Help & Troubleshooting

Solutions for common issues and frequently asked questions

Authentication Issues

"Permission denied - Redirect URI is not set"

Error when clicking "Get Started" or "Sign In"

What's happening?

This error occurs when the OAuth authentication system hasn't been configured to recognize your domain. We're working with our hosting provider to register the necessary redirect URIs for cloudzentrix.io.

What we're doing:

Registering https://cloudzentrix.io/api/oauth/callback
Registering https://cloudzentrix.io/api/oauth/callback
Configuring the OAuth server to recognize these domains

What you can do:

Try again in a few moments - the configuration may be updating
Clear your browser cache and cookies
Try using a different browser or incognito/private mode
Contact [email protected] if the issue persists

Expected Timeline

OAuth configuration updates typically take 5-15 minutes to propagate. If you continue to see this error after 30 minutes, please contact support.

Session or Cookie Issues

Troubleshooting steps:

Clear your browser cookies and cache
Close all browser tabs and restart your browser
Try using incognito/private browsing mode
Disable browser extensions that might interfere with cookies
Check that your browser allows third-party cookies

Browser Compatibility

Some browsers with strict privacy settings (Safari Private Browsing, Firefox Strict ETP, Brave Aggressive Shields) may block authentication cookies. Try a different browser if you continue to experience issues.

Getting Started

How to use BearNet Global Fabric

Step 1: Sign In

Click "Get Started" or "Sign In" on the home page. You'll be redirected to the Manus OAuth portal to authenticate.

Step 2: Add AWS Account

Once logged in, go to the Dashboard and click "Add AWS Account". You can connect using:

IAM User Credentials: Access Key ID and Secret Access Key
Cross-Account Role: IAM role ARN with cross-account access (recommended for security)

Step 3: Run Discovery

After connecting your AWS account, the toolkit will automatically discover your VPCs, subnets, security groups, and network resources.

Step 4: Create Assessment

Create a new assessment to analyze your network infrastructure. The toolkit will run security checks, compliance validation, and generate recommendations.

Step 5: Review Reports

View detailed findings, recommendations, and compliance scores. Export reports as PDF or JSON for sharing with your team.

Frequently Asked Questions

Is my AWS account secure?

Yes. We recommend using cross-account IAM roles with read-only permissions. Your credentials are encrypted and never stored in plain text. We only read your network configuration - we never make changes to your infrastructure.

Can I assess multiple AWS accounts?

Yes. You can add multiple AWS accounts and run assessments across all of them. The Multi-Account Aggregator in Advanced Tools provides a unified view of your entire network infrastructure.

What permissions do I need to grant?

Only read-only permissions are required. The toolkit needs access to:

EC2 (VPCs, Subnets, Security Groups, Route Tables)
VPC (VPC Peering, Transit Gateways)
IAM (for role assumption in cross-account scenarios)

How often are assessments updated?

Assessments are run on-demand when you create them. You can create new assessments at any time to get the latest snapshot of your network infrastructure.

Can I export reports?

Yes. All assessments can be exported as PDF or JSON. PDF reports include formatted findings, recommendations, and compliance scores. JSON exports provide structured data for integration with other tools.

Windows Firewall Setup for the Agent

Why does Windows show a firewall alert when the agent starts?

Windows Defender Firewall prompts for any new executable that tries to open a network connection. The CloudZentrix Agent needs outbound access on port 443 (HTTPS / WebSocket) to reach the dashboard and send metrics. If you see the popup, click Allow access.

Starting from installer v2.4, the setup script automatically adds the required firewall rules — you should not see the popup on fresh installs. The agent also adds the rules silently on startup if they are missing.

Fix Firewall — one-liner for existing installs

Run this in an Administrator PowerShell window on the monitored machine

$exe = "$env:ProgramFiles\CloudZentrixAgent\agent.exe"
Remove-NetFirewallRule -DisplayName "CloudZentrix Agent*" -ErrorAction SilentlyContinue | Out-Null
New-NetFirewallRule -DisplayName "CloudZentrix Agent (Outbound)" -Direction Outbound -Program $exe -Action Allow -Protocol TCP -RemotePort 443 -ErrorAction SilentlyContinue | Out-Null
New-NetFirewallRule -DisplayName "CloudZentrix Agent (Outbound-80)" -Direction Outbound -Program $exe -Action Allow -Protocol TCP -RemotePort 80 -ErrorAction SilentlyContinue | Out-Null
Write-Host "Done — firewall rules applied." -ForegroundColor Green

This removes any existing (possibly blocking) rules and adds clean outbound allow rules for agent.exe on ports 443 and 80. Requires Administrator privileges.

Verify the firewall rules are in place

Get-NetFirewallRule -DisplayName "CloudZentrix Agent*" | Select-Object DisplayName, Direction, Action, Enabled

You should see two rules with Action = Allow and Enabled = True. If they are missing or show Action = Block, run the Fix Firewall one-liner above.

Corporate / managed firewall (Intune, Group Policy, third-party)

If your organisation manages firewall policy via Intune, Group Policy, or a third-party endpoint security product, the Windows Firewall rules above may be overridden. Ask your IT/security team to allow:

Outbound TCP 443 from C:\Program Files\CloudZentrixAgent\agent.exe
Destination: *.cloudzentrix.com, *.manus.computer (WebSocket relay)
Protocol: HTTPS / WSS (WebSocket Secure)

The agent never opens inbound ports — all communication is outbound from the monitored machine to the CloudZentrix cloud.

Still Need Help?

If you're experiencing issues not covered here, our support team is ready to help.

Email Support Visit ZEN.io