Mesh Connectivity

Mesh is our cutting-edge routing technology designed to enhance connectivity and performance by linking both the agent and connector to multiple Points of Presence (PoPs) simultaneously.

Mesh analyzes real-time latency (RTT) at the session level, dynamically selecting the most efficient path for optimal performance. Additionally, Mesh enforces SWG localization, ensuring users stay within their designated regions for improved security and compliance.

With Mesh Flow, the Atmos connector maintains connections to different PoPs, ensuring redundancy and high availability. At any time, there are multiple paths available to the connector and the organization’s applications, allowing the system to automatically switch to the best-performing path based on a combination of RTT and Geo-location calculations to maintain seamless and reliable access.

Requirements

• Minimum Agent Version: 3.82
• Minimum Connector Version: 3.64
• Firewall Connectivity Requirements:
  Ensure that all domains and IPs specified in the Agent and Connector prerequisites are allowlisted to maintain seamless connectivity to Atmos PoPs.

📘

Note

Mesh Flow is currently in limited beta. To enable this feature, please reach out to your Customer Success Manager for more information and support. No additional purchase or bundle upgrade is required to participate in the beta.

If Mesh is unavailable or disabled, the system will use standard routing mechanisms. In this fallback mode, traffic follows the tenant existing configured path selection process without multi-PoP redundancy and optimization features.

Troubleshooting

Check if Mesh is in use on the Atmos agent

1. click on the upper left corner of the agent and select Debug Tools

2. Enter your Debug Password

3. Click -> Advanced

4. Click -> Stats

5. Click WG and review the Peer Metadata field. You should see 3 frontend mesh locations.

How to validate a flow is utilizing mesh

1. Click on the upper left corner of the agent and select Debug Tools

2. Enter your Debug Password

3. Click -> Advanced

4. Click -> Diagnostic

5. Access any Internet destination, i.e. google.com and search for it in the diagnostic window and expand the results.

6. Towards the bottom of the expanded destination, expand the Endpoints. If Mesh is working properly, you will see 3 addresses (pops) the agent is connected to for this flow. The selected path will be highlighted green along with the round trip time (RTT) for that flow. A pop with priority 1 will always be chosen first if there are multiple options. Priority 1 means the pop is located in the same country.

How to validate Mesh is in use on the connector

1. SSH to a connector and run the following command: curl 127.0.0.1:8888/wg

• If Mesh for the connector is working properly, there will be one connection to a backend-udp-*** and two connections to a frontend-mesh-*** HPE Aruba Networking SSE Pop.

2. If you don't see the connector properly connected to Mesh, proceed to steps 3 and 4
3. Validate the connector version. Got to the administrative UI and click Settings -> Connectors

4. Locate your connector in the menu and validate the software version. Connector version 3.64 and above is required. If your version is not compatible, please contact support for upgrade assistance.

📘

Support

Please contact your CSM or Axis Security Support: [email protected]

5. If a connector was deployed before Mesh became available (versions earlier than 3.64), regenerating the connector may be required. First, check the version in step 4, then use Regenerate Connector to update it. Regenerate is only available through the API today. You can also ask CSM or Axis Support for help. Any new connectors deployed with version 3.64 or greater will automatically utilize Mesh.