Set Up a Tunnel to Test on Internal Networks

Overview

Autonomous enables testing web applications that are not publicly accessible by configuring a tunnel. A tunnel allows Autonomous to establish a secure connection for testing pre-production systems (like staging), intranet sites, or web applications behind firewalls or proxies.

The machine on which the tunnel agent is running must have access to the internal server; if it does not have unrestricted access, you may encounter performance issues or forbidden access (Error 403).

Roles and Access

Access to tunnel-related actions and information is governed by user roles in Autonomous. This ensures that tunnel setup, maintenance, and monitoring are secure and appropriately delegated across teams.

Role-based access is as follows:

Add new Tunnel

  1. Select > Tunnels and click Add new tunnel.

  1. Enter a name for the tunnel and click Next.

  2. Enter the host name. If there is more than one host, each host name should be separated with a semicolon (;).

  3. Click Next.
  4. Select the OS the tunnel agent will run on, and click Download to download the tunnel agent.

    The agent corresponds to the selected operating system. To run the agent, copy the command displayed in this window and run it in a command prompt.

    Note: For Windows, download the .exe file and run the command. For Mac and Linux, download the .zip file, unzip the file, and then run the command.
    The execution command is also available from the Tunnels tab after the tunnel is configured. On the Settings > Tunnels page, next to the name of the tunnel, click and select Copy execution command, then select the required operating system.

  1. Open a command prompt and paste the copied execution command.
  2. To verify that the tunnel agent is running and connected to Autonomous, confirm that the tunnel has a Connected status on the Settings > Tunnels page.

Add or Remove Tunnels Hosts

Once you have configured a tunnel, if required, you can update the host. On the Settings > Tunnels page, next to the name of the tunnel, click > Edit hosts.

Tunnel Statuses

Tunnel statuses provide immediate visibility into the connectivity and health of each tunnel. These statuses reflect the real-time state of the tunnel agent and its ability to route traffic to hosts. You can view tunnel status in two places: under Settings › Tunnels and directly when interactively running a custom flow test that depends on a tunnel.

Autonomous uses four primary status indicators:

  • Inactive: The tunnel agent is offline and is no longer communicating with Autonomous. This may occur if the agent is not running.
  • Verifying: A health check is in progress to confirm that network connectivity is functioning correctly between the customer's server (which is running the tunnel agent) and the Autonomous system.
  • Connected: The tunnel agent is online, and a health check was successful, indicating that a secure tunnel can be established. This is the expected state for active testing.
  • Disconnected:The tunnel agent was recently online but has not responded within the expected health check interval. This can result from transient network issues or process crashes.

Tunnel Information

Each tunnel entry includes key information that helps you identify a tunnel and understand the health of a tunnel.

Tunnel Details

The following information is displayed to identify a tunnel:

  • Tunnel name: The assigned name used to identify the tunnel.
  • Created on: The date the tunnel was initially added.
  • Target hosts: The hosts that are accessible through this tunnel

Tunnel Health

The following information indicates the health of a tunnel:

  • Last Verified: Timestamp of the most recent successful health check.
  • Troubleshooting: Indicates any detected tunnel connectivity issues and how to resolve them.
  • Error Codes: System-specific error messages (e.g., from the OS or firewall) help diagnose and resolve tunnel connectivity issues.

Where to Find Tunnel Information

Information about the Tunnel can be found in several areas of Autonomous:

  • Tunnels Tab (Account Admins): Lists all tunnels configured for the account, including their status,target hosts, troubleshooting, and error codes. Account Admins can manage both the tunnels and their associated agents.
  • Tunnels Tab ( Admins): Lists all tunnels configured for the account, including their status,target hosts, troubleshooting, and error codes. Team Admins cannot configure or manage tunnels but can monitor their state.
  • Custom Flow Test Authoring (All Users): When editing or creating a test, if the associated tunnel is down, a warning appears. Clicking “See More Details” displays:
    • The name(s) of the relevant tunnel(s)
    • Tunnel verification status for the associated host
    • A message to contact the Account Admin to reconnect the tunnel

Tunneling Best Practices

  • Run the tunnel agents on stable machines/VMs that don't have many network restrictions and are not expected to block the agent connections
  • Start the agents as part of the VM startup flow (e.g., as a daemon on Linux) to ensure that if a VM is restarted, the agent will start as soon as it goes up
  • Avoid using "localhost" domain tunnels because it can lead to unexpected results (localhost is different on each machine).
  • Run multiple agents of the same tunnel definition on different VMs to ensure high availability and fault tolerance.

Legacy Tunnel Agents

Legacy tunnels do not support the robust connectivity check process described above.
If you're using a legacy tunnel, a banner will appear in the tunnel entry indicating that the agent version is outdated. To upgrade, delete the old tunnel entry, add a new tunnel, and install the latest agent as described above.

Legacy tunnels show only the “Active” status, which means the agent is running and has completed a basic handshake with Autonomous. However, this does not confirm that a secure connection to the target hosts can be established. The tunnel may still be encountering connectivity issues.