after a config change:

  • iptables -L -n: list current rules.
  • iptables-save: commit any rule edits you’ve made so they persist across restarts. Always tag rules you add yourself with -m comment --comment "foldr-admin" so they survive system updates.

Time skew

Kerberos and SAML are intolerant of clock drift. If LDAP works but Kerberos SSO fails, the server’s clock might be wrong. See Configuring NTP / correcting server time.

What to send to support

If you can’t isolate the problem, the support team will usually want:

  1. The output of the relevant diagnostic command above (with hostnames in place).
  2. A server support bundle generated from Foldr Settings.
  3. A description of when it last worked and what changed since.

← All articles